odon
/
free-pmo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Apply more project actions authorization 

Add payment policy object
pull/6/head
Nafies Luthfi 8 years ago
parent
0901fd2ce9
commit
1f2c51a7f2
8 changed files with 151 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      app/Http/Controllers/Projects/FeesController.php
  2. 2
      app/Http/Controllers/Projects/InvoicesController.php
  3. 10
      app/Http/Controllers/Projects/JobsController.php
  4. 4
      app/Http/Controllers/Projects/ProjectsController.php
  5. 69
      app/Policies/PaymentPolicy.php
  6. 1
      app/Providers/AuthServiceProvider.php
  7. 10
      resources/views/projects/partials/nav-tabs.blade.php
  8. 57
      tests/Unit/Policies/PaymentPolicyTest.php

4
app/Http/Controllers/Projects/FeesController.php
View File

@ -16,6 +16,8 @@ class FeesController extends Controller
{ {
public function create(Project $project) public function create(Project $project)
{ {
$this->authorize('create', new Payment);
$partners = User::pluck('name', 'id')->all(); $partners = User::pluck('name', 'id')->all();
return view('projects.fees.create', compact('project', 'partners')); return view('projects.fees.create', compact('project', 'partners'));
@ -23,6 +25,8 @@ class FeesController extends Controller
public function store(Project $project) public function store(Project $project)
{ {
$this->authorize('create', new Payment);
$newPaymentData = request()->validate([ $newPaymentData = request()->validate([
'type_id' => 'required|numeric', 'type_id' => 'required|numeric',
'date' => 'required|date', 'date' => 'required|date',

2
app/Http/Controllers/Projects/InvoicesController.php
View File

@ -14,6 +14,8 @@ class InvoicesController extends Controller
{ {
public function index(Project $project) public function index(Project $project)
{ {
$this->authorize('view-invoices', $project);
return view('projects.invoices', compact('project')); return view('projects.invoices', compact('project'));
} }
} }

10
app/Http/Controllers/Projects/JobsController.php
View File

@ -29,23 +29,21 @@ class JobsController extends Controller
return view('projects.jobs.index', compact('project', 'jobs')); return view('projects.jobs.index', compact('project', 'jobs'));
} }
public function create($projectId)
public function create(Project $project)
{ {
$project = $this->repo->requireProjectById($projectId);
$workers = $this->repo->getWorkersList(); $workers = $this->repo->getWorkersList();
return view('jobs.create', compact('project', 'workers')); return view('jobs.create', compact('project', 'workers'));
} }
public function addFromOtherProject(Request $req, $projectId)
public function addFromOtherProject(Request $request, Project $project)
{ {
$selectedProject = null; $selectedProject = null;
$project = $this->repo->requireProjectById($projectId);
$workers = $this->repo->getWorkersList(); $workers = $this->repo->getWorkersList();
$projects = $this->repo->getProjectsList(); $projects = $this->repo->getProjectsList();
if ($req->has('project_id')) {
$selectedProject = $this->repo->requireProjectById($req->get('project_id'));
if ($request->has('project_id')) {
$selectedProject = $this->repo->requireProjectById($request->get('project_id'));
} }
return view('jobs.add-from-other-project', compact('project', 'workers', 'projects', 'selectedProject')); return view('jobs.add-from-other-project', compact('project', 'workers', 'projects', 'selectedProject'));

4
app/Http/Controllers/Projects/ProjectsController.php
View File

@ -104,11 +104,15 @@ class ProjectsController extends Controller
public function subscriptions(Project $project) public function subscriptions(Project $project)
{ {
$this->authorize('view-subscriptions', $project);
return view('projects.subscriptions', compact('project')); return view('projects.subscriptions', compact('project'));
} }
public function payments(Project $project) public function payments(Project $project)
{ {
$this->authorize('view-payments', $project);
$project->load('payments.partner'); $project->load('payments.partner');
return view('projects.payments', compact('project')); return view('projects.payments', compact('project'));

69
app/Policies/PaymentPolicy.php
View File

@ -0,0 +1,69 @@
<?php
namespace App\Policies;
use App\Entities\Payments\Payment;
use App\Entities\Users\User;
use Illuminate\Auth\Access\HandlesAuthorization;
/**
* Payment model policy class.
*
* @author Nafies Luthfi <nafiesL@gmail.com>
*/
class PaymentPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view the payment.
*
* @param \App\Entities\Users\User $user
* @param \App\Entities\Partners\Payment $payment
*
* @return mixed
*/
public function view(User $user, Payment $payment)
{
return $user->hasRole('admin');
}
/**
* Determine whether the user can create payments.
*
* @param \App\Entities\Users\User $user
* @param \App\Entities\Partners\Payment $payment
*
* @return mixed
*/
public function create(User $user, Payment $payment)
{
return $user->hasRole('admin');
}
/**
* Determine whether the user can update the payment.
*
* @param \App\Entities\Users\User $user
* @param \App\Entities\Partners\Payment $payment
*
* @return mixed
*/
public function update(User $user, Payment $payment)
{
return $this->view($user, $payment);
}
/**
* Determine whether the user can delete the payment.
*
* @param \App\Entities\Users\User $user
* @param \App\Entities\Partners\Payment $payment
*
* @return mixed
*/
public function delete(User $user, Payment $payment)
{
return $this->view($user, $payment);
}
}

1
app/Providers/AuthServiceProvider.php
View File

@ -18,6 +18,7 @@ class AuthServiceProvider extends ServiceProvider
'App\Entities\Projects\Project' => 'App\Policies\Projects\ProjectPolicy', 'App\Entities\Projects\Project' => 'App\Policies\Projects\ProjectPolicy',
'App\Entities\Projects\Job' => 'App\Policies\Projects\JobPolicy', 'App\Entities\Projects\Job' => 'App\Policies\Projects\JobPolicy',
'App\Entities\Projects\Task' => 'App\Policies\Projects\TaskPolicy', 'App\Entities\Projects\Task' => 'App\Policies\Projects\TaskPolicy',
'App\Entities\Payments\Payment' => 'App\Policies\PaymentPolicy',
'App\Entities\Users\User' => 'App\Policies\UserPolicy', 'App\Entities\Users\User' => 'App\Policies\UserPolicy',
'App\Entities\Users\Event' => 'App\Policies\EventPolicy', 'App\Entities\Users\Event' => 'App\Policies\EventPolicy',
]; ];

10
resources/views/projects/partials/nav-tabs.blade.php
View File

@ -3,20 +3,30 @@
<li class="{{ Request::segment(3) == null ? 'active' : '' }}"> <li class="{{ Request::segment(3) == null ? 'active' : '' }}">
{!! link_to_route('projects.show', trans('project.show'), [$project->id]) !!} {!! link_to_route('projects.show', trans('project.show'), [$project->id]) !!}
</li> </li>
@can('view-jobs', $project)
<li class="{{ Request::segment(3) == 'jobs' ? 'active' : '' }}"> <li class="{{ Request::segment(3) == 'jobs' ? 'active' : '' }}">
{!! link_to_route('projects.jobs.index', trans('project.jobs').' ('.$project->jobs->count().')', [$project->id]) !!} {!! link_to_route('projects.jobs.index', trans('project.jobs').' ('.$project->jobs->count().')', [$project->id]) !!}
</li> </li>
@endcan
@can('view-payments', $project)
<li class="{{ Request::segment(3) == 'payments' ? 'active' : '' }}"> <li class="{{ Request::segment(3) == 'payments' ? 'active' : '' }}">
{!! link_to_route('projects.payments', trans('project.payments').' ('.$project->payments->count().')', [$project->id]) !!} {!! link_to_route('projects.payments', trans('project.payments').' ('.$project->payments->count().')', [$project->id]) !!}
</li> </li>
@endcan
@can('view-subscriptions', $project)
<li class="{{ Request::segment(3) == 'subscriptions' ? 'active' : '' }}"> <li class="{{ Request::segment(3) == 'subscriptions' ? 'active' : '' }}">
{!! link_to_route('projects.subscriptions', trans('project.subscriptions').' ('.$project->subscriptions->count().')', [$project->id]) !!} {!! link_to_route('projects.subscriptions', trans('project.subscriptions').' ('.$project->subscriptions->count().')', [$project->id]) !!}
</li> </li>
@endcan
@can('view-invoices', $project)
<li class="{{ Request::segment(3) == 'invoices' ? 'active' : '' }}"> <li class="{{ Request::segment(3) == 'invoices' ? 'active' : '' }}">
{!! link_to_route('projects.invoices', trans('project.invoices').' ('.$project->invoices->count().')', [$project->id]) !!} {!! link_to_route('projects.invoices', trans('project.invoices').' ('.$project->invoices->count().')', [$project->id]) !!}
</li> </li>
@endcan
@can('view-files', $project)
<li class="{{ Request::segment(3) == 'files' ? 'active' : '' }}"> <li class="{{ Request::segment(3) == 'files' ? 'active' : '' }}">
{!! link_to_route('projects.files', trans('project.files').' ('.$project->files->count().')', [$project->id]) !!} {!! link_to_route('projects.files', trans('project.files').' ('.$project->files->count().')', [$project->id]) !!}
</li> </li>
@endcan
</ul> </ul>
<br> <br>

57
tests/Unit/Policies/PaymentPolicyTest.php
View File

@ -0,0 +1,57 @@
<?php
namespace Tests\Unit\Policies;
use App\Entities\Payments\Payment;
use Tests\TestCase as TestCase;
/**
* Payment Policy Test.
*
* @author Nafies Luthfi <nafiesl@gmail.com>
*/
class PaymentPolicyTest extends TestCase
{
/** @test */
public function only_admin_can_create_payment()
{
$admin = $this->createUser('admin');
$this->assertTrue($admin->can('create', new Payment()));
$worker = $this->createUser('worker');
$this->assertFalse($worker->can('create', new Payment()));
}
/** @test */
public function only_admin_can_view_payment()
{
$admin = $this->createUser('admin');
$worker = $this->createUser('worker');
$payment = factory(Payment::class)->create();
$this->assertTrue($admin->can('view', $payment));
$this->assertFalse($worker->can('view', $payment));
}
/** @test */
public function only_admin_can_update_payment()
{
$admin = $this->createUser('admin');
$worker = $this->createUser('worker');
$payment = factory(Payment::class)->create();
$this->assertTrue($admin->can('update', $payment));
$this->assertFalse($worker->can('update', $payment));
}
/** @test */
public function only_admin_can_delete_payment()
{
$admin = $this->createUser('admin');
$worker = $this->createUser('worker');
$payment = factory(Payment::class)->create();
$this->assertTrue($admin->can('delete', $payment));
$this->assertFalse($worker->can('delete', $payment));
}
}
Write Preview
Loading…
Cancel
Save