We have no special actions on a model, leaving them to pure Laravel functionality and the api supports relationship mappings for:
Important is the fillable attribute as we use that to determine what we will write to the record.
Scopes will need to be whitelisted.
Policies use the Laravel Base Policy functionality: https://laravel.com/docs/6.x/authorization#generating-policies
Generate with php artisan make:api:policy Name --model=Model
This will generate the sceleton policy with the following methods
viewAny - called by the controller index actionview - called by the controller show actioncreate - called by the controller create actionupdate - called by the controller update actiondelete - called by the controller delete actionOptional Query/Data modifiers in policies for the api endpoints
qualifyCollectionQueryWithUser($user, $builder) -> return void - add any queries to the repository (ie ->where('x',')) this is called just from the index action just before the query is run ($builder would be your eloqent builder instance)qualifyItemQueryWithUser($user, $repository)-> return void - add any queries to the repository (ie ->where('x',')) this is called just from the show action just before the query is run ($builder would be your eloqent builder instance)qualifyStoreDataWithUser($data) - return the updated data array - this is called from the store action and allows you to update the data array just before insertionqualifyUpdateDataWithUser($data) - return the updated data array - this is called from the update action and allows you to update the data array just before insertion