feat: update resource authorizer to handle auth responses

laravel-json-api · Nov 29, 2024 · f3ecaf6 · f3ecaf6
1 parent 37bb500
commit f3ecaf6
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 20 deletions.
diff --git a/src/Core/Auth/Authorizer.php b/src/Core/Auth/Authorizer.php
@@ -87,7 +87,7 @@ public function show(?Request $request, object $model): bool|Response
     /**
      * @inheritDoc
      */
-    public function update(Request $request, object $model): bool|Response
+    public function update(?Request $request, object $model): bool|Response
     {
         if ($this->mustAuthorize()) {
             return $this->gate->inspect(
@@ -102,7 +102,7 @@ public function update(Request $request, object $model): bool|Response
     /**
      * @inheritDoc
      */
-    public function destroy(Request $request, object $model): bool|Response
+    public function destroy(?Request $request, object $model): bool|Response
     {
         if ($this->mustAuthorize()) {
             return $this->gate->inspect(
@@ -117,7 +117,7 @@ public function destroy(Request $request, object $model): bool|Response
     /**
      * @inheritDoc
      */
-    public function showRelated(Request $request, object $model, string $fieldName): bool|Response
+    public function showRelated(?Request $request, object $model, string $fieldName): bool|Response
     {
         if ($this->mustAuthorize()) {
             return $this->gate->inspect(
@@ -132,15 +132,15 @@ public function showRelated(Request $request, object $model, string $fieldName):
     /**
      * @inheritDoc
      */
-    public function showRelationship(Request $request, object $model, string $fieldName): bool|Response
+    public function showRelationship(?Request $request, object $model, string $fieldName): bool|Response
     {
         return $this->showRelated($request, $model, $fieldName);
     }
 
     /**
      * @inheritDoc
      */
-    public function updateRelationship(Request $request, object $model, string $fieldName): bool|Response
+    public function updateRelationship(?Request $request, object $model, string $fieldName): bool|Response
     {
         if ($this->mustAuthorize()) {
             return $this->gate->inspect(
@@ -155,7 +155,7 @@ public function updateRelationship(Request $request, object $model, string $fiel
     /**
      * @inheritDoc
      */
-    public function attachRelationship(Request $request, object $model, string $fieldName): bool|Response
+    public function attachRelationship(?Request $request, object $model, string $fieldName): bool|Response
     {
         if ($this->mustAuthorize()) {
             return $this->gate->inspect(
@@ -170,7 +170,7 @@ public function attachRelationship(Request $request, object $model, string $fiel
     /**
      * @inheritDoc
      */
-    public function detachRelationship(Request $request, object $model, string $fieldName): bool|Response
+    public function detachRelationship(?Request $request, object $model, string $fieldName): bool|Response
     {
         if ($this->mustAuthorize()) {
             return $this->gate->inspect(
@@ -197,16 +197,16 @@ public function failed(): never
     /**
      * Create a lazy relation object.
      *
-     * @param Request $request
+     * @param Request|null $request
      * @param string $fieldName
      * @return LazyRelation
      */
-    private function createRelation(Request $request, string $fieldName): LazyRelation
+    private function createRelation(?Request $request, string $fieldName): LazyRelation
     {
         return new LazyRelation(
             $this->service->server(),
             $this->schema()->relationship($fieldName),
-            $request->json()->all()
+            $request?->json()->all() ?? [],
         );
     }
 

diff --git a/src/Core/Auth/ResourceAuthorizer.php b/src/Core/Auth/ResourceAuthorizer.php
@@ -12,6 +12,7 @@
 namespace LaravelJsonApi\Core\Auth;
 
 use Illuminate\Auth\Access\AuthorizationException;
+use Illuminate\Auth\Access\Response;
 use Illuminate\Auth\AuthenticationException;
 use Illuminate\Http\Request;
 use LaravelJsonApi\Contracts\Auth\Authorizer as AuthorizerContract;
@@ -44,7 +45,7 @@ public function index(?Request $request): ?ErrorList
             $this->modelClass,
         );
 
-        return $passes ? null : $this->failed();
+        return $this->parse($passes);
     }
 
     /**
@@ -67,7 +68,7 @@ public function store(?Request $request): ?ErrorList
             $this->modelClass,
         );
 
-        return $passes ? null : $this->failed();
+        return $this->parse($passes);
     }
 
     /**
@@ -90,7 +91,7 @@ public function show(?Request $request, object $model): ?ErrorList
             $model,
         );
 
-        return $passes ? null : $this->failed();
+        return $this->parse($passes);
     }
 
     /**
@@ -113,7 +114,7 @@ public function update(?Request $request, object $model): ?ErrorList
             $model,
         );
 
-        return $passes ? null : $this->failed();
+        return $this->parse($passes);
     }
 
     /**
@@ -136,7 +137,7 @@ public function destroy(?Request $request, object $model): ?ErrorList
             $model,
         );
 
-        return $passes ? null : $this->failed();
+        return $this->parse($passes);
     }
 
     /**
@@ -160,7 +161,7 @@ public function showRelated(?Request $request, object $model, string $fieldName)
             $fieldName,
         );
 
-        return $passes ? null : $this->failed();
+        return $this->parse($passes);
     }
 
     /**
@@ -184,7 +185,7 @@ public function showRelationship(?Request $request, object $model, string $field
             $fieldName,
         );
 
-        return $passes ? null : $this->failed();
+        return $this->parse($passes);
     }
 
     /**
@@ -208,7 +209,7 @@ public function updateRelationship(?Request $request, object $model, string $fie
             $fieldName,
         );
 
-        return $passes ? null : $this->failed();
+        return $this->parse($passes);
     }
 
     /**
@@ -232,7 +233,7 @@ public function attachRelationship(?Request $request, object $model, string $fie
             $fieldName,
         );
 
-        return $passes ? null : $this->failed();
+        return $this->parse($passes);
     }
 
     /**
@@ -256,7 +257,7 @@ public function detachRelationship(?Request $request, object $model, string $fie
             $fieldName,
         );
 
-        return $passes ? null : $this->failed();
+        return $this->parse($passes);
     }
 
     /**
@@ -269,6 +270,23 @@ public function detachRelationshipOrFail(?Request $request, object $model, strin
         }
     }
 
+    /**
+     * @param bool|Response $result
+     * @return ErrorList|null
+     * @throws AuthenticationException
+     * @throws AuthorizationException
+     * @throws HttpExceptionInterface
+     */
+    private function parse(bool|Response $result): ?ErrorList
+    {
+        if ($result instanceof Response) {
+            $result->authorize();
+            return null;
+        }
+
+        return $result ? null : $this->failed();
+    }
+
     /**
      * @return ErrorList
      * @throws AuthorizationException