Add new ACL stuff

bestmomo · Sep 14, 2015 · 47eca6d · 47eca6d
1 parent 75531dd
commit 47eca6d
Show file tree

Hide file tree

Showing 11 changed files with 159 additions and 105 deletions.
diff --git a/app/Http/Controllers/BlogController.php b/app/Http/Controllers/BlogController.php
@@ -46,6 +46,7 @@ public function __construct(
 		$this->nbrPages = 2;
 
 		$this->middleware('redac', ['except' => ['indexFront', 'show', 'tag', 'search']]);
+		$this->middleware('admin', ['only' => ['updateSeen', 'updateActive']]);
 		$this->middleware('ajax', ['only' => ['updateSeen', 'updateActive']]);
 	}	
 
@@ -165,9 +166,13 @@ public function edit(
 		UserRepository $user_gestion, 
 		$id)
 	{
+		$post = $this->blog_gestion->getByIdWithTags($id);
+
+		$this->authorize('change', $post);
+
 		$url = config('medias.url');
 
-		return view('back.blog.edit',  array_merge($this->blog_gestion->edit($id), compact('url')));
+		return view('back.blog.edit',  array_merge($this->blog_gestion->edit($post), compact('url')));
 	}
 
 	/**
@@ -181,7 +186,11 @@ public function update(
 		PostRequest $request,
 		$id)
 	{
-		$this->blog_gestion->update($request->all(), $id);
+		$post = $this->blog_gestion->getById($id);
+
+		$this->authorize('change', $post);
+
+		$this->blog_gestion->update($request->all(), $post);
 
 		return redirect('blog')->with('ok', trans('back/blog.updated'));		
 	}
@@ -226,7 +235,11 @@ public function updateActive(
 	 */
 	public function destroy($id)
 	{
-		$this->blog_gestion->destroy($id);
+		$post = $this->blog_gestion->getById($id);
+
+		$this->authorize('change', $post);
+
+		$this->blog_gestion->destroy($post);
 
 		return redirect('blog')->with('ok', trans('back/blog.destroyed'));		
 	}

diff --git a/app/Http/Controllers/Controller.php b/app/Http/Controllers/Controller.php
@@ -1,11 +1,13 @@
-<?php namespace App\Http\Controllers;
+<?php
 
-use Illuminate\Foundation\Bus\DispatchesCommands;
+namespace App\Http\Controllers;
+
+use Illuminate\Foundation\Bus\DispatchesJobs;
 use Illuminate\Routing\Controller as BaseController;
 use Illuminate\Foundation\Validation\ValidatesRequests;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
 
-abstract class Controller extends BaseController {
-
-	use DispatchesCommands, ValidatesRequests;
-
+abstract class Controller extends BaseController
+{
+    use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
 }
diff --git a/app/Http/Requests/PostRequest.php b/app/Http/Requests/PostRequest.php
@@ -4,26 +4,6 @@
 
 class PostRequest extends Request {
 
-	/**
-	 * Determine if the user is authorized to make this request.
-	 *
-	 * @return bool
-	 */
-	public function authorize()
-	{
-		if(!parent::authorize()) return false;
-
-		if($this->blog)
-		{
-			if($this->user()->isAdmin()) return true;
-
-			return Post::where('id', $this->blog)
-					   ->where('user_id', $this->user()->id)->exists();
-		}
-
-		return true;
-	}
-
 	/**
 	 * Get the validation rules that apply to the request.
 	 *

diff --git a/app/Policies/.gitkeep b/app/Policies/.gitkeep
diff --git a/app/Policies/PostPolicy.php b/app/Policies/PostPolicy.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Post;
+use App\Models\User;
+
+class PostPolicy
+{
+    /**
+     * Grant all abilities to administrator.
+     *
+     * @param  \App\Models\User  $user
+     * @param  string  $ability
+     * @return bool
+     */
+	public function before(User $user, $ability)
+	{
+	    if ($user->isAdmin()) {
+	        return true;
+	    }
+	}
+
+    /**
+     * Determine if the given post can be changed by the user.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\Post  $post
+     * @return bool
+     */
+    public function change(User $user, Post $post)
+    {
+        return $user->id === $post->user_id;
+    }
+
+}
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Providers;
+
+use Illuminate\Contracts\Auth\Access\Gate as GateContract;
+use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
+
+use App\Models\Post;
+use App\Policies\PostPolicy;
+
+class AuthServiceProvider extends ServiceProvider
+{
+    /**
+     * The policy mappings for the application.
+     *
+     * @var array
+     */
+    protected $policies = [
+        Post::class => PostPolicy::class,
+    ];
+
+    /**
+     * Register any application authentication / authorization services.
+     *
+     * @param  \Illuminate\Contracts\Auth\Access\Gate  $gate
+     * @return void
+     */
+    public function boot(GateContract $gate)
+    {
+        parent::registerPolicies($gate);
+    }
+}
diff --git a/app/Providers/BusServiceProvider.php b/app/Providers/BusServiceProvider.php
diff --git a/app/Providers/ConfigServiceProvider.php b/app/Providers/ConfigServiceProvider.php
diff --git a/app/Repositories/BlogRepository.php b/app/Repositories/BlogRepository.php
@@ -44,7 +44,7 @@ public function __construct(
 	 * @param  bool   $user_id
 	 * @return App\Models\Post
 	 */
-  	private function savePost($post, $inputs, $user_id = null)
+	private function savePost($post, $inputs, $user_id = null)
 	{	
 		$post->title = $inputs['title'];
 		$post->summary = $inputs['summary'];	
@@ -59,11 +59,11 @@ private function savePost($post, $inputs, $user_id = null)
 	}
 
 	/**
-	 * Create a query for Post.
-	 *
-	 * @return Illuminate\Database\Eloquent\Builder
-	 */
-  	private function queryActiveWithUserOrderByDate()
+	* Create a query for Post.
+	*
+	* @return Illuminate\Database\Eloquent\Builder
+	*/
+	private function queryActiveWithUserOrderByDate()
 	{	
 		return $this->model
 		->select('id', 'created_at', 'updated_at', 'title', 'slug', 'user_id', 'summary')
@@ -163,13 +163,11 @@ public function show($slug)
 	/**
 	 * Get post collection.
 	 *
-	 * @param  int  $id
+	 * @param  App\Models\Post $post
 	 * @return array
 	 */
-	public function edit($id)
+	public function edit($post)
 	{
-		$post = $this->model->with('tags')->findOrFail($id);
-
 		$tags = [];
 
 		foreach($post->tags as $tag) {
@@ -179,16 +177,26 @@ public function edit($id)
 		return compact('post', 'tags');
 	}
 
+	/**
+	 * Get post collection.
+	 *
+	 * @param  int  $id
+	 * @return array
+	 */
+	public function GetByIdWithTags($id)
+	{
+		return $this->model->with('tags')->findOrFail($id);
+	}
+
 	/**
 	 * Update a post.
 	 *
 	 * @param  array  $inputs
-	 * @param  int    $id
+	 * @param  App\Models\Post $post
 	 * @return void
 	 */
-	public function update($inputs, $id)
+	public function update($inputs, $post)
 	{
-		$post = $this->getById($id);
 		$post = $this->savePost($post, $inputs);
 
 		// Tag gestion
@@ -278,16 +286,14 @@ public function store($inputs, $user_id)
 	/**
 	 * Destroy a post.
 	 *
-	 * @param  int $id
+	 * @param  App\Models\Post $post
 	 * @return void
 	 */
-	public function destroy($id)
+	public function destroy($post)
 	{
-		$model = $this->getById($id);
-
-		$model->tags()->detach();
+		$post->tags()->detach();
 
-		$model->delete();
+		$post->delete();
 	}	
 
 	/**

diff --git a/config/app.php b/config/app.php
@@ -141,6 +141,7 @@
 		 * Application Service Providers...
 		 */
 		App\Providers\AppServiceProvider::class,
+		App\Providers\AuthServiceProvider::class,
 		App\Providers\EventServiceProvider::class,
 		App\Providers\RouteServiceProvider::class,
 		App\Services\Html\HtmlServiceProvider::class,

diff --git a/resources/views/errors/403.blade.php b/resources/views/errors/403.blade.php
@@ -0,0 +1,41 @@
+<html>
+	<head>
+		<link href='http://fonts.googleapis.com/css?family=Lato:100' rel='stylesheet' type='text/css'>
+
+		<style>
+			body {
+				margin: 0;
+				padding: 0;
+				width: 100%;
+				height: 100%;
+				color: #B0BEC5;
+				display: table;
+				font-weight: 100;
+				font-family: 'Lato';
+			}
+
+			.container {
+				text-align: center;
+				display: table-cell;
+				vertical-align: middle;
+			}
+
+			.content {
+				text-align: center;
+				display: inline-block;
+			}
+
+			.title {
+				font-size: 72px;
+				margin-bottom: 40px;
+			}
+		</style>
+	</head>
+	<body>
+		<div class="container">
+			<div class="content">
+				<div class="title">This action is unauthorized.</div>
+			</div>
+		</div>
+	</body>
+</html>