From d1e9713bd796be30ae741622e50ed088b4814c4f Mon Sep 17 00:00:00 2001
From: Marc van der Meulen <marc@level23.nl>
Date: Thu, 11 Nov 2021 11:24:43 +0100
Subject: [PATCH] Add parent entity to the model policy where possible

---
 .../HandlesRelationManyToManyOperations.php   |  2 +-
 .../HandlesRelationOneToManyOperations.php    |  4 ++--
 ...HandlesRelationStandardBatchOperations.php | 14 ++++++-------
 .../HandlesRelationStandardOperations.php     | 20 +++++++++----------
 4 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/src/Concerns/HandlesRelationManyToManyOperations.php b/src/Concerns/HandlesRelationManyToManyOperations.php
index 37211138..c22d97ba 100644
--- a/src/Concerns/HandlesRelationManyToManyOperations.php
+++ b/src/Concerns/HandlesRelationManyToManyOperations.php
@@ -632,7 +632,7 @@ protected function updatePivotWithTransaction(Request $request, $parentKey, $rel
         $query = $this->buildShowFetchQuery($request, $parentEntity, []);
         $entity = $this->runShowFetchQuery($request, $query, $parentEntity, $relatedKey);
 
-        $this->authorize('update', $entity);
+        $this->authorize('update', [$entity, $parentEntity]);
 
         $updateResult = $this->performUpdatePivot($request, $parentEntity, $relatedKey, $request->get('pivot', []));
 
diff --git a/src/Concerns/HandlesRelationOneToManyOperations.php b/src/Concerns/HandlesRelationOneToManyOperations.php
index 25d105ac..b4d126d8 100644
--- a/src/Concerns/HandlesRelationOneToManyOperations.php
+++ b/src/Concerns/HandlesRelationOneToManyOperations.php
@@ -52,7 +52,7 @@ protected function associateWithTransaction(Request $request, $parentKey)
         }
 
         $this->authorize('view', $parentEntity);
-        $this->authorize('update', $entity);
+        $this->authorize('update', [$entity, $parentEntity]);
 
         $this->performAssociate($request, $parentEntity, $entity);
 
@@ -204,7 +204,7 @@ protected function dissociateWithTransaction(Request $request, $parentKey, $rela
             return $beforeHookResult;
         }
 
-        $this->authorize('update', $entity);
+        $this->authorize('update', [$entity, $parentEntity]);
 
         $this->performDissociate($request, $parentEntity, $entity);
 
diff --git a/src/Concerns/HandlesRelationStandardBatchOperations.php b/src/Concerns/HandlesRelationStandardBatchOperations.php
index df569236..4f432457 100644
--- a/src/Concerns/HandlesRelationStandardBatchOperations.php
+++ b/src/Concerns/HandlesRelationStandardBatchOperations.php
@@ -41,13 +41,13 @@ public function batchStore(Request $request, $parentKey)
      */
     protected function batchStoreWithTransaction(Request $request, $parentKey)
     {
-        $resourceModelClass = $this->resolveResourceModelClass();
-
-        $this->authorize('create', $resourceModelClass);
-
         $parentQuery = $this->buildBatchStoreParentFetchQuery($request, $parentKey);
         $parentEntity = $this->runBatchStoreParentFetchQuery($request, $parentQuery, $parentKey);
 
+        $resourceModelClass = $this->resolveResourceModelClass();
+
+        $this->authorize('create', [$resourceModelClass, $parentEntity]);
+
         $beforeHookResult = $this->beforeBatchStore($request, $parentEntity);
         if ($this->hookResponds($beforeHookResult)) {
             return $beforeHookResult;
@@ -194,7 +194,7 @@ protected function batchUpdateWithTransaction(Request $request, $parentKey)
 
         foreach ($entities as $entity) {
             /** @var Model $entity */
-            $this->authorize('update', $entity);
+            $this->authorize('update', [$entity, $parentEntity]);
 
             $resource = $request->input("resources.{$entity->{$this->keyName()}}");
 
@@ -393,7 +393,7 @@ protected function batchDestroyWithTransaction(Request $request, $parentKey)
 
         foreach ($entities as $entity) {
             /** @var Model $entity */
-            $this->authorize($forceDeletes ? 'forceDelete' : 'delete', $entity);
+            $this->authorize($forceDeletes ? 'forceDelete' : 'delete', [$entity, $parentEntity]);
 
             $this->beforeDestroy($request, $parentEntity, $entity);
 
@@ -560,7 +560,7 @@ protected function batchRestoreWithTransaction(Request $request, $parentKey)
 
         foreach ($entities as $entity) {
             /** @var Model $entity */
-            $this->authorize('restore', $entity);
+            $this->authorize('restore', [$entity, $parentEntity]);
 
             $this->beforeRestore($request, $parentEntity, $entity);
 
diff --git a/src/Concerns/HandlesRelationStandardOperations.php b/src/Concerns/HandlesRelationStandardOperations.php
index 23e17405..a8d0ac21 100644
--- a/src/Concerns/HandlesRelationStandardOperations.php
+++ b/src/Concerns/HandlesRelationStandardOperations.php
@@ -32,13 +32,13 @@ trait HandlesRelationStandardOperations
      */
     public function index(Request $request, $parentKey)
     {
-        $this->authorize('viewAny', $this->resolveResourceModelClass());
-
         $requestedRelations = $this->relationsResolver->requestedRelations($request);
 
         $parentQuery = $this->buildIndexParentFetchQuery($request, $parentKey);
         $parentEntity = $this->runIndexParentFetchQuery($request, $parentQuery, $parentKey);
 
+        $this->authorize('viewAny', [$this->resolveResourceModelClass(), $parentEntity]);
+
         $beforeHookResult = $this->beforeIndex($request, $parentEntity);
         if ($this->hookResponds($beforeHookResult)) {
             return $beforeHookResult;
@@ -251,13 +251,13 @@ public function store(Request $request, $parentKey)
      */
     protected function storeWithTransaction(Request $request, $parentKey)
     {
-        $resourceModelClass = $this->resolveResourceModelClass();
-
-        $this->authorize('create', $resourceModelClass);
-
         $parentQuery = $this->buildStoreParentFetchQuery($request, $parentKey);
         $parentEntity = $this->runStoreParentFetchQuery($request, $parentQuery, $parentKey);
 
+        $resourceModelClass = $this->resolveResourceModelClass();
+
+        $this->authorize('create', [$resourceModelClass, $parentEntity]);
+
         /** @var Model $entity */
         $entity = new $resourceModelClass;
 
@@ -434,7 +434,7 @@ public function show(Request $request, $parentKey, $relatedKey = null)
         $query = $this->buildShowFetchQuery($request, $parentEntity, $requestedRelations);
         $entity = $this->runShowFetchQuery($request, $query, $parentEntity, $relatedKey);
 
-        $this->authorize('view', $entity);
+        $this->authorize('view', [$entity, $parentEntity]);
 
         $entity = $this->cleanupEntity($entity);
 
@@ -613,7 +613,7 @@ protected function updateWithTransaction(Request $request, $parentKey, $relatedK
         $query = $this->buildUpdateFetchQuery($request, $parentEntity, $requestedRelations);
         $entity = $this->runUpdateFetchQuery($request, $query, $parentEntity, $relatedKey);
 
-        $this->authorize('update', $entity);
+        $this->authorize('update', [$entity, $parentEntity]);
 
         $beforeHookResult = $this->beforeUpdate($request, $parentEntity, $entity);
         if ($this->hookResponds($beforeHookResult)) {
@@ -811,7 +811,7 @@ protected function destroyWithTransaction(Request $request, $parentKey, $related
             abort(404);
         }
 
-        $this->authorize($forceDeletes ? 'forceDelete' : 'delete', $entity);
+        $this->authorize($forceDeletes ? 'forceDelete' : 'delete', [$entity, $parentEntity]);
 
         $beforeHookResult = $this->beforeDestroy($request, $parentEntity, $entity);
         if ($this->hookResponds($beforeHookResult)) {
@@ -994,7 +994,7 @@ protected function restoreWithTransaction(Request $request, $parentKey, $related
         $query = $this->buildRestoreFetchQuery($request, $parentEntity, $requestedRelations);
         $entity = $this->runRestoreFetchQuery($request, $query, $parentEntity, $relatedKey);
 
-        $this->authorize('restore', $entity);
+        $this->authorize('restore', [$entity, $parentEntity]);
 
         $beforeHookResult = $this->beforeRestore($request, $parentEntity, $entity);
         if ($this->hookResponds($beforeHookResult)) {