feat: added upload file permission

Author: mwargan

app/Http/Controllers/MapController.php

@@ -180,10 +180,18 @@ public function storeFromFile(Request $request)
         $request->merge(['markers' => $parsedData['markers']]);
 
         try {
+            $this->authorize('uploadFromFile', [Marker::class, $map]);
+
             $validated_data = Marker::validateRequestForBulkInsert($request, $map);
             Marker::bulkInsertWithLocations($validated_data['markers'], $map);
             // Set response code
             return response()->json(new MapResource($map), 201);
+        } catch (\Illuminate\Validation\ValidationException $e) {
+            $map->delete();
+            throw $e;
+        } catch (\Illuminate\Auth\Access\AuthorizationException $e) {
+            $map->delete();
+            throw $e;
         } catch (\Exception $e) {
             $map->delete();
             return response()->json(['error' => 'Error while saving map'], 500);

app/Http/Controllers/MarkerController.php

@@ -148,7 +148,7 @@ public function storeInBulk(Request $request, Map $map)
      */
     public function storeInBulkFromFile(Request $request, Map $map)
     {
-        $this->authorize('createInBulk', [Marker::class, $map, $request->input('map_token')]);
+        $this->authorize('uploadFromFile', [Marker::class, $map, $request->input('map_token')]);
 
         // Get the uploaded file type for debug
         $fileMimeType = $request->file('file')->getMimeType();
@@ -179,7 +179,13 @@ public function storeInBulkFromFile(Request $request, Map $map)
 
         $request->merge(['markers' => $markers]);
 
-        return $this->storeInBulk($request, $map);
+        try {
+            $validated_data = Marker::validateRequestForBulkInsert($request, $map);
+        } catch (\Illuminate\Validation\ValidationException $e) {
+            throw $e;
+        }
+
+        return Marker::bulkInsertWithLocations($validated_data['markers'], $map);
     }
 
     /**

app/Policies/MarkerPolicy.php

@@ -80,6 +80,21 @@ public function createInBulk(User $user, Map $map, $token = null)
         return $user->hasVerifiedEmail() && $user->hasPermissionTo('create markers in bulk', 'web');
     }
 
+    /**
+     * Determine whether the user can create markers.
+     *
+     * @param User $user
+     * @return bool
+     */
+    public function uploadFromFile(User $user, Map $map, $token = null)
+    {
+        if ($map->users_can_create_markers == 'no') {
+            return $map->user_id == $user->id;
+        }
+
+        return $user->hasVerifiedEmail() && $user->hasPermissionTo('upload markers from file', 'web');
+    }
+
     /**
      * Determine whether the user can update the marker.
      *

routes/console.php

@@ -33,11 +33,11 @@
 Artisan::command('make:permissions', function () {
     $this->info('Making permissions');
 
-    Artisan::call('permission:create-role admin web "manage markers|edit markers|create markers|delete markers|manage categories|edit categories|create categories|delete categories|manage user roles|manage roles|apply to report|manage maps|create markers in bulk|mark spam"');
+    Artisan::call('permission:create-role admin web "manage markers|edit markers|create markers|delete markers|manage categories|edit categories|create categories|delete categories|manage user roles|manage roles|apply to report|manage maps|create markers in bulk|mark spam|upload markers from file"');
 
     Artisan::call('permission:create-role editor web "manage markers|manage categories|manage maps"');
 
-    Artisan::call('permission:create-role "power reporter" web "create markers in bulk"');
+    Artisan::call('permission:create-role "power reporter" web "create markers in bulk|upload markers from file"');
 
     Artisan::call('permission:create-role reporter web "edit markers|create markers|delete markers|mark spam"');
 

tests/Unit/MapTest.php

@@ -226,7 +226,7 @@ public function testCreateMapFromGpxTest()
         /**
          * @var \Illuminate\Contracts\Auth\Authenticatable
          */
-        $user = $user->givePermissionTo('create markers in bulk');
+        $user = $user->givePermissionTo('upload markers from file');
 
         $this->actingAs($user, 'api');
 

tests/Unit/MarkerTest.php

@@ -455,7 +455,7 @@ public function testCreateMarkerInBulkWithGpxFile()
         /**
          * @var \Illuminate\Contracts\Auth\Authenticatable
          */
-        $user = $user->givePermissionTo('create markers in bulk');
+        $user = $user->givePermissionTo('upload markers from file');
 
         $this->actingAs($user, 'api');
 
@@ -520,7 +520,7 @@ public function testCreateMarkerInBulkWithGpxFileFailWithRequiredLinks()
         /**
          * @var \Illuminate\Contracts\Auth\Authenticatable
          */
-        $user = $user->givePermissionTo('create markers in bulk');
+        $user = $user->givePermissionTo('upload markers from file');
 
         $this->actingAs($user, 'api');
 
@@ -559,7 +559,7 @@ public function testCreateMarkerInBulkWithSecondGpxFile()
         /**
          * @var \Illuminate\Contracts\Auth\Authenticatable
          */
-        $user = $user->givePermissionTo('create markers in bulk');
+        $user = $user->givePermissionTo('upload markers from file');
 
         $this->actingAs($user, 'api');
 
@@ -593,7 +593,7 @@ public function testCreateMarkerInBulkWithGeoJSONFile()
         /**
          * @var \Illuminate\Contracts\Auth\Authenticatable
          */
-        $user = $user->givePermissionTo('create markers in bulk');
+        $user = $user->givePermissionTo('upload markers from file');
 
         $this->actingAs($user, 'api');