From 55215be5d99aecfe5467d3bbdab26c8fdb43ac7c Mon Sep 17 00:00:00 2001
From: Marley Rae <mar@punkfairie.net>
Date: Wed, 27 Apr 2022 21:15:01 -0700
Subject: [PATCH] request + policy

---
 app/Http/Requests/StoreOwnedRequest.php | 13 +++++++++++--
 app/Policies/JoinedPolicy.php           | 17 ++--------------
 app/Policies/OwnedPolicy.php            | 26 +++++++------------------
 database/factories/OwnedFactory.php     |  1 -
 4 files changed, 20 insertions(+), 37 deletions(-)

diff --git a/app/Http/Requests/StoreOwnedRequest.php b/app/Http/Requests/StoreOwnedRequest.php
index 49abd54..6d31601 100644
--- a/app/Http/Requests/StoreOwnedRequest.php
+++ b/app/Http/Requests/StoreOwnedRequest.php
@@ -3,6 +3,7 @@
 namespace App\Http\Requests;
 
 use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Validation\Rule;
 
 class StoreOwnedRequest extends FormRequest
 {
@@ -13,7 +14,7 @@ class StoreOwnedRequest extends FormRequest
      */
     public function authorize()
     {
-        return false;
+        return $this->user()->can('create', Joined::class);
     }
 
     /**
@@ -24,7 +25,15 @@ public function authorize()
     public function rules()
     {
         return [
-            //
+            'categories'          => ['required', 'array'],
+            'categories.*'        => ['numeric', 'exists:categories,id'],
+            'subject'             => ['required', 'string'],
+            'status'              => ['required', 'string', Rule::in(['current', 'upcoming'])],
+            'slug'                => ['required', 'alpha_dash'],
+            'title'               => ['nullable', 'string'],
+            'image'               => ['nullable', 'image'],
+            'date_opened'         => ['nullable', 'date'],
+            'hold_member_updates' => ['nullable', 'boolean'],
         ];
     }
 }
diff --git a/app/Policies/JoinedPolicy.php b/app/Policies/JoinedPolicy.php
index c033e07..498cf96 100644
--- a/app/Policies/JoinedPolicy.php
+++ b/app/Policies/JoinedPolicy.php
@@ -5,7 +5,6 @@
 use App\Models\Collective;
 use App\Models\Joined;
 use Illuminate\Auth\Access\HandlesAuthorization;
-use Illuminate\Support\Facades\Auth;
 
 class JoinedPolicy
 {
@@ -14,19 +13,16 @@ class JoinedPolicy
     /**
      * Determine whether the user can view any models.
      *
-     * @param  \App\Models\Collective  $collective
      * @return \Illuminate\Auth\Access\Response|bool
      */
     public function viewAny(Collective $collective)
     {
-        return Auth::check();
+        return auth_collective()->id === $collective->id;
     }
 
     /**
      * Determine whether the user can view the model.
      *
-     * @param  \App\Models\Collective  $collective
-     * @param  \App\Models\Joined  $joined
      * @return \Illuminate\Auth\Access\Response|bool
      */
     public function view(Collective $collective, Joined $joined)
@@ -37,19 +33,16 @@ public function view(Collective $collective, Joined $joined)
     /**
      * Determine whether the user can create models.
      *
-     * @param  \App\Models\Collective  $collective
      * @return \Illuminate\Auth\Access\Response|bool
      */
     public function create(Collective $collective)
     {
-        return Auth::check();
+        return auth_collective()->id === $collective->id;
     }
 
     /**
      * Determine whether the user can update the model.
      *
-     * @param  \App\Models\Collective  $collective
-     * @param  \App\Models\Joined  $joined
      * @return \Illuminate\Auth\Access\Response|bool
      */
     public function update(Collective $collective, Joined $joined)
@@ -60,8 +53,6 @@ public function update(Collective $collective, Joined $joined)
     /**
      * Determine whether the user can delete the model.
      *
-     * @param  \App\Models\Collective  $collective
-     * @param  \App\Models\Joined  $joined
      * @return \Illuminate\Auth\Access\Response|bool
      */
     public function delete(Collective $collective, Joined $joined)
@@ -72,8 +63,6 @@ public function delete(Collective $collective, Joined $joined)
     /**
      * Determine whether the user can restore the model.
      *
-     * @param  \App\Models\Collective  $collective
-     * @param  \App\Models\Joined  $joined
      * @return \Illuminate\Auth\Access\Response|bool
      */
     public function restore(Collective $collective, Joined $joined)
@@ -84,8 +73,6 @@ public function restore(Collective $collective, Joined $joined)
     /**
      * Determine whether the user can permanently delete the model.
      *
-     * @param  \App\Models\Collective  $collective
-     * @param  \App\Models\Joined  $joined
      * @return \Illuminate\Auth\Access\Response|bool
      */
     public function forceDelete(Collective $collective, Joined $joined)
diff --git a/app/Policies/OwnedPolicy.php b/app/Policies/OwnedPolicy.php
index 4ea293a..53116b9 100644
--- a/app/Policies/OwnedPolicy.php
+++ b/app/Policies/OwnedPolicy.php
@@ -13,82 +13,70 @@ class OwnedPolicy
     /**
      * Determine whether the user can view any models.
      *
-     * @param  \App\Models\Collective  $collective
      * @return \Illuminate\Auth\Access\Response|bool
      */
     public function viewAny(Collective $collective)
     {
-        //
+        return auth_collective()->id === $collective->id;
     }
 
     /**
      * Determine whether the user can view the model.
      *
-     * @param  \App\Models\Collective  $collective
-     * @param  \App\Models\Owned  $owned
      * @return \Illuminate\Auth\Access\Response|bool
      */
     public function view(Collective $collective, Owned $owned)
     {
-        //
+        return $collective->id === $owned->collective_id;
     }
 
     /**
      * Determine whether the user can create models.
      *
-     * @param  \App\Models\Collective  $collective
      * @return \Illuminate\Auth\Access\Response|bool
      */
     public function create(Collective $collective)
     {
-        //
+        return auth_collective()->id === $collective->id;
     }
 
     /**
      * Determine whether the user can update the model.
      *
-     * @param  \App\Models\Collective  $collective
-     * @param  \App\Models\Owned  $owned
      * @return \Illuminate\Auth\Access\Response|bool
      */
     public function update(Collective $collective, Owned $owned)
     {
-        //
+        return $collective->id === $owned->collective_id;
     }
 
     /**
      * Determine whether the user can delete the model.
      *
-     * @param  \App\Models\Collective  $collective
-     * @param  \App\Models\Owned  $owned
      * @return \Illuminate\Auth\Access\Response|bool
      */
     public function delete(Collective $collective, Owned $owned)
     {
-        //
+        return $collective->id === $owned->collective_id;
     }
 
     /**
      * Determine whether the user can restore the model.
      *
-     * @param  \App\Models\Collective  $collective
-     * @param  \App\Models\Owned  $owned
      * @return \Illuminate\Auth\Access\Response|bool
      */
     public function restore(Collective $collective, Owned $owned)
     {
-        //
+        return $collective->id === $owned->collective_id;
     }
 
     /**
      * Determine whether the user can permanently delete the model.
      *
-     * @param  \App\Models\Collective  $collective
-     * @param  \App\Models\Owned  $owned
      * @return \Illuminate\Auth\Access\Response|bool
      */
     public function forceDelete(Collective $collective, Owned $owned)
     {
-        //
+        return $collective->id === $owned->collective_id;
     }
 }
diff --git a/database/factories/OwnedFactory.php b/database/factories/OwnedFactory.php
index dccbd4b..e8fcb15 100644
--- a/database/factories/OwnedFactory.php
+++ b/database/factories/OwnedFactory.php
@@ -37,7 +37,6 @@ public function definition()
             'title'               => $this->faker->words(3, true),
             'image'               => $this->faker->imageUrl(),
             'hold_member_updates' => $this->faker->boolean(),
-            'notify_pending'      => $this->faker->boolean(),
             'sort_by'             => 'country',
         ];
     }