Feature/94 (#56)

* #55 - change routes for admin * #43 - permission policy #94 - add permissions * CR Co-authored-by: KD <do>
EscolaLMS · Jan 11, 2022 · be83c53 · be83c53
1 parent 3bb1bb6
commit be83c53
Show file tree

Hide file tree

Showing 26 changed files with 549 additions and 97 deletions.
diff --git a/composer.json b/composer.json
@@ -8,7 +8,8 @@
     "spatie/laravel-permission": "^3.18",
     "h5p/h5p-core": "dev-master",
     "h5p/h5p-editor": "dev-master",
-    "darkaonline/l5-swagger": "^8.0"
+    "darkaonline/l5-swagger": "^8.0",
+    "escolalms/core": "^1"
   },
   "require-dev": {
     "phpunit/phpunit": "^9.0",
@@ -35,4 +36,4 @@
       ]
     }
   }
-}
+}
diff --git a/database/seeders/PermissionTableSeeder.php b/database/seeders/PermissionTableSeeder.php
@@ -0,0 +1,42 @@
+<?php
+
+namespace EscolaLms\HeadlessH5P\Database\Seeders;
+
+use EscolaLms\HeadlessH5P\Enums\H5PPermissionsEnum;
+use Illuminate\Database\Seeder;
+use Spatie\Permission\Models\Permission;
+use Spatie\Permission\Models\Role;
+
+/**
+ * @todo remove neccesity of using 'web' guard
+ */
+class PermissionTableSeeder extends Seeder
+{
+    public function run()
+    {
+        app()[\Spatie\Permission\PermissionRegistrar::class]->forgetCachedPermissions();
+
+        $apiAdmin = Role::findOrCreate('admin', 'api');
+        $webAdmin = Role::findOrCreate('admin', 'web');
+        $permissions = [
+            H5PPermissionsEnum::H5P_LIST,
+            H5PPermissionsEnum::H5P_READ,
+            H5PPermissionsEnum::H5P_DELETE,
+            H5PPermissionsEnum::H5P_UPDATE,
+            H5PPermissionsEnum::H5P_CREATE,
+            H5PPermissionsEnum::H5P_LIBRARY_LIST,
+            H5PPermissionsEnum::H5P_LIBRARY_READ,
+            H5PPermissionsEnum::H5P_LIBRARY_DELETE,
+            H5PPermissionsEnum::H5P_LIBRARY_UPDATE,
+            H5PPermissionsEnum::H5P_LIBRARY_CREATE,
+        ];
+
+        foreach ($permissions as $permission) {
+            Permission::findOrCreate($permission, 'api');
+            Permission::findOrCreate($permission, 'web');
+        }
+
+        $apiAdmin->givePermissionTo($permissions);
+        $webAdmin->givePermissionTo($permissions);
+    }
+}
diff --git a/src/AuthServiceProvider.php b/src/AuthServiceProvider.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace EscolaLms\HeadlessH5P;
+
+use EscolaLms\HeadlessH5P\Models\H5PContent;
+use EscolaLms\HeadlessH5P\Models\H5PLibrary;
+use EscolaLms\HeadlessH5P\Policies\H5PContentPolicy;
+use EscolaLms\HeadlessH5P\Policies\H5PLibraryPolicy;
+use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
+
+class AuthServiceProvider extends ServiceProvider
+{
+    protected $policies = [
+        H5PContent::class => H5PContentPolicy::class,
+        H5PLibrary::class => H5PLibraryPolicy::class,
+    ];
+
+    public function boot()
+    {
+        $this->registerPolicies();
+    }
+}
diff --git a/src/Enums/H5PPermissionsEnum.php b/src/Enums/H5PPermissionsEnum.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace EscolaLms\HeadlessH5P\Enums;
+
+use EscolaLms\Core\Enums\BasicEnum;
+
+class H5PPermissionsEnum extends BasicEnum
+{
+    const H5P_LIST = 'h5p_list';
+    const H5P_READ = 'h5p_read';
+    const H5P_CREATE = 'h5p_create';
+    const H5P_DELETE = 'h5p_delete';
+    const H5P_UPDATE = 'h5p_update';
+
+    const H5P_LIBRARY_LIST = 'h5p_library_list';
+    const H5P_LIBRARY_READ = 'h5p_library_read';
+    const H5P_LIBRARY_CREATE = 'h5p_library_create';
+    const H5P_LIBRARY_DELETE = 'h5p_library_delete';
+    const H5P_LIBRARY_UPDATE = 'h5p_library_update';
+}
diff --git a/src/HeadlessH5PServiceProvider.php b/src/HeadlessH5PServiceProvider.php
@@ -32,6 +32,7 @@ public function register(): void
     {
         $this->commands([H5PSeedCommand::class, StorageH5PLinkCommand::class]);
         $this->bindH5P();
+        $this->app->register(AuthServiceProvider::class);
     }
 
     private function bindH5P(): void

diff --git a/src/Http/Controllers/ContentApiController.php b/src/Http/Controllers/ContentApiController.php
@@ -4,6 +4,9 @@
 
 //use App\Http\Controllers\Controller;
 use EscolaLms\HeadlessH5P\Http\Controllers\Swagger\ContentApiSwagger;
+use EscolaLms\HeadlessH5P\Http\Requests\ContentDeleteRequest;
+use EscolaLms\HeadlessH5P\Http\Requests\ContentListRequest;
+use EscolaLms\HeadlessH5P\Http\Requests\ContentReadRequest;
 use EscolaLms\HeadlessH5P\Http\Requests\ContentStoreRequest;
 use EscolaLms\HeadlessH5P\Http\Requests\LibraryStoreRequest;
 use EscolaLms\HeadlessH5P\Repositories\Contracts\H5PContentRepositoryContract;
@@ -24,7 +27,7 @@ public function __construct(HeadlessH5PServiceContract $hh5pService, H5PContentR
         $this->contentRepository = $contentRepository;
     }
 
-    public function index(Request $request): JsonResponse
+    public function index(ContentListRequest $request): JsonResponse
     {
         $columns = ['title', 'id', 'library_id'];
         $list = $request->get('per_page') !== null && $request->get('per_page') == 0 ? $this->contentRepository->unpaginatedList($columns) : $this->contentRepository->list($request->get('per_page'), $columns);
@@ -62,29 +65,29 @@ public function store(ContentStoreRequest $request): JsonResponse
         ], 200);
     }
 
-    public function destroy(Request $request, int $id): JsonResponse
+    public function destroy(ContentDeleteRequest $request, int $id): JsonResponse
     {
         try {
             $contentId = $this->contentRepository->delete($id);
         } catch (Exception $error) {
             return response()->json([
-            'error' => $error->getMessage(),
-        ], 422);
+                'error' => $error->getMessage(),
+            ], 422);
         }
 
         return response()->json([
             'id' => $contentId,
         ], 200);
     }
 
-    public function show(Request $request, int $id): JsonResponse
+    public function show(ContentReadRequest $request, int $id): JsonResponse
     {
         try {
             $settings = $this->hh5pService->getContentSettings($id);
         } catch (Exception $error) {
             return response()->json([
-            'error' => $error->getMessage(),
-        ], 422);
+                'error' => $error->getMessage(),
+            ], 422);
         }
 
         return response()->json(
@@ -99,8 +102,8 @@ public function upload(LibraryStoreRequest $request): JsonResponse
             $content = $this->contentRepository->upload($request->file('h5p_file'));
         } catch (Exception $error) {
             return response()->json([
-            'error' => $error->getMessage(),
-        ], 422);
+                'error' => $error->getMessage(),
+            ], 422);
         }
 
         return response()->json(
@@ -109,7 +112,7 @@ public function upload(LibraryStoreRequest $request): JsonResponse
         );
     }
 
-    public function download(Request $request, $id)
+    public function download(ContentReadRequest $request, $id)
     {
         $filepath = $this->contentRepository->download($id);
 

diff --git a/src/Http/Controllers/LibraryApiController.php b/src/Http/Controllers/LibraryApiController.php
@@ -3,6 +3,8 @@
 namespace EscolaLms\HeadlessH5P\Http\Controllers;
 
 //use App\Http\Controllers\Controller;
+use EscolaLms\HeadlessH5P\Http\Requests\LibraryDeleteRequest;
+use EscolaLms\HeadlessH5P\Http\Requests\LibraryListRequest;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use EscolaLms\HeadlessH5P\Http\Controllers\Swagger\LibraryApiSwagger;
@@ -21,7 +23,7 @@ public function __construct(HeadlessH5PServiceContract $hh5pService)
         $this->hh5pService = $hh5pService;
     }
 
-    public function index(Request $request): JsonResponse
+    public function index(LibraryListRequest $request): JsonResponse
     {
         $libraries = $this->hh5pService->listLibraries();
 
@@ -42,7 +44,7 @@ public function store(LibraryStoreRequest $request): JsonResponse
         ], $valid ? 200 : 422);
     }
 
-    public function libraries(Request $request): JsonResponse
+    public function libraries(LibraryListRequest $request): JsonResponse
     {
         $libraries = $this->hh5pService->getLibraries(
             $request->get('machineName'),
@@ -53,10 +55,10 @@ public function libraries(Request $request): JsonResponse
         return response()->json($libraries, 200);
     }
 
-    public function destroy(Request $request, int $id): JsonResponse
+    public function destroy(LibraryDeleteRequest $request, int $id): JsonResponse
     {
         $valid = $this->hh5pService->deleteLibrary($id);
-        
+
         return response()->json([
             'valid' => $valid,
             'messages' =>  $valid ? "Library $id deleted" : "",

diff --git a/src/Http/Controllers/Swagger/ContentApiSwagger.php b/src/Http/Controllers/Swagger/ContentApiSwagger.php
@@ -2,6 +2,9 @@
 
 namespace EscolaLms\HeadlessH5P\Http\Controllers\Swagger;
 
+use EscolaLms\HeadlessH5P\Http\Requests\ContentDeleteRequest;
+use EscolaLms\HeadlessH5P\Http\Requests\ContentListRequest;
+use EscolaLms\HeadlessH5P\Http\Requests\ContentReadRequest;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 
@@ -156,7 +159,7 @@ public function store(ContentStoreRequest $request): JsonResponse;
     *      )
     * )
     */
-    public function show(Request $request, int $id): JsonResponse;
+    public function show(ContentReadRequest $request, int $id): JsonResponse;
 
     /**
     * @OA\Post(
@@ -253,7 +256,7 @@ public function update(ContentStoreRequest $request, int $id): JsonResponse;
     *      )
     * )
     */
-    public function index(ContentStoreRequest $request): JsonResponse;
+    public function index(ContentListRequest $request): JsonResponse;
 
     /**
     * @OA\Delete(
@@ -293,7 +296,7 @@ public function index(ContentStoreRequest $request): JsonResponse;
     *      )
     * )
     */
-    public function destroy(Request $request, int $id): JsonResponse;
+    public function destroy(ContentDeleteRequest $request, int $id): JsonResponse;
 
     /**
     * @OA\Post(
@@ -325,7 +328,7 @@ public function destroy(Request $request, int $id): JsonResponse;
     * )
     */
     public function upload(LibraryStoreRequest $request): JsonResponse;
-    
+
     /**
     * @OA\Get(
     *      path="/api/hh5p/content/{id}/export",
@@ -364,5 +367,5 @@ public function upload(LibraryStoreRequest $request): JsonResponse;
     *      )
     * )
     */
-    public function download(Request $request, int $id);
+    public function download(ContentReadRequest $request, int $id);
 }
diff --git a/src/Http/Controllers/Swagger/LibraryApiSwagger.php b/src/Http/Controllers/Swagger/LibraryApiSwagger.php
@@ -2,6 +2,8 @@
 
 namespace EscolaLms\HeadlessH5P\Http\Controllers\Swagger;
 
+use EscolaLms\HeadlessH5P\Http\Requests\LibraryDeleteRequest;
+use EscolaLms\HeadlessH5P\Http\Requests\LibraryListRequest;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 
@@ -65,7 +67,7 @@ public function store(LibraryStoreRequest $request): JsonResponse;
     *      )
     * )
     */
-    public function destroy(Request $request, int $id): JsonResponse;
+    public function destroy(LibraryDeleteRequest $request, int $id): JsonResponse;
 
     /**
     * @OA\Get(
@@ -83,7 +85,7 @@ public function destroy(Request $request, int $id): JsonResponse;
     *      )
     * )
     */
-    public function index(Request $request): JsonResponse;
+    public function index(LibraryListRequest $request): JsonResponse;
 
     /**
     * @OA\Get(
@@ -145,5 +147,5 @@ public function index(Request $request): JsonResponse;
     *      )
     * )
     */
-    public function libraries(Request $request);
+    public function libraries(LibraryListRequest $request);
 }
diff --git a/src/Http/Requests/ContentDeleteRequest.php b/src/Http/Requests/ContentDeleteRequest.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace EscolaLms\HeadlessH5P\Http\Requests;
+
+use EscolaLms\HeadlessH5P\Repositories\Contracts\H5PContentRepositoryContract;
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Support\Facades\Gate;
+
+class ContentDeleteRequest extends FormRequest
+{
+    public function authorize(): bool
+    {
+        $h5PContentRepository = app(H5PContentRepositoryContract::class);
+        $h5pContent = $h5PContentRepository->show($this->route('id'));
+
+        return Gate::allows('delete', $h5pContent);
+    }
+
+    public function rules(): array
+    {
+        return [];
+    }
+}
diff --git a/src/Http/Requests/ContentListRequest.php b/src/Http/Requests/ContentListRequest.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace EscolaLms\HeadlessH5P\Http\Requests;
+
+use EscolaLms\HeadlessH5P\Models\H5PContent;
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Support\Facades\Gate;
+
+class ContentListRequest extends FormRequest
+{
+    public function authorize(): bool
+    {
+        return Gate::allows('list', H5PContent::class);
+    }
+
+    public function rules(): array
+    {
+        return [];
+    }
+}
diff --git a/src/Http/Requests/ContentReadRequest.php b/src/Http/Requests/ContentReadRequest.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace EscolaLms\HeadlessH5P\Http\Requests;
+
+use EscolaLms\HeadlessH5P\Repositories\Contracts\H5PContentRepositoryContract;
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Support\Facades\Gate;
+
+class ContentReadRequest extends FormRequest
+{
+    public function authorize(): bool
+    {
+        $h5PContentRepository = app(H5PContentRepositoryContract::class);
+        $h5pContent = $h5PContentRepository->show($this->route('id'));
+
+        return Gate::allows('read', $h5pContent);
+    }
+
+    public function rules(): array
+    {
+        return [];
+    }
+}