Adiciona segurança de acesso aos pets

naaando · Sep 13, 2023 · 46f4c96 · 46f4c96
1 parent 18d861c
commit 46f4c96
Show file tree

Hide file tree

Showing 4 changed files with 76 additions and 4 deletions.
diff --git a/pets-api/app/Http/Controllers/PetController.php b/pets-api/app/Http/Controllers/PetController.php
@@ -9,6 +9,11 @@
 
 class PetController extends Controller
 {
+    public function __construct()
+    {
+        $this->authorizeResource(Pet::class, 'pet');
+    }
+
     /**
      * Display a listing of the resource.
      */

diff --git a/pets-api/app/Policies/PetPolicy.php b/pets-api/app/Policies/PetPolicy.php
@@ -0,0 +1,66 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Pet;
+use App\Models\User;
+use Illuminate\Auth\Access\Response;
+
+class PetPolicy
+{
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(User $user): bool
+    {
+        return true;
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(User $user, Pet $pet): bool
+    {
+        return $pet->user->is($user);
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        return true;
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, Pet $pet): bool
+    {
+        return $pet->user->is($user);
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, Pet $pet): bool
+    {
+        return $pet->user->is($user);
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     */
+    public function restore(User $user, Pet $pet): bool
+    {
+        return false;
+    }
+
+    /**
+     * Determine whether the user can permanently delete the model.
+     */
+    public function forceDelete(User $user, Pet $pet): bool
+    {
+        return false;
+    }
+}
diff --git a/pets-api/app/Providers/AuthServiceProvider.php b/pets-api/app/Providers/AuthServiceProvider.php
@@ -7,6 +7,7 @@
 use App\Models\Medicacao;
 use App\Models\Pet;
 use App\Models\User;
+use App\Policies\PetPolicy;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
 use Illuminate\Support\Facades\Gate;
 
@@ -18,7 +19,7 @@ class AuthServiceProvider extends ServiceProvider
      * @var array<class-string, class-string>
      */
     protected $policies = [
-        //
+        Pet::class => PetPolicy::class,
     ];
 
     /**

diff --git a/pets-api/tests/Feature/PetsTest.php b/pets-api/tests/Feature/PetsTest.php
@@ -24,7 +24,7 @@
     $response = getJson("/api/pets/$pet->id");
 
     $response->assertStatus(403);
-})->todo();
+});
 
 test('proibe atualização de animal alheio', function () {
     actingAs($user = User::factory()->create());
@@ -43,7 +43,7 @@
     $response = deleteJson("/api/pets/$pet->id");
 
     $response->assertStatus(403);
-})->todo();
+});
 
 test('consegue listar coleção de animais', function () {
     actingAs($user = User::factory()->create());
@@ -69,7 +69,7 @@
 test('consegue listar meu animal', function () {
     actingAs($user = User::factory()->create());
 
-    $pet = Pet::factory()->create();
+    $pet = Pet::factory()->for($user)->create();
     $response = getJson("/api/pets/$pet->id");
     $response->assertStatus(200);
 });