From 196e585c873249807690aced67dc0cd650185a93 Mon Sep 17 00:00:00 2001
From: Jonathan Reinink <jonathan@reinink.ca>
Date: Wed, 18 Dec 2019 16:20:14 -0500
Subject: [PATCH] Prevent editing or deleting demo user in demo environment

---
 app/Http/Controllers/UsersController.php | 10 ++++++++++
 app/Providers/AppServiceProvider.php     |  1 +
 resources/js/Shared/FlashMessages.vue    |  5 +++--
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/UsersController.php b/app/Http/Controllers/UsersController.php
index 091fb29..53b746b 100644
--- a/app/Http/Controllers/UsersController.php
+++ b/app/Http/Controllers/UsersController.php
@@ -5,9 +5,11 @@ namespace App\Http\Controllers;
 use App\User;
 use Inertia\Inertia;
 use Illuminate\Validation\Rule;
+use Illuminate\Support\Facades\App;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Request;
 use Illuminate\Support\Facades\Redirect;
+use Illuminate\Validation\ValidationException;
 
 class UsersController extends Controller
 {
@@ -77,6 +79,10 @@ class UsersController extends Controller
 
     public function update(User $user)
     {
+        if (App::environment('demo') && $user->id === 1) {
+            return Redirect::route('users.edit', $user)->with('error', 'Updating the demo user is not allowed.');
+        }
+
         Request::validate([
             'first_name' => ['required', 'max:50'],
             'last_name' => ['required', 'max:50'],
@@ -101,6 +107,10 @@ class UsersController extends Controller
 
     public function destroy(User $user)
     {
+        if (App::environment('demo') && $user->id === 1) {
+            return Redirect::route('users.edit', $user)->with('error', 'Deleting the demo user is not allowed.');
+        }
+
         $user->delete();
 
         return Redirect::route('users.edit', $user)->with('success', 'User deleted.');
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index e612ed6..fba7899 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -54,6 +54,7 @@ class AppServiceProvider extends ServiceProvider
             'flash' => function () {
                 return [
                     'success' => Session::get('success'),
+                    'error' => Session::get('error'),
                 ];
             },
             'errors' => function () {
diff --git a/resources/js/Shared/FlashMessages.vue b/resources/js/Shared/FlashMessages.vue
index 6bc99c5..9828144 100644
--- a/resources/js/Shared/FlashMessages.vue
+++ b/resources/js/Shared/FlashMessages.vue
@@ -9,10 +9,11 @@
         <svg class="block w-2 h-2 fill-green-dark group-hover:fill-green-darker" xmlns="http://www.w3.org/2000/svg" width="235.908" height="235.908" viewBox="278.046 126.846 235.908 235.908"><path d="M506.784 134.017c-9.56-9.56-25.06-9.56-34.62 0L396 210.18l-76.164-76.164c-9.56-9.56-25.06-9.56-34.62 0-9.56 9.56-9.56 25.06 0 34.62L361.38 244.8l-76.164 76.165c-9.56 9.56-9.56 25.06 0 34.62 9.56 9.56 25.06 9.56 34.62 0L396 279.42l76.164 76.165c9.56 9.56 25.06 9.56 34.62 0 9.56-9.56 9.56-25.06 0-34.62L430.62 244.8l76.164-76.163c9.56-9.56 9.56-25.06 0-34.62z" /></svg>
       </button>
     </div>
-    <div v-if="Object.keys($page.errors).length > 0 && show" class="mb-8 flex items-center justify-between bg-red-light rounded max-w-lg">
+    <div v-if="($page.flash.error || Object.keys($page.errors).length > 0) && show" class="mb-8 flex items-center justify-between bg-red-light rounded max-w-lg">
       <div class="flex items-center">
         <svg class="ml-4 mr-2 flex-no-shrink w-4 h-4 fill-white" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20"><path d="M2.93 17.07A10 10 0 1 1 17.07 2.93 10 10 0 0 1 2.93 17.07zm1.41-1.41A8 8 0 1 0 15.66 4.34 8 8 0 0 0 4.34 15.66zm9.9-8.49L11.41 10l2.83 2.83-1.41 1.41L10 11.41l-2.83 2.83-1.41-1.41L8.59 10 5.76 7.17l1.41-1.41L10 8.59l2.83-2.83 1.41 1.41z" /></svg>
-        <div class="py-4 text-white text-sm font-medium">
+        <div v-if="$page.flash.error" class="py-4 text-white text-sm font-medium">{{ $page.flash.error }}</div>
+        <div v-else class="py-4 text-white text-sm font-medium">
           <span v-if="Object.keys($page.errors).length === 1">There is one form error.</span>
           <span v-else>There are {{ Object.keys($page.errors).length }} form errors.</span>
         </div>