fix role assign assignment

MineTrax · Aug 8, 2024 · 515feca · 515feca
1 parent 415733f
commit 515feca
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 4 deletions.
diff --git a/app/Http/Controllers/Admin/UserController.php b/app/Http/Controllers/Admin/UserController.php
@@ -179,7 +179,7 @@ public function update(Request $request, User $user)
             'badges' => ['sometimes', 'nullable', 'array', 'exists:badges,id'],
             'country_id' => ['required', 'exists:countries,id'],
             'password' => ['sometimes', 'nullable', 'string', Password::min(8)->uncompromised()],
-            'locale' => ['nullable', 'string', 'in:'.implode(',', $localeList)],
+            'locale' => ['nullable', 'string', 'in:' . implode(',', $localeList)],
         ]);
 
         $social_links = [
@@ -211,9 +211,9 @@ public function update(Request $request, User $user)
         $user->locale = $request->locale;
 
         // if verified_at was null and now verified is true then mark it as verified & vice versa
-        if ($request->verified && ! $user->verified_at) {
+        if ($request->verified && !$user->verified_at) {
             $user->verified_at = now();
-        } elseif (! $request->verified && $user->verified_at) {
+        } elseif (!$request->verified && $user->verified_at) {
             $user->verified_at = null;
         }
 
@@ -225,7 +225,10 @@ public function update(Request $request, User $user)
 
         // Sync the role only if user has ability to assign roles
         if ($request->user()->can('assign roles')) {
-            $user->syncRoles([$request->role]);
+            $role = Role::where('name', $request->role)->firstOrFail();
+            if ($request->user()->isSuperAdmin() || $role->weight < $request->user()->maxRoleWeight()) {
+                $user->syncRoles([$request->role]);
+            }
         }
 
         // Sync Badges

diff --git a/app/Models/User.php b/app/Models/User.php
@@ -411,6 +411,11 @@ public function maxRoleWeight()
         return $this->roles->sortByDesc([['weight', 'desc']])?->first()?->weight ?? null;
     }
 
+    public function isSuperAdmin()
+    {
+        return $this->hasRole(Role::SUPER_ADMIN_ROLE_NAME);
+    }
+
     public function socialAccounts()
     {
         return $this->hasMany(SocialAccount::class);