[Feature] Add show-related method to the authorizer interface

Closes #6
laravel-json-api · Jun 18, 2021 · 4c5b636 · 4c5b636
1 parent b8faaca
commit 4c5b636
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,20 @@
 All notable changes to this project will be documented in this file. This project adheres to
 [Semantic Versioning](http://semver.org/) and [this changelog format](http://keepachangelog.com/).
 
+## Unreleased
+
+### Added
+
+- [#6](https://github.com/laravel-json-api/core/issues/6) The authorizer contract now has a `showRelated` method to
+  authorize the show-related controller action. Previously the `showRelationship` method was used to authorize both the
+  show-related and show-relationship controller actions. This change means that authorizers can implement different
+  authorization logic if needed. However, our default authorizer (the `Auth\Authorizer` class) remains unchanged in that
+  both actions expect there to be a `view<RelationshipName>` method on the policy to authorize these actions.
+
+### Changed
+
+- The `Auth\Authorizer` class is no longer `final` and can now be extended if needed.
+
 ## [1.0.0-beta.4] - 2021-06-02
 
 ### Changed

diff --git a/src/Contracts/Auth/Authorizer.php b/src/Contracts/Auth/Authorizer.php
@@ -69,7 +69,17 @@ public function update(Request $request, object $model): bool;
     public function destroy(Request $request, object $model): bool;
 
     /**
-     * Authorize the show-related and show-relationship controller action.
+     * Authorize the show-related controller action.
+     *
+     * @param Request $request
+     * @param object $model
+     * @param string $fieldName
+     * @return bool
+     */
+    public function showRelated(Request $request, object $model, string $fieldName): bool;
+
+    /**
+     * Authorize the show-relationship controller action.
      *
      * @param Request $request
      * @param object $model

diff --git a/src/Core/Auth/Authorizer.php b/src/Core/Auth/Authorizer.php
@@ -27,7 +27,7 @@
 use LaravelJsonApi\Core\Store\LazyRelation;
 use LaravelJsonApi\Core\Support\Str;
 
-final class Authorizer implements AuthorizerContract
+class Authorizer implements AuthorizerContract
 {
 
     /**
@@ -130,7 +130,7 @@ public function destroy(Request $request, object $model): bool
     /**
      * @inheritDoc
      */
-    public function showRelationship(Request $request, object $model, string $fieldName): bool
+    public function showRelated(Request $request, object $model, string $fieldName): bool
     {
         if ($this->mustAuthorize()) {
             return $this->gate->check(
@@ -142,6 +142,14 @@ public function showRelationship(Request $request, object $model, string $fieldN
         return true;
     }
 
+    /**
+     * @inheritDoc
+     */
+    public function showRelationship(Request $request, object $model, string $fieldName): bool
+    {
+        return $this->showRelated($request, $model, $fieldName);
+    }
+
     /**
      * @inheritDoc
      */