scope text endpoints by ownership
TextRepository gains findByUser; JsonTextRepository and the fake implement filtering by stored userId. TextController splits the list endpoint into getMyTexts (own) and getAllTexts (admin), and getText now requires the session user, returning 403 to non-owners while admins bypass.
This commit is contained in:
parent
ea6d65a77d
commit
acdf703d80
GPG key ID:
0FA60884F75520A9
4 changed files with 107 additions and 3 deletions
|
|
@ -5,6 +5,7 @@ namespace App\Text;
|
|||
use App\Text\Text;
|
||||
use App\Text\CreateTextDto;
|
||||
use App\Text\TextRepository;
|
||||
use App\User\User;
|
||||
use App\User\UserRepository;
|
||||
use DomainException;
|
||||
|
||||
|
|
@ -67,6 +68,28 @@ class JsonTextRepository implements TextRepository
|
|||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Text[]
|
||||
*/
|
||||
public function findByUser(User $user): array
|
||||
{
|
||||
$texts = $this->readTexts();
|
||||
$userId = $user->getId();
|
||||
$owned = array_filter(
|
||||
$texts,
|
||||
function (array $data) use ($userId) {
|
||||
return $data['userId'] === $userId;
|
||||
}
|
||||
);
|
||||
|
||||
return array_map(
|
||||
function (array $data) {
|
||||
return $this->hydrate($data);
|
||||
},
|
||||
array_values($owned)
|
||||
);
|
||||
}
|
||||
|
||||
private function hydrate(array $data): Text
|
||||
{
|
||||
$user = $this->userRepo->find($data['userId']);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue