update person on update authorization

This commit is contained in:
Muhammad Fajar
2022-11-07 11:19:19 +07:00
parent 57bbc5df9f
commit 72194d7c42
2 changed files with 69 additions and 62 deletions

View File

@@ -5,10 +5,11 @@ namespace Modules\Linksehat\Http\Controllers\Api;
use App\Helpers\Helper; use App\Helpers\Helper;
use App\Models\File; use App\Models\File;
use App\Models\Person; use App\Models\Person;
use Auth;
use Illuminate\Contracts\Support\Renderable; use Illuminate\Contracts\Support\Renderable;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Routing\Controller; use Illuminate\Routing\Controller;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Gate;
use Modules\Linksehat\Http\Requests\PersonRequest; use Modules\Linksehat\Http\Requests\PersonRequest;
use Modules\Linksehat\Transformers\Person\PersonResource; use Modules\Linksehat\Transformers\Person\PersonResource;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
@@ -88,8 +89,9 @@ class PersonController extends Controller
* @param int $id * @param int $id
* @return Renderable * @return Renderable
*/ */
public function update(PersonRequest $request, Person $person) public function update(PersonRequest $request, Person $family)
{ {
if (Gate::forUser(auth()->user())->allows('update-person', $family)) {
$personData = $request->only([ $personData = $request->only([
'owner_user_id', 'owner_user_id',
'nik', 'nik',
@@ -113,13 +115,13 @@ class PersonController extends Controller
'domicile_address_id', 'domicile_address_id',
]); ]);
$person->update($personData); $family->update($personData);
if ($request->hasFile('user_avatar')) { if ($request->hasFile('user_avatar')) {
$pathFileAvatar = File::storeFile('avatar', $person->id, $request->file('user_avatar')); $pathFileAvatar = File::storeFile('avatar', $family->id, $request->file('user_avatar'));
$person->files()->updateOrCreate([ $family->files()->updateOrCreate([
'type' => 'avatar', 'type' => 'avatar',
'name' => File::getFileName('avatar', $person->id, $request->file('user_avatar')), 'name' => File::getFileName('avatar', $family->id, $request->file('user_avatar')),
'extension' => $request->file('user_avatar')->getClientOriginalExtension(), 'extension' => $request->file('user_avatar')->getClientOriginalExtension(),
'path' => $pathFileAvatar, 'path' => $pathFileAvatar,
'created_by' => auth()->user()->id, 'created_by' => auth()->user()->id,
@@ -128,10 +130,10 @@ class PersonController extends Controller
} }
if ($request->hasFile('verification_file')) { if ($request->hasFile('verification_file')) {
$pathFileVerification = File::storeFile('dataDiri', $person->id, $request->file('verification_file')); $pathFileVerification = File::storeFile('dataDiri', $family->id, $request->file('verification_file'));
$person->files()->updateOrCreate([ $family->files()->updateOrCreate([
'type' => 'dataDiri', 'type' => 'dataDiri',
'name' => File::getFileName('dataDiri', $person->id, $request->file('verification_file')), 'name' => File::getFileName('dataDiri', $family->id, $request->file('verification_file')),
'extension' => $request->file('verification_file')->getClientOriginalExtension(), 'extension' => $request->file('verification_file')->getClientOriginalExtension(),
'path' => $pathFileVerification, 'path' => $pathFileVerification,
'created_by' => auth()->user()->id, 'created_by' => auth()->user()->id,
@@ -140,19 +142,22 @@ class PersonController extends Controller
} }
if ($request->has('relation_with_owner')) { if ($request->has('relation_with_owner')) {
$person->familyOwner()->updateOrCreate([ $family->familyOwner()->updateOrCreate([
'owner_id' => auth()->user()->person_id, 'owner_id' => auth()->user()->person_id,
'person_id' => $person->id, 'person_id' => $family->id,
], [ ], [
'owner_id' => auth()->user()->person_id, 'owner_id' => auth()->user()->person_id,
'relation_with_owner' => $request->relation_with_owner, 'relation_with_owner' => $request->relation_with_owner,
'person_id' => $person->id, 'person_id' => $family->id,
'created_by' => auth()->user()->id, 'created_by' => auth()->user()->id,
'updated_by' => auth()->user()->id, 'updated_by' => auth()->user()->id,
]); ]);
} }
return Helper::responseJson(data: ['persons' => $person], message: 'Data Berhasil di update'); return Helper::responseJson(data: ['persons' => $family], message: 'Data Berhasil di update');
} elseif (Gate::forUser(auth()->user())->denies('update-person', $family)) {
abort(Response::HTTP_FORBIDDEN, 'Tidak bisa update karena bukan pemilik!');
}
} }
/** /**

View File

@@ -25,6 +25,8 @@ class AuthServiceProvider extends ServiceProvider
{ {
$this->registerPolicies(); $this->registerPolicies();
// Gate::define('update-person', function ($user, $person) {
return $user->id == $person->owner_user_id;
});
} }
} }