added tests, bug fixes and cleanup
This commit is contained in:
@@ -30,7 +30,7 @@ class EventConductor extends Conductor
|
||||
public function scope(Builder $builder)
|
||||
{
|
||||
$user = auth()->user();
|
||||
if ($user === null || $user->has_permission('admin/events') === false) {
|
||||
if ($user === null || $user->hasPermission('admin/events') === false) {
|
||||
$builder
|
||||
->where('status', '!=', 'draft')
|
||||
->where('publish_at', '<=', now());
|
||||
@@ -47,7 +47,7 @@ class EventConductor extends Conductor
|
||||
{
|
||||
if (strtolower($model->status) === 'draft' || Carbon::parse($model->publish_at)->isFuture() === true) {
|
||||
$user = auth()->user();
|
||||
if ($user === null || $user->has_permission('admin/events') === false) {
|
||||
if ($user === null || $user->hasPermission('admin/events') === false) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@@ -63,7 +63,7 @@ class EventConductor extends Conductor
|
||||
public static function creatable()
|
||||
{
|
||||
$user = auth()->user();
|
||||
return ($user !== null && $user->has_permission('admin/events') === true);
|
||||
return ($user !== null && $user->hasPermission('admin/events') === true);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -75,18 +75,18 @@ class EventConductor extends Conductor
|
||||
public static function updatable(Model $model)
|
||||
{
|
||||
$user = auth()->user();
|
||||
return ($user !== null && $user->has_permission('admin/events') === true);
|
||||
return ($user !== null && $user->hasPermission('admin/events') === true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return if the current model is deletable.
|
||||
* Return if the current model is destroyable.
|
||||
*
|
||||
* @param Model $model The model.
|
||||
* @return boolean Allow deleting model.
|
||||
*/
|
||||
public static function deletable(Model $model)
|
||||
public static function destroyable(Model $model)
|
||||
{
|
||||
$user = auth()->user();
|
||||
return ($user !== null && $user->has_permission('admin/events') === true);
|
||||
return ($user !== null && $user->hasPermission('admin/events') === true);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -64,7 +64,7 @@ class MediaConductor extends Conductor
|
||||
{
|
||||
if ($model->permission !== null) {
|
||||
$user = auth()->user();
|
||||
if ($user === null || $user->has_permission($model->permission) === false) {
|
||||
if ($user === null || $user->hasPermission($model->permission) === false) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@@ -92,18 +92,18 @@ class MediaConductor extends Conductor
|
||||
public static function updatable(Model $model)
|
||||
{
|
||||
$user = auth()->user();
|
||||
return ($user !== null && (strcasecmp($model->user_id, $user->id) === 0 || $user->has_permission('admin/media') === true));
|
||||
return ($user !== null && (strcasecmp($model->user_id, $user->id) === 0 || $user->hasPermission('admin/media') === true));
|
||||
}
|
||||
|
||||
/**
|
||||
* Return if the current model is deletable.
|
||||
* Return if the current model is destroyable.
|
||||
*
|
||||
* @param Model $model The model.
|
||||
* @return boolean Allow deleting model.
|
||||
*/
|
||||
public static function deletable(Model $model)
|
||||
public static function destroyable(Model $model)
|
||||
{
|
||||
$user = auth()->user();
|
||||
return ($user !== null && ($model->user_id === $user->id || $user->has_permission('admin/media') === true));
|
||||
return ($user !== null && ($model->user_id === $user->id || $user->hasPermission('admin/media') === true));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -30,7 +30,7 @@ class PostConductor extends Conductor
|
||||
public function scope(Builder $builder)
|
||||
{
|
||||
$user = auth()->user();
|
||||
if ($user === null || $user->has_permission('admin/posts') === false) {
|
||||
if ($user === null || $user->hasPermission('admin/posts') === false) {
|
||||
$builder
|
||||
->where('publish_at', '<=', now());
|
||||
}
|
||||
@@ -46,7 +46,7 @@ class PostConductor extends Conductor
|
||||
{
|
||||
if (Carbon::parse($model->publish_at)->isFuture() === true) {
|
||||
$user = auth()->user();
|
||||
if ($user === null || $user->has_permission('admin/posts') === false) {
|
||||
if ($user === null || $user->hasPermission('admin/posts') === false) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@@ -62,7 +62,7 @@ class PostConductor extends Conductor
|
||||
public static function creatable()
|
||||
{
|
||||
$user = auth()->user();
|
||||
return ($user !== null && $user->has_permission('admin/posts') === true);
|
||||
return ($user !== null && $user->hasPermission('admin/posts') === true);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -74,18 +74,18 @@ class PostConductor extends Conductor
|
||||
public static function updatable(Model $model)
|
||||
{
|
||||
$user = auth()->user();
|
||||
return ($user !== null && $user->has_permission('admin/posts') === true);
|
||||
return ($user !== null && $user->hasPermission('admin/posts') === true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return if the current model is deletable.
|
||||
* Return if the current model is destroyable.
|
||||
*
|
||||
* @param Model $model The model.
|
||||
* @return boolean Allow deleting model.
|
||||
*/
|
||||
public static function deletable(Model $model)
|
||||
public static function destroyable(Model $model)
|
||||
{
|
||||
$user = auth()->user();
|
||||
return ($user !== null && $user->has_permission('admin/posts') === true);
|
||||
return ($user !== null && $user->hasPermission('admin/posts') === true);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -22,18 +22,18 @@ class SubscriptionConductor extends Conductor
|
||||
public static function updatable(Model $model)
|
||||
{
|
||||
$user = auth()->user();
|
||||
return ($user !== null && ((strcasecmp($model->email, $user->email) === 0 && $user->email_verified_at !== null) || $user->has_permission('admin/subscriptions') === true));
|
||||
return ($user !== null && ((strcasecmp($model->email, $user->email) === 0 && $user->email_verified_at !== null) || $user->hasPermission('admin/subscriptions') === true));
|
||||
}
|
||||
|
||||
/**
|
||||
* Return if the current model is deletable.
|
||||
* Return if the current model is destroyable.
|
||||
*
|
||||
* @param Model $model The model.
|
||||
* @return boolean Allow deleting model.
|
||||
*/
|
||||
public static function deletable(Model $model)
|
||||
public static function destroyable(Model $model)
|
||||
{
|
||||
$user = auth()->user();
|
||||
return ($user !== null && ((strcasecmp($model->email, $user->email) === 0 && $user->email_verified_at !== null) || $user->has_permission('admin/subscriptions') === true));
|
||||
return ($user !== null && ((strcasecmp($model->email, $user->email) === 0 && $user->email_verified_at !== null) || $user->hasPermission('admin/subscriptions') === true));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -65,7 +65,7 @@ class UserConductor extends Conductor
|
||||
}
|
||||
|
||||
/**
|
||||
* Return if the current model is deletable.
|
||||
* Return if the current model is destroyable.
|
||||
*
|
||||
* @param Model $model The model.
|
||||
* @return boolean Allow deleting model.
|
||||
|
||||
@@ -121,13 +121,15 @@ class ApiController extends Controller
|
||||
/**
|
||||
* Return resource data
|
||||
*
|
||||
* @param array|Model|Collection $data Resource data.
|
||||
* @param array|null $appendData Data to append to response.
|
||||
* @param integer $respondCode Resource code.
|
||||
* @param array|Model|Collection $data Resource data.
|
||||
* @param boolean $isCollection If the data is a group of items.
|
||||
* @param array|null $appendData Data to append to response.
|
||||
* @param integer $respondCode Resource code.
|
||||
* @return \Illuminate\Http\JsonResponse
|
||||
*/
|
||||
protected function respondAsResource(
|
||||
mixed $data,
|
||||
bool $isCollection = false,
|
||||
mixed $appendData = null,
|
||||
int $respondCode = HttpResponseCodes::HTTP_OK
|
||||
) {
|
||||
@@ -144,8 +146,6 @@ class ApiController extends Controller
|
||||
$resourceName = strtolower($resourceName);
|
||||
}
|
||||
|
||||
$is_multiple = true;
|
||||
|
||||
$dataArray = [];
|
||||
if ($data instanceof Collection) {
|
||||
$dataArray = $data->toArray();
|
||||
@@ -157,7 +157,7 @@ class ApiController extends Controller
|
||||
}
|
||||
|
||||
$resource = [];
|
||||
if ($is_multiple === true) {
|
||||
if ($isCollection === true) {
|
||||
$resource = [Str::plural($resourceName) => $dataArray];
|
||||
} else {
|
||||
$resource = [Str::singular($resourceName) => $dataArray];
|
||||
|
||||
@@ -73,6 +73,7 @@ class AuthController extends ApiController
|
||||
|
||||
return $this->respondAsResource(
|
||||
$user->makeVisible(['permissions']),
|
||||
false,
|
||||
['token' => $token]
|
||||
);
|
||||
}//end if
|
||||
|
||||
@@ -31,6 +31,7 @@ class EventController extends ApiController
|
||||
|
||||
return $this->respondAsResource(
|
||||
$collection,
|
||||
true,
|
||||
['total' => $total]
|
||||
);
|
||||
}
|
||||
@@ -63,6 +64,7 @@ class EventController extends ApiController
|
||||
$event = Event::create($request->all());
|
||||
return $this->respondAsResource(
|
||||
EventConductor::model($request, $event),
|
||||
false,
|
||||
null,
|
||||
HttpResponseCodes::HTTP_CREATED
|
||||
);
|
||||
|
||||
@@ -33,6 +33,7 @@ class MediaController extends ApiController
|
||||
|
||||
return $this->respondAsResource(
|
||||
$collection,
|
||||
true,
|
||||
['total' => $total]
|
||||
);
|
||||
}
|
||||
@@ -103,6 +104,7 @@ class MediaController extends ApiController
|
||||
$media = $request->user()->media()->create($request->all());
|
||||
return $this->respondAsResource(
|
||||
MediaConductor::model($request, $media),
|
||||
false,
|
||||
null,
|
||||
HttpResponseCodes::HTTP_CREATED
|
||||
);
|
||||
|
||||
@@ -35,6 +35,7 @@ class PostController extends ApiController
|
||||
|
||||
return $this->respondAsResource(
|
||||
$collection,
|
||||
true,
|
||||
['total' => $total]
|
||||
);
|
||||
}
|
||||
@@ -67,6 +68,7 @@ class PostController extends ApiController
|
||||
$post = Post::create($request->all());
|
||||
return $this->respondAsResource(
|
||||
PostConductor::model($request, $post),
|
||||
false,
|
||||
null,
|
||||
HttpResponseCodes::HTTP_CREATED
|
||||
);
|
||||
|
||||
@@ -34,6 +34,7 @@ class SubscriptionController extends ApiController
|
||||
|
||||
return $this->respondAsResource(
|
||||
$collection,
|
||||
true,
|
||||
['total' => $total]
|
||||
);
|
||||
}
|
||||
|
||||
@@ -56,6 +56,7 @@ class UserController extends ApiController
|
||||
|
||||
return $this->respondAsResource(
|
||||
$collection,
|
||||
true,
|
||||
['total' => $total]
|
||||
);
|
||||
}
|
||||
@@ -70,7 +71,7 @@ class UserController extends ApiController
|
||||
{
|
||||
if (UserConductor::creatable() === true) {
|
||||
$user = User::create($request->all());
|
||||
return $this->respondAsResource(UserConductor::model($request, $user), [], HttpResponseCodes::HTTP_CREATED);
|
||||
return $this->respondAsResource(UserConductor::model($request, $user), false, [], HttpResponseCodes::HTTP_CREATED);
|
||||
} else {
|
||||
return $this->respondForbidden();
|
||||
}
|
||||
|
||||
@@ -14,10 +14,12 @@ class PostRequest extends BaseRequest
|
||||
public function postRules()
|
||||
{
|
||||
return [
|
||||
'slug' => 'string|min:6|unique:posts',
|
||||
'title' => 'string|min:6|max:255',
|
||||
'publish_at' => 'date',
|
||||
'user_id' => 'uuid|exists:users,id',
|
||||
'slug' => 'required|string|min:6|unique:posts',
|
||||
'title' => 'required|string|min:6|max:255',
|
||||
'publish_at' => 'required|date',
|
||||
'user_id' => 'required|uuid|exists:users,id',
|
||||
'content' => 'required|string|min:6',
|
||||
'hero' => 'required|uuid|exists:media,id',
|
||||
];
|
||||
}
|
||||
|
||||
@@ -37,6 +39,8 @@ class PostRequest extends BaseRequest
|
||||
'title' => 'string|min:6|max:255',
|
||||
'publish_at' => 'date',
|
||||
'user_id' => 'uuid|exists:users,id',
|
||||
'content' => 'string|min:6',
|
||||
'hero' => 'uuid|exists:media,id',
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -46,8 +46,28 @@ class RouteServiceProvider extends ServiceProvider
|
||||
*/
|
||||
protected function configureRateLimiting()
|
||||
{
|
||||
RateLimiter::for('api', function (Request $request) {
|
||||
return Limit::perMinute(60)->by($request->user()?->id !== null ?: $request->ip());
|
||||
});
|
||||
// RateLimiter::for('api', function (Request $request) {
|
||||
// return Limit::perMinute(60)->by($request->user()?->id !== null ?: $request->ip());
|
||||
// });
|
||||
|
||||
$rateLimitEnabled = true;
|
||||
$user = auth()->user();
|
||||
|
||||
if (app()->environment('testing')) {
|
||||
$rateLimitEnabled = false;
|
||||
} elseif ($user !== null && $user->hasPermission('admin/ratelimit') === true) {
|
||||
// Admin users with the "admin/ratelimit" permission are not rate limited
|
||||
$rateLimitEnabled = false;
|
||||
}
|
||||
|
||||
if ($rateLimitEnabled === true) {
|
||||
RateLimiter::for('api', function (Request $request) {
|
||||
return Limit::perMinute(180)->by($request->user()?->id ?: $request->ip());
|
||||
});
|
||||
} else {
|
||||
RateLimiter::for('api', function () {
|
||||
return Limit::none();
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user