75 lines
1.9 KiB
PHP
75 lines
1.9 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Requests\Manage;
|
|
|
|
use Illuminate\Foundation\Http\FormRequest;
|
|
use Illuminate\Support\Facades\DB;
|
|
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
|
|
|
final class ManageArtworkUpdateRequest extends FormRequest
|
|
{
|
|
private ?object $artwork = null;
|
|
|
|
public function authorize(): bool
|
|
{
|
|
$user = $this->user();
|
|
if (! $user) {
|
|
$this->logUnauthorized('missing_user');
|
|
$this->denyAsNotFound();
|
|
}
|
|
|
|
$id = (int) $this->route('id');
|
|
if ($id <= 0) {
|
|
$this->logUnauthorized('missing_artwork_id');
|
|
$this->denyAsNotFound();
|
|
}
|
|
|
|
$artwork = DB::table('artworks')->where('id', $id)->first();
|
|
if (! $artwork || (int) $artwork->user_id !== (int) $user->id) {
|
|
$this->logUnauthorized('artwork_not_owned_or_missing');
|
|
$this->denyAsNotFound();
|
|
}
|
|
|
|
$this->artwork = $artwork;
|
|
|
|
return true;
|
|
}
|
|
|
|
public function rules(): array
|
|
{
|
|
return [
|
|
'name' => 'required|string|max:255',
|
|
'section' => 'nullable|integer',
|
|
'description' => 'nullable|string',
|
|
'artwork' => 'nullable|file|image',
|
|
'attachment' => 'nullable|file',
|
|
];
|
|
}
|
|
|
|
public function artwork(): object
|
|
{
|
|
if (! $this->artwork) {
|
|
$this->denyAsNotFound();
|
|
}
|
|
|
|
return $this->artwork;
|
|
}
|
|
|
|
private function denyAsNotFound(): void
|
|
{
|
|
throw new NotFoundHttpException();
|
|
}
|
|
|
|
private function logUnauthorized(string $reason): void
|
|
{
|
|
logger()->warning('Manage artwork update unauthorized access', [
|
|
'reason' => $reason,
|
|
'artwork_id' => $this->route('id'),
|
|
'user_id' => $this->user()?->id,
|
|
'ip' => $this->ip(),
|
|
]);
|
|
}
|
|
}
|