/**
* Show the form to create a new API token.
*/
- public function create(int $userId)
+ public function create(Request $request, int $userId)
{
- // Ensure user is has access-api permission and is the current user or has permission to manage the current user.
$this->checkPermission('access-api');
$this->checkPermissionOrCurrentUser('users-manage', $userId);
+ $this->updateContext($request);
$user = User::query()->findOrFail($userId);
+ $this->setPageTitle(trans('settings.user_api_token_create'));
+
return view('users.api-tokens.create', [
'user' => $user,
+ 'back' => $this->getRedirectPath($user),
]);
}
session()->flash('api-token-secret:' . $token->id, $secret);
$this->logActivity(ActivityType::API_TOKEN_CREATE, $token);
- return redirect($user->getEditUrl('/api-tokens/' . $token->id));
+ return redirect($token->getUrl());
}
/**
* Show the details for a user API token, with access to edit.
*/
- public function edit(int $userId, int $tokenId)
+ public function edit(Request $request, int $userId, int $tokenId)
{
+ $this->updateContext($request);
+
[$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId);
$secret = session()->pull('api-token-secret:' . $token->id, null);
+ $this->setPageTitle(trans('settings.user_api_token'));
+
return view('users.api-tokens.edit', [
'user' => $user,
'token' => $token,
'model' => $token,
'secret' => $secret,
+ 'back' => $this->getRedirectPath($user),
]);
}
$this->logActivity(ActivityType::API_TOKEN_UPDATE, $token);
- return redirect($user->getEditUrl('/api-tokens/' . $token->id));
+ return redirect($token->getUrl());
}
/**
{
[$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId);
+ $this->setPageTitle(trans('settings.user_api_token_delete'));
+
return view('users.api-tokens.delete', [
'user' => $user,
'token' => $token,
$this->logActivity(ActivityType::API_TOKEN_DELETE, $token);
- return redirect($user->getEditUrl('#api_tokens'));
+ return redirect($this->getRedirectPath($user));
}
/**
return [$user, $token];
}
+
+ /**
+ * Update the context for where the user is coming from to manage API tokens.
+ * (Track of location for correct return redirects)
+ */
+ protected function updateContext(Request $request): void
+ {
+ $context = $request->query('context');
+ if ($context) {
+ session()->put('api-token-context', $context);
+ }
+ }
+
+ /**
+ * Get the redirect path for the current api token editing session.
+ * Attempts to recall the context of where the user is editing from.
+ */
+ protected function getRedirectPath(User $relatedUser): string
+ {
+ $context = session()->get('api-token-context');
+ if ($context === 'settings' || user()->id !== $relatedUser->id) {
+ return $relatedUser->getEditUrl('#api_tokens');
+ }
+
+ return url('/my-account/auth#api_tokens');
+ }
}
projects / bookstack / blobdiff