diff --git a/app/Http/Controllers/Projects/FeesController.php b/app/Http/Controllers/Projects/FeesController.php
index 2f26ca4..e4eab9c 100644
--- a/app/Http/Controllers/Projects/FeesController.php
+++ b/app/Http/Controllers/Projects/FeesController.php
@@ -16,6 +16,8 @@ class FeesController extends Controller
{
public function create(Project $project)
{
+ $this->authorize('create', new Payment);
+
$partners = User::pluck('name', 'id')->all();
return view('projects.fees.create', compact('project', 'partners'));
@@ -23,6 +25,8 @@ class FeesController extends Controller
public function store(Project $project)
{
+ $this->authorize('create', new Payment);
+
$newPaymentData = request()->validate([
'type_id' => 'required|numeric',
'date' => 'required|date',
diff --git a/app/Http/Controllers/Projects/InvoicesController.php b/app/Http/Controllers/Projects/InvoicesController.php
index 9887941..9fca613 100644
--- a/app/Http/Controllers/Projects/InvoicesController.php
+++ b/app/Http/Controllers/Projects/InvoicesController.php
@@ -14,6 +14,8 @@ class InvoicesController extends Controller
{
public function index(Project $project)
{
+ $this->authorize('view-invoices', $project);
+
return view('projects.invoices', compact('project'));
}
}
diff --git a/app/Http/Controllers/Projects/JobsController.php b/app/Http/Controllers/Projects/JobsController.php
index f07f925..93d401f 100755
--- a/app/Http/Controllers/Projects/JobsController.php
+++ b/app/Http/Controllers/Projects/JobsController.php
@@ -29,23 +29,21 @@ class JobsController extends Controller
return view('projects.jobs.index', compact('project', 'jobs'));
}
- public function create($projectId)
+ public function create(Project $project)
{
- $project = $this->repo->requireProjectById($projectId);
$workers = $this->repo->getWorkersList();
return view('jobs.create', compact('project', 'workers'));
}
- public function addFromOtherProject(Request $req, $projectId)
+ public function addFromOtherProject(Request $request, Project $project)
{
$selectedProject = null;
- $project = $this->repo->requireProjectById($projectId);
$workers = $this->repo->getWorkersList();
$projects = $this->repo->getProjectsList();
- if ($req->has('project_id')) {
- $selectedProject = $this->repo->requireProjectById($req->get('project_id'));
+ if ($request->has('project_id')) {
+ $selectedProject = $this->repo->requireProjectById($request->get('project_id'));
}
return view('jobs.add-from-other-project', compact('project', 'workers', 'projects', 'selectedProject'));
diff --git a/app/Http/Controllers/Projects/ProjectsController.php b/app/Http/Controllers/Projects/ProjectsController.php
index b592bca..4b606f5 100755
--- a/app/Http/Controllers/Projects/ProjectsController.php
+++ b/app/Http/Controllers/Projects/ProjectsController.php
@@ -104,11 +104,15 @@ class ProjectsController extends Controller
public function subscriptions(Project $project)
{
+ $this->authorize('view-subscriptions', $project);
+
return view('projects.subscriptions', compact('project'));
}
public function payments(Project $project)
{
+ $this->authorize('view-payments', $project);
+
$project->load('payments.partner');
return view('projects.payments', compact('project'));
diff --git a/app/Policies/PaymentPolicy.php b/app/Policies/PaymentPolicy.php
new file mode 100644
index 0000000..d61368f
--- /dev/null
+++ b/app/Policies/PaymentPolicy.php
@@ -0,0 +1,69 @@
+
+ */
+class PaymentPolicy
+{
+ use HandlesAuthorization;
+
+ /**
+ * Determine whether the user can view the payment.
+ *
+ * @param \App\Entities\Users\User $user
+ * @param \App\Entities\Partners\Payment $payment
+ *
+ * @return mixed
+ */
+ public function view(User $user, Payment $payment)
+ {
+ return $user->hasRole('admin');
+ }
+
+ /**
+ * Determine whether the user can create payments.
+ *
+ * @param \App\Entities\Users\User $user
+ * @param \App\Entities\Partners\Payment $payment
+ *
+ * @return mixed
+ */
+ public function create(User $user, Payment $payment)
+ {
+ return $user->hasRole('admin');
+ }
+
+ /**
+ * Determine whether the user can update the payment.
+ *
+ * @param \App\Entities\Users\User $user
+ * @param \App\Entities\Partners\Payment $payment
+ *
+ * @return mixed
+ */
+ public function update(User $user, Payment $payment)
+ {
+ return $this->view($user, $payment);
+ }
+
+ /**
+ * Determine whether the user can delete the payment.
+ *
+ * @param \App\Entities\Users\User $user
+ * @param \App\Entities\Partners\Payment $payment
+ *
+ * @return mixed
+ */
+ public function delete(User $user, Payment $payment)
+ {
+ return $this->view($user, $payment);
+ }
+}
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
index cf8e691..a51c464 100644
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -18,6 +18,7 @@ class AuthServiceProvider extends ServiceProvider
'App\Entities\Projects\Project' => 'App\Policies\Projects\ProjectPolicy',
'App\Entities\Projects\Job' => 'App\Policies\Projects\JobPolicy',
'App\Entities\Projects\Task' => 'App\Policies\Projects\TaskPolicy',
+ 'App\Entities\Payments\Payment' => 'App\Policies\PaymentPolicy',
'App\Entities\Users\User' => 'App\Policies\UserPolicy',
'App\Entities\Users\Event' => 'App\Policies\EventPolicy',
];
diff --git a/resources/views/projects/partials/nav-tabs.blade.php b/resources/views/projects/partials/nav-tabs.blade.php
index 830c59c..7a5a706 100644
--- a/resources/views/projects/partials/nav-tabs.blade.php
+++ b/resources/views/projects/partials/nav-tabs.blade.php
@@ -3,20 +3,30 @@
{!! link_to_route('projects.show', trans('project.show'), [$project->id]) !!}
+ @can('view-jobs', $project)
{!! link_to_route('projects.jobs.index', trans('project.jobs').' ('.$project->jobs->count().')', [$project->id]) !!}
+ @endcan
+ @can('view-payments', $project)
{!! link_to_route('projects.payments', trans('project.payments').' ('.$project->payments->count().')', [$project->id]) !!}
+ @endcan
+ @can('view-subscriptions', $project)
{!! link_to_route('projects.subscriptions', trans('project.subscriptions').' ('.$project->subscriptions->count().')', [$project->id]) !!}
+ @endcan
+ @can('view-invoices', $project)
{!! link_to_route('projects.invoices', trans('project.invoices').' ('.$project->invoices->count().')', [$project->id]) !!}
+ @endcan
+ @can('view-files', $project)
{!! link_to_route('projects.files', trans('project.files').' ('.$project->files->count().')', [$project->id]) !!}
+ @endcan
diff --git a/tests/Unit/Policies/PaymentPolicyTest.php b/tests/Unit/Policies/PaymentPolicyTest.php
new file mode 100644
index 0000000..7d3d804
--- /dev/null
+++ b/tests/Unit/Policies/PaymentPolicyTest.php
@@ -0,0 +1,57 @@
+
+ */
+class PaymentPolicyTest extends TestCase
+{
+ /** @test */
+ public function only_admin_can_create_payment()
+ {
+ $admin = $this->createUser('admin');
+ $this->assertTrue($admin->can('create', new Payment()));
+
+ $worker = $this->createUser('worker');
+ $this->assertFalse($worker->can('create', new Payment()));
+ }
+
+ /** @test */
+ public function only_admin_can_view_payment()
+ {
+ $admin = $this->createUser('admin');
+ $worker = $this->createUser('worker');
+ $payment = factory(Payment::class)->create();
+
+ $this->assertTrue($admin->can('view', $payment));
+ $this->assertFalse($worker->can('view', $payment));
+ }
+
+ /** @test */
+ public function only_admin_can_update_payment()
+ {
+ $admin = $this->createUser('admin');
+ $worker = $this->createUser('worker');
+ $payment = factory(Payment::class)->create();
+
+ $this->assertTrue($admin->can('update', $payment));
+ $this->assertFalse($worker->can('update', $payment));
+ }
+
+ /** @test */
+ public function only_admin_can_delete_payment()
+ {
+ $admin = $this->createUser('admin');
+ $worker = $this->createUser('worker');
+ $payment = factory(Payment::class)->create();
+
+ $this->assertTrue($admin->can('delete', $payment));
+ $this->assertFalse($worker->can('delete', $payment));
+ }
+}