diff --git a/app/Http/Controllers/Api/UserController.php b/app/Http/Controllers/Api/UserController.php index c0812b7c..f251cd29 100644 --- a/app/Http/Controllers/Api/UserController.php +++ b/app/Http/Controllers/Api/UserController.php @@ -3,6 +3,7 @@ namespace App\Http\Controllers\Api; use App\Contracts\Controller; +use App\Exceptions\Unauthorized; use App\Exceptions\UserNotFound; use App\Http\Resources\Bid as BidResource; use App\Http\Resources\Pirep as PirepResource; @@ -144,6 +145,28 @@ class UserController extends Controller return BidResource::collection($bids); } + /** + * Get a particular bid for a user + * + * @param $bid_id + * @param \Illuminate\Http\Request $request + * + * @return \App\Http\Resources\Bid + */ + public function get_bid($bid_id, Request $request) + { + /** @var \App\Models\User $user */ + $user = Auth::user(); + + // Return the current bid + $bid = $this->bidSvc->getBid($user, $bid_id); + if ($bid->user_id !== $user->id) { + throw new Unauthorized(new \Exception('Bid not not belong to authenticated user')); + } + + return new BidResource($bid); + } + /** * Return the fleet that this user is allowed to * diff --git a/app/Models/Bid.php b/app/Models/Bid.php index e389f904..362a07b9 100644 --- a/app/Models/Bid.php +++ b/app/Models/Bid.php @@ -6,7 +6,7 @@ use App\Contracts\Model; use Carbon\Carbon; /** - * @property string user_id + * @property int user_id * @property string flight_id * @property Carbon created_at * @property Carbon updated_at diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php index 30d30be0..09330fa0 100755 --- a/app/Providers/RouteServiceProvider.php +++ b/app/Providers/RouteServiceProvider.php @@ -584,6 +584,10 @@ class RouteServiceProvider extends ServiceProvider Route::get('user/fleet', 'UserController@fleet'); Route::get('user/pireps', 'UserController@pireps'); + Route::get('bids', 'UserController@bids'); + Route::get('bids/{id}', 'UserController@get_bid'); + Route::get('user/bids/{id}', 'UserController@get_bid'); + Route::get('user/bids', 'UserController@bids'); Route::put('user/bids', 'UserController@bids'); Route::post('user/bids', 'UserController@bids'); diff --git a/app/Services/BidService.php b/app/Services/BidService.php index bb4f12b7..6a0d8047 100644 --- a/app/Services/BidService.php +++ b/app/Services/BidService.php @@ -30,12 +30,24 @@ class BidService extends Service * * @param $bid_id * - * @return \App\Models\Bid|\Illuminate\Database\Eloquent\Model|tests/ImporterTest.php:521object|null + * @return \App\Models\Bid|\Illuminate\Database\Eloquent\Model|object|null */ - public function getBid($bid_id) + public function getBid(User $user, $bid_id): Bid { - return Bid::with(['flight', 'flight.simbrief']) - ->where(['id' => $bid_id])->first(); + $with = [ + 'flight', + 'flight.fares', + 'flight.simbrief' => function ($query) use ($user) { + $query->where('user_id', $user->id); + }, + 'flight.simbrief.aircraft', + 'flight.simbrief.aircraft.subfleet', + 'flight.subfleets', + 'flight.subfleets.aircraft', + 'flight.subfleets.fares', + ]; + + return Bid::with($with)->where(['id' => $bid_id])->first(); } /** @@ -132,7 +144,7 @@ class BidService extends Service $flight->has_bid = true; $flight->save(); - return $this->getBid($bid->id); + return $this->getBid($user, $bid->id); } /** diff --git a/tests/BidTest.php b/tests/BidTest.php index 773d55bf..0a0e3b9f 100644 --- a/tests/BidTest.php +++ b/tests/BidTest.php @@ -185,6 +185,8 @@ class BidTest extends TestCase { $this->user = factory(User::class)->create(); $user2 = factory(User::class)->create(); + + /** @var \App\Models\Flight $flight */ $flight = $this->addFlight($this->user); $uri = '/api/user/bids'; @@ -194,6 +196,14 @@ class BidTest extends TestCase $body = $body->json('data'); $this->assertEquals($body['flight_id'], $flight->id); + $this->assertNotEmpty($body['flight']); + + $res = $this->get('/api/bids/'.$body['id']); + $res->assertOk(); + + $body = $res->json('data'); + $this->assertEquals($body['flight_id'], $flight->id); + $this->assertNotEmpty($body['flight']); // Now try to have the second user bid on it // Should return a 409 error