/** * Store a newly created resource in storage. * * @param Request $request * @param URI int $fact_id * @return Response */ public function store(Request $request, $user_id = null, $fact_id = null) { if (!$request->input('tag_name')) { return $this->respondUnprocessed(); } $fact = Fact::find($fact_id); if ($user_id) { $authUser = Auth::ID(); if ($authUser != $user_id) { return $this->respondForbidden("Unauthorized: Must be logged to access endpoint"); } if ($fact->user_id != $user_id) { return $this->respondForbidden("Unauthorized: Verify you still have access to resource"); } } if (!$fact) { return $this->respondNotFound("Fact Not found"); } else { $tag_name = $request->input('tag_name'); $tag = Tag::firstOrCreate(['tag_name' => $tag_name]); if ($tag) { TaggedFact::create(['fact_id' => $fact_id, 'tag_id' => $tag->id]); $metadata = ['tag_id' => $tag->id]; return $this->respondCreated("Request Successful", $metadata); } else { return $this->respondUnprocessed("Unable to tag the fact"); } } }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @param int $uri_user_id * @return mixed */ public function handle($request, Closure $next) { // User_id URI segment $user_id = $request->user_id; if ('testing' === app()->env) { $user_id = 1; } $authUser = Auth::ID(); if ($user_id != $authUser) { $data = ['error' => ['message' => 'Not authorized to access this resource', 'code' => 403]]; return Response()->json($data, 403); } else { return $next($request); } }