[Feature] Allow client-generated ids

Author: lindyhopchris

tests/dummy/app/Http/Controllers/Api/V1/VideoController.php

@@ -0,0 +1,26 @@
+<?php
+/*
+ * Copyright 2021 Cloud Creativity Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Api\V1;
+
+use LaravelJsonApi\Laravel\Http\Controllers\JsonApiController;
+
+class VideoController extends JsonApiController
+{
+}

tests/dummy/app/JsonApi/V1/Server.php

@@ -21,6 +21,7 @@
 
 use App\JsonApi\V1\Posts\PostScope;
 use App\Models\Post;
+use App\Models\Video;
 use Illuminate\Support\Facades\Auth;
 use LaravelJsonApi\Core\Server\Server as BaseServer;
 
@@ -45,6 +46,10 @@ public function serving(): void
         Post::creating(static function (Post $post) {
             $post->author()->associate(Auth::user());
         });
+
+        Video::creating(static function (Video $video) {
+            $video->owner()->associate(Auth::user());
+        });
     }
 
     /**

tests/dummy/app/JsonApi/V1/Videos/VideoRequest.php

@@ -0,0 +1,41 @@
+<?php
+/**
+ * Copyright 2020 Cloud Creativity Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+declare(strict_types=1);
+
+namespace App\JsonApi\V1\Videos;
+
+use LaravelJsonApi\Laravel\Http\Requests\ResourceRequest;
+use LaravelJsonApi\Validation\Rule as JsonApiRule;
+
+class VideoRequest extends ResourceRequest
+{
+
+    /**
+     * @return array
+     */
+    public function rules(): array
+    {
+        return [
+            'id' => ['nullable', JsonApiRule::clientId()],
+            'tags' => JsonApiRule::toMany(),
+            'title' => ['required', 'string'],
+            'url' => ['required', 'string'],
+        ];
+    }
+
+}

tests/dummy/app/JsonApi/V1/Videos/VideoResource.php

@@ -43,7 +43,7 @@ public function attributes(): iterable
     public function relationships(): iterable
     {
         return [
-            $this->relation('tags'),
+            $this->relation('tags')->showDataIfLoaded(),
         ];
     }
 

tests/dummy/app/JsonApi/V1/Videos/VideoSchema.php

@@ -45,9 +45,9 @@ class VideoSchema extends Schema
     public function fields(): array
     {
         return [
-            ID::make(),
+            ID::make()->uuid()->clientIds(),
             DateTime::make('createdAt')->sortable()->readOnly(),
-            BelongsToMany::make('tags')->readOnly(),
+            BelongsToMany::make('tags'),
             Str::make('title')->sortable(),
             DateTime::make('updatedAt')->sortable()->readOnly(),
             Str::make('url'),

tests/dummy/app/Models/Video.php

@@ -21,18 +21,50 @@
 
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Database\Eloquent\Relations\MorphToMany;
+use Illuminate\Support\Str;
 
 class Video extends Model
 {
 
     use HasFactory;
 
+    /**
+     * @var bool
+     */
+    public $incrementing = false;
+
+    /**
+     * @var string
+     */
+    protected $primaryKey = 'uuid';
+
     /**
      * @var string[]
      */
     protected $fillable = ['title', 'url'];
 
+    /**
+     * @inheritDoc
+     */
+    protected static function booting()
+    {
+        parent::booting();
+
+        self::creating(static function (self $model) {
+            $model->{$model->getKeyName()} = $model->{$model->getKeyName()} ?? Str::uuid()->toString();
+        });
+    }
+
+    /**
+     * @return BelongsTo
+     */
+    public function owner(): BelongsTo
+    {
+        return $this->belongsTo(User::class);
+    }
+
     /**
      * @return MorphToMany
      */

tests/dummy/app/Policies/VideoPolicy.php

@@ -0,0 +1,133 @@
+<?php
+/*
+ * Copyright 2020 Cloud Creativity Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+declare(strict_types=1);
+
+namespace App\Policies;
+
+use App\Models\Post;
+use App\Models\Tag;
+use App\Models\User;
+use App\Models\Video;
+use LaravelJsonApi\Core\Store\LazyRelation;
+
+class VideoPolicy
+{
+
+    /**
+     * @param User|null $user
+     * @return bool
+     */
+    public function viewAny(?User $user): bool
+    {
+        return true;
+    }
+
+    /**
+     * @param User|null $user
+     * @param Video $video
+     * @return bool
+     */
+    public function view(?User $user, Video $video): bool
+    {
+        return true;
+    }
+
+    /**
+     * @param User|null $user
+     * @param Video $video
+     * @return bool
+     */
+    public function viewTags(?User $user, Video $video): bool
+    {
+        return $this->view($user, $video);
+    }
+
+    /**
+     * @param User|null $user
+     * @return bool
+     */
+    public function create(?User $user): bool
+    {
+        return !!$user;
+    }
+
+    /**
+     * @param User|null $user
+     * @param Video $video
+     * @return bool
+     */
+    public function update(?User $user, Video $video): bool
+    {
+        return $this->owner($user, $video);
+    }
+
+    /**
+     * @param User|null $user
+     * @param Video $video
+     * @param LazyRelation $tags
+     * @return bool
+     */
+    public function updateTags(?User $user, Video $video, LazyRelation $tags): bool
+    {
+        $tags->collect()->each(fn(Tag $tag) => $tag);
+
+        return $this->owner($user, $video);
+    }
+
+    /**
+     * @param User|null $user
+     * @param Video $video
+     * @param LazyRelation $tags
+     * @return bool
+     */
+    public function attachTags(?User $user, Video $video, LazyRelation $tags): bool
+    {
+        return $this->updateTags($user, $video, $tags);
+    }
+
+    /**
+     * @param User|null $user
+     * @param Video $video
+     * @param LazyRelation $tags
+     * @return bool
+     */
+    public function detachTags(?User $user, Video $video, LazyRelation $tags): bool
+    {
+        return $this->updateTags($user, $video, $tags);
+    }
+
+    /**
+     * @param User|null $user
+     * @param Video $video
+     * @return bool
+     */
+    public function delete(?User $user, Video $video): bool
+    {
+        return $this->owner($user, $video);
+    }
+
+    /**
+     * @param User|null $user
+     * @param Video $video
+     * @return bool
+     */
+    public function owner(?User $user, Video $video): bool
+    {
+        return $user && $video->owner->is($user);
+    }
+}

tests/dummy/database/migrations/2020_06_13_143800_create_post_and_video_tables.php

@@ -47,10 +47,17 @@ public function up(): void
         });
 
         Schema::create('videos', function (Blueprint $table) {
-            $table->id();
+            $table->uuid('uuid')->primary();
             $table->timestamps();
+            $table->unsignedBigInteger('owner_id');
             $table->string('title');
             $table->string('url');
+
+            $table->foreign('owner_id')
+                ->references('id')
+                ->on('users')
+                ->onDelete('cascade')
+                ->onUpdate('cascade');
         });
 
         Schema::create('comments', function (Blueprint $table) {

tests/dummy/routes/api.php

@@ -8,4 +8,8 @@
         $relationships->hasMany('comments')->readOnly();
         $relationships->hasMany('tags');
     });
+
+    $server->resource('videos')->relationships(function ($relationships) {
+        $relationships->hasMany('tags');
+    });
 });

tests/dummy/tests/Api/V1/Posts/CreateTest.php

@@ -110,6 +110,31 @@ public function testInvalid(): void
         $response->assertExactErrorStatus($expected);
     }
 
+    public function testClientId(): void
+    {
+        $post = Post::factory()->make();
+
+        $data = $this
+            ->serialize($post)
+            ->withId('81166677-f3c4-440c-9a4a-12b89802d731')
+            ->jsonSerialize();
+
+        $expected = [
+            'detail' => "Resource type posts does not support client-generated IDs.",
+            'source' => ['pointer' => '/data/id'],
+            'status' => '403',
+            'title' => 'Not Supported',
+        ];
+
+        $response = $this
+            ->actingAs($post->author)
+            ->jsonApi('posts')
+            ->withData($data)
+            ->post('/api/v1/posts');
+
+        $response->assertExactErrorStatus($expected);
+    }
+
     public function testUnauthorized(): void
     {
         $post = Post::factory()->make();