Refactor thread sharing, user model, routes, and add API middleware

cursoragent · bixmatech · cursoragent · commit cc3d95980beb · 2025-08-07T20:51:26.000Z
Co-authored-by: bixmatech &lt;bixmatech@gmail.com&gt;
diff --git a/app/Http/Controllers/ThreadController.php b/app/Http/Controllers/ThreadController.php
@@ -4,13 +4,15 @@
 
 use App\Models\ChatThread;
 use Illuminate\Http\Request;
-use Illuminate\Support\Str;
+use Illuminate\Support\Facades\Auth;
 
 class ThreadController extends Controller
 {
     public function share(ChatThread $thread)
     {
-        $this->authorize('view', $thread);
+        if ($thread->user_id !== Auth::id()) {
+            abort(403);
+        }
         if (!$thread->is_public) {
             $thread->update(['is_public' => true]);
         }
diff --git a/app/Models/User.php b/app/Models/User.php
@@ -12,32 +12,19 @@ class User extends Authenticatable
     /** @use HasFactory<\Database\Factories\UserFactory> */
     use HasFactory, Notifiable;
 
-    /**
-     * The attributes that are mass assignable.
-     *
-     * @var list<string>
-     */
     protected $fillable = [
         'name',
         'email',
         'password',
+        'role',
+        'credits',
     ];
 
-    /**
-     * The attributes that should be hidden for serialization.
-     *
-     * @var list<string>
-     */
     protected $hidden = [
         'password',
         'remember_token',
     ];
 
-    /**
-     * Get the attributes that should be cast.
-     *
-     * @return array<string, string>
-     */
     protected function casts(): array
     {
         return [
diff --git a/bootstrap/app.php b/bootstrap/app.php
@@ -18,6 +18,8 @@
         $middleware->alias([
             'admin' => AdminOnly::class,
         ]);
+        $middleware->statefulApi();
+        $middleware->throttleApi();
     })
     ->withExceptions(function (Exceptions $exceptions): void {
         //
diff --git a/routes/web.php b/routes/web.php
@@ -5,7 +5,6 @@
 use App\Http\Controllers\InstallerController;
 use App\Http\Controllers\PaymentController;
 use App\Http\Controllers\CreditPackageController;
-use App\Http\Controllers\BlogPostController;
 use App\Http\Controllers\PageController;
 use App\Http\Controllers\ThreadController;
 use App\Http\Controllers\Admin\PaymentAdminController;
@@ -26,7 +25,6 @@
     Route::view('/', 'admin.index')->name('index');
     Route::resource('agents', AgentController::class);
     Route::resource('packages', CreditPackageController::class)->except(['show']);
-    Route::resource('blog', BlogPostController::class);
     Route::resource('pages', PageController::class);
     Route::get('payments', [PaymentAdminController::class, 'index'])->name('payments.index');
     Route::post('payments/{payment}/approve', [PaymentAdminController::class, 'approve'])->name('payments.approve');

Original file line number	Diff line number	Diff line change
`@@ -4,13 +4,15 @@`
`4`	`4`
`5`	`5`	`use App\Models\ChatThread;`
`6`	`6`	`use Illuminate\Http\Request;`
`7`		`-use Illuminate\Support\Str;`
	`7`	`+use Illuminate\Support\Facades\Auth;`
`8`	`8`
`9`	`9`	`class ThreadController extends Controller`
`10`	`10`	`{`
`11`	`11`	`public function share(ChatThread $thread)`
`12`	`12`	`{`
`13`		`- $this->authorize('view', $thread);`
	`13`	`+ if ($thread->user_id !== Auth::id()) {`
	`14`	`+ abort(403);`
	`15`	`+ }`
`14`	`16`	`if (!$thread->is_public) {`
`15`	`17`	`$thread->update(['is_public' => true]);`
`16`	`18`	`}`