feat: update ArticlePublishingCoordinator to use current author ID and enforce publish permissions

aspirantzhang · aspirantzhang · commit 5c8460d0239b · 2025-03-12T15:24:29.000+08:00
diff --git a/contexts/ArticlePublishing/Application/Coordinators/ArticlePublishingCoordinator.php b/contexts/ArticlePublishing/Application/Coordinators/ArticlePublishingCoordinator.php
@@ -37,7 +37,7 @@ public function create(CreateArticleDTO $data): Article
 
         $authorId = $data->authorId
                         ? AuthorId::fromInt($data->authorId)
-                        : AuthorId::fromInt($this->currentUserGateway->getId()->getValue());
+                        : $this->currentUserGateway->getCurrentAuthorId();
 
         $article = match ($data->status) {
             'draft' => $this->createDraft($data, $authorId),
@@ -81,6 +81,10 @@ private function createPublished(CreateArticleDTO $data, AuthorId $authorId): Ar
 
     public function publishDraft(int $id): void
     {
+        CompositePolicy::allOf([
+            new GlobalPermissionPolicy('publish_article'),
+        ])->check();
+
         $article = $this->repository->getById(ArticleId::fromInt($id));
         $article->publish();
 
@@ -101,6 +105,10 @@ public function getArticleList(GetArticleListDTO $data): LengthAwarePaginator
 
     public function updateArticle(int $id, UpdateArticleDTO $data): Article
     {
+        CompositePolicy::allOf([
+            new GlobalPermissionPolicy('publish_article'),
+        ])->check();
+
         $article = $this->repository->getById(ArticleId::fromInt($id));
         $article->revise(
             $data->title,
@@ -120,6 +128,10 @@ public function updateArticle(int $id, UpdateArticleDTO $data): Article
 
     public function archiveArticle(int $id)
     {
+        CompositePolicy::allOf([
+            new GlobalPermissionPolicy('publish_article'),
+        ])->check();
+
         $article = $this->repository->getById(ArticleId::fromInt($id));
 
         $article->archive();
@@ -130,6 +142,10 @@ public function archiveArticle(int $id)
 
     public function deleteArticle(int $id)
     {
+        CompositePolicy::allOf([
+            new GlobalPermissionPolicy('publish_article'),
+        ])->check();
+
         $article = $this->repository->getById(ArticleId::fromInt($id));
         $article->delete();
 
