From 84e152896b313d3b8d3ff04ec057551d6d677c11 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sat, 1 Oct 2022 05:36:07 -0600 Subject: [PATCH] Update CollectionController --- app/Http/Controllers/CollectionController.php | 38 ++++++++++--------- app/Services/CollectionService.php | 2 + routes/api.php | 4 ++ 3 files changed, 27 insertions(+), 17 deletions(-) diff --git a/app/Http/Controllers/CollectionController.php b/app/Http/Controllers/CollectionController.php index 79284e20f..be18db8ab 100644 --- a/app/Http/Controllers/CollectionController.php +++ b/app/Http/Controllers/CollectionController.php @@ -63,18 +63,18 @@ class CollectionController extends Controller public function store(Request $request, $id) { - abort_if(!Auth::check(), 403); + abort_if(!$request->user(), 403); $this->validate($request, [ 'title' => 'nullable|max:50', 'description' => 'nullable|max:500', 'visibility' => 'nullable|string|in:public,private,draft' ]); - $profile = Auth::user()->profile; - $collection = Collection::whereProfileId($profile->id)->findOrFail($id); - $collection->title = e($request->input('title')); - $collection->description = e($request->input('description')); - $collection->visibility = e($request->input('visibility')); + $pid = $request->user()->profile_id; + $collection = Collection::whereProfileId($pid)->findOrFail($id); + $collection->title = strip_tags($request->input('title')); + $collection->description = strip_tags($request->input('description')); + $collection->visibility = $request->input('visibility'); $collection->save(); return CollectionService::setCollection($collection->id, $collection); @@ -82,7 +82,7 @@ class CollectionController extends Controller public function publish(Request $request, int $id) { - abort_if(!Auth::check(), 403); + abort_if(!$request->user(), 403); $this->validate($request, [ 'title' => 'nullable|max:50', 'description' => 'nullable|max:500', @@ -94,8 +94,8 @@ class CollectionController extends Controller abort(404); } $collection->title = e($request->input('title')); - $collection->description = e($request->input('description')); - $collection->visibility = e($request->input('visibility')); + $collection->description = strip_tags($request->input('description')); + $collection->visibility = strip_tags($request->input('visibility')); $collection->published_at = now(); $collection->save(); return CollectionService::setCollection($collection->id, $collection); @@ -103,30 +103,32 @@ class CollectionController extends Controller public function delete(Request $request, int $id) { - abort_if(!Auth::check(), 403); - $user = Auth::user(); + abort_if(!$request->user(), 403); + $user = $request->user(); $collection = Collection::whereProfileId($user->profile_id)->findOrFail($id); $collection->items()->delete(); $collection->delete(); + CollectionService::deleteCollection($id); + if($request->wantsJson()) { return 200; } - CollectionService::deleteCollection($id); - return redirect('/'); } public function storeId(Request $request) { + abort_if(!$request->user(), 403); + $this->validate($request, [ 'collection_id' => 'required|int|min:1|exists:collections,id', - 'post_id' => 'required|int|min:1|exists:statuses,id' + 'post_id' => 'required|int|min:1' ]); - $profileId = Auth::user()->profile_id; + $profileId = $request->user()->profile_id; $collectionId = $request->input('collection_id'); $postId = $request->input('post_id'); @@ -151,6 +153,7 @@ class CollectionController extends Controller } $status = Status::whereScope('public') + ->whereProfileId($profileId) ->whereIn('type', ['photo', 'photo:album', 'video']) ->findOrFail($postId); @@ -277,12 +280,13 @@ class CollectionController extends Controller public function deleteId(Request $request) { + abort_if(!$request->user(), 403); $this->validate($request, [ 'collection_id' => 'required|int|min:1|exists:collections,id', - 'post_id' => 'required|int|min:1|exists:statuses,id' + 'post_id' => 'required|int|min:1' ]); - $profileId = Auth::user()->profile_id; + $profileId = $request->user()->profile_id; $collectionId = $request->input('collection_id'); $postId = $request->input('post_id'); diff --git a/app/Services/CollectionService.php b/app/Services/CollectionService.php index 288e1b7d1..fea4269fe 100644 --- a/app/Services/CollectionService.php +++ b/app/Services/CollectionService.php @@ -121,6 +121,8 @@ class CollectionService 'published_at' => $collection->published_at, ]; Cache::put(self::CACHE_KEY . 'get:' . $id, $res, 86400); + $res['avatar'] = $account['avatar']; + $res['username'] = $account['username']; $res['post_count'] = self::count($id); return $res; } diff --git a/routes/api.php b/routes/api.php index 03bd07b66..6d44f4002 100644 --- a/routes/api.php +++ b/routes/api.php @@ -114,6 +114,10 @@ Route::group(['prefix' => 'api'], function() use($middleware) { Route::get('accounts/{id}', 'CollectionController@getUserCollections')->middleware($middleware); Route::get('items/{id}', 'CollectionController@getItems')->middleware($middleware); Route::get('view/{id}', 'CollectionController@getCollection')->middleware($middleware); + Route::post('add', 'CollectionController@storeId')->middleware($middleware); + Route::post('update/{id}', 'CollectionController@store')->middleware($middleware); + Route::delete('delete/{id}', 'CollectionController@delete')->middleware($middleware); + Route::post('remove', 'CollectionController@deleteId')->middleware($middleware); }); Route::group(['prefix' => 'direct'], function () use($middleware) {