From a8fccdf699d6a4754f5ea93a4a2c46397f5dac34 Mon Sep 17 00:00:00 2001 From: pashaapsky Date: Thu, 10 Sep 2020 22:07:37 +0300 Subject: [PATCH] add authorization with policies --- app/Http/Controllers/PostsController.php | 22 ++++++- app/Policies/PostPolicy.php | 17 ++++++ app/Providers/AuthServiceProvider.php | 9 ++- app/User.php | 4 ++ database/dumps/apsky-laravel.sql | 7 ++- .../2020_08_26_090725_create_posts_table.php | 2 + resources/views/layouts/aside-tags.blade.php | 8 ++- resources/views/layouts/base/header.blade.php | 4 +- resources/views/posts/admin-index.blade.php | 61 +++++++++++++++++++ resources/views/posts/index.blade.php | 4 +- routes/web.php | 1 + 11 files changed, 125 insertions(+), 14 deletions(-) create mode 100644 app/Policies/PostPolicy.php create mode 100644 resources/views/posts/admin-index.blade.php diff --git a/app/Http/Controllers/PostsController.php b/app/Http/Controllers/PostsController.php index 8584ae3..c655b3f 100644 --- a/app/Http/Controllers/PostsController.php +++ b/app/Http/Controllers/PostsController.php @@ -9,15 +9,28 @@ class PostsController extends Controller { + public function __construct() + { + $this->middleware('auth'); + $this->middleware('can:update,post')->except(['index', 'userPosts', 'adminIndex', 'create']); + } + public function index() { $posts = Post::with('tags')->latest()->get(); return view('/index', compact('posts')); } + public function userPosts() + { +// $posts = Post::where('owner_id', auth()->id())->with('tags')->latest()->get(); + $posts = Auth()->user()->posts()->with('tags')->latest()->get(); + return view('/posts.index', compact('posts')); + } + public function adminIndex() { $posts = Post::with('tags')->latest()->get(); - return view('/posts.index', compact('posts')); + return view('/posts.admin-index', compact('posts')); } public function create() @@ -27,7 +40,7 @@ public function create() public function store(Request $request) { - $request->validate([ + $attr = $request->validate([ 'code' => 'required|unique:posts|regex:/[a-zA-Z0-9_-]+/', 'name' => 'required|min:5|max:100', 'description' => 'required|max:255', @@ -36,9 +49,12 @@ public function store(Request $request) if ($request->all(['published'])) { $request->merge(['published' => 1]); + $attr['published'] = 1; } - Post::create($request->all()); + $attr['owner_id'] = auth()->id(); + + Post::create($attr); return redirect('/'); } diff --git a/app/Policies/PostPolicy.php b/app/Policies/PostPolicy.php new file mode 100644 index 0000000..6275d0d --- /dev/null +++ b/app/Policies/PostPolicy.php @@ -0,0 +1,17 @@ +owner_id == $user->id; + } +} diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index 3049068..a025a1a 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -14,6 +14,7 @@ class AuthServiceProvider extends ServiceProvider */ protected $policies = [ // 'App\Model' => 'App\Policies\ModelPolicy', + 'App\Post' => 'App\Policies\PostPolicy', ]; /** @@ -21,10 +22,14 @@ class AuthServiceProvider extends ServiceProvider * * @return void */ - public function boot() + public function boot(\Illuminate\Contracts\Auth\Access\Gate $gate) { $this->registerPolicies(); - // + $gate->before(function ($user) { + if ($user->id == 2) { + return true; + } + }); } } diff --git a/app/User.php b/app/User.php index e79dab7..b235ec4 100644 --- a/app/User.php +++ b/app/User.php @@ -36,4 +36,8 @@ class User extends Authenticatable protected $casts = [ 'email_verified_at' => 'datetime', ]; + + public function posts() { + return $this->hasMany(Post::class, 'owner_id'); + } } diff --git a/database/dumps/apsky-laravel.sql b/database/dumps/apsky-laravel.sql index 9fcc4a2..8fe0f92 100644 --- a/database/dumps/apsky-laravel.sql +++ b/database/dumps/apsky-laravel.sql @@ -198,7 +198,7 @@ CREATE TABLE `posts` ( LOCK TABLES `posts` WRITE; /*!40000 ALTER TABLE `posts` DISABLE KEYS */; -INSERT INTO `posts` VALUES (4,'4123','Post4','Post desc4','Lorem ipsum dolor sit amet, consectetur adipisicing elit. Alias beatae consequatur consequuntur, debitis dicta eos explicabo fugit labore molestiae, nam nemo odit placeat quae quisquam quos repellat repellendus tempore, voluptates?',1,'2020-08-26 17:05:56','2020-09-07 14:10:35'),(5,'12313','qweqe','qweqe','qweqeq',0,'2020-08-28 05:05:04','2020-08-28 05:05:04'),(6,'qweqe','qweqe','qweqe','qweqweqe',0,'2020-08-28 06:58:18','2020-08-28 06:58:18'),(7,'qweq','qweqe','qweqe','qweqe',0,'2020-08-28 07:01:17','2020-08-28 07:01:17'),(8,'1231qweq','qweqe','qweqeq','qweqeqe',0,'2020-08-28 07:20:33','2020-08-28 07:20:33'),(9,'qweqeqeqweqw','eeqweqeqe','qweqe','11',0,'2020-08-28 07:28:29','2020-08-28 07:28:29'); +INSERT INTO `posts` VALUES (4,'4123','Post4','Post desc4','Lorem ipsum dolor sit amet, consectetur adipisicing elit. Alias beatae consequatur consequuntur, debitis dicta eos explicabo fugit labore molestiae, nam nemo odit placeat quae quisquam quos repellat repellendus tempore, voluptates?',1,'2020-08-26 17:05:56','2020-09-07 14:10:35'),(5,'12313','qweqe','qweqe','Lorem ipsum dolor sit amet, consectetur adipisicing elit. Alias beatae consequatur consequuntur, debitis dicta eos explicabo fugit labore molestiae, nam nemo odit placeat quae quisquam quos repellat repellendus tempore, voluptates?',0,'2020-08-28 05:05:04','2020-09-10 17:23:00'),(6,'qweqe','qweqe','qweqe','Lorem ipsum dolor sit amet, consectetur adipisicing elit. Alias beatae consequatur consequuntur, debitis dicta eos explicabo fugit labore molestiae, nam nemo odit placeat quae quisquam quos repellat repellendus tempore, voluptates?',0,'2020-08-28 06:58:18','2020-09-10 17:23:00'),(7,'qweq','qweqe','qweqe','Lorem ipsum dolor sit amet, consectetur adipisicing elit. Alias beatae consequatur consequuntur, debitis dicta eos explicabo fugit labore molestiae, nam nemo odit placeat quae quisquam quos repellat repellendus tempore, voluptates?',0,'2020-08-28 07:01:17','2020-09-10 17:23:00'),(8,'1231qweq','qweqe','qweqeq','Lorem ipsum dolor sit amet, consectetur adipisicing elit. Alias beatae consequatur consequuntur, debitis dicta eos explicabo fugit labore molestiae, nam nemo odit placeat quae quisquam quos repellat repellendus tempore, voluptates?',0,'2020-08-28 07:20:33','2020-09-10 17:23:00'),(9,'qweqeqeqweqw','eeqweqeqe','qweqe','Lorem ipsum dolor sit amet, consectetur adipisicing elit. Alias beatae consequatur consequuntur, debitis dicta eos explicabo fugit labore molestiae, nam nemo odit placeat quae quisquam quos repellat repellendus tempore, voluptates?',0,'2020-08-28 07:28:29','2020-09-10 17:23:01'); /*!40000 ALTER TABLE `posts` ENABLE KEYS */; UNLOCK TABLES; @@ -247,7 +247,7 @@ CREATE TABLE `users` ( `updated_at` timestamp NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `users_email_unique` (`email`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; +) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -256,6 +256,7 @@ CREATE TABLE `users` ( LOCK TABLES `users` WRITE; /*!40000 ALTER TABLE `users` DISABLE KEYS */; +INSERT INTO `users` VALUES (2,'Павел','ap.sky@yandex.ru',NULL,'$2y$10$2yK9UmERiX.O4V7n7gdJiu/96XvQqbFHadj5ISipVZwLBYVOs6LMW',NULL,'2020-09-10 17:13:37','2020-09-10 17:13:37'); /*!40000 ALTER TABLE `users` ENABLE KEYS */; UNLOCK TABLES; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; @@ -268,4 +269,4 @@ UNLOCK TABLES; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2020-09-07 23:02:08 +-- Dump completed on 2020-09-10 21:13:40 diff --git a/database/migrations/2020_08_26_090725_create_posts_table.php b/database/migrations/2020_08_26_090725_create_posts_table.php index d3cf397..751d533 100644 --- a/database/migrations/2020_08_26_090725_create_posts_table.php +++ b/database/migrations/2020_08_26_090725_create_posts_table.php @@ -23,6 +23,8 @@ public function up() $table->boolean('published')->default(0); $table->timestamp('created_at')->default(DB::raw('CURRENT_TIMESTAMP')); $table->timestamp('updated_at')->default(DB::raw('CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP')); + + $table->foreignId('owner_id')->constrained('users')->onDelete('cascade'); }); } diff --git a/resources/views/layouts/aside-tags.blade.php b/resources/views/layouts/aside-tags.blade.php index 4654e0e..0fc5b9c 100644 --- a/resources/views/layouts/aside-tags.blade.php +++ b/resources/views/layouts/aside-tags.blade.php @@ -1,5 +1,9 @@
-

Available Tags

+ @if($tagsCloud->isNotEmpty()) +

Available Tags

- @include('layouts.posts.tags', ['tags' => $tagsCloud]) + @include('layouts.posts.tags', ['tags' => $tagsCloud]) + @else +

Not available tags

+ @endif
diff --git a/resources/views/layouts/base/header.blade.php b/resources/views/layouts/base/header.blade.php index c82ac8a..96751bb 100644 --- a/resources/views/layouts/base/header.blade.php +++ b/resources/views/layouts/base/header.blade.php @@ -1,6 +1,6 @@