Merge branch 'master' into fix/rules-exploit

# Conflicts:
#	src/Rules/MutateRules.php
#	src/Rules/SearchRules.php

Author: GautierDele

README.md

@@ -90,4 +90,4 @@ Here is a quick look at what you can do using API search method:
 
 - Metrics support
 - Refactor the response class
-- Alias for includes / aggregates
+- Alias for includes

src/Concerns/Resource/Paginable.php

@@ -17,11 +17,13 @@ trait Paginable
      */
     public function paginate($query, RestRequest $request)
     {
+        $defaultLimit = $this->defaultLimit ?? 50;
+
         // In case we have a scout builder
         if ($query instanceof Builder) {
-            return $query->paginate($request->input('search.limit', 50), 'page', $request->input('search.page', 1));
+            return $query->paginate($request->input('search.limit', $defaultLimit), 'page', $request->input('search.page', 1));
         }
 
-        return $query->paginate($request->input('search.limit', 50), ['*'], 'page', $request->input('search.page', 1));
+        return $query->paginate($request->input('search.limit', $defaultLimit), ['*'], 'page', $request->input('search.page', 1));
     }
 }

src/Console/stubs/resource.stub

@@ -13,6 +13,13 @@ class {{ class }} extends RestResource
      */
     public static $model = \{{ namespacedModel }}::class;
 
+    /**
+     * The default value for the pagination limit.
+     *
+     * @var int
+     */
+    public int $defaultLimit = 50;
+
     /**
      * The exposed fields that could be provided
      * @param RestRequest $request

src/Console/stubs/user-resource.stub

@@ -13,6 +13,13 @@ class UserResource extends RestResource
      */
     public static $model = \App\User::class;
 
+    /**
+     * The default value for the pagination limit.
+     *
+     * @var int
+     */
+    public int $defaultLimit = 50;
+
     /**
      * The exposed fields that could be provided
      * @param RestRequest $request

src/Http/Resource.php

@@ -46,6 +46,13 @@ class Resource implements \JsonSerializable
      */
     public static $response = Response::class;
 
+    /**
+     * The default value for the pagination limit.
+     *
+     * @var int
+     */
+    public int $defaultLimit = 50;
+
     /**
      * Get a fresh instance of the model represented by the resource.
      *

src/Http/Response.php

@@ -71,7 +71,7 @@ public function modelToResponse(Model $model, Resource $resource, array $request
                         // Here we add the aggregates
                         collect($currentRequestArray['aggregates'] ?? [])
                             ->map(function ($aggregate) {
-                                return Str::snake($aggregate['relation']).'_'.$aggregate['type'].(isset($aggregate['field']) ? '_'.$aggregate['field'] : '');
+                                return $aggregate['alias'] ?? Str::snake($aggregate['relation']).'_'.$aggregate['type'].(isset($aggregate['field']) ? '_'.$aggregate['field'] : '');
                             })
                             ->toArray()
                     )

src/Query/ScoutBuilder.php

@@ -49,7 +49,8 @@ public function search(array $parameters = [])
             $this->applyInstructions($parameters['instructions']);
         });
 
-        $this->queryBuilder->take($parameters['limit'] ?? 50);
+        $defaultLimit = $this->resource->defaultLimit ?? 50;
+        $this->queryBuilder->take($parameters['limit'] ?? $defaultLimit);
 
         $this->queryBuilder
             ->query(function (Builder $query) use ($parameters) {

src/Query/Traits/PerformSearch.php

@@ -237,7 +237,13 @@ public function applyIncludes($includes)
      */
     public function aggregate($aggregate)
     {
-        return $this->queryBuilder->withAggregate([$aggregate['relation'] => function (Builder $query) use ($aggregate) {
+        $relation = $aggregate['relation'];
+
+        if (isset($aggregate['alias'])) {
+            $relation .= ' as '.$aggregate['alias'];
+        }
+
+        return $this->queryBuilder->withAggregate([$relation => function (Builder $query) use ($aggregate) {
             $resource = $this->resource->relation($aggregate['relation'])?->resource();
 
             $queryBuilder = $this->newQueryBuilder(['resource' => $resource, 'query' => $query]);

src/Relations/MorphedByMany.php

@@ -47,21 +47,78 @@ public function afterMutating(Model $model, Relation $relation, array $mutationR
     {
         foreach ($mutationRelations[$relation->relation] as $mutationRelation) {
             if ($mutationRelation['operation'] === 'detach') {
+                $toDetachModel = app()->make(QueryBuilder::class, ['resource' => $relation->resource()])
+                    ->applyMutation($mutationRelation);
+
+                $this->resource()->authorizeToDetach($model, $toDetachModel);
+
                 $model
                     ->{$relation->relation}()
                     ->detach(
-                        app()->make(QueryBuilder::class, ['resource' => $relation->resource()])
-                            ->applyMutation($mutationRelation)
-                            ->getKey()
+                        $toDetachModel->getKey()
                     );
-            } else {
+            } elseif ($mutationRelation['operation'] === 'attach') {
+                $toAttachModel = app()->make(QueryBuilder::class, ['resource' => $relation->resource()])
+                    ->applyMutation($mutationRelation);
+
+                $this->resource()->authorizeToAttach($model, $toAttachModel);
+
                 $model
                     ->{$relation->relation}()
                     ->attach(
+                        [
+                            $toAttachModel->getKey() => $mutationRelation['pivot'] ?? [],
+                        ]
+                    );
+            } elseif ($mutationRelation['operation'] === 'toggle') {
+                $results = $model
+                    ->{$relation->relation}()
+                    ->toggle(
+                        [
+                            app()->make(QueryBuilder::class, ['resource' => $relation->resource()])
+                                ->applyMutation($mutationRelation)
+                                ->getKey() => $mutationRelation['pivot'] ?? [],
+                        ]
+                    );
+
+                foreach ($results['attached'] as $attached) {
+                    $this->resource()->authorizeToAttach($model, $relation->resource()::$model::find($attached));
+                }
+
+                foreach ($results['detached'] as $detached) {
+                    $this->resource()->authorizeToDetach($model, $relation->resource()::$model::find($detached));
+                }
+            } elseif ($mutationRelation['operation'] === 'sync') {
+                $results = $model
+                    ->{$relation->relation}()
+                    ->sync(
                         [
                             app()->make(QueryBuilder::class, ['resource' => $relation->resource()])
                                 ->applyMutation($mutationRelation)
                                 ->getKey() => $mutationRelation['pivot'] ?? [],
+                        ],
+                        !isset($mutationRelation['without_detaching']) || !$mutationRelation['without_detaching']
+                    );
+
+                foreach ($results['attached'] as $attached) {
+                    $this->resource()->authorizeToAttach($model, $relation->resource()::$model::find($attached));
+                }
+
+                foreach ($results['detached'] as $detached) {
+                    $this->resource()->authorizeToDetach($model, $relation->resource()::$model::find($detached));
+                }
+            } elseif (in_array($mutationRelation['operation'], ['create', 'update'])) {
+                $toAttachModel = app()->make(QueryBuilder::class, ['resource' => $relation->resource()])
+                    ->applyMutation($mutationRelation);
+
+                $this->resource()->authorizeToAttach($model, $toAttachModel);
+
+                $model
+                    ->{$relation->relation}()
+                    ->syncWithoutDetaching(
+                        [
+                            $toAttachModel
+                                ->getKey() => $mutationRelation['pivot'] ?? [],
                         ]
                     );
             }