From c1241defdd246f8fb55ad1fb3ddc831c4d26cdcf Mon Sep 17 00:00:00 2001 From: abourtnik Date: Sat, 20 Jan 2024 23:11:06 +0100 Subject: [PATCH] fix: interaction policy --- app/Http/Controllers/InteractionController.php | 2 ++ .../Requests/Interaction/InteractionRequest.php | 7 ++----- app/Models/Comment.php | 7 +++++++ app/Policies/CommentPolicy.php | 14 ++++++++++++++ app/Policies/VideoPolicy.php | 14 ++++++++++++++ 5 files changed, 39 insertions(+), 5 deletions(-) diff --git a/app/Http/Controllers/InteractionController.php b/app/Http/Controllers/InteractionController.php index 569a30f8..6a9bc343 100644 --- a/app/Http/Controllers/InteractionController.php +++ b/app/Http/Controllers/InteractionController.php @@ -18,6 +18,8 @@ private function perform (InteractionRequest $request, $status) : JsonResponse { $likeable = $model::findOrFail($id); + $this->authorize('interact', $likeable); + $interaction = $likeable->interactions()->whereRelation('user', 'id', Auth::user()->id)->first(); if ($interaction) { diff --git a/app/Http/Requests/Interaction/InteractionRequest.php b/app/Http/Requests/Interaction/InteractionRequest.php index e2a23d30..6ed39f83 100644 --- a/app/Http/Requests/Interaction/InteractionRequest.php +++ b/app/Http/Requests/Interaction/InteractionRequest.php @@ -5,7 +5,6 @@ use App\Models\Comment; use App\Models\Video; use Illuminate\Foundation\Http\FormRequest; -use Illuminate\Support\Facades\Auth; use Illuminate\Validation\Rule; class InteractionRequest extends FormRequest @@ -38,10 +37,8 @@ public function rules() : array 'id' => [ 'required', 'numeric', - Rule::exists((new $model())->getTable(), 'id')->where(function ($query) use ($model) { - return (new $model)->scopePublic($query)->orWhere('user_id', Auth::user()->id); - }) - ], + 'exists:'.$model.',id', + ] ]; } } diff --git a/app/Models/Comment.php b/app/Models/Comment.php index 695ccf2a..19f32b78 100644 --- a/app/Models/Comment.php +++ b/app/Models/Comment.php @@ -118,6 +118,13 @@ protected function parsedContent(): Attribute ); } + protected function isActive(): Attribute + { + return Attribute::make( + get: fn () => !$this->is_banned + ); + } + /** * -------------------- SCOPES -------------------- */ diff --git a/app/Policies/CommentPolicy.php b/app/Policies/CommentPolicy.php index f762bda4..1cd62ea9 100644 --- a/app/Policies/CommentPolicy.php +++ b/app/Policies/CommentPolicy.php @@ -112,6 +112,20 @@ public function report(User $user, Comment $comment): Response|bool : Response::denyWithStatus(403, 'You are not authorized to report this comment'); } + /** + * Determine whether the user can like/dislike the comment. + * + * @param User $user + * @param Comment $comment + * @return Response|bool + */ + public function interact(User $user, Comment $comment): Response|bool + { + return $comment->is_active || $comment->user->is($user) + ? Response::allow() + : Response::denyWithStatus(403, 'You are not authorized to interact with this comment'); + } + /** * Determine whether the user can pin the model. * diff --git a/app/Policies/VideoPolicy.php b/app/Policies/VideoPolicy.php index 808233c9..3167f99c 100644 --- a/app/Policies/VideoPolicy.php +++ b/app/Policies/VideoPolicy.php @@ -202,4 +202,18 @@ public function unpin(User $user, Video $video): Response|bool ? Response::allow() : Response::denyWithStatus(403); } + + /** + * Determine whether the user can like/dislike video. + * + * @param User $user + * @param Video $video + * @return Response|bool + */ + public function interact(User $user, Video $video): Response|bool + { + return $video->is_active || $video->user->is($user) + ? Response::allow() + : Response::denyWithStatus(403, 'You are not authorized to interact with this video'); + } }