diff --git a/app/Policies/Projects/JobPolicy.php b/app/Policies/Projects/JobPolicy.php new file mode 100644 index 0000000..33a6025 --- /dev/null +++ b/app/Policies/Projects/JobPolicy.php @@ -0,0 +1,72 @@ + + */ +class JobPolicy +{ + use HandlesAuthorization; + + /** + * Determine whether the user can view the job. + * + * @param \App\Entities\Users\User $user + * @param \App\Entities\Projects\Job $job + * + * @return mixed + */ + public function view(User $user, Job $job) + { + // User can only view the job if he is the job's agency owner. + return true; + } + + /** + * Determine whether the user can create jobs. + * + * @param \App\Entities\Users\User $user + * @param \App\Entities\Projects\Job $job + * + * @return mixed + */ + public function create(User $user, Job $job) + { + // User can create a job if they owns an agency. + return $user->hasRole('admin'); + } + + /** + * Determine whether the user can update the job. + * + * @param \App\Entities\Users\User $user + * @param \App\Entities\Projects\Job $job + * + * @return mixed + */ + public function update(User $user, Job $job) + { + return $user->hasRole('admin') + || ($user->hasRole('worker') && $job->worker_id == $user->id); + } + + /** + * Determine whether the user can delete the job. + * + * @param \App\Entities\Users\User $user + * @param \App\Entities\Projects\Job $job + * + * @return mixed + */ + public function delete(User $user, Job $job) + { + return $user->hasRole('admin'); + } +} diff --git a/app/Policies/Projects/ProjectPolicy.php b/app/Policies/Projects/ProjectPolicy.php index 28fea7c..ba72f05 100644 --- a/app/Policies/Projects/ProjectPolicy.php +++ b/app/Policies/Projects/ProjectPolicy.php @@ -40,7 +40,7 @@ class ProjectPolicy public function create(User $user, Project $project) { // User can create a project if they owns an agency. - return true; + return $user->hasRole('admin'); } /** @@ -53,7 +53,7 @@ class ProjectPolicy */ public function update(User $user, Project $project) { - return $this->view($user, $project); + return $user->hasRole('admin'); } /** @@ -66,6 +66,6 @@ class ProjectPolicy */ public function delete(User $user, Project $project) { - return $this->view($user, $project); + return $user->hasRole('admin'); } } diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index 25f1272..9b739ea 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -16,6 +16,7 @@ class AuthServiceProvider extends ServiceProvider 'App\Entities\Partners\Vendor' => 'App\Policies\Partners\VendorPolicy', 'App\Entities\Partners\Customer' => 'App\Policies\Partners\CustomerPolicy', 'App\Entities\Projects\Project' => 'App\Policies\Projects\ProjectPolicy', + 'App\Entities\Projects\Job' => 'App\Policies\Projects\JobPolicy', 'App\Entities\Users\User' => 'App\Policies\UserPolicy', 'App\Entities\Users\Event' => 'App\Policies\EventPolicy', ]; diff --git a/tests/Unit/Policies/JobPolicyTest.php b/tests/Unit/Policies/JobPolicyTest.php new file mode 100644 index 0000000..51d3685 --- /dev/null +++ b/tests/Unit/Policies/JobPolicyTest.php @@ -0,0 +1,74 @@ +createUser('admin'); + + $this->assertTrue($admin->can('create', new Job())); + } + + /** @test */ + public function a_worker_cannot_create_job_on_a_project() + { + $worker = $this->createUser('worker'); + + $this->assertFalse($worker->can('create', new Job())); + } + + /** @test */ + public function an_admin_can_view_job_on_a_project() + { + $admin = $this->createUser('admin'); + $job = factory(Job::class)->create(); + + $this->assertTrue($admin->can('view', $job)); + } + + /** @test */ + public function an_admin_can_update_job() + { + $admin = $this->createUser('admin'); + $job = factory(Job::class)->create(); + + $this->assertTrue($admin->can('update', $job)); + } + + /** @test */ + public function a_worker_can_only_update_job_that_assigned_to_them() + { + $assignedWorker = $this->createUser('worker'); + $job = factory(Job::class)->create(['worker_id' => $assignedWorker->id]); + + $this->assertTrue($assignedWorker->can('update', $job)); + + $otherWorker = $this->createUser('worker'); + + $this->assertFalse($otherWorker->can('update', $job)); + } + + /** @test */ + public function an_admin_can_delete_job() + { + $admin = $this->createUser('admin'); + $job = factory(Job::class)->create(); + + $this->assertTrue($admin->can('delete', $job)); + } + + /** @test */ + public function a_worker_cannot_delete_job() + { + $worker = $this->createUser('worker'); + $job = factory(Job::class)->create(); + + $this->assertFalse($worker->can('delete', $job)); + } +} diff --git a/tests/Unit/Policies/ProjectPolicyTest.php b/tests/Unit/Policies/ProjectPolicyTest.php index 023de85..ac9dc21 100644 --- a/tests/Unit/Policies/ProjectPolicyTest.php +++ b/tests/Unit/Policies/ProjectPolicyTest.php @@ -8,37 +8,63 @@ use Tests\TestCase as TestCase; class ProjectPolicyTest extends TestCase { /** @test */ - public function user_can_create_project() + public function an_admin_can_create_project() { - $user = $this->userSigningIn(); + $admin = $this->createUser('admin'); - $this->assertTrue($user->can('create', new Project())); + $this->assertTrue($admin->can('create', new Project())); } /** @test */ - public function user_can_view_project() + public function a_worker_cannot_create_project() { - $user = $this->userSigningIn(); + $worker = $this->createUser('worker'); + + $this->assertFalse($worker->can('create', new Project())); + } + + /** @test */ + public function an_admin_can_view_project() + { + $admin = $this->createUser('admin'); + $project = factory(Project::class)->create(); + + $this->assertTrue($admin->can('view', $project)); + } + + /** @test */ + public function an_admin_can_update_project() + { + $admin = $this->createUser('admin'); + $project = factory(Project::class)->create(); + + $this->assertTrue($admin->can('update', $project)); + } + + /** @test */ + public function a_worker_cannot_update_project() + { + $worker = $this->createUser('worker'); $project = factory(Project::class)->create(); - $this->assertTrue($user->can('view', $project)); + $this->assertFalse($worker->can('update', $project)); } /** @test */ - public function user_can_update_project() + public function an_admin_can_delete_project() { - $user = $this->userSigningIn(); + $admin = $this->createUser('admin'); $project = factory(Project::class)->create(); - $this->assertTrue($user->can('update', $project)); + $this->assertTrue($admin->can('delete', $project)); } /** @test */ - public function user_can_delete_project() + public function a_worker_cannot_delete_project() { - $user = $this->userSigningIn(); + $worker = $this->createUser('worker'); $project = factory(Project::class)->create(); - $this->assertTrue($user->can('delete', $project)); + $this->assertFalse($worker->can('delete', $project)); } }