#63 - permissions

2022-03-01 14:49:09 +01:00
parent c9a7ec4869
commit b81b0f857c
21 changed files with 419 additions and 181 deletions
--- a/app/Infrastructure/Http/Controllers/HolidayController.php
+++ b/app/Infrastructure/Http/Controllers/HolidayController.php
@@ -4,10 +4,10 @@ declare(strict_types=1);

 namespace Toby\Infrastructure\Http\Controllers;

+use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Inertia\Response;
-use Toby\Domain\Policies\HolidayPolicy;
 use Toby\Eloquent\Models\Holiday;
 use Toby\Infrastructure\Http\Requests\HolidayRequest;
 use Toby\Infrastructure\Http\Resources\HolidayFormDataResource;
@@ -21,22 +21,31 @@ class HolidayController extends Controller
            ->orderBy("date")
            ->get();

-        $user = $request->user();
        return inertia("Holidays/Index", [
            "holidays" => HolidayResource::collection($holidays),
            "can" => [
-                "create" => $user->can("create", Holiday::class)
+                "manageHolidays" => $request->user()->can("manageHolidays"),
            ],
        ]);
    }

+    /**
+     * @throws AuthorizationException
+     */
    public function create(): Response
    {
+        $this->authorize("manageHolidays");
+
        return inertia("Holidays/Create");
    }

+    /**
+     * @throws AuthorizationException
+     */
    public function store(HolidayRequest $request): RedirectResponse
    {
+        $this->authorize("manageHolidays");
+
        Holiday::query()->create($request->data());

        return redirect()
@@ -44,15 +53,25 @@ class HolidayController extends Controller
            ->with("success", __("Holiday has been created."));
    }

+    /**
+     * @throws AuthorizationException
+     */
    public function edit(Holiday $holiday): Response
    {
+        $this->authorize("manageHolidays");
+
        return inertia("Holidays/Edit", [
            "holiday" => new HolidayFormDataResource($holiday),
        ]);
    }

+    /**
+     * @throws AuthorizationException
+     */
    public function update(HolidayRequest $request, Holiday $holiday): RedirectResponse
    {
+        $this->authorize("manageHolidays");
+
        $holiday->update($request->data());

        return redirect()
@@ -60,8 +79,13 @@ class HolidayController extends Controller
            ->with("success", __("Holiday has been updated."));
    }

+    /**
+     * @throws AuthorizationException
+     */
    public function destroy(Holiday $holiday): RedirectResponse
    {
+        $this->authorize("manageHolidays");
+
        $holiday->delete();

        return redirect()