Merge branch 'release/1.0.1'

.php_cs.dist

@@ -23,6 +23,8 @@ return PhpCsFixer\Config::create()
         'is_null' => ['use_yoda_style' => false],
         'no_alias_functions' => true,
         'non_printable_character' => ['use_escape_sequences_in_strings' => true],
+        'no_unused_imports' => true,
+        'php_unit_test_class_requires_covers' => false,
     ])
     ->setFinder(
         PhpCsFixer\Finder::create()

app/Comment.php

@@ -2,14 +2,10 @@
 
 namespace App;
 
-use App\Scopes\AuthScope;
-use App\Traits\AuthTrait;
 use Illuminate\Database\Eloquent\Model;
 
 class Comment extends Model
 {
-    use AuthTrait;
-
     protected $fillable = [
         'text',
     ];
@@ -29,10 +25,10 @@ class Comment extends Model
         'user',
     ];
 
-    /* relationships */
+    // relationships
     public function post()
     {
-        return $this->belongsTo(Post::class, 'post_id', 'id')->withoutGlobalScope(AuthScope::class);
+        return $this->belongsTo(Post::class, 'post_id', 'id');
     }
 
     public function user()

app/Http/Controllers/CommentController.php

@@ -5,7 +5,10 @@
 use App\Comment;
 use App\Post;
 use App\Scopes\AuthScope;
+use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Gate;
 use Laravel\Lumen\Routing\Controller as BaseController;
 
 class CommentController extends BaseController
@@ -23,8 +26,7 @@ public function getAll(Request $request)
             'post_id' => 'required|integer|min:1',
         ]);
 
-        return Comment::withoutGlobalScope(AuthScope::class)
-            ->where('post_id', $request->all()['post_id'])
+        return Comment::where('post_id', $request->all()['post_id'])
             ->orderBy('created_at', 'desc')
             ->get();
     }
@@ -44,10 +46,11 @@ public function new(Request $request)
         ]);
 
         $postId = $request->all()['post_id'];
-        Post::withoutGlobalScope(AuthScope::class)->findOrFail($postId);
+        Post::findOrFail($postId);
 
         $comment = new Comment();
         $comment->fill($request->all());
+        $comment->user_id = Auth::user()->id;
         $comment->post_id = $postId;
         $comment->save();
 
@@ -56,8 +59,12 @@ public function new(Request $request)
 
     public function update(Request $request, $id)
     {
-        /** @var Comment $comment */
-        $comment = Comment::where('id', $id)->first();
+        $comment = Comment::find($id);
+
+        if (!Gate::allows('update', $comment)) {
+            throw new ModelNotFoundException();
+        }
+
         $comment->fill($request->all());
         $comment->save();
 
@@ -73,16 +80,19 @@ public function update(Request $request, $id)
      */
     public function delete($id)
     {
-        /** @var Comment $comment */
-        $comment = Comment::findOrFail($id);
+        $comment = Comment::find($id);
+
+        if (!Gate::allows('delete', $comment)) {
+            throw new ModelNotFoundException();
+        }
+
         $comment->delete();
 
         return [];
     }
 
     private function getOne($id)
     {
-        return Comment::withoutGlobalScope(AuthScope::class)
-            ->findOrFail($id);
+        return Comment::findOrFail($id);
     }
 }

app/Http/Controllers/PostController.php

@@ -4,7 +4,10 @@
 
 use App\Post;
 use App\Scopes\AuthScope;
+use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Gate;
 use Laravel\Lumen\Routing\Controller as BaseController;
 
 class PostController extends BaseController
@@ -16,8 +19,7 @@ public function get($id)
 
     public function getAll()
     {
-        return Post::withoutGlobalScope(AuthScope::class)
-            ->orderBy('created_at', 'desc')
+        return Post::orderBy('created_at', 'desc')
             ->get();
     }
 
@@ -37,14 +39,20 @@ public function new(Request $request)
 
         $post = new Post();
         $post->fill($request->all());
+        $post->user_id = Auth::user()->id;
         $post->save();
 
         return $this->getOne($post->id);
     }
 
     public function update(Request $request, $id)
     {
-        $post = Post::findOrFail($id);
+        $post = Post::find($id);
+
+        if (!Gate::allows('update', $post)) {
+            throw new ModelNotFoundException();
+        }
+
         $post->fill($request->all());
         $post->save();
 
@@ -60,15 +68,19 @@ public function update(Request $request, $id)
      */
     public function delete($id)
     {
-        $post = Post::findOrFail($id);
+        $post = Post::find($id);
+
+        if (!Gate::allows('delete', $post)) {
+            throw new ModelNotFoundException();
+        }
+
         $post->delete();
 
         return [];
     }
 
     private function getOne($id)
     {
-        return Post::withoutGlobalScope(AuthScope::class)
-            ->findOrFail($id);
+        return Post::findOrFail($id);
     }
 }

app/Policies/CommentPolicy.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Policies;
+
+use App\Comment;
+use App\User;
+
+class CommentPolicy
+{
+    /**
+     * Determine if the given comment can be updated by the user.
+     *
+     * @param  User  $user
+     * @param  Comment  $comment
+     * @return bool
+     */
+    public function update(User $user, Comment $comment)
+    {
+        return $user->id === $comment->user_id;
+    }
+
+    /**
+     * Determine if the given comment can be deleted by the user.
+     *
+     * @param  User  $user
+     * @param  Comment  $comment
+     * @return bool
+     */
+    public function delete(User $user, Comment $comment)
+    {
+        return $user->id === $comment->user_id;
+    }
+}

app/Policies/PostPolicy.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Policies;
+
+use App\Post;
+use App\User;
+
+class PostPolicy
+{
+    /**
+     * Determine if the given post can be updated by the user.
+     *
+     * @param  User  $user
+     * @param  Post  $post
+     * @return bool
+     */
+    public function update(User $user, Post $post)
+    {
+        return $user->id === $post->user_id;
+    }
+
+    /**
+     * Determine if the given post can be deleted by the user.
+     *
+     * @param  User  $user
+     * @param  Post  $post
+     * @return bool
+     */
+    public function delete(User $user, Post $post)
+    {
+        return $user->id === $post->user_id;
+    }
+}

app/Post.php

@@ -2,14 +2,10 @@
 
 namespace App;
 
-use App\Scopes\AuthScope;
-use App\Traits\AuthTrait;
 use Illuminate\Database\Eloquent\Model;
 
 class Post extends Model
 {
-    use AuthTrait;
-
     protected $fillable = [
         'text',
         'title',
@@ -36,7 +32,7 @@ class Post extends Model
     /* relationships */
     public function comments()
     {
-        return $this->hasMany(Comment::class, 'post_id')->withoutGlobalScope(AuthScope::class);
+        return $this->hasMany(Comment::class, 'post_id');
     }
 
     public function user()

app/Providers/AuthServiceProvider.php

@@ -2,8 +2,13 @@
 
 namespace App\Providers;
 
+use App\Comment;
+use App\Policies\CommentPolicy;
+use App\Policies\PostPolicy;
+use App\Post;
 use App\User;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\ServiceProvider;
 
 class AuthServiceProvider extends ServiceProvider
@@ -32,8 +37,11 @@ public function boot()
         $this->app['auth']->viaRequest('api', function ($request) {
             /** @var Request $request */
             if ($request->header('Authorization')) {
-                return User::query()->where('token', $request->header('Authorization'))->first();
+                return User::where('token', $request->header('Authorization'))->first();
             }
         });
+
+        Gate::policy(Post::class, PostPolicy::class);
+        Gate::policy(Comment::class, CommentPolicy::class);
     }
 }