From b595af89e79c5e5741977d6749012d99721b6928 Mon Sep 17 00:00:00 2001
From: JakubKermes <jakubker22@gmail.com>
Date: Sat, 23 Mar 2024 12:22:10 +0100
Subject: [PATCH] Change policy logic

---
 .../Controllers/CityOpinionController.php     | 23 ++++++-------------
 routes/web.php                                |  6 +++--
 2 files changed, 11 insertions(+), 18 deletions(-)

diff --git a/app/Http/Controllers/CityOpinionController.php b/app/Http/Controllers/CityOpinionController.php
index c28621ff..8ca3f15d 100644
--- a/app/Http/Controllers/CityOpinionController.php
+++ b/app/Http/Controllers/CityOpinionController.php
@@ -6,34 +6,25 @@
 
 use App\Http\Requests\CityOpinionRequest;
 use App\Models\CityOpinion;
-use Illuminate\Support\Facades\Auth;
-use Illuminate\Support\Facades\Gate;
 
 class CityOpinionController extends Controller
 {
     public function store(CityOpinionRequest $request): void
     {
-        $opinion = $request->validated();
-        $opinion["user_id"] = Auth::id();
-
-        CityOpinion::query()->create($opinion);
+        $request->user()
+            ->cityOpinions()
+            ->create($request->validated());
     }
 
     public function update(CityOpinionRequest $request, CityOpinion $cityOpinion): void
     {
-        $opinion = $request->validated();
-
-        if (Gate::allows("update", $cityOpinion)) {
-            $cityOpinion->update($opinion);
-        } else {
-            abort(403);
-        }
+        $request->user()
+            ->cityOpinions()
+            ->update($request->validated());
     }
 
     public function destroy(CityOpinion $cityOpinion): void
     {
-        if (Gate::allows("delete", $cityOpinion)) {
-            $cityOpinion->delete();
-        }
+        $cityOpinion->delete();
     }
 }
diff --git a/routes/web.php b/routes/web.php
index 6bce18a6..b95543b4 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -32,8 +32,10 @@
     Route::get("/favorite-cities", [FavoritesController::class, "index"]);
 
     Route::post("/opinions", [CityOpinionController::class, "store"]);
-    Route::patch("/opinions/{cityOpinion}", [CityOpinionController::class, "update"]);
-    Route::delete("/opinions/{cityOpinion}", [CityOpinionController::class, "destroy"]);
+    Route::middleware("can:update,cityOpinion")->group(function (): void {
+        Route::patch("/opinions/{cityOpinion}", [CityOpinionController::class, "update"]);
+        Route::delete("/opinions/{cityOpinion}", [CityOpinionController::class, "destroy"]);
+    });
 
     Route::middleware(["role:admin"])->group(function (): void {
         Route::get("/admin/importers", [ImportInfoController::class, "index"]);