#63 - permissions (#67)

* wip * fix * wip * #63 - permissions Co-authored-by: EwelinaLasowy <ewelina.lasowy@blumilk.pl>
2022-03-02 09:52:50 +01:00
parent 5cb46d2fc4
commit d825dd727f
47 changed files with 1027 additions and 411 deletions
--- a/app/Infrastructure/Http/Controllers/HolidayController.php
+++ b/app/Infrastructure/Http/Controllers/HolidayController.php
@@ -4,7 +4,9 @@ declare(strict_types=1);

 namespace Toby\Infrastructure\Http\Controllers;

+use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
 use Inertia\Response;
 use Toby\Eloquent\Models\Holiday;
 use Toby\Infrastructure\Http\Requests\HolidayRequest;
@@ -13,7 +15,7 @@ use Toby\Infrastructure\Http\Resources\HolidayResource;

 class HolidayController extends Controller
 {
-    public function index(): Response
+    public function index(Request $request): Response
    {
        $holidays = Holiday::query()
            ->orderBy("date")
@@ -21,16 +23,29 @@ class HolidayController extends Controller

        return inertia("Holidays/Index", [
            "holidays" => HolidayResource::collection($holidays),
+            "can" => [
+                "manageHolidays" => $request->user()->can("manageHolidays"),
+            ],
        ]);
    }

+    /**
+     * @throws AuthorizationException
+     */
    public function create(): Response
    {
+        $this->authorize("manageHolidays");
+
        return inertia("Holidays/Create");
    }

+    /**
+     * @throws AuthorizationException
+     */
    public function store(HolidayRequest $request): RedirectResponse
    {
+        $this->authorize("manageHolidays");
+
        Holiday::query()->create($request->data());

        return redirect()
@@ -38,15 +53,25 @@ class HolidayController extends Controller
            ->with("success", __("Holiday has been created."));
    }

+    /**
+     * @throws AuthorizationException
+     */
    public function edit(Holiday $holiday): Response
    {
+        $this->authorize("manageHolidays");
+
        return inertia("Holidays/Edit", [
            "holiday" => new HolidayFormDataResource($holiday),
        ]);
    }

+    /**
+     * @throws AuthorizationException
+     */
    public function update(HolidayRequest $request, Holiday $holiday): RedirectResponse
    {
+        $this->authorize("manageHolidays");
+
        $holiday->update($request->data());

        return redirect()
@@ -54,8 +79,13 @@ class HolidayController extends Controller
            ->with("success", __("Holiday has been updated."));
    }

+    /**
+     * @throws AuthorizationException
+     */
    public function destroy(Holiday $holiday): RedirectResponse
    {
+        $this->authorize("manageHolidays");
+
        $holiday->delete();

        return redirect()