monicahq · asbiin · Jan 18, 2019 · Jan 17, 2019 · Jan 17, 2019 · Jan 17, 2019
diff --git a/.env.example b/.env.example
@@ -10,6 +10,10 @@ APP_ENV=local
 # to false.
 APP_DEBUG=false
 
+# Enable Laravel Telescope https://laravel.com/docs/5.7/telescope
+# default: false
+TELESCOPE_ENABLED=false
+
 # The encryption key. This is the most important part of the application. Keep
 # this secure otherwise, everyone will be able to access your application.
 # Must be 32 characters long exactly.
@@ -174,5 +178,4 @@ ENABLE_WEATHER=false
 # https://darksky.net/dev/register
 # Darksky provides an api with 1000 free API calls per day
 # You need to enable the weather above if you provide an API key here.
- DARKSKY_API_KEY=
-
+DARKSKY_API_KEY=
diff --git a/CHANGELOG b/CHANGELOG
@@ -2,6 +2,8 @@ UNRELEASED CHANGES:
 
 New features:
 
+* Add Laravel Telescope (deactivated by default)
+* Add notion of instance administrator for a user
 * Add ability to name u2f security keys and to delete register ones
 * Add ability to add a comment when rating your day in the journal
 * Add API methods to manage genders

diff --git a/app/Console/Commands/SetUserAdmin.php b/app/Console/Commands/SetUserAdmin.php
@@ -0,0 +1,74 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Models\User\User;
+use Illuminate\Console\Command;
+
+class SetUserAdmin extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'monica:admin'.
+                           ' {--email= : The email of the user whose admin status you want to change}'.
+                           ' {--force : Run without asking for confirmation}';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Toggle administrator privileges for a user';
+
+    /**
+     * Execute the console command.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+        // retrieve the email from the option
+        $email = $this->option('email');
+
+        // if no email was passed to the option, prompt the user to enter the email
+        if (! $email) {
+            $email = $this->ask('What is the user’s email?');
+        }
+
+        // retrieve the user with the specified email
+        $user = User::where('email', $email)->first();
+
+        if (! $user) {
+            // show an error and exist if the user does not exist
+            $this->error('No user with that email.');
+
+            return;
+        }
+
+        // Print a warning
+        if ($user->admin) {
+            $this->warn($user->email.' will be removed from the administrators of this instance');
+        } else {
+            $this->warn($user->email.' will be added to the administrators of this instance');
+        }
+
+        // ask for confirmation if not forced
+        if (! $this->option('force') && ! $this->confirm('Do you wish to continue?')) {
+            return;
+        }
+
+        // toglle admin status
+        $user->admin = ! $user->admin;
+        $user->save();
+
+        // Show new status
+        if ($user->admin) {
+            $this->info($user->email.' has been added to the administrators of this instance');
+        } else {
+            $this->info($user->email.' has been removed from the administrators of this instance');
+        }
+    }
+}
diff --git a/app/Console/Kernel.php b/app/Console/Kernel.php
@@ -28,6 +28,7 @@ class Kernel extends ConsoleKernel
         'App\Console\Commands\SetupTest',
         'App\Console\Commands\SetupFrontEndTest',
         'App\Console\Commands\SetPremiumAccount',
+        'App\Console\Commands\SetUserAdmin',
         'App\Console\Commands\Update',
         'App\Console\Commands\MigrateDatabaseCollation',
         'App\Console\Commands\OneTime\MoveAvatars',
@@ -48,5 +49,8 @@ protected function schedule(Schedule $schedule)
         if (config('trustedproxy.cloudflare')) {
             $schedule->command('cloudflare:reload')->daily();
         }
+        if (config('telescope.enabled')) {
+            $schedule->command('telescope:prune --hours=48')->daily();
+        }
     }
 }
diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php
@@ -65,6 +65,9 @@ class SettingsController
         'sessions',
         'statistics',
         'subscriptions',
+        'telescope_entries',
+        'telescope_entries_tags',
+        'telescope_monitoring',
         'terms',
         'u2f_key',
         'users',

diff --git a/app/Models/User/User.php b/app/Models/User/User.php
@@ -68,6 +68,7 @@ class User extends Authenticatable implements MustVerifyEmail
      */
     protected $casts = [
         'profile_new_life_event_badge_seen' => 'boolean',
+        'admin' => 'boolean',
     ];
 
     /**

diff --git a/app/Providers/TelescopeServiceProvider.php b/app/Providers/TelescopeServiceProvider.php
@@ -0,0 +1,66 @@
+<?php
+
+namespace App\Providers;
+
+use Laravel\Telescope\Telescope;
+use Illuminate\Support\Facades\Gate;
+use Laravel\Telescope\IncomingEntry;
+use Laravel\Telescope\TelescopeApplicationServiceProvider;
+
+class TelescopeServiceProvider extends TelescopeApplicationServiceProvider
+{
+    /**
+     * Register any application services.
+     *
+     * @return void
+     */
+    public function register()
+    {
+        $this->hideSensitiveRequestDetails();
+
+        Telescope::filter(function (IncomingEntry $entry) {
+            if ($this->app->isLocal()) {
+                return true;
+            }
+
+            return $entry->isReportableException() ||
+                   $entry->isFailedJob() ||
+                   $entry->isScheduledTask() ||
+                   $entry->hasMonitoredTag();
+        });
+    }
+
+    /**
+     * Prevent sensitive request details from being logged by Telescope.
+     *
+     * @return void
+     */
+    protected function hideSensitiveRequestDetails()
+    {
+        if ($this->app->isLocal()) {
+            return;
+        }
+
+        Telescope::hideRequestParameters(['_token']);
+
+        Telescope::hideRequestHeaders([
+            'cookie',
+            'x-csrf-token',
+            'x-xsrf-token',
+        ]);
+    }
+
+    /**
+     * Register the Telescope gate.
+     *
+     * This gate determines who can access Telescope in non-local environments.
+     *
+     * @return void
+     */
+    protected function gate()
+    {
+        Gate::define('viewTelescope', function ($user) {
+            return $user->admin;
+        });
+    }
+}
diff --git a/composer.json b/composer.json
@@ -22,6 +22,7 @@
         "laravel/framework": "5.7.*",
         "laravel/passport": "^7.0",
         "laravel/socialite": "^4.0",
+        "laravel/telescope": "^1.0",
         "laravel/tinker": "^1.0",
         "league/flysystem-aws-s3-v3": "~1.0",
         "league/flysystem-cached-adapter": "^1.0",

diff --git a/composer.lock b/composer.lock
-Original file line number
+Diff line change
@@ Expand Up / @@ -68,6 +68,7 @@ class User extends Authenticatable implements MustVerifyEmail @@
          */
         protected $casts = [
             'profile_new_life_event_badge_seen' => 'boolean',
+            'admin' => 'boolean',
         ];
         /**
@@ Expand Down @@