feat(request): implement Wishbox request model and API endpoints (#110)

Introduce Wishbox request model and create API endpoints for listing,
showing, creating, and deleting requests. Implement permissions to
control access for viewing and deleting requests.

---
 - Close: #23 
 - Close: #7 
 - Close: #8 
 - Close: #9

---------

Signed-off-by: Valentin Sickert <[email protected]>

Author: Lapotor

app/Http/Controllers/RequestController.php

@@ -0,0 +1,98 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Http\Responses\ApiErrorResponse;
+use App\Http\Responses\ApiSuccessResponse;
+use App\Models\Request as WishRequest;
+use App\Permissions\RequestPermissions;
+use Illuminate\Http\Request;
+use Illuminate\Http\Response;
+
+class RequestController extends Controller
+{
+
+
+    /**
+     * Constructor method for the RequestController class.
+     * Applies middleware permissions for specific controller actions.
+     *
+     * @codeCoverageIgnore
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        $this->middleware('permission:' . RequestPermissions::CAN_VIEW_REQUESTS)->only(['index', 'show']);
+        $this->middleware('permission:' . RequestPermissions::CAN_DELETE_REQUESTS)->only(['destroy']);
+    }
+
+    /**
+     * Retrieve a paginated list of requests.
+     *
+     * @param  Request  $httpRequest
+     * @return \Illuminate\Pagination\LengthAwarePaginator
+     */
+    public function index(Request $httpRequest): \Illuminate\Pagination\LengthAwarePaginator
+    {
+        $httpRequest->validate([
+            'sort' => 'string|in:id,id:asc,id:desc,name,name:asc,name:desc,created_at,created_at:asc,created_at:desc,',
+            'per_page' => 'integer|between:1,50',
+        ]);
+
+        if ($httpRequest->sort !== null) {
+            $sort = explode(':', $httpRequest->sort);
+            $requests = WishRequest::orderBy($sort[0], $sort[1] ?? 'asc')->paginate($httpRequest->per_page ?? 25);
+        } else {
+            $requests = WishRequest::orderBy('created_at')->paginate($httpRequest->per_page ?? 25);
+        }
+
+        return $requests;
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     */
+    public function store(Request $httpRequest)
+    {
+        $httpRequest->validate([
+            'name' => 'required|string|max:255',
+            'message' => 'required|string',
+        ]);
+
+        $request = WishRequest::create([
+            'name' => $httpRequest->name,
+            'message' => $httpRequest->message,
+        ]);
+
+        if ($request === null) {
+            // @codeCoverageIgnoreStart
+            return new ApiErrorResponse('Failed to create request');
+            // @codeCoverageIgnoreEnd
+        } else {
+            return new ApiSuccessResponse($request, status: Response::HTTP_CREATED);
+        }
+    }
+
+    /**
+     * Display the specified resource.
+     */
+    public function show(WishRequest $request)
+    {
+        return new ApiSuccessResponse($request);
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     */
+    public function destroy(WishRequest $request)
+    {
+        if($request->delete()) {
+            return new ApiSuccessResponse('', status: Response::HTTP_NO_CONTENT);
+        } else {
+            // @codeCoverageIgnoreStart
+            return new ApiErrorResponse('Failed to delete');
+            // @codeCoverageIgnoreEnd
+        }
+    }
+}

app/Models/Request.php

@@ -0,0 +1,40 @@
+<?php
+
+namespace App\Models;
+
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
+
+class Request extends Model
+{
+    use HasFactory;
+
+    /**
+     * The attributes that are mass assignable.
+     *
+     * @var array<int, string>
+     */
+    protected $fillable = [
+        'name',
+        'message',
+    ];
+
+    /**
+     * The attributes that should be hidden for serialization.
+     *
+     * @var array<int, string>
+     */
+    protected $hidden = [
+        'updated_at',
+    ];
+
+    /**
+     * The attributes that should be cast.
+     *
+     * @var array<string, string>
+     */
+    protected $casts = [
+        'created_at' => 'datetime',
+        'updated_at' => 'datetime',
+    ];
+}

app/Permissions/RequestPermissions.php

@@ -0,0 +1,17 @@
+<?php
+
+namespace App\Permissions;
+
+/**
+ * Class RequestPermissions
+ *
+ * This class defines the permissions related to requests.
+ */
+class RequestPermissions
+{
+    /** Permission for listing and view all users. */
+    public const CAN_VIEW_REQUESTS = 'requests.view';
+
+    /** Permission for deleting users. */
+    public const CAN_DELETE_REQUESTS = 'requests.delete';
+}

database/factories/RequestFactory.php

@@ -0,0 +1,24 @@
+<?php
+
+namespace Database\Factories;
+
+use Illuminate\Database\Eloquent\Factories\Factory;
+
+/**
+ * @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\Request>
+ */
+class RequestFactory extends Factory
+{
+    /**
+     * Define the model's default state.
+     *
+     * @return array<string, mixed>
+     */
+    public function definition(): array
+    {
+        return [
+            'name' => $this->faker->name,
+            'message' => $this->faker->paragraph()
+        ];
+    }
+}

database/migrations/2023_12_29_205859_create_requests_table.php

@@ -0,0 +1,29 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::create('requests', function (Blueprint $table) {
+            $table->id();
+            $table->string('name');
+            $table->text('message')->max(2000);
+            $table->timestamps();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::dropIfExists('requests');
+    }
+};

database/migrations/2023_12_29_212656_add_request_permissions.php

@@ -0,0 +1,34 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Spatie\Permission\Models\Permission;
+use Illuminate\Support\Facades\DB;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Permission::create([
+            'name' => 'requests.view',
+            'guard_name' => 'web',
+        ]);
+        Permission::create([
+            'name' => 'requests.delete',
+            'guard_name' => 'web',
+        ]);
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        DB::table('permissions')->whereIn('name', [
+            'requests.view',
+            'requests.delete',
+        ])->delete();
+    }
+};

routes/api.php

@@ -24,5 +24,6 @@
     require __DIR__ . '/api/v1/auth.php';
     require __DIR__ . '/api/v1/user.php';
     require __DIR__ . '/api/v1/role.php';
+    require __DIR__ . '/api/v1/request.php';
     require __DIR__ . '/api/v1/permission.php';
 });

routes/api/v1/request.php

@@ -0,0 +1,13 @@
+<?php
+
+use App\Http\Controllers\RequestController;
+use Illuminate\Support\Facades\Route;
+
+
+Route::post('/requests', [RequestController::class, 'store'])->name('api.v1.requests.store');
+
+Route::group(['middleware' => 'auth:sanctum'], function () {
+    Route::get('/requests', [RequestController::class, 'index'])->name('api.v1.requests.index');
+    Route::get('/requests/{request}', [RequestController::class, 'show'])->name('api.v1.requests.show');
+    Route::delete('/requests/{request}', [RequestController::class, 'destroy'])->name('api.v1.requests.destroy');
+});