From f2f375c505db0e7f0b264a2849c02206c158b9c7 Mon Sep 17 00:00:00 2001 From: Lupacescu Eduard Date: Wed, 29 Jan 2020 13:35:08 +0200 Subject: [PATCH 1/4] Autorize repository --- src/Http/Requests/InteractWithRepositories.php | 2 +- src/Traits/AuthorizableModels.php | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/src/Http/Requests/InteractWithRepositories.php b/src/Http/Requests/InteractWithRepositories.php index 18a4df474..cca02ee70 100644 --- a/src/Http/Requests/InteractWithRepositories.php +++ b/src/Http/Requests/InteractWithRepositories.php @@ -43,7 +43,7 @@ public function repository($key = null) ]), 404); } - if (! $repository::authorizedToShowAny($this)) { + if (! $repository::authorizedToShowRepository($this)) { throw new UnauthorizedException(__('Unauthorized to view repository :name.', [ 'name' => $repository, ]), 403); diff --git a/src/Traits/AuthorizableModels.php b/src/Traits/AuthorizableModels.php index cbc98909f..6d4ce9f11 100644 --- a/src/Traits/AuthorizableModels.php +++ b/src/Traits/AuthorizableModels.php @@ -69,6 +69,23 @@ public static function authorizedToShowAny(Request $request) : true; } + /** + * Determine if the repository url is available + * + * @param \Illuminate\Http\Request $request + * @return bool + */ + public static function authorizedToShowRepository(Request $request) + { + if (! static::authorizable()) { + return true; + } + + return method_exists(Gate::getPolicyFor(static::newModel()), 'showRepository') + ? Gate::check('showRepository', get_class(static::newModel())) + : true; + } + /** * Determine if the current user can view the given resource or throw. * From bacf90c492b6409ef682d472a4c8389efd323b1d Mon Sep 17 00:00:00 2001 From: Lupacescu Eduard Date: Wed, 29 Jan 2020 13:35:27 +0200 Subject: [PATCH 2/4] Apply fixes from StyleCI (#121) --- src/Traits/AuthorizableModels.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Traits/AuthorizableModels.php b/src/Traits/AuthorizableModels.php index 6d4ce9f11..13a6917d9 100644 --- a/src/Traits/AuthorizableModels.php +++ b/src/Traits/AuthorizableModels.php @@ -70,7 +70,7 @@ public static function authorizedToShowAny(Request $request) } /** - * Determine if the repository url is available + * Determine if the repository url is available. * * @param \Illuminate\Http\Request $request * @return bool From f9e45fb0c51614ec62b09022d762ea2512bab2cd Mon Sep 17 00:00:00 2001 From: Lupacescu Eduard Date: Thu, 30 Jan 2020 07:08:55 +0200 Subject: [PATCH 3/4] Adding filter every policy --- src/Commands/stubs/policy.stub | 11 ++++++++ .../Requests/InteractWithRepositories.php | 4 +-- src/Repositories/Crudable.php | 6 ++--- src/Traits/AuthorizableModels.php | 26 ++++++++++++++++--- 4 files changed, 38 insertions(+), 9 deletions(-) diff --git a/src/Commands/stubs/policy.stub b/src/Commands/stubs/policy.stub index aa7caa6c6..820efadda 100644 --- a/src/Commands/stubs/policy.stub +++ b/src/Commands/stubs/policy.stub @@ -16,6 +16,17 @@ class DummyClass * @param \App\User $user * @return mixed */ + public function showEvery(User $user = null) + { + // + } + + /** + * Determine whether the user is authorized to access the repository uriKey + * + * @param \App\User $user + * @return mixed + */ public function showAny(User $user = null) { // diff --git a/src/Http/Requests/InteractWithRepositories.php b/src/Http/Requests/InteractWithRepositories.php index cca02ee70..10684ccb1 100644 --- a/src/Http/Requests/InteractWithRepositories.php +++ b/src/Http/Requests/InteractWithRepositories.php @@ -43,8 +43,8 @@ public function repository($key = null) ]), 404); } - if (! $repository::authorizedToShowRepository($this)) { - throw new UnauthorizedException(__('Unauthorized to view repository :name.', [ + if (! $repository::authorizedToShowAny($this)) { + throw new UnauthorizedException(__('Unauthorized to view repository :name. See "showAny" policy.', [ 'name' => $repository, ]), 403); } diff --git a/src/Repositories/Crudable.php b/src/Repositories/Crudable.php index 620243ace..c45d79a64 100644 --- a/src/Repositories/Crudable.php +++ b/src/Repositories/Crudable.php @@ -47,7 +47,7 @@ public function index(RestifyRequest $request) }); try { - $this->allowToViewAny($request, $items); + $this->allowToShowEvery($request, $items); } catch (UnauthorizedException | AuthorizationException $e) { return $this->response()->forbidden()->addError($e->getMessage()); } @@ -203,9 +203,9 @@ public function allowToShow($request) * @param Collection $items * @throws \Illuminate\Auth\Access\AuthorizationException */ - public function allowToViewAny($request, Collection $items) + public function allowToShowEvery($request, Collection $items) { - $this->authorizeToShowAny($request); + $this->authorizeToShowEvery($request); } /** diff --git a/src/Traits/AuthorizableModels.php b/src/Traits/AuthorizableModels.php index 6d4ce9f11..8f3609556 100644 --- a/src/Traits/AuthorizableModels.php +++ b/src/Traits/AuthorizableModels.php @@ -70,19 +70,37 @@ public static function authorizedToShowAny(Request $request) } /** - * Determine if the repository url is available + * Determine if the resource should be available for the given request ( + * + * @param \Illuminate\Http\Request $request + * @return void + * @throws AuthorizationException + */ + public function authorizeToShowEvery(Request $request) + { + if (! static::authorizable()) { + return; + } + + if (method_exists(Gate::getPolicyFor(static::newModel()), 'showEvery')) { + $this->authorizeTo($request, 'showEvery'); + } + } + + /** + * Determine if the resource should be available for the given request. * * @param \Illuminate\Http\Request $request * @return bool */ - public static function authorizedToShowRepository(Request $request) + public static function authorizedToShowEvery(Request $request) { if (! static::authorizable()) { return true; } - return method_exists(Gate::getPolicyFor(static::newModel()), 'showRepository') - ? Gate::check('showRepository', get_class(static::newModel())) + return method_exists(Gate::getPolicyFor(static::newModel()), 'showEvery') + ? Gate::check('showEvery', get_class(static::newModel())) : true; } From 702aa071a75e0b51b45efe2a043b85167c817bbf Mon Sep 17 00:00:00 2001 From: Lupacescu Eduard Date: Thu, 30 Jan 2020 07:09:47 +0200 Subject: [PATCH 4/4] Apply fixes from StyleCI (#122) --- src/Traits/AuthorizableModels.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Traits/AuthorizableModels.php b/src/Traits/AuthorizableModels.php index 8f3609556..b72454d0c 100644 --- a/src/Traits/AuthorizableModels.php +++ b/src/Traits/AuthorizableModels.php @@ -70,7 +70,7 @@ public static function authorizedToShowAny(Request $request) } /** - * Determine if the resource should be available for the given request ( + * Determine if the resource should be available for the given request (. * * @param \Illuminate\Http\Request $request * @return void