添加鉴权

app/Http/Controllers/ArticleMapController.php

@@ -5,7 +5,8 @@ namespace App\Http\Controllers;
 use App\Models\ArticleCollection;
 use App\Models\Article;
 use App\Models\Collection;
-
+use App\Http\Api\ShareApi;
+use App\Http\Api\AuthApi;
 use Illuminate\Http\Request;
 use App\Http\Resources\ArticleMapResource;
 
@@ -41,10 +42,23 @@ class ArticleMapController extends Controller
     public function store(Request $request)
     {
         //
+
         $validated = $request->validate([
                 'anthology_id' => 'required',
                 'operation' => 'required'
             ]);
+        $collection  = Collection::find($request->get('anthology_id'));
+        if(!$collection){
+            return $this->error("no recorder");
+        }
+        //鉴权
+        $user = AuthApi::current($request);
+        if(!$user){
+            return $this->error(__('auth.failed'));
+        }
+        if(!CollectionController::UserCanEdit($user["user_uid"],$collection)){
+            return $this->error(__('auth.failed'));
+        }
         switch ($validated['operation']) {
             case 'add':
                 # 添加多个文章到文集
@@ -62,6 +76,7 @@ class ArticleMapController extends Controller
                         $new->collect_id = $request->get('anthology_id');
                         $new->title = Article::find($article)->title;
                         $new->level = 1;
+                        $new->editor_id = $user["user_id"];
                         $new->save();
                         $count++;
                     }
@@ -98,6 +113,20 @@ class ArticleMapController extends Controller
         $validated = $request->validate([
             'operation' => 'required'
         ]);
+
+        $collection  = Collection::find($id);
+        if(!$collection){
+            return $this->error("no recorder");
+        }
+        //鉴权
+        $user = AuthApi::current($request);
+        if(!$user){
+            return $this->error(__('auth.failed'));
+        }
+        if(!CollectionController::UserCanEdit($user["user_uid"],$collection)){
+            return $this->error(__('auth.failed'));
+        }
+
         switch ($validated['operation']) {
             case 'anthology':
                 $delete = ArticleCollection::where('collect_id',$id)->delete();
@@ -111,6 +140,10 @@ class ArticleMapController extends Controller
                     $new->title = $row["title"];
                     $new->level = $row["level"];
                     $new->children = $row["children"];
+                    $new->editor_id = $user["user_id"];
+                    if(isset($row["deleted_at"])){
+                        $new->deleted_at = $row["deleted_at"];
+                    }
                     $new->save();
                     $count++;
                 }