cyberfly
7/2/2017 - 6:17 AM
Form Request trait for route validation and role permission
Form Request trait for route validation and role permission
<?php
namespace App\Http\Requests;
use App\Traits\CheckRequestPermission;
use App\Traits\RouteValidation;
use Dingo\Api\Http\FormRequest;
class StoreMeetingCaseApprovalRequest extends FormRequest
{
use RouteValidation;
use CheckRequestPermission;
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
//check role
$current_user = $this->getCurrentUser();
$user_role_code = $current_user->role_code;
$role_code = 'approval_committee';
$check_role_permission = $this->checkRolePermission($role_code, $user_role_code);
if (!$check_role_permission) {
return false;
}
//check is chairman / chairperson
$meeting_id = $this->meeting_id;
$approval_committee_id = $current_user->user_id;
$is_chairperson = $this->checkIsChairperson($meeting_id, $approval_committee_id);
if (!$is_chairperson) {
return false;
}
//check if approval cannot be edited anymore
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
return [
'meeting_case_id' => 'required|integer|exists:meeting_case,id|unique:meeting_case_approval,meeting_case_id',
'approval_committee_id' => 'required|integer|exists:user,id',
'status_id' => 'required|integer|exists:status,id'
];
}
public function messages()
{
return [
'meeting_case_id.unique' => 'Approval for this Meeting Case already exist',
];
}
}
<?php namespace App\Traits;
trait RouteValidation {
/**
* Add route parameters to form request class to be validated
* This trait cannot be used with Model Route Binding & Mass Assigned together as it will create unknow column on database insert
* @return array
*/
public function all()
{
return array_replace_recursive(
parent::all(),
$this->route()->parameters()
);
}
}
<?php namespace App\Traits;
use App\MeetingApprovalCommittee;
use App\Role;
trait CheckRequestPermission {
/**
* Check role permission to form request class to be validated
*
* @return boolean
*/
public function checkRolePermission($permission_role_code, $user_role_code)
{
if ($user_role_code != $permission_role_code) {
return false;
}
return true;
}
public function checkIsChairperson($meeting_id, $user_id)
{
$meeting_approval_committee = MeetingApprovalCommittee::whereMeetingId($meeting_id)->whereApprovalCommitteeId($user_id)->whereIsChairperson(1)->first();
if (!$meeting_approval_committee) {
return false;
}
return true;
}
public function getCurrentUser()
{
$current_user = auth()->user();
$user_role_id = $current_user->role_id;
$role = Role::find($user_role_id);
$user_role_code = $role->slug;
$user_role = [
'user_id'=>$current_user->id,
'role_id'=>$user_role_id,
'role_code'=>$user_role_code
];
$user_role = (object)$user_role;
return $user_role;
}
}