Working on permissions in the API

app/Http/Controllers/ProductApiController.php

@@ -1,34 +1,20 @@
 <?php namespace App\Http\Controllers;
 
-use App\Ninja\Repositories\ProductRepository;
-use App\Ninja\Transformers\ProductTransformer;
-use Auth;
-use Str;
-use DB;
-use Datatable;
-use Utils;
-use URL;
-use View;
-use Input;
-use Session;
-use Redirect;
-
 use App\Models\Product;
-use App\Models\TaxRate;
-use App\Services\ProductService;
+use App\Ninja\Repositories\ProductRepository;
+use App\Http\Requests\CreateProductRequest;
+use App\Http\Requests\UpdateProductRequest;
 
 class ProductApiController extends BaseAPIController
 {
-    protected $productService;
     protected $productRepo;
     
     protected $entityType = ENTITY_PRODUCT;
 
-    public function __construct(ProductService $productService, ProductRepository $productRepo)
+    public function __construct(ProductRepository $productRepo)
     {
         parent::__construct();
 
-        $this->productService = $productService;
         $this->productRepo = $productRepo;
     }
 
@@ -41,58 +27,28 @@ class ProductApiController extends BaseAPIController
         return $this->listResponse($products);
     }
 
-    public function getDatatable()
+    public function store(CreateProductRequest $request)
     {
-        return $this->productService->getDatatable(Auth::user()->account_id);
+        $product = $this->productRepo->save($request->input());
+
+        return $this->itemResponse($product);
     }
 
-    public function store()
+    public function update(UpdateProductRequest $request, $publicId)
     {
-        return $this->save();
-    }
-
-    public function update(\Illuminate\Http\Request $request, $publicId)
-    {
-
-        if ($request->action == ACTION_ARCHIVE) {
-            $product = Product::scope($publicId)->withTrashed()->firstOrFail();
-            $this->productRepo->archive($product);
-
-            $transformer = new ProductTransformer(\Auth::user()->account, Input::get('serializer'));
-            $data = $this->createItem($product, $transformer, 'products');
-
-            return $this->response($data);
+        if ($request->action) {
+            return $this->handleAction($request);
         }
-        else
-            return $this->save($publicId);
+        
+        $data = $request->input();
+        $data['public_id'] = $publicId;
+        $product = $this->productRepo->save($data);
+
+        return $this->itemResponse($product);
     }
 
     public function destroy($publicId)
     {
        //stub
     }
-
-    private function save($productPublicId = false)
-    {
-        if ($productPublicId) {
-            $product = Product::scope($productPublicId)->firstOrFail();
-        } else {
-            $product = Product::createNew();
-        }
-
-        $product->product_key = trim(Input::get('product_key'));
-        $product->notes = trim(Input::get('notes'));
-        $product->cost = trim(Input::get('cost'));
-        //$product->default_tax_rate_id = Input::get('default_tax_rate_id');
-
-        $product->save();
-
-        $transformer = new ProductTransformer(\Auth::user()->account, Input::get('serializer'));
-        $data = $this->createItem($product, $transformer, 'products');
-
-        return $this->response($data);
-
-    }
-
-
 }

app/Http/Controllers/TaxRateApiController.php

@@ -1,26 +1,20 @@
 <?php namespace App\Http\Controllers;
 
-use App\Services\TaxRateService;
-use App\Ninja\Repositories\TaxRateRepository;
-use App\Ninja\Transformers\TaxRateTransformer;
-use Auth;
 use App\Models\TaxRate;
-
+use App\Ninja\Repositories\TaxRateRepository;
 use App\Http\Requests\CreateTaxRateRequest;
 use App\Http\Requests\UpdateTaxRateRequest;
 
 class TaxRateApiController extends BaseAPIController
 {
-    protected $taxRateService;
     protected $taxRateRepo;
     
     protected $entityType = ENTITY_TAX_RATE;
 
-    public function __construct(TaxRateService $taxRateService, TaxRateRepository $taxRateRepo)
+    public function __construct(TaxRateRepository $taxRateRepo)
     {
         parent::__construct();
 
-        $this->taxRateService = $taxRateService;
         $this->taxRateRepo = $taxRateRepo;
     }
 
@@ -35,32 +29,26 @@ class TaxRateApiController extends BaseAPIController
 
     public function store(CreateTaxRateRequest $request)
     {
-        return $this->save($request);
+        $taxRate = $this->taxRateRepo->save($request->input());
+
+        return $this->itemResponse($taxRate);
     }
 
-    public function update(UpdateTaxRateRequest $request, $taxRatePublicId)
+    public function update(UpdateTaxRateRequest $request, $publicId)
     {
-        $taxRate = TaxRate::scope($taxRatePublicId)->firstOrFail();
-
-        if ($request->action == ACTION_ARCHIVE) {
-            $this->taxRateRepo->archive($taxRate);
-
-            $transformer = new TaxRateTransformer(Auth::user()->account, $request->serializer);
-            $data = $this->createItem($taxRate, $transformer, 'tax_rates');
-
-            return $this->response($data);
-        } else {
-            return $this->save($request, $taxRate);
+        if ($request->action) {
+            return $this->handleAction($request);
         }
+        
+        $data = $request->input();
+        $data['public_id'] = $publicId;
+        $taxRate = $this->taxRateRepo->save($data);
+
+        return $this->itemResponse($taxRate);
     }
 
-    private function save($request, $taxRate = false)
+    public function destroy($publicId)
     {
-        $taxRate = $this->taxRateRepo->save($request->input(), $taxRate);
-
-        $transformer = new TaxRateTransformer(\Auth::user()->account, $request->serializer);
-        $data = $this->createItem($taxRate, $transformer, 'tax_rates');
-
-        return $this->response($data);
+       //stub
     }
 }

app/Http/Controllers/UserApiController.php

@@ -42,11 +42,6 @@ class UserApiController extends BaseAPIController
 
     public function update(UpdateUserRequest $request, $userPublicId)
     {
-        /*
-        // temporary fix for ids starting at 0
-        $userPublicId -= 1;
-        $user = User::scope($userPublicId)->firstOrFail();
-        */
         $user = Auth::user();
 
         if ($request->action == ACTION_ARCHIVE) {

app/Http/Controllers/VendorApiController.php

@@ -85,8 +85,6 @@ class VendorApiController extends BaseAPIController
                     ->with('country', 'vendorcontacts', 'industry', 'size', 'currency')
                     ->first();
 
-        $transformer = new VendorTransformer(Auth::user()->account, Input::get('serializer'));
-        $data = $this->createItem($vendor, $transformer, ENTITY_VENDOR);
-        return $this->response($data);
+        return $this->itemResponse($vendor);
     }
 }

app/Http/Requests/CreateTaxRateRequest.php

@@ -3,7 +3,7 @@
 use App\Http\Requests\Request;
 use Illuminate\Validation\Factory;
 
-class CreateTaxRateRequest extends Request
+class CreateTaxRateRequest extends TaxRateRequest
 {
     // Expenses 
     /**
@@ -13,7 +13,7 @@ class CreateTaxRateRequest extends Request
      */
     public function authorize()
     {
-        return true;
+        return $this->user()->can('create', ENTITY_TAX_RATE);
     }
 
     /**

app/Http/Requests/UpdateTaxRateRequest.php

@@ -3,7 +3,7 @@
 use App\Http\Requests\Request;
 use Illuminate\Validation\Factory;
 
-class UpdateTaxRateRequest extends Request
+class UpdateTaxRateRequest extends TaxRateRequest
 {
     // Expenses 
     /**
@@ -13,7 +13,7 @@ class UpdateTaxRateRequest extends Request
      */
     public function authorize()
     {
-        return true;
+        return $this->user()->can('edit', $this->entity());
     }
 
     /**

app/Http/Requests/UpdateUserRequest.php

@@ -14,7 +14,7 @@ class UpdateUserRequest extends Request
      */
     public function authorize()
     {
-        return true;
+        return $this->user()->can('edit', $this->entity());
     }
 
     /**

app/Libraries/Utils.php

@@ -676,7 +676,7 @@ class Utils
 
     public static function getEntityName($entityType)
     {
-        return ucwords(str_replace('_', ' ', $entityType));
+        return ucwords(Utils::toCamelCase($entityType));
     }
 
     public static function getClientDisplayName($model)

app/Models/Product.php

@@ -8,6 +8,14 @@ class Product extends EntityModel
     use SoftDeletes;
     protected $dates = ['deleted_at'];
 
+    protected $fillable = [
+        'product_key',
+        'notes',
+        'cost',
+        'qty',
+        'default_tax_rate_id',
+    ];
+
     public function getEntityType()
     {
         return ENTITY_PRODUCT;

app/Ninja/Repositories/ProductRepository.php

@@ -1,6 +1,7 @@
 <?php namespace App\Ninja\Repositories;
 
 use DB;
+use App\Models\Product;
 use App\Ninja\Repositories\BaseRepository;
 
 class ProductRepository extends BaseRepository
@@ -29,4 +30,21 @@ class ProductRepository extends BaseRepository
                     'products.deleted_at'
                 );
     }
+    
+    public function save($data)
+    {
+        $publicId = isset($data['public_id']) ? $data['public_id'] : false;
+        
+        if ($publicId) {
+            $product = Product::scope($publicId)->firstOrFail();
+        } else {
+            $product = Product::createNew();
+        }
+
+        $product->fill($data);
+        $product->save();
+
+        return $product;
+    }
+
 }

app/Providers/AuthServiceProvider.php

@@ -21,6 +21,8 @@ class AuthServiceProvider extends ServiceProvider
         \App\Models\Payment::class => \App\Policies\PaymentPolicy::class,
         \App\Models\Task::class => \App\Policies\TaskPolicy::class,
         \App\Models\Vendor::class => \App\Policies\VendorPolicy::class,
+        \App\Models\Product::class => \App\Policies\ProductPolicy::class,
+        \App\Models\TaxRate::class => \App\Policies\TaxRatePolicy::class,
     ];
     
     /**