move domains to project scope

Author: saeedvaziry

app/Actions/Domain/AddDomain.php

@@ -4,6 +4,7 @@
 
 use App\Models\DNSProvider;
 use App\Models\Domain;
+use App\Models\Project;
 use App\Models\User;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Validation\Rule;
@@ -16,7 +17,7 @@ class AddDomain
      *
      * @throws ValidationException
      */
-    public function add(User $user, array $input): Domain
+    public function add(User $user, Project $project, array $input): Domain
     {
         $this->validate($input);
 
@@ -36,6 +37,7 @@ public function add(User $user, array $input): Domain
         $domain = new Domain;
         $domain->dns_provider_id = $dnsProvider->id;
         $domain->user_id = $user->id;
+        $domain->project_id = $project->id;
         $domain->domain = $domainData['name'];
         $domain->provider_domain_id = $domainData['id'];
         $domain->metadata = $domainData;

app/Http/Controllers/API/DNSProviderController.php

@@ -8,6 +8,7 @@
 use App\Http\Controllers\Controller;
 use App\Http\Resources\DNSProviderResource;
 use App\Models\DNSProvider;
+use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Http\Resources\Json\ResourceCollection;
 use Spatie\RouteAttributes\Attributes\Delete;
@@ -69,4 +70,14 @@ public function destroy(DNSProvider $dnsProvider): \Illuminate\Http\JsonResponse
 
         return response()->json(['message' => 'DNS provider deleted successfully']);
     }
+
+    #[Get('{dnsProvider}/available', name: 'api.dns-providers.available', middleware: 'ability:read')]
+    public function availableDomains(DNSProvider $dnsProvider): JsonResponse
+    {
+        $this->authorize('view', $dnsProvider);
+
+        $domains = $dnsProvider->provider()->getDomains();
+
+        return response()->json($domains);
+    }
 }

app/Http/Controllers/API/DNSRecordController.php

@@ -9,6 +9,7 @@
 use App\Http\Resources\DNSRecordResource;
 use App\Models\DNSRecord;
 use App\Models\Domain;
+use App\Models\Project;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Http\Resources\Json\ResourceCollection;
@@ -19,67 +20,83 @@
 use Spatie\RouteAttributes\Attributes\Post;
 use Spatie\RouteAttributes\Attributes\Prefix;
 
-#[Prefix('api/domains/{domain}/records')]
-#[Middleware(['auth:sanctum'])]
+#[Prefix('api/projects/{project}/domains/{domain}/records')]
+#[Middleware(['auth:sanctum', 'can-see-project'])]
 class DNSRecordController extends Controller
 {
     #[Get('/', name: 'api.dns-records', middleware: 'ability:read')]
-    public function index(Domain $domain): ResourceCollection
+    public function index(Project $project, Domain $domain): ResourceCollection
     {
         $this->authorize('view', $domain);
 
+        $this->validateRoute($project, $domain);
+
         $records = $domain->records()->orderBy('type')->orderBy('name')->get();
 
         return DNSRecordResource::collection($records);
     }
 
     #[Post('/', name: 'api.dns-records.create', middleware: 'ability:write')]
-    public function create(Request $request, Domain $domain): DNSRecordResource
+    public function create(Request $request, Project $project, Domain $domain): DNSRecordResource
     {
         $this->authorize('update', $domain);
 
+        $this->validateRoute($project, $domain);
+
         $record = app(CreateDNSRecord::class)->create($domain, $request->all());
 
         return new DNSRecordResource($record);
     }
 
     #[Get('{dnsRecord}', name: 'api.dns-records.show', middleware: 'ability:read')]
-    public function show(Domain $domain, DNSRecord $dnsRecord): DNSRecordResource
+    public function show(Project $project, Domain $domain, DNSRecord $dnsRecord): DNSRecordResource
     {
-        if ($dnsRecord->domain_id !== $domain->id) {
-            abort(404);
-        }
-
         $this->authorize('view', $domain);
 
+        $this->validateRoute($project, $domain);
+
+        $this->validateRecord($domain, $dnsRecord);
+
         return new DNSRecordResource($dnsRecord);
     }
 
     #[Patch('{dnsRecord}', name: 'api.dns-records.update', middleware: 'ability:write')]
-    public function update(Request $request, Domain $domain, DNSRecord $dnsRecord): DNSRecordResource
+    public function update(Request $request, Project $project, Domain $domain, DNSRecord $dnsRecord): DNSRecordResource
     {
-        if ($dnsRecord->domain_id !== $domain->id) {
-            abort(404);
-        }
-
         $this->authorize('update', $domain);
 
+        $this->validateRoute($project, $domain);
+
+        $this->validateRecord($domain, $dnsRecord);
+
         app(UpdateDNSRecord::class)->update($dnsRecord, $request->all());
 
         return new DNSRecordResource($dnsRecord);
     }
 
     #[Delete('{dnsRecord}', name: 'api.dns-records.destroy', middleware: 'ability:write')]
-    public function destroy(Domain $domain, DNSRecord $dnsRecord): JsonResponse
+    public function destroy(Project $project, Domain $domain, DNSRecord $dnsRecord): JsonResponse
     {
-        if ($dnsRecord->domain_id !== $domain->id) {
-            abort(404);
-        }
-
         $this->authorize('update', $domain);
+        $this->validateRoute($project, $domain);
+        $this->validateRecord($domain, $dnsRecord);
 
         app(DeleteDNSRecord::class)->delete($dnsRecord);
 
         return response()->json(['message' => 'DNS record deleted successfully']);
     }
+
+    private function validateRoute(Project $project, Domain $domain): void
+    {
+        if ($project->id !== $domain->project_id) {
+            abort(404, 'Domain not found in project');
+        }
+    }
+
+    private function validateRecord(Domain $domain, DNSRecord $dnsRecord): void
+    {
+        if ($dnsRecord->domain_id !== $domain->id) {
+            abort(404, 'DNS record not found in domain');
+        }
+    }
 }

app/Http/Controllers/API/DomainController.php

@@ -6,8 +6,8 @@
 use App\Actions\Domain\RemoveDomain;
 use App\Http\Controllers\Controller;
 use App\Http\Resources\DomainResource;
-use App\Models\DNSProvider;
 use App\Models\Domain;
+use App\Models\Project;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Http\Resources\Json\ResourceCollection;
@@ -17,56 +17,58 @@
 use Spatie\RouteAttributes\Attributes\Post;
 use Spatie\RouteAttributes\Attributes\Prefix;
 
-#[Prefix('api/domains')]
-#[Middleware(['auth:sanctum'])]
+#[Prefix('api/projects/{project}/domains')]
+#[Middleware(['auth:sanctum', 'can-see-project'])]
 class DomainController extends Controller
 {
-    #[Get('/', name: 'api.domains', middleware: 'ability:read')]
-    public function index(): ResourceCollection
+    #[Get('/', name: 'api.projects.domains', middleware: 'ability:read')]
+    public function index(Project $project): ResourceCollection
     {
-        $this->authorize('viewAny', Domain::class);
+        $this->authorize('viewAny', [Domain::class, $project]);
 
-        $domains = user()->domains()->with('dnsProvider')->simplePaginate(25);
+        $domains = $project->domains()->with('dnsProvider')->simplePaginate(25);
 
         return DomainResource::collection($domains);
     }
 
-    #[Post('/', name: 'api.domains.create', middleware: 'ability:write')]
-    public function create(Request $request): DomainResource
+    #[Post('/', name: 'api.projects.domains.create', middleware: 'ability:write')]
+    public function create(Request $request, Project $project): DomainResource
     {
-        $this->authorize('create', Domain::class);
+        $this->authorize('create', [Domain::class, $project]);
 
         $user = user();
-        $domain = app(AddDomain::class)->add($user, $request->all());
+
+        $domain = app(AddDomain::class)->add($user, $project, $request->all());
 
         return new DomainResource($domain->load('dnsProvider'));
     }
 
-    #[Get('{domain}', name: 'api.domains.show', middleware: 'ability:read')]
-    public function show(Domain $domain): DomainResource
+    #[Get('{domain}', name: 'api.projects.domains.show', middleware: 'ability:read')]
+    public function show(Project $project, Domain $domain): DomainResource
     {
         $this->authorize('view', $domain);
 
+        $this->validateRoute($project, $domain);
+
         return new DomainResource($domain->load('dnsProvider'));
     }
 
-    #[Delete('{domain}', name: 'api.domains.destroy', middleware: 'ability:write')]
-    public function destroy(Domain $domain): JsonResponse
+    #[Delete('{domain}', name: 'api.projects.domains.destroy', middleware: 'ability:write')]
+    public function destroy(Project $project, Domain $domain): JsonResponse
     {
         $this->authorize('delete', $domain);
 
+        $this->validateRoute($project, $domain);
+
         app(RemoveDomain::class)->remove($domain);
 
         return response()->json(['message' => 'Domain removed successfully']);
     }
 
-    #[Get('{dnsProvider}/available', name: 'api.domains.available', middleware: 'ability:read')]
-    public function availableDomains(DNSProvider $dnsProvider): JsonResponse
+    private function validateRoute(Project $project, Domain $domain): void
     {
-        $this->authorize('view', $dnsProvider);
-
-        $domains = $dnsProvider->provider()->getDomains();
-
-        return response()->json($domains);
+        if ($project->id !== $domain->project_id) {
+            abort(404, 'Domain not found in project');
+        }
     }
 }

app/Http/Controllers/DomainController.php

@@ -27,24 +27,28 @@ class DomainController extends Controller
     #[Get('/', name: 'domains')]
     public function index(): Response
     {
-        $this->authorize('viewAny', Domain::class);
-
         $user = user();
 
+        $this->authorize('viewAny', [Domain::class, $user->currentProject]);
+
+        $domains = $user->currentProject->domains()->latest()->with('dnsProvider')->simplePaginate(config('web.pagination_size'));
+
         return Inertia::render('domains/index', [
-            'domains' => DomainResource::collection(Domain::getByProjectId($user->current_project_id, $user)->with('dnsProvider')->simplePaginate(config('web.pagination_size'))),
+            'domains' => DomainResource::collection($domains),
             'dnsProviders' => DNSProvider::getByProjectId($user->current_project_id, $user)->where('connected', true)->get(),
         ]);
     }
 
     #[Get('/json', name: 'domains.json')]
     public function json(): ResourceCollection
     {
-        $this->authorize('viewAny', Domain::class);
-
         $user = user();
 
-        return DomainResource::collection(Domain::getByProjectId($user->current_project_id, $user)->with('dnsProvider')->get());
+        $this->authorize('viewAny', [Domain::class, $user->currentProject]);
+
+        $domains = $user->currentProject->domains()->with('dnsProvider')->orderByDesc('id')->get();
+
+        return DomainResource::collection($domains);
     }
 
     #[Get('/{dnsProvider}/available', name: 'domains.available')]
@@ -60,9 +64,11 @@ public function availableDomains(DNSProvider $dnsProvider): JsonResponse
     #[Post('/', name: 'domains.store')]
     public function store(Request $request): RedirectResponse
     {
-        $this->authorize('create', Domain::class);
+        $user = user();
+
+        $this->authorize('create', [Domain::class, $user->currentProject]);
 
-        app(AddDomain::class)->add(user(), $request->all());
+        app(AddDomain::class)->add($user, $user->currentProject, $request->all());
 
         return back()->with('success', 'Domain added.');
     }

app/Http/Controllers/Workflow/WorkflowController.php

@@ -20,7 +20,7 @@
 use Spatie\RouteAttributes\Attributes\Put;
 
 #[Prefix('workflows')]
-#[Middleware('auth')]
+#[Middleware(['auth', 'has-project'])]
 class WorkflowController extends Controller
 {
     #[Get('/', name: 'workflows')]

app/Http/Controllers/Workflow/WorkflowRunController.php

@@ -17,7 +17,7 @@
 use Spatie\RouteAttributes\Attributes\Prefix;
 
 #[Prefix('workflows/{workflow}/runs')]
-#[Middleware('auth')]
+#[Middleware(['auth', 'has-project'])]
 class WorkflowRunController extends Controller
 {
     #[Get('/', name: 'workflow-runs')]

app/Models/Domain.php

@@ -3,7 +3,6 @@
 namespace App\Models;
 
 use Database\Factories\DomainFactory;
-use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Database\Eloquent\Relations\HasMany;
@@ -13,11 +12,13 @@
 /**
  * @property int $dns_provider_id
  * @property int $user_id
+ * @property int $project_id
  * @property string $domain
  * @property string $provider_domain_id
  * @property array<string, mixed> $metadata
  * @property DNSProvider $dnsProvider
  * @property User $user
+ * @property Project $project
  * @property DNSRecord[] $records
  */
 class Domain extends AbstractModel
@@ -28,6 +29,7 @@ class Domain extends AbstractModel
     protected $fillable = [
         'dns_provider_id',
         'user_id',
+        'project_id',
         'domain',
         'provider_domain_id',
         'metadata',
@@ -36,6 +38,7 @@ class Domain extends AbstractModel
     protected $casts = [
         'dns_provider_id' => 'integer',
         'user_id' => 'integer',
+        'project_id' => 'integer',
         'metadata' => 'array',
     ];
 
@@ -56,28 +59,19 @@ public function user(): BelongsTo
     }
 
     /**
-     * @return HasMany<DNSRecord, covariant $this>
+     * @return BelongsTo<Project, covariant $this>
      */
-    public function records(): HasMany
+    public function project(): BelongsTo
     {
-        return $this->hasMany(DNSRecord::class);
+        return $this->belongsTo(Project::class);
     }
 
     /**
-     * @return Builder<Domain>
+     * @return HasMany<DNSRecord, covariant $this>
      */
-    public static function getByProjectId(int $projectId, User $user): Builder
+    public function records(): HasMany
     {
-        /** @var Builder<Domain> $query */
-        $query = static::query();
-
-        return $query
-            ->where('user_id', $user->id)
-            ->whereHas('dnsProvider', function (Builder $query) use ($projectId): void {
-                $query->where(function (Builder $query) use ($projectId): void {
-                    $query->where('project_id', $projectId)->orWhereNull('project_id');
-                });
-            });
+        return $this->hasMany(DNSRecord::class);
     }
 
     public function syncDnsRecords(): void