From 382c5484d8d8072ac813b7a7309e15f6d0984f0b Mon Sep 17 00:00:00 2001
From: phper <inaka-phper@users.noreply.github.com>
Date: Sun, 13 Sep 2015 01:08:39 +0900
Subject: [PATCH] =?UTF-8?q?[add]CommentController=E3=81=AE=E5=90=84?=
 =?UTF-8?q?=E3=82=A2=E3=82=AF=E3=82=B7=E3=83=A7=E3=83=B3=E3=81=ABPolicy?=
 =?UTF-8?q?=E3=81=AE=E3=83=81=E3=82=A7=E3=83=83=E3=82=AF=E3=82=92=E8=BF=BD?=
 =?UTF-8?q?=E5=8A=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

追加権限、編集権限、削除権限を確認して適切な画面へ繊維させる
---
 .../Controllers/PostCommentController.php     | 26 ++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/laravel/app/Http/Controllers/PostCommentController.php b/laravel/app/Http/Controllers/PostCommentController.php
index 6bdfbd5..5e12db3 100644
--- a/laravel/app/Http/Controllers/PostCommentController.php
+++ b/laravel/app/Http/Controllers/PostCommentController.php
@@ -10,6 +10,7 @@
 use App\Http\Controllers\Controller;
 use Illuminate\Routing\Route;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Gate;
 
 class PostCommentController extends Controller
 {
@@ -71,6 +72,10 @@ public function create()
      */
     public function store(Request $request)
     {
+        if (Gate::denies('create', $this->comment)) {
+            return redirect('/auth/login')->with('message', 'コメントするにはログインしてください。');
+        }
+
         $this->comment->fill($request->all());
         $this->comment->user_id = $this->user->id;
         $this->comment->post_id = $this->post->id;
@@ -99,9 +104,13 @@ public function show($id)
     public function edit(Route $route)
     {
         $id = $route->parameter('comment');
-        $comment = $this->comment->findOrFail($id);
+        $this->comment = $this->comment->findOrFail($id);
 
-        return view('post.comment.edit', ['comment' => $comment]);
+        if (Gate::denies('update', $this->comment)) {
+            return redirect('/post/' . $this->post->id)->with('message', '編集できるのは投稿者と管理者のみです。');
+        }
+
+        return view('post.comment.edit', ['comment' => $this->comment]);
         //
     }
 
@@ -116,6 +125,11 @@ public function update(Request $request, Route $route)
     {
         $id = $route->parameter('comment');
         $this->comment = $this->comment->findOrFail($id);
+
+        if (Gate::denies('update', $this->comment)) {
+            return redirect('/post/' . $this->post->id)->with('message', '編集できるのは投稿者と管理者のみです。');
+        }
+
         $this->comment->fill($request->all());
         $this->comment->save();
 
@@ -131,7 +145,13 @@ public function update(Request $request, Route $route)
     public function destroy(Route $route)
     {
         $id = $route->parameter('comment');
-        $this->comment->destroy($id);
+        $this->comment = $this->comment->findOrFail($id);
+
+        if (Gate::denies('delete', [$this->comment, $this->post])) {
+            return redirect('/post/' . $this->post->id)->with('message', '削除できるのは投稿者と記事の投稿者、管理者のみです。');
+        }
+
+        $this->comment->delete();
 
         return redirect('/post/' . $this->post->id)->with('message', 'コメントを削除しました。');
     }