finish register special

This commit is contained in:
2020-03-22 17:44:43 +01:00
parent 3f96cc6fe3
commit 18d0841a7d
34 changed files with 2190 additions and 118 deletions

View File

@@ -0,0 +1,34 @@
<?php
namespace App\Http\Controllers;
use App\User;
use App\Http\Resources\User as UserResource;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
use Symfony\Component\HttpFoundation\Response;
class UserController extends Controller
{
public function store()
{
$this->authorize('create', User::class);
request()['password'] = Hash::make(Str::random(30));
$user = User::create($this->validateData());
return (new UserResource($user))
->response()
->setStatusCode(Response::HTTP_CREATED);
}
private function validateData()
{
return request()->validate([
'name' => 'required',
'email' => 'required|email',
'password' => 'required'
]);
}
}

View File

@@ -20,6 +20,8 @@ class User extends JsonResource
'user_id' => $this->id,
'attributes' => [
'name' => $this->name,
'email' => $this->email,
'is_admin' => $this->isAdmin(),
],
],
'links' => [

View File

@@ -0,0 +1,93 @@
<?php
namespace App\Policies;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class UserPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view any models.
*
* @param \App\User $user
* @return mixed
*/
public function viewAny(User $user)
{
return true;
}
/**
* Determine whether the user can view the model.
*
* @param \App\User $user
* @param \App\User $model
* @return mixed
*/
public function view(User $user, User $model)
{
return true;
}
/**
* Determine whether the user can create models.
*
* @param \App\User $user
* @return mixed
*/
public function create(User $user)
{
return $user->isAdmin();
}
/**
* Determine whether the user can update the model.
*
* @param \App\User $user
* @param \App\User $model
* @return mixed
*/
public function update(User $user, User $model)
{
return $user->isAdmin() || $user->id === auth()->user()->id;
}
/**
* Determine whether the user can delete the model.
*
* @param \App\User $user
* @param \App\User $model
* @return mixed
*/
public function delete(User $user, User $model)
{
return $user->isAdmin() || $user->id === auth()->user()->id;
}
/**
* Determine whether the user can restore the model.
*
* @param \App\User $user
* @param \App\User $model
* @return mixed
*/
public function restore(User $user, User $model)
{
return false;
}
/**
* Determine whether the user can permanently delete the model.
*
* @param \App\User $user
* @param \App\User $model
* @return mixed
*/
public function forceDelete(User $user, User $model)
{
return false;
}
}

View File

@@ -15,6 +15,7 @@ class AuthServiceProvider extends ServiceProvider
*/
protected $policies = [
// 'App\Model' => 'App\Policies\ModelPolicy',
'App\User' => 'App\Policies\UserPolicy',
];
/**

View File

@@ -37,4 +37,9 @@ class User extends Authenticatable
protected $casts = [
'email_verified_at' => 'datetime',
];
public function isAdmin()
{
return $this->role === 2;
}
}