diff --git a/src/Fields/Relation.php b/src/Fields/Relation.php index 22cb47d5..0de7f14b 100644 --- a/src/Fields/Relation.php +++ b/src/Fields/Relation.php @@ -357,6 +357,14 @@ public function mapOption(Request $request, Model $model, Model $related): array ]; } + /** + * Get the route parameter name. + */ + public function getParameterName(): string + { + return 'rootField'; + } + /** * The routes that should be registered. */ diff --git a/src/Http/Controllers/ActionController.php b/src/Http/Controllers/ActionController.php index ad0226e6..6d0c4c6d 100644 --- a/src/Http/Controllers/ActionController.php +++ b/src/Http/Controllers/ActionController.php @@ -4,6 +4,7 @@ use Illuminate\Http\RedirectResponse; use Illuminate\Http\Request; +use Illuminate\Support\Facades\Gate; class ActionController extends Controller { @@ -12,6 +13,10 @@ class ActionController extends Controller */ public function __invoke(Request $request): RedirectResponse { - return $request->route('rootAction')->perform($request); + $action = $request->route('rootAction'); + + Gate::allowIf($action->authorized($request)); + + return $action->perform($request); } } diff --git a/src/Http/Controllers/ExtractController.php b/src/Http/Controllers/ExtractController.php index dc53d35c..a3fee32f 100644 --- a/src/Http/Controllers/ExtractController.php +++ b/src/Http/Controllers/ExtractController.php @@ -3,6 +3,7 @@ namespace Cone\Root\Http\Controllers; use Illuminate\Http\Request; +use Illuminate\Support\Facades\Gate; use Inertia\Inertia; use Inertia\Response; @@ -13,9 +14,13 @@ class ExtractController extends Controller */ public function __invoke(Request $request): Response { + $extract = $request->route('rootExtract'); + + Gate::allowIf($extract->authorized($request)); + return Inertia::render( 'Extracts/Index', - $request->route('rootExtract')->toIndex($request) + $extract->toIndex($request) ); } } diff --git a/src/Http/Controllers/MediaController.php b/src/Http/Controllers/MediaController.php index 606da719..96f64c5f 100644 --- a/src/Http/Controllers/MediaController.php +++ b/src/Http/Controllers/MediaController.php @@ -8,6 +8,7 @@ use Illuminate\Http\JsonResponse; use Illuminate\Http\Request; use Illuminate\Support\Facades\File; +use Illuminate\Support\Facades\Gate; use Illuminate\Support\Facades\Storage; class MediaController extends Controller @@ -17,7 +18,9 @@ class MediaController extends Controller */ public function index(Request $request, Model $model = null): JsonResponse { - $field = $request->route('rootRelation'); + $field = $request->route('rootField'); + + Gate::allowIf($field->authorized($request, $model)); $model ??= $request->route('rootResource')->getModelInstance(); @@ -29,9 +32,11 @@ public function index(Request $request, Model $model = null): JsonResponse */ public function store(Request $request, Model $model = null): JsonResponse { - $request->validate(['file' => ['required', 'file']]); + $field = $request->route('rootField'); - $field = $request->route('rootRelation'); + Gate::allowIf($field->authorized($request, $model)); + + $request->validate(['file' => ['required', 'file']]); $model ??= $request->route('rootResource')->getModelInstance(); @@ -58,7 +63,9 @@ public function store(Request $request, Model $model = null): JsonResponse */ public function destroy(Request $request, Model $model = null): JsonResponse { - $field = $request->route('rootRelation'); + $field = $request->route('rootField'); + + Gate::allowIf($field->authorized($request, $model)); $field->resolveRelatableQuery($request, $model ?: $request->route('rootResource')->getModelInstance()) ->find($request->input('models', [])) diff --git a/src/Http/Controllers/RelationController.php b/src/Http/Controllers/RelationController.php index e3a70a06..34550740 100644 --- a/src/Http/Controllers/RelationController.php +++ b/src/Http/Controllers/RelationController.php @@ -7,6 +7,7 @@ use Illuminate\Database\Eloquent\Model; use Illuminate\Http\RedirectResponse; use Illuminate\Http\Request; +use Illuminate\Support\Facades\Gate; use Illuminate\Support\Facades\Redirect; use Inertia\Inertia; use Inertia\Response; @@ -18,9 +19,13 @@ class RelationController extends Controller */ public function index(Request $request, Model $model): Response { + $relation = $request->route('rootRelation'); + + Gate::allowIf($relation->getAbilities($model)['viewAny'] ?? false); + return Inertia::render( 'Relations/Index', - $request->route('rootRelation')->toIndex($request, $model) + $relation->toIndex($request, $model) ); } @@ -29,9 +34,13 @@ public function index(Request $request, Model $model): Response */ public function create(Request $request, Model $model): Response { + $relation = $request->route('rootRelation'); + + Gate::allowIf($relation->getAbilities($model)['create'] ?? false); + return Inertia::render( 'Resources/Form', - $request->route('rootRelation')->toCreate($request, $model) + $relation->toCreate($request, $model) ); } @@ -42,6 +51,8 @@ public function store(Request $request, Model $model): RedirectResponse { $relation = $request->route('rootRelation'); + Gate::allowIf($relation->getAbilities($model)['create'] ?? false); + $item = $relation->newItem($model, $relation->getRelation($model)->getRelated()); $fields = $relation->resolveFields($request) @@ -63,9 +74,13 @@ public function store(Request $request, Model $model): RedirectResponse */ public function show(Request $request, Model $model, Model $related): Response { + $relation = $request->route('rootRelation'); + + Gate::allowIf($relation->newItem($model, $related)->getAbilities()['view'] ?? false); + return Inertia::render( 'Resources/Show', - $request->route('rootRelation')->toShow($request, $model, $related) + $relation->toShow($request, $model, $related) ); } @@ -74,9 +89,13 @@ public function show(Request $request, Model $model, Model $related): Response */ public function edit(Request $request, Model $model, Model $related): Response { + $relation = $request->route('rootRelation'); + + Gate::allowIf($relation->newItem($model, $related)->getAbilities()['update'] ?? false); + return Inertia::render( 'Resources/Form', - $request->route('rootRelation')->toEdit($request, $model, $related) + $related->toEdit($request, $model, $related) ); } @@ -89,6 +108,8 @@ public function update(Request $request, Model $model, Model $related): Redirect $item = $relation->newItem($model, $related); + Gate::allowIf($item->getAbilities()['update'] ?? false); + $fields = $relation->resolveFields($request) ->authorized($request, $item->model) ->visible(ResourceContext::Update->value); @@ -112,6 +133,8 @@ public function destroy(Request $request, Model $model, Model $related): Redirec $item = $relation->newItem($model, $related); + Gate::allowIf($item->getAbilities()['delete'] ?? false); + $item->model->delete(); return Redirect::to($item->resolveUrl($request)) diff --git a/src/Http/Controllers/RelationFieldController.php b/src/Http/Controllers/RelationFieldController.php index d8782751..e0a42a0b 100644 --- a/src/Http/Controllers/RelationFieldController.php +++ b/src/Http/Controllers/RelationFieldController.php @@ -5,6 +5,7 @@ use Illuminate\Database\Eloquent\Model; use Illuminate\Http\JsonResponse; use Illuminate\Http\Request; +use Illuminate\Support\Facades\Gate; class RelationFieldController extends Controller { @@ -13,7 +14,9 @@ class RelationFieldController extends Controller */ public function __invoke(Request $request, Model $model = null): JsonResponse { - $field = $request->route('rootRelation'); + $field = $request->route('rootField'); + + Gate::allowIf($field->authorized($request, $model)); $model ??= $request->route('rootResource')->getModelInstance(); diff --git a/src/Http/Controllers/WidgetController.php b/src/Http/Controllers/WidgetController.php index aafefae0..5bc7d33a 100644 --- a/src/Http/Controllers/WidgetController.php +++ b/src/Http/Controllers/WidgetController.php @@ -4,6 +4,7 @@ use Illuminate\Http\Request; use Illuminate\Http\Response; +use Illuminate\Support\Facades\Gate; class WidgetController extends Controller { @@ -12,6 +13,10 @@ class WidgetController extends Controller */ public function __invoke(Request $request): Response { - return new Response($request->route('rootWidget')->render()); + $widget = $request->route('rootWidget'); + + Gate::allowIf($widget->authorized($request)); + + return new Response($widget->render()); } } diff --git a/src/Relations/Item.php b/src/Relations/Item.php index 4c04d78e..997aafa3 100644 --- a/src/Relations/Item.php +++ b/src/Relations/Item.php @@ -19,7 +19,7 @@ public function getPolicy(): mixed /** * Resolve the abilities. */ - protected function resolveAbilities(): array + public function getAbilities(): array { $policy = $this->getPolicy(); diff --git a/src/Relations/PivotItem.php b/src/Relations/PivotItem.php index 8344bf6e..6ca764f7 100644 --- a/src/Relations/PivotItem.php +++ b/src/Relations/PivotItem.php @@ -10,7 +10,7 @@ class PivotItem extends Item /** * Resolve the abilities. */ - protected function resolveAbilities(): array + public function getAbilities(): array { $policy = $this->getPolicy(); diff --git a/src/Resources/Item.php b/src/Resources/Item.php index 668e0d93..2d297935 100644 --- a/src/Resources/Item.php +++ b/src/Resources/Item.php @@ -69,7 +69,7 @@ public function getPolicy(): mixed /** * Resolve the abilities. */ - protected function resolveAbilities(): array + public function getAbilities(): array { $policy = $this->getPolicy(); @@ -88,7 +88,7 @@ protected function resolveAbilities(): array public function toArray(): array { return [ - 'abilities' => $this->resolveAbilities(), + 'abilities' => $this->getAbilities(), 'exists' => $this->model->exists, 'id' => $this->model->getKey(), 'trashed' => $this->isTrashed(), diff --git a/src/Root.php b/src/Root.php index 3c65a4b1..bf99bc7a 100644 --- a/src/Root.php +++ b/src/Root.php @@ -20,7 +20,7 @@ class Root * * @var string */ - public const VERSION = '2.0.0'; + public const VERSION = '1.3.0'; /** * The registered booting callbacks.