Update customer policy for customer actions

8 years ago · 4082f7c9e1
2 changed files with 36 additions and 23 deletions
--- a/app/Policies/Partners/CustomerPolicy.php
+++ b/app/Policies/Partners/CustomerPolicy.php
@ -25,8 +25,7 @@ class CustomerPolicy
     */
    public function view(User $user, Customer $customer)
    {
        // Update $user authorization to view $customer here.
        return true;
        return $user->hasRole('admin');
    }
    /**
@ -39,8 +38,7 @@ class CustomerPolicy
     */
    public function create(User $user, Customer $customer)
    {
        // Update $user authorization to create $customer here.
        return true;
        return $user->hasRole('admin');
    }
    /**
@ -53,8 +51,7 @@ class CustomerPolicy
     */
    public function update(User $user, Customer $customer)
    {
        // Update $user authorization to update $customer here.
        return true;
        return $this->view($user, $customer);
    }
    /**
@ -67,7 +64,6 @@ class CustomerPolicy
     */
    public function delete(User $user, Customer $customer)
    {
        // Update $user authorization to delete $customer here.
        return true;
        return $this->view($user, $customer);
    }
 }
--- a/tests/Unit/Policies/CustomerPolicyTest.php
+++ b/tests/Unit/Policies/CustomerPolicyTest.php
@ -5,36 +5,53 @@ namespace Tests\Unit\Policies;
 use App\Entities\Partners\Customer;
 use Tests\TestCase as TestCase;
 /**
 * Customer Policy Test.
 *
 * @author Nafies Luthfi <nafiesl@gmail.com>
 */
 class CustomerPolicyTest extends TestCase
 {
    /** @test */
    public function user_can_create_customer()
    public function only_admin_can_create_customer()
    {
        $user = $this->adminUserSigningIn();
        $this->assertTrue($user->can('create', new Customer()));
        $admin = $this->createUser('admin');
        $this->assertTrue($admin->can('create', new Customer()));
        $worker = $this->createUser('worker');
        $this->assertFalse($worker->can('create', new Customer()));
    }
    /** @test */
    public function user_can_view_customer()
    public function only_admin_can_view_customer()
    {
        $user = $this->adminUserSigningIn();
        $customer = factory(Customer::class)->create(['name' => 'Customer 1 name']);
        $this->assertTrue($user->can('view', $customer));
        $admin = $this->createUser('admin');
        $worker = $this->createUser('worker');
        $customer = factory(Customer::class)->create();
        $this->assertTrue($admin->can('view', $customer));
        $this->assertFalse($worker->can('view', $customer));
    }
    /** @test */
    public function user_can_update_customer()
    public function only_admin_can_update_customer()
    {
        $user = $this->adminUserSigningIn();
        $customer = factory(Customer::class)->create(['name' => 'Customer 1 name']);
        $this->assertTrue($user->can('update', $customer));
        $admin = $this->createUser('admin');
        $worker = $this->createUser('worker');
        $customer = factory(Customer::class)->create();
        $this->assertTrue($admin->can('update', $customer));
        $this->assertFalse($worker->can('update', $customer));
    }
    /** @test */
    public function user_can_delete_customer()
    public function only_admin_can_delete_customer()
    {
        $user = $this->adminUserSigningIn();
        $customer = factory(Customer::class)->create(['name' => 'Customer 1 name']);
        $this->assertTrue($user->can('delete', $customer));
        $admin = $this->createUser('admin');
        $worker = $this->createUser('worker');
        $customer = factory(Customer::class)->create();
        $this->assertTrue($admin->can('delete', $customer));
        $this->assertFalse($worker->can('delete', $customer));
    }
 }