Add authoriation for issue commentings

app/Http/Controllers/Issues/CommentController.php

@@ -18,6 +18,8 @@ class CommentController extends Controller
      */
     public function store(Request $request, Issue $issue)
     {
+        $this->authorize('comment-on', $issue);
+
         $newComment = $request->validate([
             'body' => 'required|string|max:255',
         ]);

app/Policies/Projects/IssuePolicy.php

@@ -14,4 +14,16 @@ class IssuePolicy
     {
         return true;
     }
+
+    /**
+     * Determine whether the user can add comment to an issue.
+     *
+     * @param  \App\Entities\Users\User  $user
+     * @param  \App\Entities\Projects\Issue  $issue
+     * @return bool
+     */
+    public function commentOn(User $user, Issue $issue)
+    {
+        return true;
+    }
 }

resources/views/projects/issues/partials/comment-section.blade.php

@@ -8,8 +8,10 @@
 </div>
 @endforeach
 
+@can('comment-on', $issue)
 {{ Form::open(['route' => ['issues.comments.store', $issue]]) }}
 {!! FormField::textarea('body', ['required' => true, 'label' => false, 'placeholder' => __('comment.create_text')]) !!}
 {{ Form::submit(__('comment.create'), ['class' => 'btn btn-success pull-right']) }}
 {{ Form::close() }}
 <div class="clearfix"></div><br>
+@endcan

tests/Unit/Policies/IssuePolicyTest.php

@@ -22,4 +22,13 @@ class IssuePolicyTest extends TestCase
 
         $this->assertTrue($admin->can('create', new Issue()));
     }
+
+    /** @test */
+    public function admin_can_add_comment_to_an_issue()
+    {
+        $admin = $this->createUser('admin');
+        $issue = factory(Issue::class)->create();
+
+        $this->assertTrue($admin->can('comment-on', $issue));
+    }
 }