Add authorization check on show and edit page

8 years ago · eb5e4684da
5 changed files with 20 additions and 4 deletions
--- a/src/stubs/controller.full.stub
+++ b/src/stubs/controller.full.stub
@ -77,6 +77,8 @@ class MastersController extends Controller
     */
    public function edit(Master $singleMstr)
    {
+        $this->authorize('update', $singleMstr);
+
        return view('masters.edit', compact('singleMstr'));
    }

--- a/src/stubs/view-edit.stub
+++ b/src/stubs/view-edit.stub
@ -45,7 +45,9 @@
            <div class="panel-footer">
                {!! Form::submit(trans('master.update'), ['class' => 'btn btn-success']) !!}
                {{ link_to_route('masters.show', trans('app.cancel'), [$singleMstr], ['class' => 'btn btn-default']) }}
-                {{ link_to_route('masters.edit', trans('app.delete'), [$singleMstr, 'action' => 'delete'], ['class' => 'btn btn-danger pull-right', 'id' => 'del-master-'.$singleMstr->id]) }}
+                @can('delete', $singleMstr)
+                    {{ link_to_route('masters.edit', trans('app.delete'), [$singleMstr, 'action' => 'delete'], ['class' => 'btn btn-danger pull-right', 'id' => 'del-master-'.$singleMstr->id]) }}
+                @endcan
            </div>
            {!! Form::close() !!}
        </div>
--- a/src/stubs/view-show.stub
+++ b/src/stubs/view-show.stub
@ -20,7 +20,9 @@
                </tbody>
            </table>
            <div class="panel-footer">
-                {{ link_to_route('masters.edit', trans('master.edit'), [$singleMstr], ['class' => 'btn btn-warning', 'id' => 'edit-master-'.$singleMstr->id]) }}
+                @can('update', $singleMstr)
+                    {{ link_to_route('masters.edit', trans('master.edit'), [$singleMstr], ['class' => 'btn btn-warning', 'id' => 'edit-master-'.$singleMstr->id]) }}
+                @endcan
                {{ link_to_route('masters.index', trans('master.back_to_index'), [], ['class' => 'btn btn-default']) }}
            </div>
        </div>
--- a/tests/Generators/FullControllerGeneratorTest.php
+++ b/tests/Generators/FullControllerGeneratorTest.php
@ -91,6 +91,8 @@ class {$this->plural_model_name}Controller extends Controller
     */
    public function edit({$this->model_name} \${$this->single_model_var_name})
    {
+        \$this->authorize('update', \${$this->single_model_var_name});
+
        return view('{$this->table_name}.edit', compact('{$this->single_model_var_name}'));
    }

@ -227,6 +229,8 @@ class CategoriesController extends Controller
     */
    public function edit(Category \$category)
    {
+        \$this->authorize('update', \$category);
+
        return view('categories.edit', compact('category'));
    }

@ -364,6 +368,8 @@ class CategoriesController extends Controller
     */
    public function edit(Category \$category)
    {
+        \$this->authorize('update', \$category);
+
        return view('categories.edit', compact('category'));
    }

--- a/tests/Generators/ViewsGeneratorTest.php
+++ b/tests/Generators/ViewsGeneratorTest.php
@ -105,7 +105,9 @@ class ViewsGeneratorTest extends TestCase
                </tbody>
            </table>
            <div class=\"panel-footer\">
-                {{ link_to_route('{$this->table_name}.edit', trans('{$this->lang_name}.edit'), [\${$this->single_model_var_name}], ['class' => 'btn btn-warning', 'id' => 'edit-{$this->lang_name}-'.\${$this->single_model_var_name}->id]) }}
+                @can('update', \${$this->single_model_var_name})
+                    {{ link_to_route('{$this->table_name}.edit', trans('{$this->lang_name}.edit'), [\${$this->single_model_var_name}], ['class' => 'btn btn-warning', 'id' => 'edit-{$this->lang_name}-'.\${$this->single_model_var_name}->id]) }}
+                @endcan
                {{ link_to_route('{$this->table_name}.index', trans('{$this->lang_name}.back_to_index'), [], ['class' => 'btn btn-default']) }}
            </div>
        </div>
@ -204,7 +206,9 @@ class ViewsGeneratorTest extends TestCase
            <div class=\"panel-footer\">
                {!! Form::submit(trans('{$this->lang_name}.update'), ['class' => 'btn btn-success']) !!}
                {{ link_to_route('{$this->table_name}.show', trans('app.cancel'), [\${$this->single_model_var_name}], ['class' => 'btn btn-default']) }}
-                {{ link_to_route('{$this->table_name}.edit', trans('app.delete'), [\${$this->single_model_var_name}, 'action' => 'delete'], ['class' => 'btn btn-danger pull-right', 'id' => 'del-{$this->lang_name}-'.\${$this->single_model_var_name}->id]) }}
+                @can('delete', \${$this->single_model_var_name})
+                    {{ link_to_route('{$this->table_name}.edit', trans('app.delete'), [\${$this->single_model_var_name}, 'action' => 'delete'], ['class' => 'btn btn-danger pull-right', 'id' => 'del-{$this->lang_name}-'.\${$this->single_model_var_name}->id]) }}
+                @endcan
            </div>
            {!! Form::close() !!}
        </div>