I am trying to implement an Authorization Gate on the comments list on posts. I think I've managed to get it right because it works.
If the user is the owner of the comment, or is a moderator in the subreddit the comment is posted in, then he may edit it. If not, he won't be able to see the edit link (I'm using inline editing with X-Editable)
All works well until I submit a new comment, than I get the following error. But the comment get submitted to the database because I can see it on refresh.
Undefined variable: isModerator on comment_list.blade.php
It's obvious that I need to pass isModerator variable to the view, so I did
$isModerator = $post->subreddit->moderators->where('user_id', Auth::id())->exists();
This throws this error on page load, the entire post page crashes
Call to undefined method Illuminate\Database\Eloquent\Collection::exists()
CommentController::view_data() in PostsController.php line 90
This is my Gate Authorization. Please note that update-post and update-sub work without a glitch.
public function boot(GateContract $gate)
{
parent::registerPolicies($gate);
$gate->define('update-comment', function($user, $comment, $isModerator) {
if($user->id === $comment->user_id) {
return true;
}
if ($isModerator) {
return true;
}
});
$gate->define('update-post', function ($user, $post, $isModerator) {
if ($user->id === $post->subreddit->user->id) {
return true;
}
if ($user->id === $post->user_id) {
return true;
}
if ($isModerator) {
return true;
}
return false;
});
$gate->define('update-sub', function($user, $subreddit) {
if($user->id === $subreddit->user->id) {
return true;
}
return false;
});
}
The view_data() method in CommentController
public static function view_data(Request $request, Post $post) {
$instance = new Self;
$per_page = session('per_page')?session('per_page'):config('constants.per_page');
$post = Post::with('user.votes')->with('subreddit.moderators')->with('comments')->where('id', $post->id)->first();
$comment = $post->comments;
$user = User::where('id', '=', Auth::id())->get();
$isModerator = $post->subreddit->moderators->where('user_id', Auth::id())->exists();
$result['per_page'] = $per_page;
$result['comments'] = $instance->comment_list($per_page, $request, $post, $comment, $user, $isModerator);
$result['total_comments'] = $instance->total_comments($post);
return $result;
}
The edit portion of the view looks like this
@can('update-comment', [$each_comment, $isModerator])
<p>
<a href="#" class="testedit" data-pk="{{ $each_comment->id }}" data-url="{{ url($each_comment->post_id . '/comment/update') }}">
{!! $each_comment->comment !!}
</a>
</p>
@else
<p>
{!! $each_comment->comment !!}
</p>
@endcan
And this is show() method in PostsController
public function show(Post $post, User $user, Request $request, Comment $comment)
{
$post = Post::with('user.votes')->with('subreddit.moderators')->findOrFail($post->id);
$ids = $post->subreddit;
$isModerator = $ids->moderators()->where('user_id', Auth::id())->exists(); // this is line 90
$modList = Moderator::where('subreddit_id', '=', $post->subreddit->id)->get();
$view_data = CommentController::view_data($request, $post, $comment, $isModerator);
return view('post/show', $view_data)->with('post', $post)
->with('modList', $modList)
->with('isModerator', $isModerator);
}
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire