#1634 Updated final endpoints

app/Http/Controllers/APIBrushlineController.php

@@ -32,9 +32,7 @@ function store(APIBrushlineFormRequest $request, DungeonRoute $dungeonRoute, ?Br
     {
         $dungeonRoute = optional($brushline)->dungeonRoute ?? $dungeonRoute;
 
-        if (!$dungeonRoute->isSandbox()) {
-            $this->authorize('edit', $dungeonRoute);
-        }
+        $this->authorize('edit', $dungeonRoute);
 
         $validated = $request->validated();
 
@@ -95,10 +93,8 @@ function delete(Request $request, DungeonRoute $dungeonRoute, Brushline $brushli
     {
         $dungeonRoute = $brushline->dungeonRoute;
 
-        if (!$dungeonRoute->isSandbox()) {
-            // Edit intentional; don't use delete rule because team members shouldn't be able to delete someone else's map comment
-            $this->authorize('edit', $dungeonRoute);
-        }
+        // Edit intentional; don't use delete rule because team members shouldn't be able to delete someone else's brush line
+        $this->authorize('edit', $dungeonRoute);
 
         try {
             if ($brushline->delete()) {

app/Http/Controllers/APIEnemyController.php

@@ -4,7 +4,7 @@
 
 use App\Events\Model\ModelDeletedEvent;
 use App\Http\Controllers\Traits\PublicKeyDungeonRoute;
-use App\Http\Requests\Enemy\EnemyFormRequest;
+use App\Http\Requests\Enemy\APIEnemyFormRequest;
 use App\Models\DungeonRoute;
 use App\Models\DungeonRouteEnemyRaidMarker;
 use App\Models\Enemy;
@@ -27,13 +27,13 @@ class APIEnemyController extends APIMappingModelBaseController
     use PublicKeyDungeonRoute;
 
     /**
-     * @param EnemyFormRequest $request
+     * @param APIEnemyFormRequest $request
      * @param Enemy|null $enemy
      * @return Enemy|Model
      * @throws Exception
      * @throws Throwable
      */
-    public function store(EnemyFormRequest $request, Enemy $enemy = null): Enemy
+    public function store(APIEnemyFormRequest $request, Enemy $enemy = null): Enemy
     {
         $validated = $request->validated();
 
@@ -42,6 +42,7 @@ public function store(EnemyFormRequest $request, Enemy $enemy = null): Enemy
 
         return $this->storeModel($validated, Enemy::class, $enemy, function (Enemy $enemy) use ($request) {
             $activeAuras = $request->get('active_auras', []);
+
             // Clear current active auras
             $enemy->enemyactiveauras()->delete();
             foreach ($activeAuras as $activeAura) {
@@ -82,7 +83,7 @@ public function setRaidMarker(Request $request, DungeonRoute $dungeonRoute, Enem
             if (!empty($raidMarkerName)) {
                 DungeonRouteEnemyRaidMarker::create([
                     'dungeon_route_id' => $dungeonRoute->id,
-                    'raid_marker_id'   => RaidMarker::where('name', $raidMarkerName)->first()->id,
+                    'raid_marker_id'   => RaidMarker::ALL[$raidMarkerName],
                     'enemy_id'         => $enemy->id,
                 ]);
 

app/Http/Controllers/APIKillZoneController.php

@@ -30,7 +30,7 @@ class APIKillZoneController extends Controller
      * @return KillZone
      * @throws \Exception
      */
-    private function saveKillZone(DungeonRoute $dungeonroute, array $data, bool $recalculateEnemyForces = true)
+    private function saveKillZone(DungeonRoute $dungeonroute, array $data, bool $recalculateEnemyForces = true): KillZone
     {
         $enemyIds = $data['enemies'] ?? null;
         unset($data['enemies']);
@@ -39,10 +39,9 @@ private function saveKillZone(DungeonRoute $dungeonroute, array $data, bool $rec
         /** @var KillZone $killZone */
         $killZone = KillZone::with('dungeonRoute')->findOrNew($data['id']);
 
+        $dungeonroute = $killZone->dungeonRoute ?? $dungeonroute;
         // Prevent someone from updating different killzones than they are allowed to
-        if ($killZone->dungeonRoute !== null && !$killZone->dungeonRoute->isSandbox()) {
-            $this->authorize('edit', $killZone->dungeonRoute);
-        }
+        $this->authorize('edit', $killZone->dungeonRoute);
 
         if (!$killZone->exists) {
             $killZone = KillZone::create($data);
@@ -141,9 +140,7 @@ function store(APIKillZoneFormRequest $request, DungeonRoute $dungeonRoute, Kill
      */
     public function storeAll(APIKillZoneMassFormRequest $request, DungeonRoute $dungeonRoute)
     {
-        if (!$dungeonRoute->isSandbox()) {
-            $this->authorize('edit', $dungeonRoute);
-        }
+        $this->authorize('edit', $dungeonRoute);
 
         $validated = $request->validated();
 

app/Http/Controllers/APIMapIconController.php

@@ -118,8 +118,8 @@ function delete(Request $request, ?DungeonRoute $dungeonRoute, MapIcon $mapIcon)
         // Must be an admin to use this endpoint like this!
         if (!$isAdmin && ($dungeonRoute === null || $mapIcon->dungeon_route_id === null)) {
             return response(null, StatusCode::FORBIDDEN);
-        } // We're editing a map comment for the user, carry on
-        else if ($dungeonRoute !== null && !$dungeonRoute->isSandbox()) {
+        } // We're editing a map icon for the user, carry on
+        else if ($dungeonRoute !== null) {
             // Edit intentional; don't use delete rule because team members shouldn't be able to delete someone else's map comment
             $this->authorize('edit', $dungeonRoute);
         }

app/Http/Controllers/APIPathController.php

@@ -32,9 +32,7 @@ function store(APIPathFormRequest $request, DungeonRoute $dungeonRoute, ?Path $p
     {
         $dungeonRoute = optional($path)->dungeonRoute ?? $dungeonRoute;
 
-        if (!$dungeonRoute->isSandbox()) {
-            $this->authorize('edit', $dungeonRoute);
-        }
+        $this->authorize('edit', $dungeonRoute);
 
         $validated = $request->validated();
 
@@ -97,10 +95,8 @@ function delete(Request $request, DungeonRoute $dungeonRoute, Path $path)
     {
         $dungeonRoute = $path->dungeonRoute;
 
-        // Edit intentional; don't use delete rule because team members shouldn't be able to delete someone else's route
-        if (!$dungeonRoute->isSandbox()) {
-            $this->authorize('edit', $dungeonRoute);
-        }
+        // Edit intentional; don't use delete rule because team members shouldn't be able to delete someone else's path
+        $this->authorize('edit', $dungeonRoute);
 
         try {
             if ($path->delete()) {

app/Http/Controllers/APIPridefulEnemyController.php

@@ -8,6 +8,7 @@
 use App\Models\Enemies\PridefulEnemy;
 use App\Models\Enemy;
 use Exception;
+use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Contracts\Routing\ResponseFactory;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
@@ -25,9 +26,7 @@ class APIPridefulEnemyController extends Controller
      */
     function store(Request $request, DungeonRoute $dungeonRoute, Enemy $enemy)
     {
-        if (!$dungeonRoute->isSandbox()) {
-            $this->authorize('edit', $dungeonRoute);
-        }
+        $this->authorize('edit', $dungeonRoute);
 
         /** @var PridefulEnemy $pridefulEnemy */
         $pridefulEnemy = PridefulEnemy::where('dungeon_route_id', $dungeonRoute->id)->where('enemy_id', $enemy->id)->first();
@@ -60,9 +59,12 @@ function store(Request $request, DungeonRoute $dungeonRoute, Enemy $enemy)
      * @param DungeonRoute $dungeonRoute
      * @param Enemy $enemy
      * @return Response|ResponseFactory
+     * @throws AuthorizationException
      */
     function delete(Request $request, DungeonRoute $dungeonRoute, Enemy $enemy)
     {
+        $this->authorize('edit', $dungeonRoute);
+
         try {
             /** @var PridefulEnemy $pridefulEnemy */
             $pridefulEnemy = PridefulEnemy::where('dungeon_route_id', $dungeonRoute->id)->where('enemy_id', $enemy->id)->first();

app/Http/Requests/Enemy/EnemyFormRequest.php → app/Http/Requests/Enemy/APIEnemyFormRequest.php

@@ -13,7 +13,7 @@
 use Illuminate\Foundation\Http\FormRequest;
 use Illuminate\Validation\Rule;
 
-class EnemyFormRequest extends FormRequest
+class APIEnemyFormRequest extends FormRequest
 {
     /**
      * Determine if the user is authorized to make this request.