request + policy

This commit is contained in:
Marley Rae 2022-04-27 21:15:01 -07:00
parent c106d04ba8
commit 55215be5d9
4 changed files with 20 additions and 37 deletions

View file

@ -3,6 +3,7 @@
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule;
class StoreOwnedRequest extends FormRequest
{
@ -13,7 +14,7 @@ class StoreOwnedRequest extends FormRequest
*/
public function authorize()
{
return false;
return $this->user()->can('create', Joined::class);
}
/**
@ -24,7 +25,15 @@ public function authorize()
public function rules()
{
return [
//
'categories' => ['required', 'array'],
'categories.*' => ['numeric', 'exists:categories,id'],
'subject' => ['required', 'string'],
'status' => ['required', 'string', Rule::in(['current', 'upcoming'])],
'slug' => ['required', 'alpha_dash'],
'title' => ['nullable', 'string'],
'image' => ['nullable', 'image'],
'date_opened' => ['nullable', 'date'],
'hold_member_updates' => ['nullable', 'boolean'],
];
}
}

View file

@ -5,7 +5,6 @@
use App\Models\Collective;
use App\Models\Joined;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Support\Facades\Auth;
class JoinedPolicy
{
@ -14,19 +13,16 @@ class JoinedPolicy
/**
* Determine whether the user can view any models.
*
* @param \App\Models\Collective $collective
* @return \Illuminate\Auth\Access\Response|bool
*/
public function viewAny(Collective $collective)
{
return Auth::check();
return auth_collective()->id === $collective->id;
}
/**
* Determine whether the user can view the model.
*
* @param \App\Models\Collective $collective
* @param \App\Models\Joined $joined
* @return \Illuminate\Auth\Access\Response|bool
*/
public function view(Collective $collective, Joined $joined)
@ -37,19 +33,16 @@ public function view(Collective $collective, Joined $joined)
/**
* Determine whether the user can create models.
*
* @param \App\Models\Collective $collective
* @return \Illuminate\Auth\Access\Response|bool
*/
public function create(Collective $collective)
{
return Auth::check();
return auth_collective()->id === $collective->id;
}
/**
* Determine whether the user can update the model.
*
* @param \App\Models\Collective $collective
* @param \App\Models\Joined $joined
* @return \Illuminate\Auth\Access\Response|bool
*/
public function update(Collective $collective, Joined $joined)
@ -60,8 +53,6 @@ public function update(Collective $collective, Joined $joined)
/**
* Determine whether the user can delete the model.
*
* @param \App\Models\Collective $collective
* @param \App\Models\Joined $joined
* @return \Illuminate\Auth\Access\Response|bool
*/
public function delete(Collective $collective, Joined $joined)
@ -72,8 +63,6 @@ public function delete(Collective $collective, Joined $joined)
/**
* Determine whether the user can restore the model.
*
* @param \App\Models\Collective $collective
* @param \App\Models\Joined $joined
* @return \Illuminate\Auth\Access\Response|bool
*/
public function restore(Collective $collective, Joined $joined)
@ -84,8 +73,6 @@ public function restore(Collective $collective, Joined $joined)
/**
* Determine whether the user can permanently delete the model.
*
* @param \App\Models\Collective $collective
* @param \App\Models\Joined $joined
* @return \Illuminate\Auth\Access\Response|bool
*/
public function forceDelete(Collective $collective, Joined $joined)

View file

@ -13,82 +13,70 @@ class OwnedPolicy
/**
* Determine whether the user can view any models.
*
* @param \App\Models\Collective $collective
* @return \Illuminate\Auth\Access\Response|bool
*/
public function viewAny(Collective $collective)
{
//
return auth_collective()->id === $collective->id;
}
/**
* Determine whether the user can view the model.
*
* @param \App\Models\Collective $collective
* @param \App\Models\Owned $owned
* @return \Illuminate\Auth\Access\Response|bool
*/
public function view(Collective $collective, Owned $owned)
{
//
return $collective->id === $owned->collective_id;
}
/**
* Determine whether the user can create models.
*
* @param \App\Models\Collective $collective
* @return \Illuminate\Auth\Access\Response|bool
*/
public function create(Collective $collective)
{
//
return auth_collective()->id === $collective->id;
}
/**
* Determine whether the user can update the model.
*
* @param \App\Models\Collective $collective
* @param \App\Models\Owned $owned
* @return \Illuminate\Auth\Access\Response|bool
*/
public function update(Collective $collective, Owned $owned)
{
//
return $collective->id === $owned->collective_id;
}
/**
* Determine whether the user can delete the model.
*
* @param \App\Models\Collective $collective
* @param \App\Models\Owned $owned
* @return \Illuminate\Auth\Access\Response|bool
*/
public function delete(Collective $collective, Owned $owned)
{
//
return $collective->id === $owned->collective_id;
}
/**
* Determine whether the user can restore the model.
*
* @param \App\Models\Collective $collective
* @param \App\Models\Owned $owned
* @return \Illuminate\Auth\Access\Response|bool
*/
public function restore(Collective $collective, Owned $owned)
{
//
return $collective->id === $owned->collective_id;
}
/**
* Determine whether the user can permanently delete the model.
*
* @param \App\Models\Collective $collective
* @param \App\Models\Owned $owned
* @return \Illuminate\Auth\Access\Response|bool
*/
public function forceDelete(Collective $collective, Owned $owned)
{
//
return $collective->id === $owned->collective_id;
}
}

View file

@ -37,7 +37,6 @@ public function definition()
'title' => $this->faker->words(3, true),
'image' => $this->faker->imageUrl(),
'hold_member_updates' => $this->faker->boolean(),
'notify_pending' => $this->faker->boolean(),
'sort_by' => 'country',
];
}