From 4f5109408732e4a7ed88d213eb155489fd25b260 Mon Sep 17 00:00:00 2001
From: Nafies Luthfi <nafiesl@gmail.com>
Date: Wed, 21 Feb 2018 22:15:34 +0800
Subject: [PATCH] Apply project actions authorization

---
 .../Controllers/Projects/ProjectsController.php    | 19 +++++++++++--
 app/Http/Requests/Projects/DeleteRequest.php       | 33 ----------------------
 resources/views/projects/edit.blade.php            |  2 ++
 resources/views/projects/index.blade.php           |  2 ++
 4 files changed, 20 insertions(+), 36 deletions(-)
 delete mode 100644 app/Http/Requests/Projects/DeleteRequest.php

diff --git a/app/Http/Controllers/Projects/ProjectsController.php b/app/Http/Controllers/Projects/ProjectsController.php
index a354581..b592bca 100755
--- a/app/Http/Controllers/Projects/ProjectsController.php
+++ b/app/Http/Controllers/Projects/ProjectsController.php
@@ -6,7 +6,6 @@ use App\Entities\Projects\Project;
 use App\Entities\Projects\ProjectsRepository;
 use App\Http\Controllers\Controller;
 use App\Http\Requests\Projects\CreateRequest;
-use App\Http\Requests\Projects\DeleteRequest;
 use App\Http\Requests\Projects\UpdateRequest;
 use Illuminate\Http\Request;
 
@@ -39,6 +38,8 @@ class ProjectsController extends Controller
 
     public function create()
     {
+        $this->authorize('create', new Project);
+
         $customers = $this->repo->getCustomersList();
 
         return view('projects.create', compact('customers'));
@@ -46,6 +47,8 @@ class ProjectsController extends Controller
 
     public function store(CreateRequest $request)
     {
+        $this->authorize('create', new Project);
+
         $project = $this->repo->create($request->except('_token'));
         flash()->success(trans('project.created'));
 
@@ -54,11 +57,15 @@ class ProjectsController extends Controller
 
     public function show(Project $project)
     {
+        $this->authorize('view', $project);
+
         return view('projects.show', compact('project'));
     }
 
     public function edit(Project $project)
     {
+        $this->authorize('update', $project);
+
         $customers = $this->repo->getCustomersList();
 
         return view('projects.edit', compact('project', 'customers'));
@@ -66,6 +73,8 @@ class ProjectsController extends Controller
 
     public function update(UpdateRequest $request, Project $project)
     {
+        $this->authorize('update', $project);
+
         $project = $this->repo->update($request->except(['_method', '_token']), $project->id);
         flash()->success(trans('project.updated'));
 
@@ -74,12 +83,16 @@ class ProjectsController extends Controller
 
     public function delete(Project $project)
     {
+        $this->authorize('delete', $project);
+
         return view('projects.delete', compact('project'));
     }
 
-    public function destroy(DeleteRequest $request, Project $project)
+    public function destroy(Project $project)
     {
-        if ($project->id == $request->get('project_id')) {
+        $this->authorize('delete', $project);
+
+        if ($project->id == request('project_id')) {
             $this->repo->delete($project->id);
             flash()->success(trans('project.deleted'));
         } else {
diff --git a/app/Http/Requests/Projects/DeleteRequest.php b/app/Http/Requests/Projects/DeleteRequest.php
deleted file mode 100644
index 9a8fc77..0000000
--- a/app/Http/Requests/Projects/DeleteRequest.php
+++ /dev/null
@@ -1,33 +0,0 @@
-<?php
-
-namespace App\Http\Requests\Projects;
-
-use App\Entities\Projects\Project;
-use App\Http\Requests\Request;
-
-class DeleteRequest extends Request
-{
-    /**
-     * Determine if the user is authorized to make this request.
-     *
-     * @return bool
-     */
-    public function authorize()
-    {
-        $project = Project::findOrFail($this->segment(2));
-
-        return auth()->user()->can('update', $project);
-    }
-
-    /**
-     * Get the validation rules that apply to the request.
-     *
-     * @return array
-     */
-    public function rules()
-    {
-        return [
-            'project_id' => 'required',
-        ];
-    }
-}
diff --git a/resources/views/projects/edit.blade.php b/resources/views/projects/edit.blade.php
index f1d57e7..13d156a 100755
--- a/resources/views/projects/edit.blade.php
+++ b/resources/views/projects/edit.blade.php
@@ -47,7 +47,9 @@
                 {!! Form::submit(trans('project.update'), ['class' =>'btn btn-primary']) !!}
                 {!! link_to_route('projects.show', trans('app.show'), [$project->id], ['class' => 'btn btn-info']) !!}
                 {!! link_to_route('projects.index', trans('project.back_to_index'), ['status' => $project->status_id], ['class' => 'btn btn-default']) !!}
+                @can('delete', $project)
                 {!! link_to_route('projects.delete', trans('app.delete'), [$project->id], ['class' =>'btn btn-danger pull-right']) !!}
+                @endcan
             </div>
         </div>
         {!! Form::close() !!}
diff --git a/resources/views/projects/index.blade.php b/resources/views/projects/index.blade.php
index a6d84a4..e27275d 100755
--- a/resources/views/projects/index.blade.php
+++ b/resources/views/projects/index.blade.php
@@ -4,7 +4,9 @@
 
 @section('content')
 <h1 class="page-header">
+    @can('create', new App\Entities\Projects\Project)
     {!! link_to_route('projects.create', trans('project.create'), [], ['class' => 'btn btn-success pull-right']) !!}
+    @endcan
     {{ trans('project.index_title', ['status' => $status]) }} <small>{{ $projects->total() }} {{ trans('project.found') }}</small>
 </h1>
 <div class="well well-sm text-right">