Add JobPolicy object with tests and update Project Policy with tests

app/Policies/Projects/JobPolicy.php

@@ -0,0 +1,72 @@
+<?php
+
+namespace App\Policies\Projects;
+
+use App\Entities\Projects\Job;
+use App\Entities\Users\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+/**
+ * Job model policy class.
+ *
+ * @author Nafies Luthfi <nafiesL@gmail.com>
+ */
+class JobPolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Determine whether the user can view the job.
+     *
+     * @param \App\Entities\Users\User   $user
+     * @param \App\Entities\Projects\Job $job
+     *
+     * @return mixed
+     */
+    public function view(User $user, Job $job)
+    {
+        // User can only view the job if he is the job's agency owner.
+        return true;
+    }
+
+    /**
+     * Determine whether the user can create jobs.
+     *
+     * @param \App\Entities\Users\User   $user
+     * @param \App\Entities\Projects\Job $job
+     *
+     * @return mixed
+     */
+    public function create(User $user, Job $job)
+    {
+        // User can create a job if they owns an agency.
+        return $user->hasRole('admin');
+    }
+
+    /**
+     * Determine whether the user can update the job.
+     *
+     * @param \App\Entities\Users\User   $user
+     * @param \App\Entities\Projects\Job $job
+     *
+     * @return mixed
+     */
+    public function update(User $user, Job $job)
+    {
+        return $user->hasRole('admin')
+            || ($user->hasRole('worker') && $job->worker_id == $user->id);
+    }
+
+    /**
+     * Determine whether the user can delete the job.
+     *
+     * @param \App\Entities\Users\User   $user
+     * @param \App\Entities\Projects\Job $job
+     *
+     * @return mixed
+     */
+    public function delete(User $user, Job $job)
+    {
+        return $user->hasRole('admin');
+    }
+}

app/Policies/Projects/ProjectPolicy.php

@@ -40,7 +40,7 @@ class ProjectPolicy
     public function create(User $user, Project $project)
     {
         // User can create a project if they owns an agency.
-        return true;
+        return $user->hasRole('admin');
     }
 
     /**
@@ -53,7 +53,7 @@ class ProjectPolicy
      */
     public function update(User $user, Project $project)
     {
-        return $this->view($user, $project);
+        return $user->hasRole('admin');
     }
 
     /**
@@ -66,6 +66,6 @@ class ProjectPolicy
      */
     public function delete(User $user, Project $project)
     {
-        return $this->view($user, $project);
+        return $user->hasRole('admin');
     }
 }

app/Providers/AuthServiceProvider.php

@@ -16,6 +16,7 @@ class AuthServiceProvider extends ServiceProvider
         'App\Entities\Partners\Vendor'   => 'App\Policies\Partners\VendorPolicy',
         'App\Entities\Partners\Customer' => 'App\Policies\Partners\CustomerPolicy',
         'App\Entities\Projects\Project'  => 'App\Policies\Projects\ProjectPolicy',
+        'App\Entities\Projects\Job'      => 'App\Policies\Projects\JobPolicy',
         'App\Entities\Users\User'        => 'App\Policies\UserPolicy',
         'App\Entities\Users\Event'       => 'App\Policies\EventPolicy',
     ];

tests/Unit/Policies/JobPolicyTest.php

@@ -0,0 +1,74 @@
+<?php
+
+namespace Tests\Unit\Policies;
+
+use App\Entities\Projects\Job;
+use Tests\TestCase as TestCase;
+
+class JobPolicyTest extends TestCase
+{
+    /** @test */
+    public function an_admin_can_create_job_on_a_project()
+    {
+        $admin = $this->createUser('admin');
+
+        $this->assertTrue($admin->can('create', new Job()));
+    }
+
+    /** @test */
+    public function a_worker_cannot_create_job_on_a_project()
+    {
+        $worker = $this->createUser('worker');
+
+        $this->assertFalse($worker->can('create', new Job()));
+    }
+
+    /** @test */
+    public function an_admin_can_view_job_on_a_project()
+    {
+        $admin = $this->createUser('admin');
+        $job = factory(Job::class)->create();
+
+        $this->assertTrue($admin->can('view', $job));
+    }
+
+    /** @test */
+    public function an_admin_can_update_job()
+    {
+        $admin = $this->createUser('admin');
+        $job = factory(Job::class)->create();
+
+        $this->assertTrue($admin->can('update', $job));
+    }
+
+    /** @test */
+    public function a_worker_can_only_update_job_that_assigned_to_them()
+    {
+        $assignedWorker = $this->createUser('worker');
+        $job = factory(Job::class)->create(['worker_id' => $assignedWorker->id]);
+
+        $this->assertTrue($assignedWorker->can('update', $job));
+
+        $otherWorker = $this->createUser('worker');
+
+        $this->assertFalse($otherWorker->can('update', $job));
+    }
+
+    /** @test */
+    public function an_admin_can_delete_job()
+    {
+        $admin = $this->createUser('admin');
+        $job = factory(Job::class)->create();
+
+        $this->assertTrue($admin->can('delete', $job));
+    }
+
+    /** @test */
+    public function a_worker_cannot_delete_job()
+    {
+        $worker = $this->createUser('worker');
+        $job = factory(Job::class)->create();
+
+        $this->assertFalse($worker->can('delete', $job));
+    }
+}

tests/Unit/Policies/ProjectPolicyTest.php

@@ -8,37 +8,63 @@ use Tests\TestCase as TestCase;
 class ProjectPolicyTest extends TestCase
 {
     /** @test */
-    public function user_can_create_project()
+    public function an_admin_can_create_project()
     {
-        $user = $this->userSigningIn();
+        $admin = $this->createUser('admin');
 
-        $this->assertTrue($user->can('create', new Project()));
+        $this->assertTrue($admin->can('create', new Project()));
     }
 
     /** @test */
-    public function user_can_view_project()
+    public function a_worker_cannot_create_project()
     {
-        $user = $this->userSigningIn();
+        $worker = $this->createUser('worker');
+
+        $this->assertFalse($worker->can('create', new Project()));
+    }
+
+    /** @test */
+    public function an_admin_can_view_project()
+    {
+        $admin = $this->createUser('admin');
+        $project = factory(Project::class)->create();
+
+        $this->assertTrue($admin->can('view', $project));
+    }
+
+    /** @test */
+    public function an_admin_can_update_project()
+    {
+        $admin = $this->createUser('admin');
+        $project = factory(Project::class)->create();
+
+        $this->assertTrue($admin->can('update', $project));
+    }
+
+    /** @test */
+    public function a_worker_cannot_update_project()
+    {
+        $worker = $this->createUser('worker');
         $project = factory(Project::class)->create();
 
-        $this->assertTrue($user->can('view', $project));
+        $this->assertFalse($worker->can('update', $project));
     }
 
     /** @test */
-    public function user_can_update_project()
+    public function an_admin_can_delete_project()
     {
-        $user = $this->userSigningIn();
+        $admin = $this->createUser('admin');
         $project = factory(Project::class)->create();
 
-        $this->assertTrue($user->can('update', $project));
+        $this->assertTrue($admin->can('delete', $project));
     }
 
     /** @test */
-    public function user_can_delete_project()
+    public function a_worker_cannot_delete_project()
     {
-        $user = $this->userSigningIn();
+        $worker = $this->createUser('worker');
         $project = factory(Project::class)->create();
 
-        $this->assertTrue($user->can('delete', $project));
+        $this->assertFalse($worker->can('delete', $project));
     }
 }