added a policy to check if the user is who made the post

2024-08-22 19:15:41 -05:00 · 2024-08-22 19:15:41 -05:00 · 70eedcbc9f
commit 70eedcbc9f
parent 2d8ab4ed61
3 changed files with 29 additions and 2 deletions
--- a/app/Http/Controllers/PostController.php
+++ b/app/Http/Controllers/PostController.php
@ -7,6 +7,7 @@ use App\Models\User;
 use Illuminate\Http\Request;
 use Illuminate\Routing\Controllers\Middleware;
 use Illuminate\Routing\Controllers\HasMiddleware;
+use Illuminate\Support\Facades\Gate;

 class PostController extends Controller implements HasMiddleware
 {
@ -60,6 +61,11 @@ class PostController extends Controller implements HasMiddleware

    public function destroy(Post $post)
    {
-        dd("Deleting ", $post->id);
+        $response = Gate::inspect("delete", $post);
+
+        if ($response->allowed())
+            $post->delete();
+
+        return redirect()->route('posts.index', auth()->user()->username);
    }
 }
--- a/app/Policies/PostPolicy.php
+++ b/app/Policies/PostPolicy.php
@ -0,0 +1,18 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Post;
+use App\Models\User;
+use Illuminate\Auth\Access\Response;
+
+class PostPolicy
+{
+    /**
+     * Determine whether the user can delete the model.
+     */
+    public function delete(User $user, Post $post): bool
+    {
+        return $user->id === $post->user_id;
+    }
+}
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@ -2,6 +2,9 @@

 namespace App\Providers;

+use App\Models\Post;
+use App\Policies\PostPolicy;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\ServiceProvider;

 class AppServiceProvider extends ServiceProvider
@ -19,6 +22,6 @@ class AppServiceProvider extends ServiceProvider
     */
    public function boot(): void
    {
-        //
+        Gate::policy(Post::class, PostPolicy::class);
    }
 }