X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/ec775aec02c0887d5cf2dc23c938a75b7eaf67d2..refs/heads/development:/app/Api/UserApiTokenController.php diff --git a/app/Api/UserApiTokenController.php b/app/Api/UserApiTokenController.php index 8357420ee..3606e8260 100644 --- a/app/Api/UserApiTokenController.php +++ b/app/Api/UserApiTokenController.php @@ -14,16 +14,19 @@ class UserApiTokenController extends Controller /** * Show the form to create a new API token. */ - public function create(int $userId) + public function create(Request $request, int $userId) { - // Ensure user is has access-api permission and is the current user or has permission to manage the current user. $this->checkPermission('access-api'); $this->checkPermissionOrCurrentUser('users-manage', $userId); + $this->updateContext($request); $user = User::query()->findOrFail($userId); + $this->setPageTitle(trans('settings.user_api_token_create')); + return view('users.api-tokens.create', [ 'user' => $user, + 'back' => $this->getRedirectPath($user), ]); } @@ -60,22 +63,27 @@ class UserApiTokenController extends Controller session()->flash('api-token-secret:' . $token->id, $secret); $this->logActivity(ActivityType::API_TOKEN_CREATE, $token); - return redirect($user->getEditUrl('/api-tokens/' . $token->id)); + return redirect($token->getUrl()); } /** * Show the details for a user API token, with access to edit. */ - public function edit(int $userId, int $tokenId) + public function edit(Request $request, int $userId, int $tokenId) { + $this->updateContext($request); + [$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId); $secret = session()->pull('api-token-secret:' . $token->id, null); + $this->setPageTitle(trans('settings.user_api_token')); + return view('users.api-tokens.edit', [ 'user' => $user, 'token' => $token, 'model' => $token, 'secret' => $secret, + 'back' => $this->getRedirectPath($user), ]); } @@ -97,7 +105,7 @@ class UserApiTokenController extends Controller $this->logActivity(ActivityType::API_TOKEN_UPDATE, $token); - return redirect($user->getEditUrl('/api-tokens/' . $token->id)); + return redirect($token->getUrl()); } /** @@ -107,6 +115,8 @@ class UserApiTokenController extends Controller { [$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId); + $this->setPageTitle(trans('settings.user_api_token_delete')); + return view('users.api-tokens.delete', [ 'user' => $user, 'token' => $token, @@ -123,7 +133,7 @@ class UserApiTokenController extends Controller $this->logActivity(ActivityType::API_TOKEN_DELETE, $token); - return redirect($user->getEditUrl('#api_tokens')); + return redirect($this->getRedirectPath($user)); } /** @@ -142,4 +152,30 @@ class UserApiTokenController extends Controller return [$user, $token]; } + + /** + * Update the context for where the user is coming from to manage API tokens. + * (Track of location for correct return redirects) + */ + protected function updateContext(Request $request): void + { + $context = $request->query('context'); + if ($context) { + session()->put('api-token-context', $context); + } + } + + /** + * Get the redirect path for the current api token editing session. + * Attempts to recall the context of where the user is editing from. + */ + protected function getRedirectPath(User $relatedUser): string + { + $context = session()->get('api-token-context'); + if ($context === 'settings' || user()->id !== $relatedUser->id) { + return $relatedUser->getEditUrl('#api_tokens'); + } + + return url('/http/source.bookstackapp.com/my-account/auth#api_tokens'); + } }