Define authorization system

.env.bak.vessel

@@ -11,7 +11,7 @@ DB_HOST=pgsql
 DB_PORT=5432
 DB_DATABASE=eve_commander
 SDE_DATABASE=eve_sde
-DB_USERNAME=homestead
+DB_USERNAME=postgres
 DB_PASSWORD=secret
 
 BROADCAST_DRIVER=redis

app/Alliance.php

@@ -27,17 +27,17 @@
  * @property MembershipLevel defaultMembershipLevel
  * @property \Illuminate\Database\Eloquent\Collection membershipLevels
  * @property \Illuminate\Database\Eloquent\Collection memberships
- * @property \Illuminate\Database\Eloquent\Collection claims
+ * @property \Illuminate\Database\Eloquent\Collection replacementClaims
  * @property \Illuminate\Database\Eloquent\Collection invoices
  * @property \Illuminate\Database\Eloquent\Collection fulfilledInvoices
  * @property \Illuminate\Database\Eloquent\Collection overdueInvoices
  * @property \Illuminate\Database\Eloquent\Collection pendingInvoices
  * @property \Illuminate\Database\Eloquent\Collection defaultInvoices
- * @property \Illuminate\Database\Eloquent\Collection issuedInvoices
- * @property \Illuminate\Database\Eloquent\Collection fulfilledIssuedInvoices
- * @property \Illuminate\Database\Eloquent\Collection overdueIssuedInvoices
- * @property \Illuminate\Database\Eloquent\Collection pendingIssuedInvoices
- * @property \Illuminate\Database\Eloquent\Collection defaultIssuedInvoices
+ * @property \Illuminate\Database\Eloquent\Collection receivedInvoices
+ * @property \Illuminate\Database\Eloquent\Collection fulfilledReceivedInvoices
+ * @property \Illuminate\Database\Eloquent\Collection overdueReceivedInvoices
+ * @property \Illuminate\Database\Eloquent\Collection pendingReceivedInvoices
+ * @property \Illuminate\Database\Eloquent\Collection defaultReceivedInvoices
  * @property \Illuminate\Database\Eloquent\Collection notifications
  * @property \Illuminate\Database\Eloquent\Collection readNotifications
  * @property \Illuminate\Database\Eloquent\Collection unreadNotifications

app/Character.php

@@ -2,10 +2,12 @@
 
 namespace App;
 
+use App\Abstracts\Organization;
 use App\Traits\BubblesNotifications;
 use App\Traits\IsMember;
 use App\Traits\ReceivesInvoices;
 use App\Traits\UuidTrait;
+use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Notifications\Notifiable;
 use Illuminate\Support\Carbon;
@@ -93,6 +95,24 @@ public function roles()
         return $this->belongsToMany(Role::class);
     }
 
+    /**
+     * Returns whether the character has a given permission for a given organization.
+     *
+     * @param string       $slug
+     * @param Organization $organization
+     *
+     * @return bool
+     */
+    public function hasPermission(string $slug, Organization $organization)
+    {
+        return $this->roles()
+            ->where('organization_id', '=', $organization->id)
+            ->where('organization_type', '=', get_class($organization))
+            ->whereHas('permissions', function (Builder $query) use ($slug, $organization) {
+                $query->where('slug', '=', $slug);
+            })->exists();
+    }
+
     /**
      * Get relation between this character and any RSVPs that it owns.
      *

app/Coalition.php

@@ -28,17 +28,17 @@
  * @property MembershipLevel defaultMembershipLevel
  * @property \Illuminate\Database\Eloquent\Collection membershipLevels
  * @property \Illuminate\Database\Eloquent\Collection memberships
- * @property \Illuminate\Database\Eloquent\Collection claims
+ * @property \Illuminate\Database\Eloquent\Collection replacementClaims
  * @property \Illuminate\Database\Eloquent\Collection invoices
  * @property \Illuminate\Database\Eloquent\Collection fulfilledInvoices
  * @property \Illuminate\Database\Eloquent\Collection overdueInvoices
  * @property \Illuminate\Database\Eloquent\Collection pendingInvoices
  * @property \Illuminate\Database\Eloquent\Collection defaultInvoices
- * @property \Illuminate\Database\Eloquent\Collection issuedInvoices
- * @property \Illuminate\Database\Eloquent\Collection fulfilledIssuedInvoices
- * @property \Illuminate\Database\Eloquent\Collection overdueIssuedInvoices
- * @property \Illuminate\Database\Eloquent\Collection pendingIssuedInvoices
- * @property \Illuminate\Database\Eloquent\Collection defaultIssuedInvoices
+ * @property \Illuminate\Database\Eloquent\Collection receivedInvoices
+ * @property \Illuminate\Database\Eloquent\Collection fulfilledReceivedInvoices
+ * @property \Illuminate\Database\Eloquent\Collection overdueReceivedInvoices
+ * @property \Illuminate\Database\Eloquent\Collection pendingReceivedInvoices
+ * @property \Illuminate\Database\Eloquent\Collection defaultReceivedInvoices
  * @property \Illuminate\Database\Eloquent\Collection notifications
  * @property \Illuminate\Database\Eloquent\Collection readNotifications
  * @property \Illuminate\Database\Eloquent\Collection unreadNotifications

app/Corporation.php

@@ -24,17 +24,17 @@
  * @property \Illuminate\Database\Eloquent\Collection defaultMembershipLevel
  * @property \Illuminate\Database\Eloquent\Collection membershipLevels
  * @property \Illuminate\Database\Eloquent\Collection memberships
- * @property \Illuminate\Database\Eloquent\Collection claims
+ * @property \Illuminate\Database\Eloquent\Collection replacementClaims
  * @property \Illuminate\Database\Eloquent\Collection invoices
  * @property \Illuminate\Database\Eloquent\Collection fulfilledInvoices
  * @property \Illuminate\Database\Eloquent\Collection overdueInvoices
  * @property \Illuminate\Database\Eloquent\Collection pendingInvoices
  * @property \Illuminate\Database\Eloquent\Collection defaultInvoices
- * @property \Illuminate\Database\Eloquent\Collection issuedInvoices
- * @property \Illuminate\Database\Eloquent\Collection fulfilledIssuedInvoices
- * @property \Illuminate\Database\Eloquent\Collection overdueIssuedInvoices
- * @property \Illuminate\Database\Eloquent\Collection pendingIssuedInvoices
- * @property \Illuminate\Database\Eloquent\Collection defaultIssuedInvoices
+ * @property \Illuminate\Database\Eloquent\Collection receivedInvoices
+ * @property \Illuminate\Database\Eloquent\Collection fulfilledReceivedInvoices
+ * @property \Illuminate\Database\Eloquent\Collection overdueReceivedInvoices
+ * @property \Illuminate\Database\Eloquent\Collection pendingReceivedInvoices
+ * @property \Illuminate\Database\Eloquent\Collection defaultReceivedInvoices
  * @property \Illuminate\Database\Eloquent\Collection notifications
  * @property \Illuminate\Database\Eloquent\Collection readNotifications
  * @property \Illuminate\Database\Eloquent\Collection unreadNotifications

app/Handbook.php

@@ -4,6 +4,7 @@
 
 use App\Abstracts\Organization;
 use App\Traits\HasComments;
+use App\Traits\UuidTrait;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Support\Carbon;
 
@@ -30,7 +31,7 @@
  */
 class Handbook extends Model
 {
-    use HasComments;
+    use HasComments, UuidTrait;
 
     /**
      * Get relation between this handbook and the organization that owns it.

app/Http/Controllers/CharacterController.php → app/Http/Controllers/Api/CharacterController.php

@@ -1,14 +1,16 @@
 <?php
 
-namespace App\Http\Controllers;
+namespace App\Http\Controllers\Api;
 
 use App\Character;
 use App\Jobs\ProcessAuthCallback;
 use App\Jobs\ProcessTokenRefresh;
+use CloudCreativity\LaravelJsonApi\Http\Controllers\JsonApiController;
 use Illuminate\Http\Request;
+use Illuminate\Http\Response;
 use Illuminate\Support\Facades\Auth;
 
-class CharacterController extends Controller
+class CharacterController extends JsonApiController
 {
     /**
      * Store a newly created resource in storage.
@@ -26,9 +28,13 @@ public function callback(Request $request)
      *
      * @param Request   $request
      * @param Character $character
+     *
+     * @return Response
      */
     public function refreshToken(Request $request, Character $character)
     {
         ProcessTokenRefresh::dispatch($character);
+
+        return response()->setStatusCode(202);
     }
 }

app/Http/Kernel.php

@@ -16,9 +16,9 @@ class Kernel extends HttpKernel
     protected $middleware = [
         \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
         \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
-        \App\Http\Middleware\TrimStrings::class,
+        Middleware\TrimStrings::class,
         \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
-        \App\Http\Middleware\TrustProxies::class,
+        Middleware\TrustProxies::class,
     ];
 
     /**
@@ -28,12 +28,12 @@ class Kernel extends HttpKernel
      */
     protected $middlewareGroups = [
         'web' => [
-            \App\Http\Middleware\EncryptCookies::class,
+            Middleware\EncryptCookies::class,
             \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
             \Illuminate\Session\Middleware\StartSession::class,
             // \Illuminate\Session\Middleware\AuthenticateSession::class,
             \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-            \App\Http\Middleware\VerifyCsrfToken::class,
+            Middleware\VerifyCsrfToken::class,
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
         ],
 
@@ -55,10 +55,11 @@ class Kernel extends HttpKernel
         'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
         'bindings'   => \Illuminate\Routing\Middleware\SubstituteBindings::class,
         'can'        => \Illuminate\Auth\Middleware\Authorize::class,
-        'guest'      => \App\Http\Middleware\RedirectIfAuthenticated::class,
+        'guest'      => Middleware\RedirectIfAuthenticated::class,
         'throttle'   => \Illuminate\Routing\Middleware\ThrottleRequests::class,
 
         // custom middleware
         'auth.callback' => Middleware\EveCallbackAuth::class,
+        'character'     => Middleware\CheckCharacter::class,
     ];
 }

app/Http/Middleware/CheckCharacter.php

@@ -0,0 +1,51 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\User;
+use Closure;
+
+class CheckCharacter
+{
+    const CHARACTER_HEADER = 'X-Character';
+
+    /**
+     * Handle an incoming request.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        // The X-Character header must be present
+        if (!$request->hasHeader(self::CHARACTER_HEADER)) {
+            return response()->json([
+                'errors' => [
+                    [
+                        'title'  => 'Missing character concerned in request',
+                        'detail' => 'A character was not included in the attempted request when one must be',
+                    ],
+                ],
+            ], 401);
+        }
+
+        /** @var User $user */
+        $user = $request->user();
+
+        // The X-Character header must be valid for the authenticated user
+        if (!$user->characters()->where('characters.id', '=', $request->header(self::CHARACTER_HEADER))->exists()) {
+            return response()->json([
+                'errors' => [
+                    [
+                        'title'  => 'Invalid Character',
+                        'detail' => 'The character assigned to the request is not associated with the authenticated user',
+                    ],
+                ],
+            ], 403);
+        }
+
+        return $next($request);
+    }
+}

app/JsonApi/Adapters/AllianceAdapter.php

@@ -24,10 +24,10 @@ class AllianceAdapter extends AbstractAdapter
         'overdueInvoices',
         'pendingInvoices',
         'defaultInvoices',
-        'fulfilledIssuedInvoices',
-        'overdueIssuedInvoices',
-        'pendingIssuedInvoices',
-        'defaultIssuedInvoices',
+        'fulfilledReceivedInvoices',
+        'overdueReceivedInvoices',
+        'pendingReceivedInvoices',
+        'defaultReceivedInvoices',
         'readNotifications',
         'unreadNotifications',
     ];
@@ -44,17 +44,17 @@ class AllianceAdapter extends AbstractAdapter
         'membershipLevels',
         'memberships',
         'coalition',
-        'claims',
+        'replacementClaims',
         'invoices',
         'fulfilledInvoices',
         'overdueInvoices',
         'pendingInvoices',
         'defaultInvoices',
-        'issuedInvoices',
-        'fulfilledIssuedInvoices',
-        'overdueIssuedInvoices',
-        'pendingIssuedInvoices',
-        'defaultIssuedInvoices',
+        'receivedInvoices',
+        'fulfilledReceivedInvoices',
+        'overdueReceivedInvoices',
+        'pendingReceivedInvoices',
+        'defaultReceivedInvoices',
         'notifications',
         'readNotifications',
         'unreadNotifications',
@@ -108,7 +108,7 @@ public function corporations()
         return $this->hasMany();
     }
 
-    public function claims()
+    public function replacementClaims()
     {
         return $this->hasMany();
     }
@@ -138,27 +138,27 @@ public function defaultInvoices()
         return $this->hasMany();
     }
 
-    public function issuedInvoices()
+    public function receivedInvoices()
     {
         return $this->hasMany();
     }
 
-    public function fulfilledIssuedInvoices()
+    public function fulfilledReceivedInvoices()
     {
         return $this->hasMany();
     }
 
-    public function overdueIssuedInvoices()
+    public function overdueReceivedInvoices()
     {
         return $this->hasMany();
     }
 
-    public function pendingIssuedInvoices()
+    public function pendingReceivedInvoices()
     {
         return $this->hasMany();
     }
 
-    public function defaultIssuedInvoices()
+    public function defaultReceivedInvoices()
     {
         return $this->hasMany();
     }