From d6797b8428138d2a49d7db608f950fdf64c1ec9e Mon Sep 17 00:00:00 2001
From: James Cole <thegrumpydictator@gmail.com>
Date: Mon, 23 Mar 2020 17:54:49 +0100
Subject: [PATCH] Allow users to hand out admin rights.

---
 app/Http/Controllers/Admin/UserController.php     | 11 ++++++++++-
 app/Http/Requests/UserFormRequest.php             |  2 ++
 app/Repositories/User/UserRepository.php          | 14 ++++++++++----
 app/Repositories/User/UserRepositoryInterface.php |  5 +++--
 resources/lang/en_US/firefly.php                  |  1 +
 resources/lang/en_US/form.php                     |  1 +
 resources/views/v1/admin/users/edit.twig          |  4 +++-
 7 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/app/Http/Controllers/Admin/UserController.php b/app/Http/Controllers/Admin/UserController.php
index 0236199d6c..a04a9174c3 100644
--- a/app/Http/Controllers/Admin/UserController.php
+++ b/app/Http/Controllers/Admin/UserController.php
@@ -106,6 +106,8 @@ class UserController extends Controller
 
         $subTitle     = (string) trans('firefly.edit_user', ['email' => $user->email]);
         $subTitleIcon = 'fa-user-o';
+        $currentUser  = auth()->user();
+        $isAdmin      = $this->repository->hasRole($user, 'owner');
         $codes        = [
             ''              => (string) trans('firefly.no_block_code'),
             'bounced'       => (string) trans('firefly.block_code_bounced'),
@@ -113,7 +115,7 @@ class UserController extends Controller
             'email_changed' => (string) trans('firefly.block_code_email_changed'),
         ];
 
-        return view('admin.users.edit', compact('user', 'subTitle', 'subTitleIcon', 'codes'));
+        return view('admin.users.edit', compact('user', 'subTitle', 'subTitleIcon', 'codes', 'currentUser','isAdmin'));
     }
 
     /**
@@ -183,6 +185,13 @@ class UserController extends Controller
         if ('' !== $data['password']) {
             $this->repository->changePassword($user, $data['password']);
         }
+        if (true === $data['is_owner']) {
+            $this->repository->attachRole($user, 'owner');
+            session()->flash('info', trans('firefly.give_admin_careful'));
+        }
+        if (false === $data['is_owner']) {
+            $this->repository->removeRole($user, 'owner');
+        }
 
         $this->repository->changeStatus($user, $data['blocked'], $data['blocked_code']);
         $this->repository->updateEmail($user, $data['email']);
diff --git a/app/Http/Requests/UserFormRequest.php b/app/Http/Requests/UserFormRequest.php
index cc6850fa6d..abab3af725 100644
--- a/app/Http/Requests/UserFormRequest.php
+++ b/app/Http/Requests/UserFormRequest.php
@@ -52,6 +52,7 @@ class UserFormRequest extends Request
             'blocked'      => 1 === $this->integer('blocked'),
             'blocked_code' => $this->string('blocked_code'),
             'password'     => $this->string('password'),
+            'is_owner'     => 1 === $this->integer('is_owner'),
         ];
     }
 
@@ -68,6 +69,7 @@ class UserFormRequest extends Request
             'password'     => 'confirmed|secure_password',
             'blocked_code' => 'between:0,30|nullable',
             'blocked'      => 'between:0,1|numeric',
+            'is_owner'     => 'between:0,1|numeric',
         ];
     }
 }
diff --git a/app/Repositories/User/UserRepository.php b/app/Repositories/User/UserRepository.php
index 257001a524..8bee7968c0 100644
--- a/app/Repositories/User/UserRepository.php
+++ b/app/Repositories/User/UserRepository.php
@@ -293,11 +293,16 @@ class UserRepository implements UserRepositoryInterface
     /**
      * Remove any role the user has.
      *
-     * @param User $user
+     * @param User   $user
+     * @param string $role
      */
-    public function removeRole(User $user): void
+    public function removeRole(User $user, string $role): void
     {
-        $user->roles()->sync([]);
+        $roleObj = $this->getRole($role);
+        if (null === $roleObj) {
+            return;
+        }
+        $user->roles()->detach($roleObj->id);
     }
 
     /**
@@ -364,7 +369,8 @@ class UserRepository implements UserRepositoryInterface
             $user->blocked_code = $data['blocked_code'];
         }
         if (isset($data['role']) && '' === $data['role']) {
-            $this->removeRole($user);
+            $this->removeRole($user, 'owner');
+            $this->removeRole($user, 'demo');
         }
 
         $user->save();
diff --git a/app/Repositories/User/UserRepositoryInterface.php b/app/Repositories/User/UserRepositoryInterface.php
index f6bcc492f4..767afcd24a 100644
--- a/app/Repositories/User/UserRepositoryInterface.php
+++ b/app/Repositories/User/UserRepositoryInterface.php
@@ -157,9 +157,10 @@ interface UserRepositoryInterface
     /**
      * Remove any role the user has.
      *
-     * @param User $user
+     * @param User   $user
+     * @param string $role
      */
-    public function removeRole(User $user): void;
+    public function removeRole(User $user, string $role): void;
 
     /**
      * Set MFA code.
diff --git a/resources/lang/en_US/firefly.php b/resources/lang/en_US/firefly.php
index 4dea05d786..fffa723b7f 100644
--- a/resources/lang/en_US/firefly.php
+++ b/resources/lang/en_US/firefly.php
@@ -1351,6 +1351,7 @@ return [
     'send_test_email_text'             => 'To see if your installation is capable of sending email, please press this button. You will not see an error here (if any), <strong>the log files will reflect any errors</strong>. You can press this button as many times as you like. There is no spam control. The message will be sent to <code>:email</code> and should arrive shortly.',
     'send_message'                     => 'Send message',
     'send_test_triggered'              => 'Test was triggered. Check your inbox and the log files.',
+    'give_admin_careful'               => 'Users who are given admin rights can take away yours. Be careful.',
 
     'split_transaction_title'               => 'Description of the split transaction',
     'split_transaction_title_help'          => 'If you create a split transaction, there must be a global description for all splits of the transaction.',
diff --git a/resources/lang/en_US/form.php b/resources/lang/en_US/form.php
index 0ae76d1a92..27feaec360 100644
--- a/resources/lang/en_US/form.php
+++ b/resources/lang/en_US/form.php
@@ -194,6 +194,7 @@ return [
     'blocked'               => 'Is blocked?',
     'blocked_code'          => 'Reason for block',
     'login_name'            => 'Login',
+    'is_owner'              => 'Is admin?',
 
     // import
     'apply_rules'           => 'Apply rules',
diff --git a/resources/views/v1/admin/users/edit.twig b/resources/views/v1/admin/users/edit.twig
index 7468734f2e..6f457bd3e8 100644
--- a/resources/views/v1/admin/users/edit.twig
+++ b/resources/views/v1/admin/users/edit.twig
@@ -22,7 +22,9 @@
                     {{ ExpandedForm.password('password_confirmation') }}
                     {{ ExpandedForm.checkbox('blocked') }}
                     {{ ExpandedForm.select('blocked_code', codes, user.blocked_code) }}
-
+                    {% if user.id != currentUser.id %}
+                        {{ ExpandedForm.checkbox('is_owner',1,isAdmin) }}
+                    {% endif %}
                 </div>
             </div>
         </div>