Optimize order validation inside controllers

2025-03-20 06:39:38 +01:00 · 2022-07-13 23:15:34 +02:00 · 2022-07-13 23:15:34 +02:00 · e26417b9cf
commit e26417b9cf
parent 0dc84110a7
7 changed files with 43 additions and 24 deletions
--- a/app/Http/Controllers/API/LinkController.php
+++ b/app/Http/Controllers/API/LinkController.php
@ -29,6 +29,7 @@ class LinkController extends Controller

    public function __construct()
    {
+        $this->allowedOrders = Link::$allowOrderBy;
        $this->authorizeResource(Link::class, 'link');
    }

--- a/app/Http/Controllers/API/ListController.php
+++ b/app/Http/Controllers/API/ListController.php
@ -6,7 +6,6 @@ use App\Http\Controllers\Controller;
 use App\Http\Controllers\Traits\ChecksOrdering;
 use App\Http\Requests\Models\ListStoreRequest;
 use App\Http\Requests\Models\ListUpdateRequest;
-use App\Models\Link;
 use App\Models\LinkList;
 use App\Repositories\ListRepository;
 use Illuminate\Http\JsonResponse;
@ -17,17 +16,9 @@ class ListController extends Controller
 {
    use ChecksOrdering;

-    protected array $allowedOrders = [
-        'id',
-        'name',
-        'description',
-        'visibility',
-        'created_at',
-        'updated_at',
-    ];
-
    public function __construct()
    {
+        $this->allowedOrderBy = LinkList::$allowOrderBy;
        $this->authorizeResource(LinkList::class, 'list');
    }

--- a/app/Http/Controllers/Models/TagController.php
+++ b/app/Http/Controllers/Models/TagController.php
@ -17,14 +17,9 @@ class TagController extends Controller
 {
    use ChecksOrdering;

-    protected array $allowedOrders = [
-        'created_at',
-        'name',
-        'links_count',
-    ];
-
    public function __construct()
    {
+        $this->allowedOrderBy = Tag::$allowOrderBy;
        $this->authorizeResource(Tag::class, 'tag');
    }

@ -102,12 +97,14 @@ class TagController extends Controller
     */
    public function show(Request $request, Tag $tag): View
    {
-        // @TODO Check ordering for links
-        $links = $tag->links()->byUser()
-            ->orderBy(
-                $request->input('orderBy', 'created_at'),
-                $request->input('orderDir', 'desc')
-            )
+        $this->allowedOrderBy = Tag::$allowOrderBy;
+        $this->orderBy = $request->input('orderBy', 'created_at');
+        $this->orderDir = $request->input('orderDir', 'desc');
+
+        $this->checkOrdering();
+
+        $links = $tag->links()->visibleForUser()
+            ->orderBy($this->orderBy, $this->orderDir)
            ->paginate(getPaginationLimit());

        return view('models.tags.show', [
@ -163,7 +160,6 @@ class TagController extends Controller
        }

        flash(trans('tag.deleted_successfully'), 'warning');
-
        return request()->has('redirect_back') ? redirect()->back() : redirect()->route('tags.index');
    }
 }
--- a/app/Http/Controllers/Traits/ChecksOrdering.php
+++ b/app/Http/Controllers/Traits/ChecksOrdering.php
@ -4,13 +4,14 @@ namespace App\Http\Controllers\Traits;

 trait ChecksOrdering
 {
+    protected array $allowedOrderBy = [];
    protected string $orderBy = 'created_at';
    protected string $orderDir = 'desc';

    // Entities are only allowed to be ordered by specific columns and directions
    protected function checkOrdering(): void
    {
-        $this->orderBy = in_array($this->orderBy, $this->allowedOrders, true) ? $this->orderBy : 'created_at';
+        $this->orderBy = in_array($this->orderBy, $this->allowedOrderBy, true) ? $this->orderBy : 'created_at';
        $this->orderDir = in_array($this->orderDir, ['asc', 'desc']) ? $this->orderDir : 'asc';
    }
 }
--- a/app/Models/Link.php
+++ b/app/Models/Link.php
@ -76,6 +76,18 @@ class Link extends Model implements Auditable
        'check_disabled' => 'boolean',
    ];

+    public static array $allowOrderBy = [
+        'id',
+        'url',
+        'title',
+        'description',
+        'visibility',
+        'status',
+        'check_disabled',
+        'created_at',
+        'updated_at',
+    ];
+
    public string $langBase = 'link';

    public const STATUS_OK = 1;
--- a/app/Models/LinkList.php
+++ b/app/Models/LinkList.php
@ -57,6 +57,15 @@ class LinkList extends Model implements Auditable
        'visibility' => 'integer',
    ];

+    public static array $allowOrderBy = [
+        'id',
+        'name',
+        'description',
+        'visibility',
+        'created_at',
+        'updated_at',
+    ];
+
    public string $langBase = 'list';

    /**
--- a/app/Models/Tag.php
+++ b/app/Models/Tag.php
@ -52,6 +52,15 @@ class Tag extends Model implements Auditable
        'visibility' => 'integer',
    ];

+    public static array $allowOrderBy = [
+        'id',
+        'name',
+        'description',
+        'visibility',
+        'created_at',
+        'updated_at',
+    ];
+
    public string $langBase = 'tag';

    /**