/** * Determine if the user is authorized to make this request. * * For the Current Section * user must be the moderator * * For Subsections all these must be true! * [1] a subsection can be edited by the moderator of its parent section * [2] a subsection cannot be moved into a decedent section * [3] a subsection can only be moved into a section the parent section moderator moderates * * @return bool */ public function authorize() { $return = false; $formName = key($this::input('form')); $formValues = $this::input('form')[$formName]; // dd($formValues, $formName); $this->session()->flash('form', $formName); if (!\Auth::check()) { $return = false; } // if $formValues['parent_id'] is null then we are editing the main menu $section = \Nexus\Section::findOrFail($formValues['id']); // are we editing the current section OR a sub section if ($formValues['id'] === $formValues['current_section']) { // current section if ($section->moderator->id == \Auth::user()->id) { $return = true; } else { $return = false; } } else { // sub section $destination = \Nexus\Section::findOrFail($formValues['parent_id']); // [1] a subsection can be edited by the moderator of its parent section if ($section->parent->moderator->id == \Auth::user()->id) { $updated_by_parent_moderator = true; } else { $updated_by_parent_moderator = false; } // [2] a subsection cannot be moved into a decedent section $decedents = \Nexus\Helpers\SectionHelper::allChildSections($section); if ($decedents->where('id', $destination->id)->count() > 0) { $destination_not_child = false; } else { $destination_not_child = true; } // [3] a subsection can only be moved into a section the moderator moderates if ($destination->moderator->id == \Auth::user()->id) { $destination_moderated_by_editor = true; } else { $destination_moderated_by_editor = false; } // if all conditions are matched then this is allowed if ($updated_by_parent_moderator && $destination_not_child && $destination_moderated_by_editor) { $return = true; } else { $return = false; } } return $return; }
<div class="row"> @foreach ($section->sections as $subSection) <?php $subSectionCount++; ?> {{-- the moderator of the parent can edit the sub sections here --}} @if (Auth::user()->id === $section->user_id ) <?php /* this section could be moved to anywhere owned by the moderator minus itself and it's subsections @todo this feels like too much logic happening in the view */ $allChildSections = \Nexus\Helpers\SectionHelper::allChildSections($subSection); $allChildSections->push($subSection); $destinations = \Auth::user()->sections->diff($allChildSections); ?> @include('sections._subsection_moderator', compact('subSection','destinations')) <?php $tabGroups[] = 'section' . $subSection->id; ?> @else @include('sections._subsection_view', $subSection) @endif {{-- force row to clear every 3 sections --}} @if($subSectionCount % 3 === 0)