Lesson 11: forms, CSRF, mass assignment.

app/Http/Controllers/PostsController.php

@@ -5,8 +5,44 @@ namespace App\Http\Controllers;
 use App\Post;
 use Illuminate\Http\Request;
 
-class PostsController extends Controller
-{
+class PostsController extends Controller {
+
+  /**
+   * Show the form for creating a new resource.
+   *
+   * @return \Illuminate\Http\Response
+   */
+  public function create() {
+    return view('posts.create');
+  }
+
+  /**
+   * Remove the specified resource from storage.
+   *
+   * @param  int $id
+   *
+   * @return \Illuminate\Http\Response
+   */
+  public function destroy($id) {
+    //
+  }
+
+  /**
+   * Show the form for editing the specified resource.
+   *
+   * @param  int $id
+   *
+   * @return \Illuminate\Http\Response
+   */
+  public function edit($id) {
+    //
+  }
+
+  /**
+   * Display a listing of the resource.
+   *
+   * @return \Illuminate\Http\Response
+   */
   public function index() {
     $posts = Post::all();
     return view('posts.index', compact('posts'));
@@ -15,4 +51,41 @@ class PostsController extends Controller
   public function show(Post $post) {
     return view('posts.show', compact('post'));
   }
+
+  /**
+   * Store a newly created resource in storage.
+   *
+   * - Create new post using the request data
+   * - Save it to the database
+   * - Redirect to the home page
+   *
+   * @param  \Illuminate\Http\Request $request
+   *
+   * @return \Illuminate\Http\Response
+   */
+  public function store(Request $request) {
+//    $post = new Post();
+//    $post->title = $request->get('title');
+//    $post->body = $request->get('body');
+//    $post->save();
+
+    Post::create([
+      'title' => $request->get('title'),
+      'body' => $request->get('body'),
+    ]);
+
+    return redirect('/');
+  }
+
+  /**
+   * Update the specified resource in storage.
+   *
+   * @param  \Illuminate\Http\Request $request
+   * @param  int $id
+   *
+   * @return \Illuminate\Http\Response
+   */
+  public function update(Request $request, $id) {
+    //
+  }
 }

app/Model.php

@@ -0,0 +1,15 @@
+<?php
+
+namespace App;
+
+use Illuminate\Database\Eloquent\Model as Eloquent;
+
+class Model extends Eloquent {
+
+  /**
+   * These fields may not be mass assigned.
+   *
+   * @var array
+   */
+  protected $guarded = ['user_id'];
+}

app/Post.php

@@ -2,9 +2,13 @@
 
 namespace App;
 
-use Illuminate\Database\Eloquent\Model;
+class Post extends Model {
+
+  /**
+   * These fields are OK for mass assignement.
+   *
+   * @var array
+   */
+  protected $fillable = ['body', 'title'];
 
-class Post extends Model
-{
-    //
 }

resources/views/posts/create.blade.php

@@ -0,0 +1,25 @@
+@extends('layouts.master')
+
+@section('content')
+    <div class="col-sm-8 blog-main">
+        <h1>Create a post</h1>
+        <hr />
+        <form method="post" action="/posts">
+
+            {{ csrf_field() }}
+
+            <div class="form-group">
+                <label for="title">Title</label>
+                <input type="text" class="form-control" id="title" name="title" />
+                <p class="help-block">Keep it short and memorable</p>
+            </div>
+
+            <div class="form-group">
+                <label for="body">Body</label>
+                <textarea rows="10" class="form-control" id="body" name="body"></textarea>
+            </div>
+
+            <button type="submit" class="btn btn-primary">Publish</button>
+        </form>
+    </div>
+@endsection

routes/web.php

@@ -13,5 +13,18 @@
 
 /** @var \Illuminate\Routing\Router $this */
 $this->get('/', 'PostsController@index');
+$this->post('/posts', 'PostsController@store');
+$this->get('/posts/create', 'PostsController@create');
 $this->get('/posts/{post}', 'PostsController@show');
 
+/* Reminder about typical REST routes
+
+GET /posts            List posts
+GET /posts/create     Show a post creation form
+POST /posts           Create a post
+GET /posts/{id}       Show a post
+GET /posts/{id}/edit  Show a post update form
+PATCH /posts/{id}     Update a post
+DELETE /posts/{id}    Delete a post
+
+ */