Update Post show, policy

kimchanhyung98 · May 12, 2024 · f8e61d0 · f8e61d0
1 parent 4b25694
commit f8e61d0
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/app/Http/Controllers/PostController.php b/app/Http/Controllers/PostController.php
@@ -60,6 +60,8 @@ public function store(StoreRequest $request): MessageResource
 
     public function show(Post $post): ShowResource
     {
+        Gate::authorize('view', $post);
+
         try {
             $post->increment('hit');
         } catch (Exception $e) {

diff --git a/app/Policies/PostPolicy.php b/app/Policies/PostPolicy.php
@@ -5,6 +5,7 @@
 use App\Models\Post;
 use App\Models\User;
 use Illuminate\Auth\Access\Response;
+use Illuminate\Support\Facades\Auth;
 
 class PostPolicy
 {
@@ -19,9 +20,16 @@ public function viewAny(User $user): bool
     /**
      * Determine whether the user can view the model.
      */
-    public function view(User $user, Post $post): bool
+    public function view(?User $_, Post $post): Response
     {
-        return true;
+        if (! $post->is_open) {
+            $user = Auth::guard('sanctum')->user();
+            if ($post->user_id !== $user?->id) {
+                return Response::deny(__('post.view_denied'));
+            }
+        }
+
+        return Response::allow();
     }
 
     /**

diff --git a/lang/ko/post.php b/lang/ko/post.php
@@ -2,6 +2,7 @@
 
 return [
 
+    'view_denied' => '게시글 작성자만 확인할 수 있습니다.',
     'store' => '게시글이 등록되었습니다.',
     'update' => '게시글이 수정되었습니다.',
     'update_denied' => '게시글 작성자만 수정할 수 있습니다.',