Skip to content
Snippets Groups Projects
Commit 32a345bc authored by Tibo's avatar Tibo
Browse files

add policy and validation rules for servers management

parent 742556c4
No related branches found
No related tags found
No related merge requests found
Pipeline #12765 failed
Stage: test
Stage: deploy
Hide whitespace changes
Inline Side-by-side
app/Http/Controllers/ServerController.php
+ 16
23
View file @ 32a345bc
...@@ -2,8 +2,10 @@ ...@@ -2,8 +2,10 @@
namespace App\Http\Controllers; namespace App\Http\Controllers;
use App\Server; use App\Server;
use Illuminate\Support\Facades\Validator;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Validation\Rule;
use Illuminate\Support\Facades\Auth;
class ServerController extends Controller class ServerController extends Controller
{ {
...@@ -14,26 +16,11 @@ class ServerController extends Controller ...@@ -14,26 +16,11 @@ class ServerController extends Controller
$this->middleware('auth'); $this->middleware('auth');
} }
/** private function rules() : array
* Get a validator for an incoming registration request.
*
* @param array $data
* @return \Illuminate\Contracts\Validation\Validator
*/
protected function validator(array $data)
{
return Validator::make($data, [
'name' => 'required|string|regex:/^[a-zA-Z0-9\s\-\.]+$/|max:255'
]);
}
/**
* Display a listing of the resource.
*
*/
public function index()
{ {
// return view("server.index", array("servers" => Server::all()->sortBy("name"))); return [
'name' => 'required|string|regex:/^[a-zA-Z0-9\s\-\.]+$/|max:255',
"organization_id" => Rule::in(Auth::user()->organizations->modelKeys())];
} }
/** /**
...@@ -43,6 +30,7 @@ class ServerController extends Controller ...@@ -43,6 +30,7 @@ class ServerController extends Controller
*/ */
public function create() public function create()
{ {
$this->authorize("create", Server::class);
return view("server.edit", ["server" => new Server()]); return view("server.edit", ["server" => new Server()]);
} }
...@@ -53,6 +41,7 @@ class ServerController extends Controller ...@@ -53,6 +41,7 @@ class ServerController extends Controller
*/ */
public function store(Request $request) public function store(Request $request)
{ {
$this->authorize("create", Server::class);
return $this->saveAndRedirect($request, new Server()); return $this->saveAndRedirect($request, new Server());
} }
...@@ -63,6 +52,7 @@ class ServerController extends Controller ...@@ -63,6 +52,7 @@ class ServerController extends Controller
*/ */
public function show(Server $server) public function show(Server $server)
{ {
$this->authorize("show", $server);
return view("server.show", ["server" => $server]); return view("server.show", ["server" => $server]);
} }
...@@ -73,6 +63,7 @@ class ServerController extends Controller ...@@ -73,6 +63,7 @@ class ServerController extends Controller
*/ */
public function edit(Server $server) public function edit(Server $server)
{ {
$this->authorize("update", $server);
return view("server.edit", array("server" => $server)); return view("server.edit", array("server" => $server));
} }
...@@ -84,12 +75,13 @@ class ServerController extends Controller ...@@ -84,12 +75,13 @@ class ServerController extends Controller
*/ */
public function update(Request $request, Server $server) public function update(Request $request, Server $server)
{ {
$this->authorize("update", $server);
return $this->saveAndRedirect($request, $server); return $this->saveAndRedirect($request, $server);
} }
private function saveAndRedirect(Request $request, Server $server) private function saveAndRedirect(Request $request, Server $server)
{ {
$this->validator($request->all())->validate(); $request->validate($this->rules());
$server->name = $request->name; $server->name = $request->name;
$server->organization_id = $request->organization_id; $server->organization_id = $request->organization_id;
...@@ -103,9 +95,10 @@ class ServerController extends Controller ...@@ -103,9 +95,10 @@ class ServerController extends Controller
* *
* @param int $id * @param int $id
*/ */
public function destroy($id) public function destroy(Server $server)
{ {
Server::find($id)->delete(); $this->authorize("destroy", $server);
$server->delete();
return back(); return back();
} }
} }
app/Policies/ServerPolicy.php 0 → 100644
+ 33
0
View file @ 32a345bc
<?php
namespace App\Policies;
use App\User;
use App\Server;
use Illuminate\Auth\Access\HandlesAuthorization;
class ServerPolicy
{
use HandlesAuthorization;
public function create(User $user)
{
return true;
}
public function show(User $user, Server $server)
{
return $user->ownsOrganization($server->organization);
}
public function update(User $user, Server $server)
{
return $user->ownsOrganization($server->organization);
}
public function destroy(User $user, Server $server)
{
return $user->ownsOrganization($server->organization);
}
}
routes/web.php
+ 1
1
View file @ 32a345bc
...@@ -52,4 +52,4 @@ Route::get( ...@@ -52,4 +52,4 @@ Route::get(
)->name("organization.public.dashboard"); )->name("organization.public.dashboard");
Route::resource('app/organizations', 'OrganizationController'); Route::resource('app/organizations', 'OrganizationController');
Route::resource("app/organizations.user", "OrganizationUserController")->only(["create", "store", "destroy"]); Route::resource("app/organizations.user", "OrganizationUserController")->only(["create", "store", "destroy"]);
Route::resource('app/servers', 'ServerController'); Route::resource('app/servers', 'ServerController')->except(["index"]);
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment