-
app/Policies/PlaylistPolicy.php
Open in GitHubuse App\Models\Playlist; use App\Models\User; class PlaylistPolicy { public function owner(User $user, Playlist $playlist): bool { return $user->id === $playlist->user_id; } } -
app/Providers/AuthServiceProvider.php
Open in GitHubuse Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; class AuthServiceProvider extends ServiceProvider { protected $policies = [ Playlist::class => PlaylistPolicy::class, // ]; // } -
app/Http/Controllers/API/PlaylistController.php
Open in GitHubuse App\Models\Playlist; use Illuminate\Http\Request; use App\Http\Requests\API\PlaylistSyncRequest; class PlaylistController extends Controller { public function update(Request $request, Playlist $playlist) { $this->authorize('owner', $playlist); $playlist->update($request->only('name', 'rules')); return response()->json($playlist); } public function sync(PlaylistSyncRequest $request, Playlist $playlist) { $this->authorize('owner', $playlist); abort_if($playlist->is_smart, 403, 'A smart playlist\'s content cannot be updated manually.'); $playlist->songs()->sync((array) $request->songs); return response()->json(); } public function getSongs(Playlist $playlist) { $this->authorize('owner', $playlist); return response()->json( $playlist->is_smart ? $this->smartPlaylistService->getSongs($playlist)->pluck('id') : $playlist->songs->pluck('id') ); } public function destroy(Playlist $playlist) { $this->authorize('owner', $playlist); $playlist->delete(); return response()->json(); } }