✨ automatic gating

Author: GautierDele

README.md

@@ -9,7 +9,7 @@ Laravel Rest Api is an elegant way to expose your app through an API, it takes f
 PHP 7.3+ and Laravel 8.0+
 
 # BETA
-Please note that this package is under beta and is not recommended to use for production environment for now. End of beta should be by the end of 2023.
+Please note that this package is under beta and is not recommended to use for production environment for now. End of beta should be by October 2023.
 
 ## Documentation, Installation, and Usage Instructions
 
@@ -91,6 +91,6 @@ TODO
 
 - Custom directives (Filters / sorting)
 - Actions / Metrics
-- Automatic Gates (with config customisation)
 - Automatic documentation with extension possible
-- Add the possibility to disable authorization
+- Add the possibility to disable authorization
+- Refactor the response class

config/rest.php

@@ -0,0 +1,28 @@
+<?php
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | Rest Automatic Gates
+    |--------------------------------------------------------------------------
+    |
+    | The following configuration option contains gates customisation. You might
+    | want to adapt this feature to your needs.
+    |
+    */
+
+    'automatic_gates' => [
+        'enabled' => true,
+        'key' => 'gates',
+        // Here you can customize the keys for each gate
+        'names' => [
+            'authorized_to_view' => 'authorized_to_view',
+            'authorized_to_create' => 'authorized_to_create',
+            'authorized_to_update' => 'authorized_to_update',
+            'authorized_to_delete' => 'authorized_to_delete',
+            'authorized_to_restore' => 'authorized_to_restore',
+            'authorized_to_force_delete' => 'authorized_to_force_delete',
+        ]
+    ],
+];

src/Concerns/Resource/DisableAutomaticGates.php

@@ -0,0 +1,10 @@
+<?php
+
+namespace Lomkit\Rest\Concerns\Resource;
+
+trait DisableAutomaticGates
+{
+    public function isAutomaticGatingEnabled() : bool {
+        return false;
+    }
+}

src/Http/Resource.php

@@ -65,4 +65,8 @@ public function defaultOrderBy(RestRequest $request) {
             'id' => 'desc'
         ];
     }
+
+    public function isAutomaticGatingEnabled() : bool {
+        return config('rest.automatic_gates.enabled');
+    }
 }

src/Http/Response.php

@@ -5,8 +5,10 @@
 use Illuminate\Contracts\Support\Responsable;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\Pivot;
+use Illuminate\Http\Resources\Json\PaginatedResourceResponse;
 use Illuminate\Pagination\LengthAwarePaginator;
 use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Str;
 use Lomkit\Rest\Http\Requests\RestRequest;
 use Lomkit\Rest\Relations\Relation;
@@ -28,6 +30,16 @@ public function resource(Resource $resource) {
         });
     }
 
+    protected function buildGatesForModel(Model $model) {
+        return [
+            config('rest.automatic_gates.names.authorized_to_view') => Gate::allows('view', $model),
+            config('rest.automatic_gates.names.authorized_to_update') => Gate::allows('update', $model),
+            config('rest.automatic_gates.names.authorized_to_delete') => Gate::allows('delete', $model),
+            config('rest.automatic_gates.names.authorized_to_restore') => Gate::allows('restore', $model),
+            config('rest.automatic_gates.names.authorized_to_force_delete') => Gate::allows('forceDelete', $model),
+        ];
+    }
+
     public function modelToResponse(Model $model, Resource $resource, array $requestArray, Relation $relation = null) {
         return array_merge(
             // toArray to take advantage of Laravel's logic
@@ -45,6 +57,12 @@ public function modelToResponse(Model $model, Resource $resource, array $request
                             ->toArray()
                     )
                 )
+                ->when($resource->isAutomaticGatingEnabled(), function ($attributes) use ($model) {
+                    return $attributes->put(
+                        config('rest.automatic_gates.key'),
+                        $this->buildGatesForModel($model)
+                    );
+                })
                 ->toArray(),
             collect($model->getRelations())
                 ->mapWithKeys(function ($modelRelation, $relationName) use ($requestArray, $relation, $resource) {
@@ -94,19 +112,38 @@ public function modelToResponse(Model $model, Resource $resource, array $request
 
     public function toResponse($request) {
         if ($this->responsable instanceof LengthAwarePaginator) {
-            return $this->responsable->through(function ($model) use ($request) {
+            $restLengthAwarePaginator = new \Lomkit\Rest\Pagination\LengthAwarePaginator(
+                $this->responsable->items(),
+                $this->responsable->total(),
+                $this->responsable->perPage(),
+                $this->responsable->currentPage(),
+                $this->responsable->getOptions(),
+                $this->resource->isAutomaticGatingEnabled() ? [
+                    config('rest.automatic_gates.key') => [
+                        config('rest.automatic_gates.names.authorized_to_create') => Gate::allows('create', $this->responsable->first()::class),
+                    ]
+                ] : []
+            );
+
+            $restLengthAwarePaginator->through(function ($model) use ($request) {
                 return $this->map($model, $this->modelToResponse($model, $this->resource, $request->input()));
             });
+
+            return $restLengthAwarePaginator;
+
         } elseif ($this->responsable instanceof Collection) {
-            return [
-                'data' => $this->responsable->map(function ($model) use ($request) {
-                    return $this->map($model, $this->modelToResponse($model, $this->resource, $request->input()));
-                })
-            ];
+            $data = $this->responsable->map(function ($model) use ($request) {
+                return $this->map($model, $this->modelToResponse($model, $this->resource, $request->input()));
+            });
         }
 
         return [
-            'data' => $this->map($this->responsable, $this->modelToResponse($this->responsable, $this->resource, $request->input()))
+            'data' => $data ?? $this->map($this->responsable, $this->modelToResponse($this->responsable, $this->resource, $request->input())),
+            'meta' => [
+                config('rest.automatic_gates.key') => [
+                    config('rest.automatic_gates.names.authorized_to_create') => Gate::allows('create', $this->responsable->first()::class),
+                ]
+            ]
         ];
     }
 
@@ -121,4 +158,7 @@ public function toResponse($request) {
     protected function map(\Illuminate\Database\Eloquent\Model $model, array $responseModel) : array {
         return $responseModel;
     }
+
+    // @TODO: this class needs a refactor because it has grown a lot since the beginning also with the "lengthAwarePaginator"
+    // @TODO: recursive response for those gates ?
 }

src/Pagination/LengthAwarePaginator.php

@@ -0,0 +1,62 @@
+<?php
+
+namespace Lomkit\Rest\Pagination;
+
+use Illuminate\Support\Collection;
+use \Illuminate\Pagination\LengthAwarePaginator as BaseLengthAwarePaginator;
+
+class LengthAwarePaginator extends BaseLengthAwarePaginator
+{
+    /**
+     * The meta returned by the api.
+     *
+     * @var array
+     */
+    protected array $meta;
+
+    /**
+     * Create a new paginator instance.
+     *
+     * @param  mixed  $items
+     * @param  int  $total
+     * @param  int  $perPage
+     * @param  int|null  $currentPage
+     * @param  array  $options  (path, query, fragment, pageName)
+     * @return void
+     */
+    public function __construct($items, $total, $perPage, $currentPage = null, array $options = [], $meta = [])
+    {
+        parent::__construct($items, $total, $perPage, $currentPage, $options);
+
+        $this->meta = $meta;
+    }
+
+    /**
+     * Get the meta of items being paginated.
+     *
+     * @return array
+     */
+    public function meta()
+    {
+        return $this->meta;
+    }
+
+    /**
+     * Get the instance as an array.
+     *
+     * @return array
+     */
+    public function toArray()
+    {
+        return [
+            'current_page' => $this->currentPage(),
+            'data' => $this->items->toArray(),
+            'from' => $this->firstItem(),
+            'last_page' => $this->lastPage(),
+            'per_page' => $this->perPage(),
+            'to' => $this->lastItem(),
+            'total' => $this->total(),
+            'meta' => $this->meta()
+        ];
+    }
+}

src/RestServiceProvider.php

@@ -21,6 +21,10 @@ class RestServiceProvider extends ServiceProvider{
      */
     public function register()
     {
+        $this->mergeConfigFrom(
+            __DIR__.'/../config/rest.php', 'rest'
+        );
+
         $this->registerServices();
     }
 
@@ -32,6 +36,7 @@ public function register()
     public function boot()
     {
         $this->registerCommands();
+        $this->registerPublishing();
     }
 
     /**
@@ -53,6 +58,20 @@ protected function registerCommands()
         }
     }
 
+    /**
+     * Register the package's publishable resources.
+     *
+     * @return void
+     */
+    private function registerPublishing()
+    {
+        if ($this->app->runningInConsole()) {
+            $this->publishes([
+                __DIR__.'/../config/rest.php' => config_path('rest.php'),
+            ], 'rest-config');
+        }
+    }
+
     /**
      * Register Rest's services in the container.
      *