Added moderator impersonation

app/Http/Middleware/ImpersonationMiddleware.php

@@ -0,0 +1,94 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+
+class ImpersonationMiddleware
+{
+    public const ADMIN_LOG_PREFIX = '[admin_action] ';
+    const LOG_ROUTES = [
+        'open.forms.store',
+        'open.forms.update',
+        'open.forms.duplicate',
+        'open.forms.regenerate-link',
+    ];
+
+    const ALLOWED_ROUTES = [
+        'logout',
+
+        // Forms
+        'forms.ai.generate',
+        'forms.ai.show',
+        'forms.assets.show',
+        'forms.show',
+        'forms.answer',
+        'forms.fetchSubmission',
+        'forms.users.index',
+        'open.forms.index-all',
+        'open.forms.store',
+        'open.forms.assets.upload',
+        'open.forms.update',
+        'open.forms.duplicate',
+        'open.forms.regenerate-link',
+        'open.forms.submissions',
+        'open.forms.submissions.file',
+
+        // Workspaces
+        'open.workspaces.index',
+        'open.workspaces.create',
+        'open.workspaces.delete',
+        'open.workspaces.save-custom-domains',
+        'open.workspaces.databases.search',
+        'open.workspaces.databases.show',
+        'open.workspaces.form.stats',
+        'open.workspaces.forms.index',
+        'open.workspaces.users.index',
+
+        'templates.index',
+        'templates.create',
+        'templates.update',
+        'templates.show',
+
+        'user.current',
+        'local.temp',
+    ];
+
+    /**
+     * Handle an incoming request.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
+     * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        if (!auth()->check() ||
+            !auth()->payload()->get('impersonating')) {
+            return $next($request);
+        }
+        // Check that route is allowed
+        $routeName = $request->route()->getName();
+        if (!in_array($routeName, self::ALLOWED_ROUTES)) {
+            return response([
+                'message' => 'Unauthorized when impersonating',
+                'route' => $routeName,
+                'impersonator' => auth()->payload()->get('impersonator_id'),
+                'impersonated_account' => auth()->id(),
+                'url' => $request->fullUrl(),
+                'payload' => $request->all()
+            ], 403);
+        } else if (in_array($routeName, self::LOG_ROUTES)) {
+            \Log::warning(self::ADMIN_LOG_PREFIX . 'Impersonator action', [
+                'route' => $routeName,
+                'url' => $request->fullUrl(),
+                'impersonated_account' => auth()->id(),
+                'impersonator' => auth()->payload()->get('impersonator_id'),
+                'payload' => $request->all()
+            ]);
+        }
+
+        return $next($request);
+    }
+}

app/Http/Middleware/IsModerator.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+
+class IsModerator
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        if ($request->user() && !$request->user()->moderator) {
+            // This user is not a paying customer...
+            if ($request->expectsJson()) {
+                return response([
+                    'message' => 'You are not allowed.',
+                    'type' => 'error',
+                ], 403);
+            }
+            return redirect('home');
+        }
+
+        return $next($request);
+    }
+}