Files
monica/app/Http/Controllers/Auth/AccountLinkController.php
T
2025-11-06 19:44:31 +02:00

123 lines
3.6 KiB
PHP

<?php
namespace App\Http\Controllers\Auth;
use Illuminate\Http\Request;
use App\Models\User\User;
use App\Models\Account\AccountLink;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Auth;
use Illuminate\Foundation\Auth\RedirectsUsers;
class AccountLinkController extends Controller
{
use RedirectsUsers;
/**
* Where to redirect users after accepting the link.
*
* @var string
*/
protected $redirectTo = '/dashboard';
/**
* Display the account link acceptance page.
*
* @param string $key
* @return \Illuminate\View\View|\Illuminate\Contracts\View\Factory|\Illuminate\Http\RedirectResponse
*/
public function show($key)
{
$accountLink = AccountLink::where('invitation_key', $key)
->firstOrFail();
// Check if the current user matches the invited user
if (! Auth::check()) {
return redirect()->route('login')
->with('status', trans('settings.account_link_login_required'));
}
if (Auth::id() !== $accountLink->user_id) {
return redirect()->route('dashboard')
->withErrors(trans('settings.account_link_wrong_user'));
}
return view('settings.users.accept-link')
->with('accountLink', $accountLink)
->with('key', $key);
}
/**
* Accept the account link invitation.
*
* @param Request $request
* @param string $key
* @return \Illuminate\Http\RedirectResponse
*/
public function store(Request $request, $key)
{
if (! Auth::check()) {
return redirect()->route('login');
}
$accountLink = AccountLink::where('invitation_key', $key)
->firstOrFail();
// Verify the user is the one invited
if (Auth::id() !== $accountLink->user_id) {
return redirect()->route('dashboard')
->withErrors(trans('settings.account_link_wrong_user'));
}
// Security check: verify the inviter's email
if ($request->input('email_security') != $accountLink->invitedBy->email) {
return redirect()->back()
->withErrors(trans('settings.users_error_email_not_similar'))
->withInput();
}
$user = Auth::user();
$oldAccountId = $user->account_id;
// Update the user's account to the new account
$user->account_id = $accountLink->account_id;
$user->invited_by_user_id = $accountLink->invited_by_user_id;
$user->save();
// Delete the account link invitation
$accountLink->delete();
// TODO: Optionally handle the old account (delete if no users left, etc.)
return redirect($this->redirectPath())
->with('status', trans('settings.account_link_accepted_success'));
}
/**
* Decline the account link invitation.
*
* @param string $key
* @return \Illuminate\Http\RedirectResponse
*/
public function destroy($key)
{
if (! Auth::check()) {
return redirect()->route('login');
}
$accountLink = AccountLink::where('invitation_key', $key)
->firstOrFail();
// Verify the user is the one invited
if (Auth::id() !== $accountLink->user_id) {
return redirect()->route('dashboard')
->withErrors(trans('settings.account_link_wrong_user'));
}
$accountLink->delete();
return redirect()->route('dashboard')
->with('status', trans('settings.account_link_declined'));
}
}