diff --git a/app/Policies/Partners/CustomerPolicy.php b/app/Policies/Partners/CustomerPolicy.php index 1748ad8..0b907ce 100644 --- a/app/Policies/Partners/CustomerPolicy.php +++ b/app/Policies/Partners/CustomerPolicy.php @@ -25,8 +25,7 @@ class CustomerPolicy */ public function view(User $user, Customer $customer) { - // Update $user authorization to view $customer here. - return true; + return $user->hasRole('admin'); } /** @@ -39,8 +38,7 @@ class CustomerPolicy */ public function create(User $user, Customer $customer) { - // Update $user authorization to create $customer here. - return true; + return $user->hasRole('admin'); } /** @@ -53,8 +51,7 @@ class CustomerPolicy */ public function update(User $user, Customer $customer) { - // Update $user authorization to update $customer here. - return true; + return $this->view($user, $customer); } /** @@ -67,7 +64,6 @@ class CustomerPolicy */ public function delete(User $user, Customer $customer) { - // Update $user authorization to delete $customer here. - return true; + return $this->view($user, $customer); } } diff --git a/tests/Unit/Policies/CustomerPolicyTest.php b/tests/Unit/Policies/CustomerPolicyTest.php index 115ebdd..1f55558 100644 --- a/tests/Unit/Policies/CustomerPolicyTest.php +++ b/tests/Unit/Policies/CustomerPolicyTest.php @@ -5,36 +5,53 @@ namespace Tests\Unit\Policies; use App\Entities\Partners\Customer; use Tests\TestCase as TestCase; +/** + * Customer Policy Test. + * + * @author Nafies Luthfi + */ class CustomerPolicyTest extends TestCase { /** @test */ - public function user_can_create_customer() + public function only_admin_can_create_customer() { - $user = $this->adminUserSigningIn(); - $this->assertTrue($user->can('create', new Customer())); + $admin = $this->createUser('admin'); + $this->assertTrue($admin->can('create', new Customer())); + + $worker = $this->createUser('worker'); + $this->assertFalse($worker->can('create', new Customer())); } /** @test */ - public function user_can_view_customer() + public function only_admin_can_view_customer() { - $user = $this->adminUserSigningIn(); - $customer = factory(Customer::class)->create(['name' => 'Customer 1 name']); - $this->assertTrue($user->can('view', $customer)); + $admin = $this->createUser('admin'); + $worker = $this->createUser('worker'); + $customer = factory(Customer::class)->create(); + + $this->assertTrue($admin->can('view', $customer)); + $this->assertFalse($worker->can('view', $customer)); } /** @test */ - public function user_can_update_customer() + public function only_admin_can_update_customer() { - $user = $this->adminUserSigningIn(); - $customer = factory(Customer::class)->create(['name' => 'Customer 1 name']); - $this->assertTrue($user->can('update', $customer)); + $admin = $this->createUser('admin'); + $worker = $this->createUser('worker'); + $customer = factory(Customer::class)->create(); + + $this->assertTrue($admin->can('update', $customer)); + $this->assertFalse($worker->can('update', $customer)); } /** @test */ - public function user_can_delete_customer() + public function only_admin_can_delete_customer() { - $user = $this->adminUserSigningIn(); - $customer = factory(Customer::class)->create(['name' => 'Customer 1 name']); - $this->assertTrue($user->can('delete', $customer)); + $admin = $this->createUser('admin'); + $worker = $this->createUser('worker'); + $customer = factory(Customer::class)->create(); + + $this->assertTrue($admin->can('delete', $customer)); + $this->assertFalse($worker->can('delete', $customer)); } }