From 72194d7c42a582856d9d08c494b468ce432866a3 Mon Sep 17 00:00:00 2001 From: Muhammad Fajar Date: Mon, 7 Nov 2022 11:19:19 +0700 Subject: [PATCH] update person on update authorization --- .../Http/Controllers/Api/PersonController.php | 127 +++++++++--------- app/Providers/AuthServiceProvider.php | 4 +- 2 files changed, 69 insertions(+), 62 deletions(-) diff --git a/Modules/Linksehat/Http/Controllers/Api/PersonController.php b/Modules/Linksehat/Http/Controllers/Api/PersonController.php index 7e601967..d6f566bb 100755 --- a/Modules/Linksehat/Http/Controllers/Api/PersonController.php +++ b/Modules/Linksehat/Http/Controllers/Api/PersonController.php @@ -5,10 +5,11 @@ namespace Modules\Linksehat\Http\Controllers\Api; use App\Helpers\Helper; use App\Models\File; use App\Models\Person; -use Auth; use Illuminate\Contracts\Support\Renderable; use Illuminate\Http\Request; use Illuminate\Routing\Controller; +use Illuminate\Support\Facades\Auth; +use Illuminate\Support\Facades\Gate; use Modules\Linksehat\Http\Requests\PersonRequest; use Modules\Linksehat\Transformers\Person\PersonResource; use Symfony\Component\HttpFoundation\Response; @@ -88,71 +89,75 @@ class PersonController extends Controller * @param int $id * @return Renderable */ - public function update(PersonRequest $request, Person $person) + public function update(PersonRequest $request, Person $family) { - $personData = $request->only([ - 'owner_user_id', - 'nik', - 'name_prefix', - 'name', - 'name_suffix', - 'phone', - 'email', - 'gender', - 'birth_date', - 'birth_place', - 'citizenship', - 'current_employment', - 'last_education', - 'religion', - 'blood_type', - 'is_deceased', - 'deceased_at', - 'marital_status', - 'main_address_id', - 'domicile_address_id', - ]); - - $person->update($personData); - - if ($request->hasFile('user_avatar')) { - $pathFileAvatar = File::storeFile('avatar', $person->id, $request->file('user_avatar')); - $person->files()->updateOrCreate([ - 'type' => 'avatar', - 'name' => File::getFileName('avatar', $person->id, $request->file('user_avatar')), - 'extension' => $request->file('user_avatar')->getClientOriginalExtension(), - 'path' => $pathFileAvatar, - 'created_by' => auth()->user()->id, - 'updated_by' => auth()->user()->id, + if (Gate::forUser(auth()->user())->allows('update-person', $family)) { + $personData = $request->only([ + 'owner_user_id', + 'nik', + 'name_prefix', + 'name', + 'name_suffix', + 'phone', + 'email', + 'gender', + 'birth_date', + 'birth_place', + 'citizenship', + 'current_employment', + 'last_education', + 'religion', + 'blood_type', + 'is_deceased', + 'deceased_at', + 'marital_status', + 'main_address_id', + 'domicile_address_id', ]); - } - if ($request->hasFile('verification_file')) { - $pathFileVerification = File::storeFile('dataDiri', $person->id, $request->file('verification_file')); - $person->files()->updateOrCreate([ - 'type' => 'dataDiri', - 'name' => File::getFileName('dataDiri', $person->id, $request->file('verification_file')), - 'extension' => $request->file('verification_file')->getClientOriginalExtension(), - 'path' => $pathFileVerification, - 'created_by' => auth()->user()->id, - 'updated_by' => auth()->user()->id, - ]); - } + $family->update($personData); - if ($request->has('relation_with_owner')) { - $person->familyOwner()->updateOrCreate([ - 'owner_id' => auth()->user()->person_id, - 'person_id' => $person->id, - ], [ - 'owner_id' => auth()->user()->person_id, - 'relation_with_owner' => $request->relation_with_owner, - 'person_id' => $person->id, - 'created_by' => auth()->user()->id, - 'updated_by' => auth()->user()->id, - ]); - } + if ($request->hasFile('user_avatar')) { + $pathFileAvatar = File::storeFile('avatar', $family->id, $request->file('user_avatar')); + $family->files()->updateOrCreate([ + 'type' => 'avatar', + 'name' => File::getFileName('avatar', $family->id, $request->file('user_avatar')), + 'extension' => $request->file('user_avatar')->getClientOriginalExtension(), + 'path' => $pathFileAvatar, + 'created_by' => auth()->user()->id, + 'updated_by' => auth()->user()->id, + ]); + } - return Helper::responseJson(data: ['persons' => $person], message: 'Data Berhasil di update'); + if ($request->hasFile('verification_file')) { + $pathFileVerification = File::storeFile('dataDiri', $family->id, $request->file('verification_file')); + $family->files()->updateOrCreate([ + 'type' => 'dataDiri', + 'name' => File::getFileName('dataDiri', $family->id, $request->file('verification_file')), + 'extension' => $request->file('verification_file')->getClientOriginalExtension(), + 'path' => $pathFileVerification, + 'created_by' => auth()->user()->id, + 'updated_by' => auth()->user()->id, + ]); + } + + if ($request->has('relation_with_owner')) { + $family->familyOwner()->updateOrCreate([ + 'owner_id' => auth()->user()->person_id, + 'person_id' => $family->id, + ], [ + 'owner_id' => auth()->user()->person_id, + 'relation_with_owner' => $request->relation_with_owner, + 'person_id' => $family->id, + 'created_by' => auth()->user()->id, + 'updated_by' => auth()->user()->id, + ]); + } + + return Helper::responseJson(data: ['persons' => $family], message: 'Data Berhasil di update'); + } elseif (Gate::forUser(auth()->user())->denies('update-person', $family)) { + abort(Response::HTTP_FORBIDDEN, 'Tidak bisa update karena bukan pemilik!'); + } } /** diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index 22b77e6e..3877abfd 100755 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -25,6 +25,8 @@ class AuthServiceProvider extends ServiceProvider { $this->registerPolicies(); - // + Gate::define('update-person', function ($user, $person) { + return $user->id == $person->owner_user_id; + }); } }