Mirrors/koel
2
0
Fork 0
mirror of https://github.com/koel/koel synced 2024-11-10 06:34:14 +00:00
Code Issues Projects Releases Packages Wiki Activity

chore: fine-tune Song policies

Browse source
This commit is contained in:
Phan An 2024-01-09 12:53:35 +01:00
parent e598f0a401
commit 9a89828384
5 changed files with 12 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/Http/Controllers/API/Interaction/BatchLikeController.php
View file

@ -23,7 +23,7 @@ class BatchLikeController extends Controller
public function store(BatchInteractionRequest $request)
{
$this->songRepository->getMany(ids: $request->songs, scopedUser: $this->user)
->each(fn ($song) => $this->authorize('interact', $song));
->each(fn ($song) => $this->authorize('access', $song));
$interactions = $this->interactionService->batchLike(Arr::wrap($request->songs), $this->user);
@ -33,7 +33,7 @@ class BatchLikeController extends Controller
public function destroy(BatchInteractionRequest $request)
{
$this->songRepository->getMany(ids: $request->songs, scopedUser: $this->user)
->each(fn ($song) => $this->authorize('interact', $song));
->each(fn ($song) => $this->authorize('access', $song));
$this->interactionService->batchUnlike(Arr::wrap($request->songs), $this->user);

2
app/Http/Controllers/API/Interaction/ToggleLikeSongController.php
View file

@ -20,7 +20,7 @@ class ToggleLikeSongController extends Controller
?Authenticatable $user
) {
$song = $songRepository->getOne($request->song, $user);
$this->authorize('interact', $song);
$this->authorize('access', $song);
return InteractionResource::make($interactionService->toggleLike($request->song, $user));
}

3
app/Http/Controllers/API/PlaylistSongController.php
View file

@ -40,6 +40,9 @@ class PlaylistSongController extends Controller
{
$this->authorize('own', $playlist);
$this->songRepository->getMany(ids: $request->songs, scopedUser: $this->user)
->each(fn ($song) => $this->authorize('access', $song));
abort_if($playlist->is_smart, Response::HTTP_FORBIDDEN);
$this->playlistService->addSongsToPlaylist($playlist, $request->songs);

2
app/Http/Controllers/PlayController.php
View file

@ -15,7 +15,7 @@ class PlayController extends Controller
?bool $transcode = null,
?int $bitRate = null
) {
$this->authorize('play', $song);
$this->authorize('access', $song);
return $streamerFactory
->createStreamer($song, $transcode, $bitRate, (float) $request->time)

15
app/Policies/SongPolicy.php
View file

@ -13,24 +13,19 @@ class SongPolicy
return $song->owner_id === $user->id;
}
public function play(User $user, Song $song): bool
public function access(User $user, Song $song): bool
{
return License::isCommunity() || $song->is_public || $song->owner_id === $user->id;
}
public function interact(User $user, Song $song): bool
{
return License::isCommunity() || $song->is_public || $song->owner_id === $user->id;
return License::isCommunity() || $song->accessibleBy($user);
}
public function delete(User $user, Song $song): bool
{
return (License::isCommunity() && $user->is_admin) || $song->owner_id === $user->id;
return (License::isPlus() && $song->accessibleBy($user)) || $user->is_admin;
}
public function edit(User $user, Song $song): bool
{
return (License::isCommunity() && $user->is_admin) || $song->owner_id === $user->id;
return (License::isPlus() && $song->accessibleBy($user)) || $user->is_admin;
}
public function download(User $user, Song $song): bool
@ -39,6 +34,6 @@ class SongPolicy
return false;
}
return License::isCommunity() || $song->is_public || $song->owner_id === $user->id;
return $this->access($user, $song);
}
}