From 8eb3e05928749aa86f84da8aa581597a6e7f5bc3 Mon Sep 17 00:00:00 2001
From: Pellegrino Durante <pellegrino.durante@gmail.com>
Date: Wed, 2 Oct 2024 17:37:53 +0200
Subject: [PATCH] feat: add support to custom guard in controller and resource

---
 src/Http/Api/Contracts/HasParser.php            |  3 ++-
 src/Http/Api/Contracts/HasPolicies.php          | 12 +++++++-----
 src/Http/Api/Contracts/HasResponse.php          |  1 +
 src/Http/Api/Controller.php                     |  8 ++++++++
 .../Resources/Contracts/AllowableFields.php     | 17 ++++++++++++++++-
 5 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/src/Http/Api/Contracts/HasParser.php b/src/Http/Api/Contracts/HasParser.php
index 01dd64f..ff650ce 100644
--- a/src/Http/Api/Contracts/HasParser.php
+++ b/src/Http/Api/Contracts/HasParser.php
@@ -86,7 +86,8 @@ protected function filterByParent(): array
         $parentPolicy = Gate::getPolicyFor($routeRelation);
 
         if (! is_null($parentPolicy)) {
-            $this->authorize('view', $routeRelation);
+            $user = auth($this->guard)->user();
+            $this->authorizeForUser($user, 'view', $routeRelation);
         }
 
         $filter = match (class_basename(get_class($relation))) {
diff --git a/src/Http/Api/Contracts/HasPolicies.php b/src/Http/Api/Contracts/HasPolicies.php
index df92ca8..779b443 100644
--- a/src/Http/Api/Contracts/HasPolicies.php
+++ b/src/Http/Api/Contracts/HasPolicies.php
@@ -13,7 +13,7 @@ trait HasPolicies
      */
     protected function qualifyCollectionQuery(): void
     {
-        $user = auth()->user();
+        $user = auth($this->guard)->user();
         $modelPolicy = Gate::getPolicyFor($this->model());
 
         if ($modelPolicy && method_exists($modelPolicy, 'qualifyCollectionQueryWithUser')) {
@@ -28,7 +28,7 @@ protected function qualifyCollectionQuery(): void
      */
     protected function qualifyItemQuery(): void
     {
-        $user = auth()->user();
+        $user = auth($this->guard)->user();
         $modelPolicy = Gate::getPolicyFor($this->model());
 
         if ($modelPolicy && method_exists($modelPolicy, 'qualifyItemQueryWithUser')) {
@@ -45,7 +45,7 @@ protected function qualifyItemQuery(): void
      */
     protected function qualifyStoreQuery(array $data): array
     {
-        $user = auth()->user();
+        $user = auth($this->guard)->user();
         $modelPolicy = Gate::getPolicyFor($this->model());
 
         if ($modelPolicy && method_exists($modelPolicy, 'qualifyStoreDataWithUser')) {
@@ -64,7 +64,7 @@ protected function qualifyStoreQuery(array $data): array
      */
     protected function qualifyUpdateQuery(array $data): array
     {
-        $user = auth()->user();
+        $user = auth($this->guard)->user();
         $modelPolicy = Gate::getPolicyFor($this->model());
 
         if ($modelPolicy && method_exists($modelPolicy, 'qualifyUpdateDataWithUser')) {
@@ -124,8 +124,10 @@ protected function testUserPolicyAction(string $ability, $arguments = null, bool
             return true;
         }
 
+        $user = auth($this->guard)->user();
+
         /* @scrutinizer ignore-call */
-        $this->authorize($ability, $model);
+        $this->authorizeForUser($user, $ability, $model);
 
         return true;
     }
diff --git a/src/Http/Api/Contracts/HasResponse.php b/src/Http/Api/Contracts/HasResponse.php
index e95dcec..f0aca4f 100644
--- a/src/Http/Api/Contracts/HasResponse.php
+++ b/src/Http/Api/Contracts/HasResponse.php
@@ -58,6 +58,7 @@ protected function respondWithMany($items, $code = null, $headers = [])
     protected function respondWithResource($resource, $data, $code = null, $headers = [])
     {
         return $resource::make($data)
+            ->setGuard($this->guard)
             ->response()
             ->setStatusCode($code ?? $this->getStatusCode())
             ->withHeaders($headers);
diff --git a/src/Http/Api/Controller.php b/src/Http/Api/Controller.php
index 6543753..d4b3bec 100644
--- a/src/Http/Api/Controller.php
+++ b/src/Http/Api/Controller.php
@@ -62,6 +62,14 @@ abstract class Controller extends BaseController
      */
     protected $maximumLimit = 0;
 
+    /**
+     * Guard to use for authentication and authorization.
+     * null defaults to default guard config (auth.defaults.guard)
+     *
+     * @var ?string
+     */
+    protected $guard = null;
+
     /**
      * Display a listing of the resource.
      * GET /api/{resource}.
diff --git a/src/Http/Resources/Contracts/AllowableFields.php b/src/Http/Resources/Contracts/AllowableFields.php
index f07ceec..48d97cc 100644
--- a/src/Http/Resources/Contracts/AllowableFields.php
+++ b/src/Http/Resources/Contracts/AllowableFields.php
@@ -53,6 +53,14 @@ trait AllowableFields
      */
     protected static ?array $fieldGates = null;
 
+    /**
+     * Guard used to retrieve the user from the request.
+     * null defaults to default guard config (auth.defaults.guard)
+     *
+     * @var ?string
+     */
+    protected ?string $guard = null;
+
     /**
      * Makes sure we only return allowable fields.
      *
@@ -141,6 +149,13 @@ protected function mapFields($request): array
         return $this->filterAllowedFields($fields);
     }
 
+    public function setGuard(string $guard): static
+    {
+        $this->guard = $guard;
+
+        return $this;
+    }
+
     public function filterAllowedFields($fields)
     {
         if (empty(static::$allowedFields) || static::$allowedFields === ['*']) {
@@ -217,7 +232,7 @@ protected function filterUserViewableFields($request): array
         return collect($this->mapFields($request))
         ->when(
             ! empty(static::$fieldGates),
-            fn($collection) => $collection->filter(fn($field) => $this->filterUserField($field, $request->user()))
+            fn($collection) => $collection->filter(fn($field) => $this->filterUserField($field, $request->user($this->guard)))
         )
         ->toArray();
     }