From 12e11fd4bf211cab71e1432408194f8ca324c09f Mon Sep 17 00:00:00 2001
From: Nafies Luthfi <nafiesl@gmail.com>
Date: Sat, 28 Oct 2017 19:19:56 +0800
Subject: [PATCH] Add project policy object

---
 app/Policies/Partners/PartnerPolicy.php   |  8 ++--
 app/Policies/Projects/ProjectPolicy.php   | 62 +++++++++++++++++++++++++++++++
 app/Providers/AuthServiceProvider.php     |  1 +
 tests/Unit/Policies/PartnerPolicyTest.php |  5 +--
 tests/Unit/Policies/ProjectPolicyTest.php | 49 ++++++++++++++++++++++++
 5 files changed, 117 insertions(+), 8 deletions(-)
 create mode 100644 app/Policies/Projects/ProjectPolicy.php
 create mode 100644 tests/Unit/Policies/ProjectPolicyTest.php

diff --git a/app/Policies/Partners/PartnerPolicy.php b/app/Policies/Partners/PartnerPolicy.php
index a428d60..a5f67d3 100644
--- a/app/Policies/Partners/PartnerPolicy.php
+++ b/app/Policies/Partners/PartnerPolicy.php
@@ -11,7 +11,7 @@ class PartnerPolicy
     use HandlesAuthorization;
 
     /**
-     * Determine whether the user can view the project.
+     * Determine whether the user can view the partner.
      *
      * @param  \App\Entities\Users\User  $user
      * @param  \App\Entities\Partners\Partner  $partner
@@ -24,7 +24,7 @@ class PartnerPolicy
     }
 
     /**
-     * Determine whether the user can create projects.
+     * Determine whether the user can create partners.
      *
      * @param  \App\Entities\Users\User  $user
      * @param  \App\Entities\Partners\Partner  $partner
@@ -37,7 +37,7 @@ class PartnerPolicy
     }
 
     /**
-     * Determine whether the user can update the project.
+     * Determine whether the user can update the partner.
      *
      * @param  \App\Entities\Users\User  $user
      * @param  \App\Entities\Partners\Partner  $partner
@@ -50,7 +50,7 @@ class PartnerPolicy
     }
 
     /**
-     * Determine whether the user can delete the project.
+     * Determine whether the user can delete the partner.
      *
      * @param  \App\Entities\Users\User  $user
      * @param  \App\Entities\Partners\Partner  $partner
diff --git a/app/Policies/Projects/ProjectPolicy.php b/app/Policies/Projects/ProjectPolicy.php
new file mode 100644
index 0000000..393fed2
--- /dev/null
+++ b/app/Policies/Projects/ProjectPolicy.php
@@ -0,0 +1,62 @@
+<?php
+
+namespace App\Policies\Projects;
+
+use App\Entities\Projects\Project;
+use App\Entities\Users\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class ProjectPolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Determine whether the user can view the project.
+     *
+     * @param  \App\Entities\Users\User  $user
+     * @param  \App\Entities\Projects\Project  $project
+     * @return mixed
+     */
+    public function view(User $user, Project $project)
+    {
+        // User can only view the project if he is the project's agency owner.
+        return $user->agency->id == $project->owner_id;
+    }
+
+    /**
+     * Determine whether the user can create projects.
+     *
+     * @param  \App\Entities\Users\User  $user
+     * @param  \App\Entities\Projects\Project  $project
+     * @return mixed
+     */
+    public function create(User $user, Project $project)
+    {
+        // User can create a project if they owns an agency.
+        return  ! is_null($user->agency);
+    }
+
+    /**
+     * Determine whether the user can update the project.
+     *
+     * @param  \App\Entities\Users\User  $user
+     * @param  \App\Entities\Projects\Project  $project
+     * @return mixed
+     */
+    public function update(User $user, Project $project)
+    {
+        return $this->view($user, $project);
+    }
+
+    /**
+     * Determine whether the user can delete the project.
+     *
+     * @param  \App\Entities\Users\User  $user
+     * @param  \App\Entities\Projects\Project  $project
+     * @return mixed
+     */
+    public function delete(User $user, Project $project)
+    {
+        return $this->view($user, $project);
+    }
+}
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
index 6e83131..100b499 100644
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -15,6 +15,7 @@ class AuthServiceProvider extends ServiceProvider
      */
     protected $policies = [
         'App\Entities\Partners\Partner' => 'App\Policies\Partners\PartnerPolicy',
+        'App\Entities\Projects\Project' => 'App\Policies\Projects\ProjectPolicy',
         'App\Entities\Users\Event'      => 'App\Policies\EventPolicy',
     ];
 
diff --git a/tests/Unit/Policies/PartnerPolicyTest.php b/tests/Unit/Policies/PartnerPolicyTest.php
index 2ff19a6..201e76a 100644
--- a/tests/Unit/Policies/PartnerPolicyTest.php
+++ b/tests/Unit/Policies/PartnerPolicyTest.php
@@ -3,13 +3,10 @@
 namespace Tests\Unit\Policies;
 
 use App\Entities\Partners\Partner;
-use Illuminate\Foundation\Testing\DatabaseMigrations;
 use Tests\TestCase as TestCase;
 
-class PartnerTest extends TestCase
+class PartnerPolicyTest extends TestCase
 {
-    use DatabaseMigrations;
-
     /** @test */
     public function user_can_create_partner()
     {
diff --git a/tests/Unit/Policies/ProjectPolicyTest.php b/tests/Unit/Policies/ProjectPolicyTest.php
new file mode 100644
index 0000000..d466108
--- /dev/null
+++ b/tests/Unit/Policies/ProjectPolicyTest.php
@@ -0,0 +1,49 @@
+<?php
+
+namespace Tests\Unit\Policies;
+
+use App\Entities\Agencies\Agency;
+use App\Entities\Projects\Project;
+use Tests\TestCase as TestCase;
+
+class ProjectPolicyTest extends TestCase
+{
+    /** @test */
+    public function user_can_create_project()
+    {
+        $user   = $this->userSigningIn();
+        $agency = factory(Agency::class)->create(['owner_id' => $user->id]);
+
+        $this->assertTrue($user->can('create', new Project));
+    }
+
+    /** @test */
+    public function user_can_view_project()
+    {
+        $user    = $this->userSigningIn();
+        $agency  = factory(Agency::class)->create(['owner_id' => $user->id]);
+        $project = factory(Project::class)->create(['owner_id' => $agency->id]);
+
+        $this->assertTrue($user->can('view', $project));
+    }
+
+    /** @test */
+    public function user_can_update_project()
+    {
+        $user    = $this->userSigningIn();
+        $agency  = factory(Agency::class)->create(['owner_id' => $user->id]);
+        $project = factory(Project::class)->create(['owner_id' => $agency->id]);
+
+        $this->assertTrue($user->can('update', $project));
+    }
+
+    /** @test */
+    public function user_can_delete_project()
+    {
+        $user    = $this->userSigningIn();
+        $agency  = factory(Agency::class)->create(['owner_id' => $user->id]);
+        $project = factory(Project::class)->create(['owner_id' => $agency->id]);
+
+        $this->assertTrue($user->can('delete', $project));
+    }
+}