From 428b501763c1a50d70394cba56c85bde010ce747 Mon Sep 17 00:00:00 2001
From: Nafies Luthfi <nafiesl@gmail.com>
Date: Sun, 29 Apr 2018 20:17:57 +0800
Subject: [PATCH] Update authorization check on create and delete task

---
 app/Http/Requests/Tasks/CreateRequest.php | 3 ++-
 app/Http/Requests/Tasks/DeleteRequest.php | 5 ++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/app/Http/Requests/Tasks/CreateRequest.php b/app/Http/Requests/Tasks/CreateRequest.php
index dee99a7..232668f 100644
--- a/app/Http/Requests/Tasks/CreateRequest.php
+++ b/app/Http/Requests/Tasks/CreateRequest.php
@@ -2,6 +2,7 @@
 
 namespace App\Http\Requests\Tasks;
 
+use App\Entities\Projects\Task;
 use App\Http\Requests\Request;
 
 class CreateRequest extends Request
@@ -13,7 +14,7 @@ class CreateRequest extends Request
      */
     public function authorize()
     {
-        return auth()->user()->can('manage_agency');
+        return auth()->user()->can('create', new Task());
     }
 
     /**
diff --git a/app/Http/Requests/Tasks/DeleteRequest.php b/app/Http/Requests/Tasks/DeleteRequest.php
index 073af91..55b12ca 100644
--- a/app/Http/Requests/Tasks/DeleteRequest.php
+++ b/app/Http/Requests/Tasks/DeleteRequest.php
@@ -2,6 +2,7 @@
 
 namespace App\Http\Requests\Tasks;
 
+use App\Entities\Projects\Task;
 use App\Http\Requests\Request;
 
 class DeleteRequest extends Request
@@ -13,7 +14,9 @@ class DeleteRequest extends Request
      */
     public function authorize()
     {
-        return auth()->user()->can('manage_agency');
+        $task = Task::findOrFail($this->segment(2));
+
+        return auth()->user()->can('delete', $task);
     }
 
     /**