Added relationship to user and product

app/Http/Controllers/AuthController.php

@@ -4,65 +4,67 @@
 
 use App\Models\User;
 use Illuminate\Http\Request;
-use Illuminate\Http\Response;
 use Illuminate\Support\Facades\Hash;
 
 class AuthController extends Controller
 {
-    public function register(Request $request) {
+    public function register(Request $request)
+    {
         $fields = $request->validate([
             'name' => 'required|string',
             'email' => 'required|string|unique:users,email',
-            'password' => 'required|string|confirmed'
+            'password' => 'required|string|confirmed',
         ]);
 
         $user = User::create([
             'name' => $fields['name'],
             'email' => $fields['email'],
-            'password' => bcrypt($fields['password'])
+            'password' => bcrypt($fields['password']),
         ]);
 
         $token = $user->createToken('myapptoken')->plainTextToken;
 
         $response = [
             'user' => $user,
-            'token' => $token
+            'token' => $token,
         ];
 
         return response($response, 201);
     }
 
-    public function login(Request $request) {
+    public function login(Request $request)
+    {
         $fields = $request->validate([
             'email' => 'required|string',
-            'password' => 'required|string'
+            'password' => 'required|string',
         ]);
 
         // Check email
         $user = User::where('email', $fields['email'])->first();
 
         // Check password
-        if(!$user || !Hash::check($fields['password'], $user->password)) {
+        if (!$user || !Hash::check($fields['password'], $user->password)) {
             return response([
-                'message' => 'Bad creds'
+                'message' => 'Bad creds',
             ], 401);
         }
 
         $token = $user->createToken('myapptoken')->plainTextToken;
 
         $response = [
             'user' => $user,
-            'token' => $token
+            'token' => $token,
         ];
 
         return response($response, 201);
     }
 
-    public function logout(Request $request) {
+    public function logout(Request $request)
+    {
         auth()->user()->tokens()->delete();
 
         return [
-            'message' => 'Logged out'
+            'message' => 'Logged out',
         ];
     }
 }

app/Http/Controllers/ProductController.php

@@ -4,6 +4,7 @@
 
 use App\Models\Product;
 use Illuminate\Http\Request;
+use Illuminate\Http\Response;
 
 class ProductController extends Controller
 {
@@ -20,24 +21,31 @@ public function index()
     /**
      * Store a newly created resource in storage.
      *
-     * @param  \Illuminate\Http\Request  $request
      * @return \Illuminate\Http\Response
      */
     public function store(Request $request)
     {
         $request->validate([
             'name' => 'required',
             'slug' => 'required',
-            'price' => 'required'
+            'price' => 'required',
         ]);
 
-        return Product::create($request->all());
+        // get current user id
+        $userId = $request->user()->id;
+        $product = $request->all();
+        if ($userId) {
+            $product = array_merge($request->all(), ['user_id' => $userId]);
+        }
+
+        return Product::create($product);
     }
 
     /**
      * Display the specified resource.
      *
-     * @param  int  $id
+     * @param int $id
+     *
      * @return \Illuminate\Http\Response
      */
     public function show($id)
@@ -48,32 +56,52 @@ public function show($id)
     /**
      * Update the specified resource in storage.
      *
-     * @param  \Illuminate\Http\Request  $request
-     * @param  int  $id
+     * @param int $id
+     *
      * @return \Illuminate\Http\Response
      */
     public function update(Request $request, $id)
     {
         $product = Product::find($id);
-        $product->update($request->all());
-        return $product;
+
+        if ($product->user_id == $request->user()->id) {
+            // update
+            $product->update($request->all());
+
+            return $product;
+        }
+
+        return response([
+            'message' => 'forbidden to update this product',
+        ], 403);
     }
 
     /**
      * Remove the specified resource from storage.
      *
-     * @param  int  $id
+     * @param int $id
+     *
      * @return \Illuminate\Http\Response
      */
     public function destroy($id)
     {
-        return Product::destroy($id);
+        $product = Product::find($id);
+
+        if ($product->user_id == request()->user()->id) {
+            // delete product
+            return $product->delete();
+        }
+
+        return response([
+            'message' => 'forbidden to delete this product',
+        ], 403);
     }
 
-     /**
-     * Search for a name
+    /**
+     * Search for a name.
+     *
+     * @param string $name
      *
-     * @param  str  $name
      * @return \Illuminate\Http\Response
      */
     public function search($name)

app/Models/Product.php

@@ -13,6 +13,12 @@ class Product extends Model
         'name',
         'slug',
         'description',
-        'price'
+        'price',
+        'user_id',
     ];
+
+    public function user()
+    {
+        $this->belongsTo(Product::class);
+    }
 }

app/Models/User.php

@@ -2,15 +2,16 @@
 
 namespace App\Models;
 
-use Illuminate\Contracts\Auth\MustVerifyEmail;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;
 use Laravel\Sanctum\HasApiTokens;
 
 class User extends Authenticatable
 {
-    use HasFactory, Notifiable, HasApiTokens;
+    use HasFactory;
+    use Notifiable;
+    use HasApiTokens;
 
     /**
      * The attributes that are mass assignable.
@@ -41,4 +42,9 @@ class User extends Authenticatable
     protected $casts = [
         'email_verified_at' => 'datetime',
     ];
+
+    public function products()
+    {
+        $this->hasMany(Product::class);
+    }
 }