scope text endpoints by ownership
TextRepository gains findByUser; JsonTextRepository and the fake implement filtering by stored userId. TextController splits the list endpoint into getMyTexts (own) and getAllTexts (admin), and getText now requires the session user, returning 403 to non-owners while admins bypass.
This commit is contained in:
parent
ea6d65a77d
commit
acdf703d80
GPG key ID:
0FA60884F75520A9
4 changed files with 107 additions and 3 deletions
|
|
@ -5,6 +5,7 @@ namespace Tests\Fakes;
|
|||
use App\Text\CreateTextDto;
|
||||
use App\Text\Text;
|
||||
use App\Text\TextRepository;
|
||||
use App\User\User;
|
||||
|
||||
class FakeTextRepository implements TextRepository
|
||||
{
|
||||
|
|
@ -61,4 +62,29 @@ class FakeTextRepository implements TextRepository
|
|||
array_values($this->existingTexts)
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Text[]
|
||||
*/
|
||||
public function findByUser(User $user): array
|
||||
{
|
||||
$userId = $user->getId();
|
||||
$owned = array_filter(
|
||||
$this->existingTexts,
|
||||
function (Text $text) use ($userId) {
|
||||
return $text->getUser()->getId() === $userId;
|
||||
}
|
||||
);
|
||||
|
||||
return array_map(
|
||||
function (Text $text) {
|
||||
return new Text(
|
||||
id: $text->getId(),
|
||||
name: $text->getName(),
|
||||
user: $text->getUser(),
|
||||
);
|
||||
},
|
||||
array_values($owned)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue