Add project policy object

app/Policies/Partners/PartnerPolicy.php

@@ -11,7 +11,7 @@ class PartnerPolicy
     use HandlesAuthorization;
 
     /**
-     * Determine whether the user can view the project.
+     * Determine whether the user can view the partner.
      *
      * @param  \App\Entities\Users\User  $user
      * @param  \App\Entities\Partners\Partner  $partner
@@ -24,7 +24,7 @@ class PartnerPolicy
     }
 
     /**
-     * Determine whether the user can create projects.
+     * Determine whether the user can create partners.
      *
      * @param  \App\Entities\Users\User  $user
      * @param  \App\Entities\Partners\Partner  $partner
@@ -37,7 +37,7 @@ class PartnerPolicy
     }
 
     /**
-     * Determine whether the user can update the project.
+     * Determine whether the user can update the partner.
      *
      * @param  \App\Entities\Users\User  $user
      * @param  \App\Entities\Partners\Partner  $partner
@@ -50,7 +50,7 @@ class PartnerPolicy
     }
 
     /**
-     * Determine whether the user can delete the project.
+     * Determine whether the user can delete the partner.
      *
      * @param  \App\Entities\Users\User  $user
      * @param  \App\Entities\Partners\Partner  $partner

app/Policies/Projects/ProjectPolicy.php

@@ -0,0 +1,62 @@
+<?php
+
+namespace App\Policies\Projects;
+
+use App\Entities\Projects\Project;
+use App\Entities\Users\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class ProjectPolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Determine whether the user can view the project.
+     *
+     * @param  \App\Entities\Users\User  $user
+     * @param  \App\Entities\Projects\Project  $project
+     * @return mixed
+     */
+    public function view(User $user, Project $project)
+    {
+        // User can only view the project if he is the project's agency owner.
+        return $user->agency->id == $project->owner_id;
+    }
+
+    /**
+     * Determine whether the user can create projects.
+     *
+     * @param  \App\Entities\Users\User  $user
+     * @param  \App\Entities\Projects\Project  $project
+     * @return mixed
+     */
+    public function create(User $user, Project $project)
+    {
+        // User can create a project if they owns an agency.
+        return  ! is_null($user->agency);
+    }
+
+    /**
+     * Determine whether the user can update the project.
+     *
+     * @param  \App\Entities\Users\User  $user
+     * @param  \App\Entities\Projects\Project  $project
+     * @return mixed
+     */
+    public function update(User $user, Project $project)
+    {
+        return $this->view($user, $project);
+    }
+
+    /**
+     * Determine whether the user can delete the project.
+     *
+     * @param  \App\Entities\Users\User  $user
+     * @param  \App\Entities\Projects\Project  $project
+     * @return mixed
+     */
+    public function delete(User $user, Project $project)
+    {
+        return $this->view($user, $project);
+    }
+}

app/Providers/AuthServiceProvider.php

@@ -15,6 +15,7 @@ class AuthServiceProvider extends ServiceProvider
      */
     protected $policies = [
         'App\Entities\Partners\Partner' => 'App\Policies\Partners\PartnerPolicy',
+        'App\Entities\Projects\Project' => 'App\Policies\Projects\ProjectPolicy',
         'App\Entities\Users\Event'      => 'App\Policies\EventPolicy',
     ];
 

tests/Unit/Policies/PartnerPolicyTest.php

@@ -3,13 +3,10 @@
 namespace Tests\Unit\Policies;
 
 use App\Entities\Partners\Partner;
-use Illuminate\Foundation\Testing\DatabaseMigrations;
 use Tests\TestCase as TestCase;
 
-class PartnerTest extends TestCase
+class PartnerPolicyTest extends TestCase
 {
-    use DatabaseMigrations;
-
     /** @test */
     public function user_can_create_partner()
     {

tests/Unit/Policies/ProjectPolicyTest.php

@@ -0,0 +1,49 @@
+<?php
+
+namespace Tests\Unit\Policies;
+
+use App\Entities\Agencies\Agency;
+use App\Entities\Projects\Project;
+use Tests\TestCase as TestCase;
+
+class ProjectPolicyTest extends TestCase
+{
+    /** @test */
+    public function user_can_create_project()
+    {
+        $user   = $this->userSigningIn();
+        $agency = factory(Agency::class)->create(['owner_id' => $user->id]);
+
+        $this->assertTrue($user->can('create', new Project));
+    }
+
+    /** @test */
+    public function user_can_view_project()
+    {
+        $user    = $this->userSigningIn();
+        $agency  = factory(Agency::class)->create(['owner_id' => $user->id]);
+        $project = factory(Project::class)->create(['owner_id' => $agency->id]);
+
+        $this->assertTrue($user->can('view', $project));
+    }
+
+    /** @test */
+    public function user_can_update_project()
+    {
+        $user    = $this->userSigningIn();
+        $agency  = factory(Agency::class)->create(['owner_id' => $user->id]);
+        $project = factory(Project::class)->create(['owner_id' => $agency->id]);
+
+        $this->assertTrue($user->can('update', $project));
+    }
+
+    /** @test */
+    public function user_can_delete_project()
+    {
+        $user    = $this->userSigningIn();
+        $agency  = factory(Agency::class)->create(['owner_id' => $user->id]);
+        $project = factory(Project::class)->create(['owner_id' => $agency->id]);
+
+        $this->assertTrue($user->can('delete', $project));
+    }
+}