Add edit comment policy

7 years ago · 0af115a542
3 changed files with 60 additions and 0 deletions
--- a/app/Policies/Projects/CommentPolicy.php
+++ b/app/Policies/Projects/CommentPolicy.php
@ -0,0 +1,30 @@
 <?php
 namespace App\Policies\Projects;
 use App\Entities\Users\User;
 use App\Entities\Projects\Comment;
 use Illuminate\Auth\Access\HandlesAuthorization;
 /**
 * Comment model policy class.
 *
 * @author Nafies Luthfi <nafiesL@gmail.com>
 */
 class CommentPolicy
 {
    use HandlesAuthorization;
    /**
     * Determine whether the user can update the comment.
     *
     * @param \App\Entities\Users\User  $user
     * @param \App\Entities\Projects\Comment  $comment
     * @return bool
     */
    public function update(User $user, Comment $comment)
    {
        return $user->hasRole('admin')
            || ($user->hasRole('worker') && $comment->creator_id == $user->id);
    }
 }
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@ -16,6 +16,7 @@ class AuthServiceProvider extends ServiceProvider
        'App\Entities\Partners\Vendor'   => 'App\Policies\Partners\VendorPolicy',
        'App\Entities\Partners\Customer' => 'App\Policies\Partners\CustomerPolicy',
        'App\Entities\Projects\Project'  => 'App\Policies\Projects\ProjectPolicy',
        'App\Entities\Projects\Comment'  => 'App\Policies\Projects\CommentPolicy',
        'App\Entities\Projects\Job'      => 'App\Policies\Projects\JobPolicy',
        'App\Entities\Projects\Task'     => 'App\Policies\Projects\TaskPolicy',
        'App\Entities\Payments\Payment'  => 'App\Policies\PaymentPolicy',
--- a/tests/Unit/Policies/CommentPolicyTest.php
+++ b/tests/Unit/Policies/CommentPolicyTest.php
@ -0,0 +1,29 @@
 <?php
 namespace Tests\Unit\Policies;
 use Tests\TestCase;
 use App\Entities\Projects\Comment;
 class CommentPolicyTest extends TestCase
 {
    /** @test */
    public function admin_can_edit_any_comments()
    {
        $admin = $this->createUser('admin');
        $comment = factory(Comment::class)->create();
        $this->assertTrue($admin->can('update', $comment));
    }
    /** @test */
    public function worker_can_only_edit_their_comments()
    {
        $admin = $this->createUser('admin');
        $worker = $this->createUser('worker');
        $comment = factory(Comment::class)->create(['creator_id' => $worker->id]);
        $this->assertTrue($admin->can('update', $comment));
        $this->assertTrue($worker->can('update', $comment));
    }
 }