Upload beautify
This commit is contained in:
@@ -2,13 +2,36 @@
|
||||
|
||||
namespace App\Http\Requests\Dashboard;
|
||||
|
||||
use App\Models\Artwork;
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
|
||||
class UpdateArtworkRequest extends FormRequest
|
||||
{
|
||||
private ?Artwork $artwork = null;
|
||||
|
||||
public function authorize(): bool
|
||||
{
|
||||
// Authorization is enforced in the controller via ArtworkPolicy.
|
||||
$user = $this->user();
|
||||
if (! $user) {
|
||||
$this->logUnauthorized('missing_user');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$id = (int) $this->route('id');
|
||||
if ($id <= 0) {
|
||||
$this->logUnauthorized('missing_artwork_id');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$artwork = Artwork::query()->whereKey($id)->first();
|
||||
if (! $artwork || (int) $artwork->user_id !== (int) $user->id) {
|
||||
$this->logUnauthorized('artwork_not_owned_or_missing');
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
$this->artwork = $artwork;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -21,4 +44,28 @@ class UpdateArtworkRequest extends FormRequest
|
||||
'file' => 'nullable|image|max:102400',
|
||||
];
|
||||
}
|
||||
|
||||
public function artwork(): Artwork
|
||||
{
|
||||
if (! $this->artwork) {
|
||||
$this->denyAsNotFound();
|
||||
}
|
||||
|
||||
return $this->artwork;
|
||||
}
|
||||
|
||||
private function denyAsNotFound(): void
|
||||
{
|
||||
throw new NotFoundHttpException();
|
||||
}
|
||||
|
||||
private function logUnauthorized(string $reason): void
|
||||
{
|
||||
logger()->warning('Dashboard artwork update unauthorized access', [
|
||||
'reason' => $reason,
|
||||
'artwork_id' => $this->route('id'),
|
||||
'user_id' => $this->user()?->id,
|
||||
'ip' => $this->ip(),
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user