Improve API methods, validation & authorization

Author: Riari

src/Forum.php

@@ -2,8 +2,8 @@
 
 namespace Riari\Forum;
 
-use App;
-use Gate;
+use Illuminate\Support\Facades\App;
+use Illuminate\Support\Facades\Gate;
 
 class Forum
 {

src/Http/Controllers/API/BaseController.php

@@ -43,7 +43,7 @@ public function __construct(Request $request)
     /**
      * Return the model to use for this controller.
      *
-     * @return string
+     * @return \Illuminate\Database\Eloquent\Model
      */
     abstract protected function model();
 
@@ -65,24 +65,6 @@ public function index(Request $request)
         return $this->response($this->model()->paginate());
     }
 
-    /**
-     * GET: Return a model by ID.
-     *
-     * @param  int  $id
-     * @param  Request  $request
-     * @return JsonResponse|Response
-     */
-    public function fetch($id, Request $request)
-    {
-        $model = $this->model()->find($id);
-
-        if (is_null($model) || !$model->exists) {
-            return $this->notFoundResponse();
-        }
-
-        return $this->response($model);
-    }
-
     /**
      * PATCH: Update a model.
      *
@@ -92,7 +74,7 @@ public function fetch($id, Request $request)
      */
     public function update($id, Request $request)
     {
-        return $this->updateAttributes($this->model()->find($id), $request->all(), 'edit');
+        return $this->updateModel($this->model()->find($id), $request->all(), 'edit');
     }
 
     /**
@@ -104,27 +86,17 @@ public function update($id, Request $request)
      */
     public function destroy($id, Request $request)
     {
-        $this->validate($request, ['force' => ['boolean']]);
+        $model = $this->model();
 
-        $model = $this->model()->withTrashed()->find($id);
+        $force = false;
+        if (method_exists($model, 'forceDelete')) {
+            $this->validate($request, ['force' => ['boolean']]);
 
-        if (is_null($model) || !$model->exists) {
-            return $this->notFoundResponse();
+            $model = $model->withTrashed();
+            $force = (bool) $request->input('force');
         }
 
-        $model->timestamps = false;
-
-        if ($request->has('force') && $request->input('force') == 1) {
-            $model->forceDelete();
-            return $this->response($model, $this->trans('perma_deleted'));
-        } elseif (!$model->trashed()) {
-            $model->delete();
-            return $this->response($model, $this->trans('deleted'));
-        }
-
-        $model->timestamps = true;
-
-        return $this->notFoundResponse();
+        return $this->deleteModel($model->find($id), 'delete', $force);
     }
 
     /**
@@ -195,6 +167,10 @@ protected function bulk(Request $request, $action, $transKey, array $input = [])
         foreach ($items as $id) {
             $response = $this->{$action}($id, $request);
 
+            if ($response->isClientError()) {
+                return $response;
+            }
+
             if (!$response->isNotFound()) {
                 $models->push($response->getOriginalContent());
             }
@@ -211,12 +187,57 @@ protected function bulk(Request $request, $action, $transKey, array $input = [])
      * @param  array|string  $authorize
      * @return JsonResponse|Response
      */
-    protected function updateAttributes($model, array $attributes, $authorize = [])
+    protected function updateModel($model, array $attributes, $authorize = [])
     {
         if (is_null($model) || !$model->exists) {
             return $this->notFoundResponse();
         }
 
+        $this->parseAuthorization($model, $authorize);
+
+        $model->update($attributes);
+
+        return $this->response($model, $this->trans('updated'));
+    }
+
+    /**
+     * Delete a model.
+     *
+     * @param  Model  $model
+     * @param  array|string  $authorize
+     * @param  bool  $force
+     * @return JsonResponse|Response
+     */
+    protected function deleteModel($model, $authorize = [], $force = false)
+    {
+        if (is_null($model) || !$model->exists) {
+            return $this->notFoundResponse();
+        }
+
+        $this->parseAuthorization($model, $authorize);
+
+        if ($force) {
+            $model->forceDelete();
+
+            return $this->response($model, $this->trans('perma_deleted'));
+        } else {
+            $model->timestamps = false;
+            $model->delete();
+            $model->timestamps = true;
+
+            return $this->response($model, $this->trans('deleted'));
+        }
+    }
+
+    /**
+     * Parse an authorization parameter and authorize if applicable.
+     *
+     * @param  Model  $model
+     * @param  array|string  $authorize
+     * @return JsonResponse|Response
+     */
+    protected function parseAuthorization($model, $authorize = [])
+    {
         if (!empty($authorize)) {
             // We need to authorize this change
 
@@ -229,10 +250,6 @@ protected function updateAttributes($model, array $attributes, $authorize = [])
 
             $this->authorize($ability, $authorizeModel);
         }
-
-        $model->update($attributes);
-
-        return $this->response($model, $this->trans('updated'));
     }
 
     /**
@@ -292,14 +309,14 @@ protected function notFoundResponse()
      * Create the response for when a request fails validation.
      *
      * @param  Request  $request
-     * @param  array  $errors
+     * @param  array|string  $errors
      * @return JsonResponse|Response
      */
-    protected function buildFailedValidationResponse(Request $request, array $errors)
+    protected function buildFailedValidationResponse(Request $request, $errors)
     {
         $content = [
             'error'             => "The submitted data did not pass validation.",
-            'validation_errors' => $errors
+            'validation_errors' => (array) $errors
         ];
 
         return ($request->ajax() || $request->wantsJson())

src/Http/Controllers/API/CategoryController.php

@@ -5,6 +5,7 @@
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Gate;
+use Riari\Forum\Forum;
 use Riari\Forum\Models\Category;
 
 class CategoryController extends BaseController
@@ -111,15 +112,11 @@ public function destroy($id, Request $request)
     {
         $category = $this->model()->find($id);
 
-        if (is_null($category) || !$category->exists) {
-            return $this->notFoundResponse();
+        if (!$category->threads->isEmpty() || !$category->children->isEmpty()) {
+            return $this->buildFailedValidationResponse($request, Forum::trans('validation', 'category_is_empty'));
         }
 
-        $this->authorize('delete', $category);
-
-        $category->delete();
-
-        return $this->response($category, $this->trans('deleted'));
+        return $this->deleteModel($category, 'delete');
     }
 
     /**
@@ -136,7 +133,7 @@ public function move($id, Request $request)
 
         $category = $this->model()->find($id);
 
-        return $this->updateAttributes($category, ['category_id' => $request->input('category_id')]);
+        return $this->updateModel($category, ['category_id' => $request->input('category_id')]);
     }
 
     /**
@@ -148,11 +145,9 @@ public function move($id, Request $request)
      */
     public function enableThreads($id, Request $request)
     {
-        $this->authorize('createCategories');
-
         $category = $this->model()->where('enable_threads', 0)->find($id);
 
-        return $this->updateAttributes($category, ['enable_threads' => 1]);
+        return $this->updateModel($category, ['enable_threads' => 1], 'enableThreads');
     }
 
     /**
@@ -164,11 +159,13 @@ public function enableThreads($id, Request $request)
      */
     public function disableThreads($id, Request $request)
     {
-        $this->authorize('createCategories');
-
         $category = $this->model()->where('enable_threads', 1)->find($id);
 
-        return $this->updateAttributes($category, ['enable_threads' => 0]);
+        if (!$category->threads->isEmpty()) {
+            return $this->buildFailedValidationResponse($request, Forum::trans('validation', 'category_has_no_threads'));
+        }
+
+        return $this->updateModel($category, ['enable_threads' => 0], 'enableThreads');
     }
 
     /**
@@ -184,7 +181,7 @@ public function makePublic($id, Request $request)
 
         $category = $this->model()->where('private', 1)->find($id);
 
-        return $this->updateAttributes($category, ['private' => 0]);
+        return $this->updateModel($category, ['private' => 0]);
     }
 
     /**
@@ -200,7 +197,7 @@ public function makePrivate($id, Request $request)
 
         $category = $this->model()->where('private', 0)->find($id);
 
-        return $this->updateAttributes($category, ['private' => 1]);
+        return $this->updateModel($category, ['private' => 1]);
     }
 
     /**
@@ -217,7 +214,7 @@ public function rename($id, Request $request)
 
         $category = $this->model()->find($id);
 
-        return $this->updateAttributes($category, $request->only(['title', 'description']));
+        return $this->updateModel($category, $request->only(['title', 'description']));
     }
 
     /**
@@ -234,6 +231,6 @@ public function reorder($id, Request $request)
 
         $category = $this->model()->find($id);
 
-        return $this->updateAttributes($category, ['weight' => $request->input('weight')]);
+        return $this->updateModel($category, ['weight' => $request->input('weight')]);
     }
 }

src/Http/Controllers/API/PostController.php

@@ -44,6 +44,24 @@ public function index(Request $request)
         return $this->response($posts);
     }
 
+    /**
+     * GET: Return a post.
+     *
+     * @param  int  $id
+     * @param  Request  $request
+     * @return JsonResponse|Response
+     */
+    public function fetch($id, Request $request)
+    {
+        $post = $this->model()->find($id);
+
+        if (is_null($post) || !$post->exists) {
+            return $this->notFoundResponse();
+        }
+
+        return $this->response($post);
+    }
+
     /**
      * POST: Create a new post.
      *