Skip to content

Commit

Permalink
Merge pull request #4 from duckzland/master
Browse files Browse the repository at this point in the history
Add authorization based on resourceId
  • Loading branch information
daniel-de-wit authored Oct 12, 2020
2 parents 45ecd0b + 5c0ddd4 commit 50875af
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions src/Traits/SupportSingleRecordNavigationLinks.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,14 @@

namespace DanielDeWit\NovaSingleRecordResource\Traits;

use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Http\Request;
use Laravel\Nova\Authorizable;

trait SupportSingleRecordNavigationLinks
{
use Authorizable;

public static function singleRecord(): bool
{
return false;
Expand All @@ -16,4 +22,21 @@ public static function singleRecordId()
{
return 1;
}

/**
* Overridding Authorizable to prevent user from viewing the wrong database row
*
* @param \Illuminate\Http\Request $request
* @param string $ability
* @return void
*
* @throws \Illuminate\Auth\Access\AuthorizationException
*/
public function authorizeTo(Request $request, $ability)
{
if (static::singleRecord()) {
throw_unless(((int) $request->route('resourceId') === (int) static::singleRecordId()), AuthorizationException::class);
}
parent::authorizeTo($request, $ability);
}
}

0 comments on commit 50875af

Please sign in to comment.