RestrictionApi Module

Purpose

Provides a new restriction settings backend interface to add access and visibility restrictions to models.

Access

Ability to set a password against a model to prevent access to its page and sub-pages.

Visibility

Ability to prevent the display of a model in search and block listings.

Also comes with a scope to filter out models with visibility restrictions from custom listings.

Usage

1. Update your model to support restriction settings:
   1. Make your model implement the interface Modules\RestrictionApi\Contracts\HasRestrictionInterface and use the trait Modules\RestrictionApi\Concerns\HasRestrictions
   2. Add a new restriction_settings action url and context sub link to your model for the dashboard. e.g

   'restriction_settings' => route(
       ProjectRouteService::DASH_PROJECT_RESTRICTION_SETTINGS_ROUTE_NAME.'index',
       ['your-model' => $this->id], false
   )
   
   3. If the model is indexed by elasticsearch:
      1. Update the model prepare() function to get the value of the restricted_listing_visibility attribute:

      $searchable['restricted_listing_visibility'] = $this->restricted_listing_visibility;
      
      2. Add the restricted_listing_visibility attribute to the mappableAs() function:

      'restricted_listing_visibility' => 'boolean',
      
2. Add new restriction settings endpoints to the dashboard controller of your model:
   1. Make sure your controller uses the trait Modules\RestrictionApi\Http\Controllers\Concerns\RestrictionSettingsDashboardControllerTrait
   2. Add 2x new functions to render settings form and update:

       /**
        * View restriction settings (visibility, access, etc...)
        */
       public function restrictionSettingsIndex(Project $project): Response
       {
           return $this->renderRestrictionSettings(
               $project->append(self::$globalAppends),
               $project->getRestrictionSettingsUpdateUrl(
                   ProjectRouteService::DASH_PROJECT_BASE_ROUTE_NAME,
                   [ProjectRouteService::PROJECT_ROUTE_MODEL_KEY => $project->id]
               ),
               $this->parentRoute,
           );
       }
   
       /**
        * Store or update a new restriction.
        */
       public function restrictionSettingsUpdate(DashboardRestrictionSettingsFormRequest $request, Project $project): RedirectResponse
       {
           return $this->saveRestrictionSettings($request, $project);
       }
   
3. Update your model routes:
   1. Add backend routes to control the restriction settings:

   Route::name(BaseRouteServiceProvider::removeDashPrefixFromName(self::DASH_PROJECT_RESTRICTION_SETTINGS_ROUTE_NAME))
        ->prefix(RestrictionRouteService::RESTRICTION_SETTINGS_ROUTE)
        ->middleware('can:'.PermissionActions::UPDATE.','.ProjectPermissions::SUBJECT)
        ->group(fn () => RestrictionRouteService::registerDashboardSettingsRoutes($projectController));
   
   2. Wrap all frontend routes of your restricted model around the restricted access middleware to prevent access to models with restrictions and redirect to auth form:

    Route::middleware('restricted.access:'.self::PROJECT_ROUTE_MODEL_KEY)->group(
        function () use ($projectController) {
            // Define project resource routes.
            Route::resource(self::PROJECT_ROUTE_RESOURCE, $projectController)->only([
                'index', 'show',
            ]);
        }
    );
   
   3. Wrap frontend routes of any child models of your restricted model if it is a parentable, e.g for a child Event:

   Route::middleware('restricted.access:'.ParentableContentService::PARENTABLE_MODEL_ROUTE_KEY)
     ->group(fn () => EventRouteService::registerWebRoutes(...$controllerClasses));
   
4. Add feature tests to cover access and visibility restrictions.