authorization clean up

wasilolly · Oct 11, 2021 · e390d20 · e390d20
1 parent 64d41ea
commit e390d20
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 33 deletions.
diff --git a/app/Http/Controllers/PostController.php b/app/Http/Controllers/PostController.php
@@ -4,12 +4,14 @@
 
 use App\Models\Post;
 use App\Models\Category;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Validation\Rule;
 
 class PostController extends Controller
 {
     public function index()
     {
+        //dd(Gate::allows('admin'));
         return view('posts.index', [
             'posts' =>  Post::latest()->filter(request(['search', 'category', 'author']))->paginate(10)->withQueryString(),
             'currentCategory' => Category::firstWhere('slug', request('category')),

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -56,7 +56,6 @@ class Kernel extends HttpKernel
      */
     protected $routeMiddleware = [
         'auth' => \App\Http\Middleware\Authenticate::class,
-        'admin' => adminOnly::class,
         'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
         'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
         'can' => \Illuminate\Auth\Middleware\Authorize::class,

diff --git a/app/Http/Middleware/AdminOnly.php b/app/Http/Middleware/AdminOnly.php
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
@@ -2,9 +2,12 @@
 
 namespace App\Providers;
 
+use App\Models\User;
 use Illuminate\Database\Eloquent\Model;
-use Illuminate\Pagination\Paginator;
+use Illuminate\Support\Facades\Blade;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\ServiceProvider;
+use Symfony\Component\HttpFoundation\Response;
 
 class AppServiceProvider extends ServiceProvider
 {
@@ -26,5 +29,14 @@ public function register()
     public function boot()
     {
         Model::unguard();
+
+        Gate::define('admin', function(User $user)
+        {
+           return $user->username === 'Janedoe';
+        });
+
+        Blade::if('admin', function () {
+            return request()->user()?->can('admin');
+        });
     }
 }
diff --git a/resources/views/components/layout.blade.php b/resources/views/components/layout.blade.php
@@ -25,10 +25,12 @@
                         </button>
                         <div x-show="show" class="py-2 absolute bg-gray-100 mt-2 rounded-xl"
                             style="display:none;">
+                            @admin                        
                             <a href="/admin/posts"
                                 class="block text-left px-8 text-small leading-6 hover:bg-blue-300 focus:bg-gray-300 hover:text-white">
                                 Dashboard
                             </a>
+                            @endadmin
                             <form action="/logout" method="post" class="block text-left px-8 text-small leading-6 hover:bg-blue-300 focus:bg-gray-300 hover:text-white">
                                 @csrf
                                 <button type="submit">Logout</button>

diff --git a/routes/web.php b/routes/web.php
@@ -5,6 +5,7 @@
 use App\Http\Controllers\PostController;
 use App\Http\Controllers\RegisterController;
 use App\Http\Controllers\SessionsController;
+use Illuminate\Routing\RouteGroup;
 use Illuminate\Support\Facades\Route;
 
 
@@ -31,12 +32,15 @@
 Route::get('/posts/{post:slug}', [PostController::class, 'show']);
 Route::post('/posts/{post:slug}/comments', [CommentController::class, 'store']);
 
-Route::get('admin/posts/create', [AdminPostController::class, 'create'])->middleware('admin');
-Route::post('admin/posts', [AdminPostController::class, 'store'])->middleware('admin');
-Route::get('admin/posts', [AdminPostController::class, 'index']);
-Route::get('admin/posts/{post}/edit', [AdminPostController::class, 'edit']);
-Route::patch('admin/posts/{post}', [AdminPostController::class, 'update']);
-Route::delete('admin/posts/{post}', [AdminPostController::class, 'destroy']);
+Route::middleware('can:admin')->group(function () {
+    Route::resource('admin/posts', AdminPostController::class)->except('show');
+   /* Route::get('admin/posts/create', [AdminPostController::class, 'create']);
+    Route::post('admin/posts', [AdminPostController::class, 'store']);
+    Route::get('admin/posts', [AdminPostController::class, 'index']);
+    Route::get('admin/posts/{post}/edit', [AdminPostController::class, 'edit']);
+    Route::patch('admin/posts/{post}', [AdminPostController::class, 'update']);
+    Route::delete('admin/posts/{post}', [AdminPostController::class, 'destroy']);*/
+});