add post policy and change updated_at when post update

developermithu · developermithu · commit a7cab0ac9711 · 2025-03-24T21:37:38.000+06:00
diff --git a/app/Http/Controllers/Api/PostController.php b/app/Http/Controllers/Api/PostController.php
@@ -3,7 +3,6 @@
 namespace App\Http\Controllers\Api;
 
 use App\Actions\UploadPostImage;
-use App\Enums\PostStatus;
 use App\Filters\Posts\SearchFilter;
 use App\Filters\Posts\StatusFilter;
 use App\Filters\Posts\TrashFilter;
@@ -15,16 +14,20 @@
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
 use Illuminate\Pipeline\Pipeline;
-use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
 
 class PostController extends Controller
 {
+    use AuthorizesRequests;
+
     public function __construct(
         private readonly UploadPostImage $uploadPostImage
     ) {}
 
     public function index(): AnonymousResourceCollection
     {
+        $this->authorize('viewAny', Post::class);
+
         $posts = Post::query()->with(['author', 'category']);
 
         $posts = app(Pipeline::class)
@@ -43,6 +46,8 @@ public function index(): AnonymousResourceCollection
 
     public function store(StorePostRequest $request): PostResource
     {
+        $this->authorize('create', Post::class);
+
         $data = $request->validated();
         $post = auth()->user()->posts()->create($data);
 
@@ -53,44 +58,45 @@ public function store(StorePostRequest $request): PostResource
 
     public function show(Post $post): PostResource
     {
-        // Only published posts are visible to public, drafts visible to authors
-        if ($post->status !== PostStatus::PUBLISHED && !auth()->user()?->isAdmin()) {
-            throw new NotFoundHttpException('Post not found');
-        }
+        $this->authorize('view', $post);
 
         return new PostResource($post->load(['author', 'category']));
     }
 
     public function update(UpdatePostRequest $request, Post $post): PostResource
     {
-        $post->update($request->validated());
+        $this->authorize('update', $post);
 
+        $post->update($request->validated());
         $this->uploadPostImage->execute($post, $request->file('cover_image'));
 
         return new PostResource($post->load(['author', 'category']));
     }
 
     public function destroy(Post $post): JsonResponse
     {
-        $post->delete();
+        $this->authorize('delete', $post);
 
+        $post->delete();
         return response()->json(['message' => 'Post deleted successfully'], 200);
     }
 
     public function restore($id): JsonResponse
     {
         $post = Post::withTrashed()->findOrFail($id);
-        $post->restore();
+        $this->authorize('restore', $post);
 
+        $post->restore();
         return response()->json(['message' => 'Post restored successfully']);
     }
 
     public function forceDelete($id): JsonResponse
     {
         $post = Post::withTrashed()->findOrFail($id);
+        $this->authorize('forceDelete', $post);
+
         $post->clearMediaCollection('images');
         $post->forceDelete();
-
         return response()->json(['message' => 'Post permanently deleted']);
     }
 }
diff --git a/app/Models/Post.php b/app/Models/Post.php
@@ -27,6 +27,8 @@ class Post extends Model implements HasMedia
         'is_featured',
         'author_id',
         'category_id',
+        'created_at',
+        'updated_at',
     ];
 
     protected function casts(): array
diff --git a/app/Observers/PostObserver.php b/app/Observers/PostObserver.php
@@ -20,7 +20,8 @@ public function created(Post $post): void
      */
     public function updated(Post $post): void
     {
-        //
+        $post->updated_at = now();
+        $post->save();
     }
 
     /**
diff --git a/app/Policies/PostPolicy.php b/app/Policies/PostPolicy.php
@@ -0,0 +1,70 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Post;
+use App\Models\User;
+use App\Enums\PostStatus;
+
+class PostPolicy
+{
+    /**
+     * Determine whether the user can view any models.
+     */
+    public function viewAny(?User $user): bool
+    {
+        return true;
+    }
+
+    /**
+     * Determine whether the user can view the model.
+     */
+    public function view(?User $user, Post $post): bool
+    {
+        if ($post->status === PostStatus::PUBLISHED) {
+            return true;
+        }
+
+        return $user && ($user->isAdmin() || $user->id === $post->author_id);
+    }
+
+    /**
+     * Determine whether the user can create models.
+     */
+    public function create(User $user): bool
+    {
+        return $user->isAdmin();
+    }
+
+    /**
+     * Determine whether the user can update the model.
+     */
+    public function update(User $user, Post $post): bool
+    {
+        return $user->isAdmin();
+    }
+
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, Post $post): bool
+    {
+        return $user->isAdmin();
+    }
+
+    /**
+     * Determine whether the user can restore the model.
+     */
+    public function restore(User $user, Post $post): bool
+    {
+        return $user->isAdmin();
+    }
+
+    /**
+     * Determine whether the user can force delete the model.
+     */
+    public function forceDelete(User $user, Post $post): bool
+    {
+        return $user->isAdmin();
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,6 @@`
`3`	`3`	`namespace App\Http\Controllers\Api;`
`4`	`4`
`5`	`5`	`use App\Actions\UploadPostImage;`
`6`		`-use App\Enums\PostStatus;`
`7`	`6`	`use App\Filters\Posts\SearchFilter;`
`8`	`7`	`use App\Filters\Posts\StatusFilter;`
`9`	`8`	`use App\Filters\Posts\TrashFilter;`
`@@ -15,16 +14,20 @@`
`15`	`14`	`use Illuminate\Http\JsonResponse;`
`16`	`15`	`use Illuminate\Http\Resources\Json\AnonymousResourceCollection;`
`17`	`16`	`use Illuminate\Pipeline\Pipeline;`
`18`		`-use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;`
	`17`	`+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;`
`19`	`18`
`20`	`19`	`class PostController extends Controller`
`21`	`20`	`{`
	`21`	`+ use AuthorizesRequests;`
	`22`	`+`
`22`	`23`	`public function __construct(`
`23`	`24`	`private readonly UploadPostImage $uploadPostImage`
`24`	`25`	`) {}`
`25`	`26`
`26`	`27`	`public function index(): AnonymousResourceCollection`
`27`	`28`	`{`
	`29`	`+ $this->authorize('viewAny', Post::class);`
	`30`	`+`
`28`	`31`	`$posts = Post::query()->with(['author', 'category']);`
`29`	`32`
`30`	`33`	`$posts = app(Pipeline::class)`
`@@ -43,6 +46,8 @@ public function index(): AnonymousResourceCollection`
`43`	`46`
`44`	`47`	`public function store(StorePostRequest $request): PostResource`
`45`	`48`	`{`
	`49`	`+ $this->authorize('create', Post::class);`
	`50`	`+`
`46`	`51`	`$data = $request->validated();`
`47`	`52`	`$post = auth()->user()->posts()->create($data);`
`48`	`53`
`@@ -53,44 +58,45 @@ public function store(StorePostRequest $request): PostResource`
`53`	`58`
`54`	`59`	`public function show(Post $post): PostResource`
`55`	`60`	`{`
`56`		`- // Only published posts are visible to public, drafts visible to authors`
`57`		`- if ($post->status !== PostStatus::PUBLISHED && !auth()->user()?->isAdmin()) {`
`58`		`- throw new NotFoundHttpException('Post not found');`
`59`		`- }`
	`61`	`+ $this->authorize('view', $post);`
`60`	`62`
`61`	`63`	`return new PostResource($post->load(['author', 'category']));`
`62`	`64`	`}`
`63`	`65`
`64`	`66`	`public function update(UpdatePostRequest $request, Post $post): PostResource`
`65`	`67`	`{`
`66`		`- $post->update($request->validated());`
	`68`	`+ $this->authorize('update', $post);`
`67`	`69`
	`70`	`+ $post->update($request->validated());`
`68`	`71`	`$this->uploadPostImage->execute($post, $request->file('cover_image'));`
`69`	`72`
`70`	`73`	`return new PostResource($post->load(['author', 'category']));`
`71`	`74`	`}`
`72`	`75`
`73`	`76`	`public function destroy(Post $post): JsonResponse`
`74`	`77`	`{`
`75`		`- $post->delete();`
	`78`	`+ $this->authorize('delete', $post);`
`76`	`79`
	`80`	`+ $post->delete();`
`77`	`81`	`return response()->json(['message' => 'Post deleted successfully'], 200);`
`78`	`82`	`}`
`79`	`83`
`80`	`84`	`public function restore($id): JsonResponse`
`81`	`85`	`{`
`82`	`86`	`$post = Post::withTrashed()->findOrFail($id);`
`83`		`- $post->restore();`
	`87`	`+ $this->authorize('restore', $post);`
`84`	`88`
	`89`	`+ $post->restore();`
`85`	`90`	`return response()->json(['message' => 'Post restored successfully']);`
`86`	`91`	`}`
`87`	`92`
`88`	`93`	`public function forceDelete($id): JsonResponse`
`89`	`94`	`{`
`90`	`95`	`$post = Post::withTrashed()->findOrFail($id);`
	`96`	`+ $this->authorize('forceDelete', $post);`
	`97`	`+`
`91`	`98`	`$post->clearMediaCollection('images');`
`92`	`99`	`$post->forceDelete();`
`93`		`-`
`94`	`100`	`return response()->json(['message' => 'Post permanently deleted']);`
`95`	`101`	`}`
`96`	`102`	`}`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,8 @@ public function created(Post $post): void`
`20`	`20`	`*/`
`21`	`21`	`public function updated(Post $post): void`
`22`	`22`	`{`
`23`		`- //`
	`23`	`+ $post->updated_at = now();`
	`24`	`+ $post->save();`
`24`	`25`	`}`
`25`	`26`
`26`	`27`	`/**`