Fixes for project form request authorization

2025-05-24 02:14:21 -04:00 · 2023-02-27 22:38:10 +11:00 · 2023-02-27 22:38:10 +11:00 · 83c3b3d923
commit 83c3b3d923
parent ec67d019c7
4 changed files with 8 additions and 4 deletions
--- a/app/Http/Requests/Project/CreateProjectRequest.php
+++ b/app/Http/Requests/Project/CreateProjectRequest.php
@ -11,6 +11,7 @@

 namespace App\Http\Requests\Project;

+use App\Models\Project;
 use App\Http\Requests\Request;

 class CreateProjectRequest extends Request
@ -22,6 +23,7 @@ class CreateProjectRequest extends Request
     */
    public function authorize() : bool
    {
-        return auth()->user()->isAdmin();
+        return auth()->user()->can('create', Project::class);
+
    }
 }
--- a/app/Http/Requests/Project/DestroyProjectRequest.php
+++ b/app/Http/Requests/Project/DestroyProjectRequest.php
@ -22,6 +22,6 @@ class DestroyProjectRequest extends Request
     */
    public function authorize() : bool
    {
-        return auth()->user()->isAdmin();
+        return auth()->user()->can('edit', $this->project);
    }
 }
--- a/app/Http/Requests/Project/EditProjectRequest.php
+++ b/app/Http/Requests/Project/EditProjectRequest.php
@ -22,7 +22,7 @@ class EditProjectRequest extends Request
     */
    public function authorize() : bool
    {
-        return auth()->user()->isAdmin();
+        return auth()->user()->can('edit', $this->project);
    }

    /**
--- a/app/Http/Requests/Project/ShowProjectRequest.php
+++ b/app/Http/Requests/Project/ShowProjectRequest.php
@ -22,7 +22,9 @@ class ShowProjectRequest extends Request
     */
    public function authorize() : bool
    {
-        return auth()->user()->isAdmin();
+        // return auth()->user()->isAdmin();
+        return auth()->user()->can('view', $this->project);
+
    }

    /**