basic CRUD for listings

2025-11-05 14:47:19 -08:00
parent 8355d57fc4
commit 4c3eb027ea
8 changed files with 107 additions and 18 deletions
--- a/app/Http/Controllers/ListingController.php
+++ b/app/Http/Controllers/ListingController.php
@@ -13,7 +13,7 @@ class ListingController extends Controller
     */
    public function index()
    {
-        // 
+        return Listing::with('poster')->get()->toJson();
    }

    /**
@@ -29,7 +29,10 @@ class ListingController extends Controller
     */
    public function store(StoreListingRequest $request)
    {
-        //
+        $attrs = $request->safe()->merge([
+            'user_id' => $request->user()->id
+        ]);
+        return Listing::create($attrs->all())->toJson();
    }

    /**
@@ -37,7 +40,7 @@ class ListingController extends Controller
     */
    public function show(Listing $listing)
    {
-        //
+        return $listing->with('poster')->get()->toJson();
    }

    /**
@@ -53,7 +56,7 @@ class ListingController extends Controller
     */
    public function update(UpdateListingRequest $request, Listing $listing)
    {
-        //
+        return $listing->update($request->validated());
    }

    /**
@@ -61,6 +64,15 @@ class ListingController extends Controller
     */
    public function destroy(Listing $listing)
    {
-        //
+        if (request()->user()->can('delete', $listing)) {
+            $listing->delete();
+            return response()->json([
+                'deleted_at' => $listing->deleted_at,
+            ], 200);
+        } else {
+            return response()->json([
+                'error' => 'You are not authorized to delete this listing.',
+            ], 403);
+        }
    }
 }
--- a/app/Http/Requests/StoreListingRequest.php
+++ b/app/Http/Requests/StoreListingRequest.php
@@ -3,6 +3,8 @@
 namespace App\Http\Requests;

 use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Validation\Rule;
+use App\Models\Listing;

 class StoreListingRequest extends FormRequest
 {
@@ -11,7 +13,7 @@ class StoreListingRequest extends FormRequest
     */
    public function authorize(): bool
    {
-        return false;
+        return $this->user()->can('create', Listing::class);
    }

    /**
@@ -22,7 +24,11 @@ class StoreListingRequest extends FormRequest
    public function rules(): array
    {
        return [
-            //
+            'title' => 'string|required|max:100',
+            'description' => 'string|required|max:1000',
+            'condition' => ['nullable', Rule::in(['parts only', 'poor', 'fair', 'good', 'excellent'])],
+            'price' => 'decimal:2|gte:0',
+            'location' => 'string|nullable|max:50',
        ];
    }
 }
--- a/app/Http/Requests/UpdateListingRequest.php
+++ b/app/Http/Requests/UpdateListingRequest.php
@@ -3,6 +3,8 @@
 namespace App\Http\Requests;

 use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Validation\Rule;
+use App\Models\Listing;

 class UpdateListingRequest extends FormRequest
 {
@@ -11,7 +13,8 @@ class UpdateListingRequest extends FormRequest
     */
    public function authorize(): bool
    {
-        return false;
+        $listing = Listing::find($this->route('listing'));
+        return $listing && $this->user()->can('update', $listing);
    }

    /**
@@ -22,7 +25,11 @@ class UpdateListingRequest extends FormRequest
    public function rules(): array
    {
        return [
-            //
+            'title' => 'string|required|max:100',
+            'description' => 'string|required|max:1000',
+            'condition' => ['nullable', Rule::in(['parts only', 'poor', 'fair', 'good', 'excellent'])],
+            'price' => 'decimal:2|gte:0',
+            'location' => 'string|nullable|max:50',
        ];
    }
 }
--- a/app/Models/Listing.php
+++ b/app/Models/Listing.php
@@ -4,9 +4,43 @@ namespace App\Models;

 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
+use Illuminate\Database\Eloquent\SoftDeletes;

 class Listing extends Model
 {
    /** @use HasFactory<\Database\Factories\ListingFactory> */
-    use HasFactory;
+    use HasFactory, SoftDeletes;
+
+    /**
+     * Get the user that made this listing.
+     */
+    public function poster(): BelongsTo
+    {
+        return $this->belongsTo(User::class, 'user_id');
+    }
+
+    /**
+     * The attributes that are mass assignable.
+     *
+     * @var list<string>
+     */
+    protected $fillable = [
+        'title',
+        'description',
+        'price',
+        'location',
+        'condition',
+        'user_id',
+    ];
+
+    /**
+     * The attributes that should be hidden for serialization.
+     *
+     * @var list<string>
+     */
+    protected $hidden = [
+        'user_id',
+        'deleted_at',
+    ];
 }
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -31,6 +31,8 @@ class User extends Authenticatable
    protected $hidden = [
        'password',
        'remember_token',
+        'two_factor_secret',
+        'two_factor_recovery_codes',
    ];

    /**
--- a/app/Policies/ListingPolicy.php
+++ b/app/Policies/ListingPolicy.php
@@ -13,7 +13,7 @@ class ListingPolicy
     */
    public function viewAny(User $user): bool
    {
-        return false;
+        return true;
    }

    /**
@@ -21,7 +21,7 @@ class ListingPolicy
     */
    public function view(User $user, Listing $listing): bool
    {
-        return false;
+        return true;
    }

    /**
@@ -29,7 +29,7 @@ class ListingPolicy
     */
    public function create(User $user): bool
    {
-        return false;
+        return $user->email_verified_at !== null;
    }

    /**
@@ -37,7 +37,7 @@ class ListingPolicy
     */
    public function update(User $user, Listing $listing): bool
    {
-        return false;
+        return $user->id === $listing->user_id;
    }

    /**
@@ -45,7 +45,7 @@ class ListingPolicy
     */
    public function delete(User $user, Listing $listing): bool
    {
-        return false;
+        return $user->id === $listing->user_id;
    }

    /**