Merge pull request #16 from ricom/feature/permission-in-save

added permission to save resource.
Strategienavigator · Aug 18, 2022 · 2e568f6 · 2e568f6
2 parents 62cb06f + a5aff91
commit 2e568f6
Show file tree

Hide file tree

Showing 11 changed files with 81 additions and 30 deletions.
diff --git a/app/Http/Controllers/SaveController.php b/app/Http/Controllers/SaveController.php
@@ -48,7 +48,7 @@ public function store(Request $request): JsonResponse
 
         $validate = $request->validate([
             "name" => "required|string",
-            "description"=>"string",
+            "description" => "string",
             "data" => "nullable|json",
             "tool_id" => "required|exists:tools,id"
         ]);
@@ -73,11 +73,16 @@ public function store(Request $request): JsonResponse
      * @see SavePolicy
      * @see Save::$last_opened
      */
-    public function show(Save $save): SaveResource
+    public function show(Request $request, Save $save): SaveResource
     {
+        $user = $request->user();
         $this->authorize("view", $save);
         $save->last_opened = Carbon::now();
+        if ($save->isContributor($user)) {
+            $save->setRelation('pivot', $user->sharedSaves()->where('save_id', $save->id)->first());
+        }
         $save->save();
+
         return new SaveResource($save);
     }
 
@@ -106,7 +111,7 @@ public function update(Request $request, Save $save): Response
                 "lock" => "required|boolean",
                 "data" => "prohibited",
                 "name" => "prohibited",
-                "description"=>"prohibited"
+                "description" => "prohibited"
             ]);
 
             if (is_null($save->locked_by_id) || $save->locked_by_id === $user->id || $save->owner_id === $user->id) {

diff --git a/app/Http/Controllers/SharedSaveController.php b/app/Http/Controllers/SharedSaveController.php
@@ -125,7 +125,7 @@ public function update(Request $request, SharedSave $sharedSave): Response
     {
         $this->authorize("update", $sharedSave);
         $validated = $request->validate([
-            "permission" => ["integer", "min:0", "min:2"],
+            "permission" => ["integer", "min:0", "max:2"],
             "revoked" => ["boolean"],
         ]);
         $sharedSave->fill($validated);

diff --git a/app/Http/Controllers/UserSavesController.php b/app/Http/Controllers/UserSavesController.php
@@ -12,6 +12,7 @@
 use Illuminate\Http\Request;
 use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\DB;
 
 /**
  * Controller, eine Route zum Anzeigen aller Speicherstände eins zugehörigen Users
@@ -44,7 +45,7 @@ public function index(Request $request, User $user)
         }
 
         $savesQuerry = $user->saves();
-        $contributorSavesQuery = $user->accessibleShares(false);
+        $contributorSavesQuery = $user->accessibleShares(true);
 
         $where = function ($query) use ($validated) {
             if (key_exists("tool_id", $validated)) {
@@ -55,19 +56,36 @@ public function index(Request $request, User $user)
                 $query->where("name", "Like", "%" . $validated["name"] . "%");
             }
             if (key_exists("description", $validated)) {
-                if($validated["search_both"]){
+                if ($validated["search_both"]) {
                     $query->where("description", "Like", "%" . $validated["description"] . "%");
-                }else{
+                } else {
                     $query->orWhere("description", "Like", "%" . $validated["description"] . "%");
                 }
             }
         };
 
         $savesQuerry->where($where);
+        // add because of missing pivot table data which would make the union fail
+        $savesQuerry->select([
+            "saves.*",
+            'pivot_user_id' => DB::raw("NULL"),
+            'pivot_save_id' => DB::raw("NULL"),
+            'pivot_permission' => DB::raw("NULL"),
+            'pivot_created_at' => DB::raw("NULL"),
+            'pivot_updated_at' => DB::raw("NULL")
+        ]);
         $contributorSavesQuery->where($where);
 
 
-        $saves = $savesQuerry->union($contributorSavesQuery->getBaseQuery())->paginate();
+        $saves = $contributorSavesQuery->union($savesQuerry->getBaseQuery())->paginate(null, []/* empty array to prevent duplicate "saves.*" select*/);
+
+        // remove previously added null pivot columns
+        foreach ($saves->items() as $save) {
+            if ($save->pivot->permission == null) {
+                $save->unsetRelation('pivot');
+            }
+        }
+
         return SimpleSaveResource::collection($saves);
     }
 }
diff --git a/app/Http/Resources/InvitationLinkResource.php b/app/Http/Resources/InvitationLinkResource.php
@@ -23,10 +23,9 @@ class InvitationLinkResource extends JsonResource
     public function toArray($request)
     {
         return [
+            $this->merge(new PermissionResource($this->resource)),
             "expiry_date" => $this->expiry_date,
-            "permission" => $this->permission,
             "save" => new SimplerSaveResource($this->safe),
-            "created_at" => $this->created_at,
             "token" => $this->when($this->safe->hasAtLeasPermission(Auth::user(), PermissionHelper::$PERMISSION_ADMIN), $this->token)
         ];
     }

diff --git a/app/Http/Resources/PermissionResource.php b/app/Http/Resources/PermissionResource.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace App\Http\Resources;
+
+use Illuminate\Http\Resources\Json\JsonResource;
+
+class PermissionResource extends JsonResource
+{
+    /**
+     * Transform the resource into an array.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @return array|\Illuminate\Contracts\Support\Arrayable|\JsonSerializable
+     */
+    public function toArray($request)
+    {
+        return [
+            "permission" => $this->permission,
+            "created_at" => $this->created_at
+        ];
+    }
+}
diff --git a/app/Http/Resources/SaveResource.php b/app/Http/Resources/SaveResource.php
@@ -18,15 +18,11 @@ class SaveResource extends JsonResource
      */
     public function toArray($request)
     {
-        $simpleResource = new SimpleSaveResource($this->resource);
-        return array_merge_recursive($simpleResource->toArray($request), [
+        return [
+            $this->merge(new SimpleSaveResource($this->resource)),
             "data" => $this->data,
-            "contributors" => $this->contributors->map(function ($c) {
-                return new SimplestUserResource($c);
-            })->toArray(),
-            "invited" => $this->invited->map(function ($c) {
-                return new SimplestUserResource($c);
-            })->toArray(),
-        ]);
+            "contributors" => SimplestUserResource::collection($this->contributors),
+            "invited" => SimplestUserResource::collection($this->invited),
+        ];
     }
 }
diff --git a/app/Http/Resources/SharedSaveResource.php b/app/Http/Resources/SharedSaveResource.php
@@ -25,10 +25,10 @@ public function toArray($request)
             "id" => $this->id,
             "user" => new SimplestUserResource($this->user),
             "save" => new SimplerSaveResource($this->safe),
-            "permission" => $this->permission,
             "accepted" => $this->accepted,
             "declined" => $this->declined,
-            "revoked" => $this->revoked
+            "revoked" => $this->revoked,
+            $this->merge(new PermissionResource($this->resource)),
         ];
     }
 }
diff --git a/app/Http/Resources/SharedSaveUserResource.php b/app/Http/Resources/SharedSaveUserResource.php
@@ -4,6 +4,7 @@
 
 use Illuminate\Http\Request;
 use Illuminate\Http\Resources\Json\JsonResource;
+
 /**
  * Klasse, welche eine Beziehung von einem Speicherstand zu einem User darstellt.
  *
@@ -22,8 +23,8 @@ class SharedSaveUserResource extends JsonResource
     public function toArray($request)
     {
         return [
-            "save_id" => $this->id,
-            "permission" => $this->pivot->permission,
+            "save" => new SimplerSaveResource($this->resource),
+            $this->merge(new PermissionResource($this->pivot))
         ];
     }
 }
diff --git a/app/Http/Resources/SimpleSaveResource.php b/app/Http/Resources/SimpleSaveResource.php
@@ -30,6 +30,9 @@ public function toArray($request)
             "owner" => new SimplestUserResource($this->owner),
             "owner_deleting" => $this->owner->trashed(),
             "tool_id" => $this->tool_id,
+            "permission" => $this->whenPivotLoaded('shared_save', function () {
+                return new PermissionResource($this->pivot);
+            }),
             "updated_at" => $this->updated_at,
             "created_at" => $this->created_at,
             /*"contributors" => $this->contributors->map(function ($c) {

diff --git a/app/Models/Save.php b/app/Models/Save.php
@@ -68,7 +68,7 @@
  */
 class Save extends Model
 {
-    use HasFactory, SoftDeletes,Limitable;
+    use HasFactory, SoftDeletes, Limitable;
 
     /**
      * Attribute, welche Massen zuweisbar sind
@@ -147,7 +147,7 @@ public function invited(): BelongsToMany
         return $this->belongsToMany(User::class, 'shared_save')->using(SharedSave::class)
             ->withPivot(["permission", "accepted", "declined", "revoked"])
             ->withPivotValue("accepted", false)
-            ->withPivotValue("revoked",false)
+            ->withPivotValue("revoked", false)
             ->withTimestamps();
     }
 
@@ -187,6 +187,12 @@ public function contributors(): BelongsToMany
             ->withTimestamps();
     }
 
+    public function isContributor(User|int $user)
+    {
+        $id = is_int($user) ? $user : $user->id;
+        return $this->contributors->firstWhere('id', $id) !== null;
+    }
+
     /**
      * Prüft, ob der übergebene User mindestens die angegebene Berechtigung bei diesem Speicherstand besitzt
      * @param User $user Der zu überprüfende User
@@ -197,7 +203,7 @@ public function hasAtLeasPermission(User $user, int $permission)
     {
         if ($user->id === $this->owner_id) {
             return true;
-        } else if (($contributor = $this->contributors()->firstWhere('user_id', '=', $user->id)) !== null) {
+        } else if (($contributor = $this->contributors->firstWhere('id', '=', $user->id)) !== null) {
             $hasPermission = $contributor->pivot->permission;
             if (PermissionHelper::isAtLeastPermission($hasPermission, $permission)) {
                 return true;

diff --git a/app/Models/User.php b/app/Models/User.php
@@ -215,15 +215,16 @@ public function accessibleShares(bool $withPivot = true): BelongsToMany
 
     public function settings($setting_id = -1): BelongsToMany
     {
-        $q = $this->belongsToMany(Setting::class, 'user_settings')->withPivot(['id','value']);
-        if($setting_id !== -1){
-            $q->where('setting_id' , $setting_id);
+        $q = $this->belongsToMany(Setting::class, 'user_settings')->withPivot(['id', 'value']);
+        if ($setting_id !== -1) {
+            $q->where('setting_id', $setting_id);
         }
 
         return $q;
     }
 
-    public function getSetting($setting_id){
+    public function getSetting($setting_id)
+    {
         return $this->hasMany(UserSetting::class);
     }