69 lines
1.6 KiB
PHP
69 lines
1.6 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Requests\Dashboard;
|
|
|
|
use App\Models\Artwork;
|
|
use Illuminate\Foundation\Http\FormRequest;
|
|
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
|
|
|
final class ArtworkDestroyRequest extends FormRequest
|
|
{
|
|
private ?Artwork $artwork = null;
|
|
|
|
public function authorize(): bool
|
|
{
|
|
$user = $this->user();
|
|
if (! $user) {
|
|
$this->logUnauthorized('missing_user');
|
|
$this->denyAsNotFound();
|
|
}
|
|
|
|
$id = (int) $this->route('id');
|
|
if ($id <= 0) {
|
|
$this->logUnauthorized('missing_artwork_id');
|
|
$this->denyAsNotFound();
|
|
}
|
|
|
|
$artwork = Artwork::query()->whereKey($id)->first();
|
|
if (! $artwork || (int) $artwork->user_id !== (int) $user->id) {
|
|
$this->logUnauthorized('artwork_not_owned_or_missing');
|
|
$this->denyAsNotFound();
|
|
}
|
|
|
|
$this->artwork = $artwork;
|
|
|
|
return true;
|
|
}
|
|
|
|
public function rules(): array
|
|
{
|
|
return [];
|
|
}
|
|
|
|
public function artwork(): Artwork
|
|
{
|
|
if (! $this->artwork) {
|
|
$this->denyAsNotFound();
|
|
}
|
|
|
|
return $this->artwork;
|
|
}
|
|
|
|
private function denyAsNotFound(): void
|
|
{
|
|
throw new NotFoundHttpException();
|
|
}
|
|
|
|
private function logUnauthorized(string $reason): void
|
|
{
|
|
logger()->warning('Dashboard artwork delete unauthorized access', [
|
|
'reason' => $reason,
|
|
'artwork_id' => $this->route('id'),
|
|
'user_id' => $this->user()?->id,
|
|
'ip' => $this->ip(),
|
|
]);
|
|
}
|
|
}
|