odon
/
free-pmo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Add commenting authorization on project policy

pull/15/head
Nafies Luthfi 7 years ago
parent
7d74890bae
commit
20ee138e50
2 changed files with 59 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 27
      app/Policies/Projects/ProjectPolicy.php
  2. 32
      tests/Unit/Policies/ProjectPolicyTest.php

27
app/Policies/Projects/ProjectPolicy.php
View File

@ -147,4 +147,31 @@ class ProjectPolicy
{ {
return $user->hasRole('admin'); return $user->hasRole('admin');
} }
/**
* Determine whether the user can view project comments.
*
* @param \App\Entities\Users\User $user
* @param \App\Entities\Projects\Project $project
* @return bool
*/
public function viewComments(User $user, Project $project)
{
// Admin and project workers can commenting on their project.
return $user->hasRole('admin')
|| ($user->hasRole('worker') && $user->projects->contains($project->id));
}
/**
* Determine whether the user can add comment to a project.
*
* @param \App\Entities\Users\User $user
* @param \App\Entities\Projects\Project $project
* @return bool
*/
public function commentOn(User $user, Project $project)
{
// Admin and project workers can commenting on their project.
return $this->viewComments($user, $project);
}
} }

32
tests/Unit/Policies/ProjectPolicyTest.php
View File

@ -141,4 +141,36 @@ class ProjectPolicyTest extends TestCase
$this->assertTrue($admin->can('see-pricings', $project)); $this->assertTrue($admin->can('see-pricings', $project));
$this->assertFalse($worker->can('see-pricings', $project)); $this->assertFalse($worker->can('see-pricings', $project));
} }
/** @test */
public function admin_and_worker_view_project_comment_list()
{
$admin = $this->createUser('admin');
$worker = $this->createUser('worker');
$project = factory(Project::class)->create();
$job = factory(Job::class)->create([
'project_id' => $project->id,
'worker_id' => $worker->id,
]);
$this->assertTrue($admin->can('view-comments', $project));
$this->assertTrue($worker->can('view-comments', $project));
}
/** @test */
public function admin_and_project_workers_can_add_comment_to_project()
{
$admin = $this->createUser('admin');
$worker = $this->createUser('worker');
$project = factory(Project::class)->create();
$job = factory(Job::class)->create([
'project_id' => $project->id,
'worker_id' => $worker->id,
]);
$this->assertTrue($admin->can('comment-on', $project));
$this->assertTrue($worker->can('comment-on', $project));
}
} }
Write Preview
Loading…
Cancel
Save