/** * Determine if the user is authorized to update a given post * * a post can be edited at any time by * - topic moderator * - bbs administrator * - the creator of the post within X seconds if that post is the most recent in the topic * * @return bool */ public function authorize() { $return = false; // specify which form we are dealing with to separate // the errors in the form // @todo: this seems like a dumb method $this->session()->flash('postForm', $this::input('id')); if (!\Auth::check()) { $return = false; } $post = \Nexus\Post::findOrFail($this::input('id')); // is this the most recent post in this topic, is it by the logged in user and is it recent $latestPost = $post->topic->posts->last(); if ($post['id'] == $latestPost['id'] && $post->author->id == \Auth::user()->id && $post->time->diffInSeconds() <= config('nexus.recent_edit')) { $return = true; } // is the auth user a moderator of the current section if ($post->topic->section->moderator->id == \Auth::id()) { $return = true; } // is the auth user an administrator of the bbs if (\Auth::user()->administrator) { $return = true; } return $return; }
/** * Determine if the user is authorized to make this request. * * true if * user is the moderator of the topic * user is an administrator * * @todo * user is the author * post time is within XX sections * * @return bool */ public function authorize() { $return = false; $post = \Nexus\Post::findOrFail($this->post); try { if ($post->topic->section->moderator->id == \Auth::id()) { $return = true; } } catch (\Exception $e) { $return = false; \Log::error('Post Delete - attempt to delete post by non-moderator ' . $e); } // is the auth user an administrator of the bbs if (\Auth::user()->administrator) { $return = true; } return $return; }
/** * Remove the specified resource from storage. * * @param int $id * @return Response */ public function destroy(Requests\Post\DeleteRequest $request, $id) { // using forceDelete here because in this case we do not want a soft delete $post = \Nexus\Post::findOrFail($id); $topicID = $post->topic_id; $post->forceDelete(); return redirect()->route('topic.show', ['id' => $post->topic_id]); }