handle authorization

conedevelopment · Apr 21, 2023 · c4703be · c4703be
1 parent 6b81894
commit c4703be
Show file tree

Hide file tree

Showing 11 changed files with 73 additions and 17 deletions.
diff --git a/src/Fields/Relation.php b/src/Fields/Relation.php
@@ -357,6 +357,14 @@ public function mapOption(Request $request, Model $model, Model $related): array
         ];
     }
 
+    /**
+     * Get the route parameter name.
+     */
+    public function getParameterName(): string
+    {
+        return 'rootField';
+    }
+
     /**
      * The routes that should be registered.
      */

diff --git a/src/Http/Controllers/ActionController.php b/src/Http/Controllers/ActionController.php
@@ -4,6 +4,7 @@
 
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Gate;
 
 class ActionController extends Controller
 {
@@ -12,6 +13,10 @@ class ActionController extends Controller
      */
     public function __invoke(Request $request): RedirectResponse
     {
-        return $request->route('rootAction')->perform($request);
+        $action = $request->route('rootAction');
+
+        Gate::allowIf($action->authorized($request));
+
+        return $action->perform($request);
     }
 }
diff --git a/src/Http/Controllers/ExtractController.php b/src/Http/Controllers/ExtractController.php
@@ -3,6 +3,7 @@
 namespace Cone\Root\Http\Controllers;
 
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Gate;
 use Inertia\Inertia;
 use Inertia\Response;
 
@@ -13,9 +14,13 @@ class ExtractController extends Controller
      */
     public function __invoke(Request $request): Response
     {
+        $extract = $request->route('rootExtract');
+
+        Gate::allowIf($extract->authorized($request));
+
         return Inertia::render(
             'Extracts/Index',
-            $request->route('rootExtract')->toIndex($request)
+            $extract->toIndex($request)
         );
     }
 }
diff --git a/src/Http/Controllers/MediaController.php b/src/Http/Controllers/MediaController.php
@@ -8,6 +8,7 @@
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\File;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Facades\Storage;
 
 class MediaController extends Controller
@@ -17,7 +18,9 @@ class MediaController extends Controller
      */
     public function index(Request $request, Model $model = null): JsonResponse
     {
-        $field = $request->route('rootRelation');
+        $field = $request->route('rootField');
+
+        Gate::allowIf($field->authorized($request, $model));
 
         $model ??= $request->route('rootResource')->getModelInstance();
 
@@ -29,9 +32,11 @@ public function index(Request $request, Model $model = null): JsonResponse
      */
     public function store(Request $request, Model $model = null): JsonResponse
     {
-        $request->validate(['file' => ['required', 'file']]);
+        $field = $request->route('rootField');
 
-        $field = $request->route('rootRelation');
+        Gate::allowIf($field->authorized($request, $model));
+
+        $request->validate(['file' => ['required', 'file']]);
 
         $model ??= $request->route('rootResource')->getModelInstance();
 
@@ -58,7 +63,9 @@ public function store(Request $request, Model $model = null): JsonResponse
      */
     public function destroy(Request $request, Model $model = null): JsonResponse
     {
-        $field = $request->route('rootRelation');
+        $field = $request->route('rootField');
+
+        Gate::allowIf($field->authorized($request, $model));
 
         $field->resolveRelatableQuery($request, $model ?: $request->route('rootResource')->getModelInstance())
               ->find($request->input('models', []))

diff --git a/src/Http/Controllers/RelationController.php b/src/Http/Controllers/RelationController.php
@@ -7,6 +7,7 @@
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Facades\Redirect;
 use Inertia\Inertia;
 use Inertia\Response;
@@ -18,9 +19,13 @@ class RelationController extends Controller
      */
     public function index(Request $request, Model $model): Response
     {
+        $relation = $request->route('rootRelation');
+
+        Gate::allowIf($relation->getAbilities($model)['viewAny'] ?? false);
+
         return Inertia::render(
             'Relations/Index',
-            $request->route('rootRelation')->toIndex($request, $model)
+            $relation->toIndex($request, $model)
         );
     }
 
@@ -29,9 +34,13 @@ public function index(Request $request, Model $model): Response
      */
     public function create(Request $request, Model $model): Response
     {
+        $relation = $request->route('rootRelation');
+
+        Gate::allowIf($relation->getAbilities($model)['create'] ?? false);
+
         return Inertia::render(
             'Resources/Form',
-            $request->route('rootRelation')->toCreate($request, $model)
+            $relation->toCreate($request, $model)
         );
     }
 
@@ -42,6 +51,8 @@ public function store(Request $request, Model $model): RedirectResponse
     {
         $relation = $request->route('rootRelation');
 
+        Gate::allowIf($relation->getAbilities($model)['create'] ?? false);
+
         $item = $relation->newItem($model, $relation->getRelation($model)->getRelated());
 
         $fields = $relation->resolveFields($request)
@@ -63,9 +74,13 @@ public function store(Request $request, Model $model): RedirectResponse
      */
     public function show(Request $request, Model $model, Model $related): Response
     {
+        $relation = $request->route('rootRelation');
+
+        Gate::allowIf($relation->newItem($model, $related)->getAbilities()['view'] ?? false);
+
         return Inertia::render(
             'Resources/Show',
-            $request->route('rootRelation')->toShow($request, $model, $related)
+            $relation->toShow($request, $model, $related)
         );
     }
 
@@ -74,9 +89,13 @@ public function show(Request $request, Model $model, Model $related): Response
      */
     public function edit(Request $request, Model $model, Model $related): Response
     {
+        $relation = $request->route('rootRelation');
+
+        Gate::allowIf($relation->newItem($model, $related)->getAbilities()['update'] ?? false);
+
         return Inertia::render(
             'Resources/Form',
-            $request->route('rootRelation')->toEdit($request, $model, $related)
+            $related->toEdit($request, $model, $related)
         );
     }
 
@@ -89,6 +108,8 @@ public function update(Request $request, Model $model, Model $related): Redirect
 
         $item = $relation->newItem($model, $related);
 
+        Gate::allowIf($item->getAbilities()['update'] ?? false);
+
         $fields = $relation->resolveFields($request)
                             ->authorized($request, $item->model)
                             ->visible(ResourceContext::Update->value);
@@ -112,6 +133,8 @@ public function destroy(Request $request, Model $model, Model $related): Redirec
 
         $item = $relation->newItem($model, $related);
 
+        Gate::allowIf($item->getAbilities()['delete'] ?? false);
+
         $item->model->delete();
 
         return Redirect::to($item->resolveUrl($request))

diff --git a/src/Http/Controllers/RelationFieldController.php b/src/Http/Controllers/RelationFieldController.php
@@ -5,6 +5,7 @@
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Gate;
 
 class RelationFieldController extends Controller
 {
@@ -13,7 +14,9 @@ class RelationFieldController extends Controller
      */
     public function __invoke(Request $request, Model $model = null): JsonResponse
     {
-        $field = $request->route('rootRelation');
+        $field = $request->route('rootField');
+
+        Gate::allowIf($field->authorized($request, $model));
 
         $model ??= $request->route('rootResource')->getModelInstance();
 

diff --git a/src/Http/Controllers/WidgetController.php b/src/Http/Controllers/WidgetController.php
@@ -4,6 +4,7 @@
 
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
+use Illuminate\Support\Facades\Gate;
 
 class WidgetController extends Controller
 {
@@ -12,6 +13,10 @@ class WidgetController extends Controller
      */
     public function __invoke(Request $request): Response
     {
-        return new Response($request->route('rootWidget')->render());
+        $widget = $request->route('rootWidget');
+
+        Gate::allowIf($widget->authorized($request));
+
+        return new Response($widget->render());
     }
 }
diff --git a/src/Relations/Item.php b/src/Relations/Item.php
@@ -19,7 +19,7 @@ public function getPolicy(): mixed
     /**
      * Resolve the abilities.
      */
-    protected function resolveAbilities(): array
+    public function getAbilities(): array
     {
         $policy = $this->getPolicy();
 

diff --git a/src/Relations/PivotItem.php b/src/Relations/PivotItem.php
@@ -10,7 +10,7 @@ class PivotItem extends Item
     /**
      * Resolve the abilities.
      */
-    protected function resolveAbilities(): array
+    public function getAbilities(): array
     {
         $policy = $this->getPolicy();
 

diff --git a/src/Resources/Item.php b/src/Resources/Item.php
@@ -69,7 +69,7 @@ public function getPolicy(): mixed
     /**
      * Resolve the abilities.
      */
-    protected function resolveAbilities(): array
+    public function getAbilities(): array
     {
         $policy = $this->getPolicy();
 
@@ -88,7 +88,7 @@ protected function resolveAbilities(): array
     public function toArray(): array
     {
         return [
-            'abilities' => $this->resolveAbilities(),
+            'abilities' => $this->getAbilities(),
             'exists' => $this->model->exists,
             'id' => $this->model->getKey(),
             'trashed' => $this->isTrashed(),

diff --git a/src/Root.php b/src/Root.php
@@ -20,7 +20,7 @@ class Root
      *
      * @var string
      */
-    public const VERSION = '2.0.0';
+    public const VERSION = '1.3.0';
 
     /**
      * The registered booting callbacks.