mirror of
https://github.com/Poniverse/Pony.fm.git
synced 2024-11-25 06:27:59 +01:00
#2: Implemented track moderation.
This commit is contained in:
Peter Deltchev
parent
988bf0ca63
commit
9e753ec26e
12 changed files with 107 additions and 27 deletions
|
|
@ -20,6 +20,7 @@
|
|||
|
||||
namespace Poniverse\Ponyfm\Commands;
|
||||
|
||||
use Gate;
|
||||
use Poniverse\Ponyfm\Models\Album;
|
||||
use Poniverse\Ponyfm\Models\Image;
|
||||
use Poniverse\Ponyfm\Models\Track;
|
||||
|
|
@ -46,9 +47,7 @@ class EditTrackCommand extends CommandBase
|
|||
*/
|
||||
public function authorize()
|
||||
{
|
||||
$user = \Auth::user();
|
||||
|
||||
return $this->_track && $user != null && $this->_track->user_id == $user->id;
|
||||
return $this->_track && Gate::allows('edit', $this->_track);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ use Poniverse\Ponyfm\Models\Image;
|
|||
use Poniverse\Ponyfm\Models\ResourceLogItem;
|
||||
use Auth;
|
||||
use Input;
|
||||
use Poniverse\Ponyfm\Models\User;
|
||||
use Response;
|
||||
use Poniverse\Ponyfm\Models\Track;
|
||||
|
||||
|
|
@ -140,9 +141,12 @@ class AlbumsController extends ApiControllerBase
|
|||
200);
|
||||
}
|
||||
|
||||
public function getOwned()
|
||||
public function getOwned($id)
|
||||
{
|
||||
$query = Album::summary()->where('user_id', \Auth::user()->id)->orderBy('created_at', 'desc')->get();
|
||||
$user = User::findOrFail($id);
|
||||
$this->authorize('get-albums', $user);
|
||||
|
||||
$query = Album::summary()->where('user_id', $id)->orderBy('created_at', 'desc')->get();
|
||||
$albums = [];
|
||||
foreach ($query as $album) {
|
||||
$albums[] = [
|
||||
|
|
|
|||
|
|
@ -183,9 +183,7 @@ class TracksController extends ApiControllerBase
|
|||
return $this->notFound('Track ' . $id . ' not found!');
|
||||
}
|
||||
|
||||
if ($track->user_id != Auth::user()->id) {
|
||||
return $this->notAuthorized();
|
||||
}
|
||||
$this->authorize('edit', $track);
|
||||
|
||||
return Response::json(Track::mapPrivateTrackShow($track), 200);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -137,7 +137,8 @@ Route::group(['prefix' => 'api/web'], function() {
|
|||
Route::get('/tracks/owned', 'Api\Web\TracksController@getOwned');
|
||||
Route::get('/tracks/edit/{id}', 'Api\Web\TracksController@getEdit');
|
||||
|
||||
Route::get('/albums/owned', 'Api\Web\AlbumsController@getOwned');
|
||||
Route::get('/users/{id}/albums', 'Api\Web\AlbumsController@getOwned')->where('id', '\d+');
|
||||
// Route::get('/albums/owned', 'Api\Web\AlbumsController@getOwned');
|
||||
Route::get('/albums/edit/{id}', 'Api\Web\AlbumsController@getEdit');
|
||||
|
||||
Route::get('/playlists/owned', 'Api\Web\PlaylistsController@getOwned');
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ use Auth;
|
|||
use Cache;
|
||||
use Config;
|
||||
use DB;
|
||||
use Gate;
|
||||
use Poniverse\Ponyfm\Contracts\Searchable;
|
||||
use Poniverse\Ponyfm\Exceptions\TrackFileNotFoundException;
|
||||
use Poniverse\Ponyfm\Traits\IndexedInElasticsearchTrait;
|
||||
|
|
@ -423,8 +424,8 @@ class Track extends Model implements Searchable
|
|||
],
|
||||
'user_data' => $userData,
|
||||
'permissions' => [
|
||||
'delete' => Auth::check() && Auth::user()->id == $track->user_id,
|
||||
'edit' => Auth::check() && Auth::user()->id == $track->user_id
|
||||
'delete' => Gate::allows('delete', $track),
|
||||
'edit' => Gate::allows('edit', $track)
|
||||
]
|
||||
];
|
||||
}
|
||||
|
|
|
|||
35
app/Policies/AlbumPolicy.php
Normal file
35
app/Policies/AlbumPolicy.php
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Pony.fm - A community for pony fan music.
|
||||
* Copyright (C) 2016 Peter Deltchev
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace Poniverse\Ponyfm\Policies;
|
||||
|
||||
use Poniverse\Ponyfm\Models\Album;
|
||||
use Poniverse\Ponyfm\Models\User;
|
||||
|
||||
class AlbumPolicy
|
||||
{
|
||||
public function edit(User $user, Album $album) {
|
||||
return $user->id === $album->user_id || $user->hasRole('admin');
|
||||
}
|
||||
|
||||
public function delete(User $user, Album $album) {
|
||||
return $user->id === $album->user_id || $user->hasRole('admin');
|
||||
}
|
||||
}
|
||||
30
app/Policies/UserPolicy.php
Normal file
30
app/Policies/UserPolicy.php
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Pony.fm - A community for pony fan music.
|
||||
* Copyright (C) 2016 Peter Deltchev
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace Poniverse\Ponyfm\Policies;
|
||||
|
||||
use Poniverse\Ponyfm\Models\User;
|
||||
|
||||
class UserPolicy
|
||||
{
|
||||
public function getAlbums(User $userToAuthorize, User $user) {
|
||||
return $userToAuthorize->id === $user->id || $userToAuthorize->hasRole('admin');
|
||||
}
|
||||
}
|
||||
|
|
@ -22,11 +22,14 @@ namespace Poniverse\Ponyfm\Providers;
|
|||
|
||||
use Illuminate\Contracts\Auth\Access\Gate as GateContract;
|
||||
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
|
||||
use Poniverse\Ponyfm\Models\Album;
|
||||
use Poniverse\Ponyfm\Models\Genre;
|
||||
use Poniverse\Ponyfm\Policies\AlbumPolicy;
|
||||
use Poniverse\Ponyfm\Policies\GenrePolicy;
|
||||
use Poniverse\Ponyfm\Policies\TrackPolicy;
|
||||
use Poniverse\Ponyfm\Models\Track;
|
||||
use Poniverse\Ponyfm\Models\User;
|
||||
use Poniverse\Ponyfm\Policies\UserPolicy;
|
||||
|
||||
class AuthServiceProvider extends ServiceProvider
|
||||
{
|
||||
|
|
@ -38,6 +41,8 @@ class AuthServiceProvider extends ServiceProvider
|
|||
protected $policies = [
|
||||
Genre::class => GenrePolicy::class,
|
||||
Track::class => TrackPolicy::class,
|
||||
Album::class => AlbumPolicy::class,
|
||||
User::class => UserPolicy::class,
|
||||
];
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@
|
|||
<a pfm-popup="song-selector" pfm-popup-close-on-click href="#" class="btn btn-small">Show Songs: <strong>{{selectedSongsTitle}}</strong></a>
|
||||
<div id="song-selector" class="pfm-popup">
|
||||
<ul>
|
||||
<li ng-repeat="song in ::taxonomies.showSongs track by song.id" ng-class="{selected: selectedSongs[song.id]}">
|
||||
<li ng-repeat="song in taxonomies.showSongs track by song.id" ng-class="{selected: selectedSongs[song.id]}">
|
||||
<a pfm-eat-click href="#" ng-click="toggleSong(song); $event.stopPropagation();">{{::song.title}}</a>
|
||||
</li>
|
||||
</ul>
|
||||
|
|
|
|||
|
|
@ -127,17 +127,19 @@ module.exports = angular.module('ponyfm').directive 'pfmTrackEditor', () ->
|
|||
# ========================================
|
||||
# The part where everything gets loaded!
|
||||
# ========================================
|
||||
$.when(
|
||||
albums.refresh(),
|
||||
taxonomies.refresh(),
|
||||
tracks.getEdit($scope.trackId, true)
|
||||
).done (albums, taxonomies, track)->
|
||||
# Update album data
|
||||
$scope.albums.length = 0
|
||||
albumsDb = {}
|
||||
for album in albums
|
||||
albumsDb[album.id] = album
|
||||
$scope.albums.push album
|
||||
tracks.getEdit($scope.trackId, true)
|
||||
.then (track)->
|
||||
$.when(
|
||||
albums.refresh(false, track.user_id),
|
||||
taxonomies.refresh()
|
||||
).done (albums, taxonomies)->
|
||||
# Update album data
|
||||
$scope.albums.length = 0
|
||||
albumsDb = {}
|
||||
for album in albums
|
||||
albumsDb[album.id] = album
|
||||
$scope.albums.push album
|
||||
|
||||
|
||||
# Update track data
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,9 @@ module.exports = angular.module('ponyfm').factory('account-albums', [
|
|||
'$rootScope', '$http'
|
||||
($rootScope, $http) ->
|
||||
def = null
|
||||
# the ID of the user whose albums are currently cached
|
||||
currentlyLoadedUserId = null
|
||||
|
||||
albums = []
|
||||
|
||||
self =
|
||||
|
|
@ -31,11 +34,12 @@ module.exports = angular.module('ponyfm').factory('account-albums', [
|
|||
$http.get(url).success (album) -> editDef.resolve album
|
||||
editDef.promise()
|
||||
|
||||
refresh: (force) ->
|
||||
force = force || false
|
||||
return def if !force && def
|
||||
refresh: (force = false, user_id = window.pfm.auth.user.id) ->
|
||||
return def if !force && def && user_id == currentlyLoadedUserId
|
||||
|
||||
def = new $.Deferred()
|
||||
$http.get('/api/web/albums/owned').success (ownedAlbums) ->
|
||||
$http.get("/api/web/users/#{user_id}/albums").success (ownedAlbums) ->
|
||||
currentlyLoadedUserId = user_id
|
||||
def.resolve(ownedAlbums)
|
||||
def.promise()
|
||||
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ module.exports = angular.module('ponyfm').factory('taxonomies', [
|
|||
genresWithTracks: []
|
||||
showSongs: []
|
||||
showSongsWithTracks: []
|
||||
|
||||
refresh: () ->
|
||||
return def.promise() if def != null
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue