From 7a4d7aa7ca71cff5043d3a30708aa9e2793263f8 Mon Sep 17 00:00:00 2001 From: Alex Thomassen Date: Mon, 9 Mar 2020 14:03:08 +0100 Subject: [PATCH] Add post DELETE route Add admin permissions --- app/BlogPost.php | 5 +- app/Http/Controllers/BlogPostController.php | 22 +- app/Http/Controllers/HomeController.php | 3 +- app/Policies/BlogPostPolicy.php | 99 ++++ app/Providers/AuthServiceProvider.php | 13 +- .../2014_10_12_000000_create_users_table.php | 6 +- database/seeds/DatabaseSeeder.php | 3 +- database/seeds/UserSeeder.php | 35 ++ resources/views/errors/401.blade.php | 5 + resources/views/errors/403.blade.php | 5 + resources/views/errors/404.blade.php | 5 + resources/views/errors/419.blade.php | 5 + resources/views/errors/429.blade.php | 5 + resources/views/errors/500.blade.php | 5 + resources/views/errors/503.blade.php | 5 + .../views/errors/illustrated-layout.blade.php | 486 ++++++++++++++++++ resources/views/errors/layout.blade.php | 57 ++ resources/views/errors/minimal.blade.php | 62 +++ resources/views/posts/delete.blade.php | 9 + resources/views/posts/index.blade.php | 33 +- routes/web.php | 6 +- 21 files changed, 851 insertions(+), 23 deletions(-) create mode 100644 app/Policies/BlogPostPolicy.php create mode 100644 database/seeds/UserSeeder.php create mode 100644 resources/views/errors/401.blade.php create mode 100644 resources/views/errors/403.blade.php create mode 100644 resources/views/errors/404.blade.php create mode 100644 resources/views/errors/419.blade.php create mode 100644 resources/views/errors/429.blade.php create mode 100644 resources/views/errors/500.blade.php create mode 100644 resources/views/errors/503.blade.php create mode 100644 resources/views/errors/illustrated-layout.blade.php create mode 100644 resources/views/errors/layout.blade.php create mode 100644 resources/views/errors/minimal.blade.php create mode 100644 resources/views/posts/delete.blade.php diff --git a/app/BlogPost.php b/app/BlogPost.php index 3781ea9..09dbe14 100644 --- a/app/BlogPost.php +++ b/app/BlogPost.php @@ -3,10 +3,11 @@ namespace App; use Illuminate\Database\Eloquent\Model; -use SoftDeletes; +use Illuminate\Database\Eloquent\SoftDeletes; class BlogPost extends Model { + use SoftDeletes; /** * The attributes that are mass assignable. @@ -24,6 +25,6 @@ class BlogPost extends Model */ public function user() { - return $this->belongs('App\User'); + return $this->belongsTo('App\User'); } } diff --git a/app/Http/Controllers/BlogPostController.php b/app/Http/Controllers/BlogPostController.php index f9fd0da..08eab8c 100644 --- a/app/Http/Controllers/BlogPostController.php +++ b/app/Http/Controllers/BlogPostController.php @@ -49,10 +49,10 @@ class BlogPostController extends Controller /** * Display the specified resource. * - * @param \App\BlogPost $blogPost + * @param \App\BlogPost $post * @return \Illuminate\Http\Response */ - public function show(BlogPost $blogPost) + public function show(BlogPost $post) { // } @@ -60,10 +60,10 @@ class BlogPostController extends Controller /** * Show the form for editing the specified resource. * - * @param \App\BlogPost $blogPost + * @param \App\BlogPost $post * @return \Illuminate\Http\Response */ - public function edit(BlogPost $blogPost) + public function edit(BlogPost $post) { // } @@ -72,10 +72,10 @@ class BlogPostController extends Controller * Update the specified resource in storage. * * @param \Illuminate\Http\Request $request - * @param \App\BlogPost $blogPost + * @param \App\BlogPost $post * @return \Illuminate\Http\Response */ - public function update(Request $request, BlogPost $blogPost) + public function update(Request $request, BlogPost $post) { // } @@ -83,11 +83,15 @@ class BlogPostController extends Controller /** * Remove the specified resource from storage. * - * @param \App\BlogPost $blogPost + * @param \App\BlogPost $post * @return \Illuminate\Http\Response */ - public function destroy(BlogPost $blogPost) + public function destroy(BlogPost $post) { - // + $this->authorize('delete', $post); + + $post->delete(); + + return view('posts.delete', compact('post')); } } diff --git a/app/Http/Controllers/HomeController.php b/app/Http/Controllers/HomeController.php index 7cbc2c3..6387507 100644 --- a/app/Http/Controllers/HomeController.php +++ b/app/Http/Controllers/HomeController.php @@ -3,6 +3,7 @@ namespace App\Http\Controllers; use Illuminate\Http\Request; +use Auth; class HomeController extends Controller { @@ -23,6 +24,6 @@ class HomeController extends Controller */ public function index() { - return view('home'); + return view('posts.index', ['user' => Auth::user()]); } } diff --git a/app/Policies/BlogPostPolicy.php b/app/Policies/BlogPostPolicy.php new file mode 100644 index 0000000..d3d5823 --- /dev/null +++ b/app/Policies/BlogPostPolicy.php @@ -0,0 +1,99 @@ +deleted_at !== null) + { + return $user->admin || $user->id === $blogPost->user_id; + } + + return true; + } + + /** + * Determine whether the user can create blog posts. + * + * @param \App\User $user + * @return mixed + */ + public function create(User $user) + { + return true; + } + + /** + * Determine whether the user can update the blog post. + * + * @param \App\User $user + * @param \App\BlogPost $blogPost + * @return mixed + */ + public function update(User $user, BlogPost $blogPost) + { + return $user->admin || $user->id === $blogPost->user_id; + } + + /** + * Determine whether the user can delete the blog post. + * + * @param \App\User $user + * @param \App\BlogPost $blogPost + * @return mixed + */ + public function delete(User $user, BlogPost $blogPost) + { + return $user->admin || $user->id === $blogPost->user_id; + } + + /** + * Determine whether the user can restore the blog post. + * + * @param \App\User $user + * @param \App\BlogPost $blogPost + * @return mixed + */ + public function restore(User $user, BlogPost $blogPost) + { + return $user->admin || $user->id === $blogPost->user_id; + } + + /** + * Determine whether the user can permanently delete the blog post. + * + * @param \App\User $user + * @param \App\BlogPost $blogPost + * @return mixed + */ + public function forceDelete(User $user, BlogPost $blogPost) + { + return $user->admin || $user->id === $blogPost->user_id; + } +} diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index 3049068..a681056 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -5,6 +5,10 @@ namespace App\Providers; use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; use Illuminate\Support\Facades\Gate; +use App\BlogPost; +use App\Policies\BlogPostPolicy; +use Illuminate\Auth\SessionGuard; + class AuthServiceProvider extends ServiceProvider { /** @@ -13,7 +17,7 @@ class AuthServiceProvider extends ServiceProvider * @var array */ protected $policies = [ - // 'App\Model' => 'App\Policies\ModelPolicy', + BlogPost::class => BlogPostPolicy::class, ]; /** @@ -24,7 +28,12 @@ class AuthServiceProvider extends ServiceProvider public function boot() { $this->registerPolicies(); + } - // + public function register() + { + SessionGuard::macro('admin', function () { + return \Auth::user()->admin; + }); } } diff --git a/database/migrations/2014_10_12_000000_create_users_table.php b/database/migrations/2014_10_12_000000_create_users_table.php index 3d36745..be5b6bb 100644 --- a/database/migrations/2014_10_12_000000_create_users_table.php +++ b/database/migrations/2014_10_12_000000_create_users_table.php @@ -15,7 +15,7 @@ class CreateUsersTable extends Migration { Schema::create('users', function (Blueprint $table) { $table->bigIncrements('id'); - + $table->string('username', 30) ->unique(); @@ -23,6 +23,10 @@ class CreateUsersTable extends Migration $table->string('email')->unique(); $table->timestamp('email_verified_at')->nullable(); $table->string('password'); + + $table->boolean('admin') + ->default(false); + $table->rememberToken(); $table->timestamps(); }); diff --git a/database/seeds/DatabaseSeeder.php b/database/seeds/DatabaseSeeder.php index 91cb6d1..bb8120b 100644 --- a/database/seeds/DatabaseSeeder.php +++ b/database/seeds/DatabaseSeeder.php @@ -11,6 +11,7 @@ class DatabaseSeeder extends Seeder */ public function run() { - // $this->call(UsersTableSeeder::class); + $this->call(UserSeeder::class); + $this->call(BlogPostSeeder::class); } } diff --git a/database/seeds/UserSeeder.php b/database/seeds/UserSeeder.php new file mode 100644 index 0000000..26975d8 --- /dev/null +++ b/database/seeds/UserSeeder.php @@ -0,0 +1,35 @@ + 'Alex Thomassen', + 'martin' => 'Martin Onsrud', + 'stian' => 'Stian Larsen', + 'oyvind' => 'Øyvind Finsrud', + ]; + + foreach ($users as $username => $name) + { + $user = new User; + $user->username = $username; + $user->name = $name; + $user->email = $username . '@example.com'; + $user->password = Hash::make('Kaffekopp123'); + $user->admin = true; + + $user->save(); + } + } +} diff --git a/resources/views/errors/401.blade.php b/resources/views/errors/401.blade.php new file mode 100644 index 0000000..5c586db --- /dev/null +++ b/resources/views/errors/401.blade.php @@ -0,0 +1,5 @@ +@extends('errors::minimal') + +@section('title', __('Unauthorized')) +@section('code', '401') +@section('message', __('Unauthorized')) diff --git a/resources/views/errors/403.blade.php b/resources/views/errors/403.blade.php new file mode 100644 index 0000000..a5506f0 --- /dev/null +++ b/resources/views/errors/403.blade.php @@ -0,0 +1,5 @@ +@extends('errors::minimal') + +@section('title', __('Forbidden')) +@section('code', '403') +@section('message', __($exception->getMessage() ?: 'Forbidden')) diff --git a/resources/views/errors/404.blade.php b/resources/views/errors/404.blade.php new file mode 100644 index 0000000..7549540 --- /dev/null +++ b/resources/views/errors/404.blade.php @@ -0,0 +1,5 @@ +@extends('errors::minimal') + +@section('title', __('Not Found')) +@section('code', '404') +@section('message', __('Not Found')) diff --git a/resources/views/errors/419.blade.php b/resources/views/errors/419.blade.php new file mode 100644 index 0000000..c09216e --- /dev/null +++ b/resources/views/errors/419.blade.php @@ -0,0 +1,5 @@ +@extends('errors::minimal') + +@section('title', __('Page Expired')) +@section('code', '419') +@section('message', __('Page Expired')) diff --git a/resources/views/errors/429.blade.php b/resources/views/errors/429.blade.php new file mode 100644 index 0000000..f01b07b --- /dev/null +++ b/resources/views/errors/429.blade.php @@ -0,0 +1,5 @@ +@extends('errors::minimal') + +@section('title', __('Too Many Requests')) +@section('code', '429') +@section('message', __('Too Many Requests')) diff --git a/resources/views/errors/500.blade.php b/resources/views/errors/500.blade.php new file mode 100644 index 0000000..d9e95d9 --- /dev/null +++ b/resources/views/errors/500.blade.php @@ -0,0 +1,5 @@ +@extends('errors::minimal') + +@section('title', __('Server Error')) +@section('code', '500') +@section('message', __('Server Error')) diff --git a/resources/views/errors/503.blade.php b/resources/views/errors/503.blade.php new file mode 100644 index 0000000..acd3810 --- /dev/null +++ b/resources/views/errors/503.blade.php @@ -0,0 +1,5 @@ +@extends('errors::minimal') + +@section('title', __('Service Unavailable')) +@section('code', '503') +@section('message', __($exception->getMessage() ?: 'Service Unavailable')) diff --git a/resources/views/errors/illustrated-layout.blade.php b/resources/views/errors/illustrated-layout.blade.php new file mode 100644 index 0000000..64eb7cb --- /dev/null +++ b/resources/views/errors/illustrated-layout.blade.php @@ -0,0 +1,486 @@ + + + + + + + @yield('title') + + + + + + + + + +
+
+
+
+ @yield('code', __('Oh no')) +
+ +
+ +

+ @yield('message') +

+ + + + +
+
+ +
+ @yield('image') +
+
+ + diff --git a/resources/views/errors/layout.blade.php b/resources/views/errors/layout.blade.php new file mode 100644 index 0000000..2c51d4f --- /dev/null +++ b/resources/views/errors/layout.blade.php @@ -0,0 +1,57 @@ + + + + + + + @yield('title') + + + + + + + + + +
+
+
+ @yield('message') +
+
+
+ + diff --git a/resources/views/errors/minimal.blade.php b/resources/views/errors/minimal.blade.php new file mode 100644 index 0000000..b63ac2b --- /dev/null +++ b/resources/views/errors/minimal.blade.php @@ -0,0 +1,62 @@ + + + + + + + @yield('title') + + + + + + + + + +
+
+ @yield('code') +
+ +
+ @yield('message') +
+
+ + diff --git a/resources/views/posts/delete.blade.php b/resources/views/posts/delete.blade.php new file mode 100644 index 0000000..21fed44 --- /dev/null +++ b/resources/views/posts/delete.blade.php @@ -0,0 +1,9 @@ +@extends('layouts.app') + +@section('content') +
+

Post deleted!

+

Title: {{ $post->title }}

+

ID: {{ $post->id }}

+
+@endsection diff --git a/resources/views/posts/index.blade.php b/resources/views/posts/index.blade.php index 2da54cb..0aa20d0 100644 --- a/resources/views/posts/index.blade.php +++ b/resources/views/posts/index.blade.php @@ -13,12 +13,35 @@
@markdown($post->body)
-

- Created: {{ $post->created_at }} - @if ($post->created_at->diffInSeconds($post->updated_at) > 1) - | Last updated: {{ $post->updated_at }} + +

+ + Created: {{ $post->created_at }} + @if ($post->created_at->diffInSeconds($post->updated_at) > 1) + | Last updated: {{ $post->updated_at }} + @endif + + + @can('delete', $post) + +
+ @method('delete') + @csrf + + +
+ + @endcan +
+ + @auth + @if (Auth::admin() && Auth::id() !== $user->id) + +
+ Be careful! You have permissions to delete all blog posts, so keep that in mind before clicking on buttons. +
@endif -

+ @endauth @endforeach @endif diff --git a/routes/web.php b/routes/web.php index 75508e3..5f35e60 100644 --- a/routes/web.php +++ b/routes/web.php @@ -19,6 +19,8 @@ Auth::routes(); Route::get('/home', 'HomeController@index')->name('home'); -Route::group(['prefix' => 'posts'], function() { - Route::get('/u/{username}', ['uses' => 'BlogPostController@index']); +Route::group(['prefix' => 'posts', 'as' => 'posts.'], function() { + Route::get('/u/{username}', ['as' => 'index', 'uses' => 'BlogPostController@index']); + + Route::delete('/delete/{post}', ['as' => 'delete', 'uses' => 'BlogPostController@destroy']); });