From 7eab33132341c243a63cfda6545a3dade3346756 Mon Sep 17 00:00:00 2001 From: Nafies Luthfi Date: Wed, 21 Feb 2018 21:27:44 +0800 Subject: [PATCH] Update project policy for user role authorization --- app/Policies/Projects/ProjectPolicy.php | 5 ++-- tests/Unit/Policies/ProjectPolicyTest.php | 45 +++++++++++++++---------------- 2 files changed, 24 insertions(+), 26 deletions(-) diff --git a/app/Policies/Projects/ProjectPolicy.php b/app/Policies/Projects/ProjectPolicy.php index ba72f05..aef72f3 100644 --- a/app/Policies/Projects/ProjectPolicy.php +++ b/app/Policies/Projects/ProjectPolicy.php @@ -25,8 +25,8 @@ class ProjectPolicy */ public function view(User $user, Project $project) { - // User can only view the project if he is the project's agency owner. - return true; + return $user->hasRole('admin') + || ($user->hasRole('worker') && $user->projects->contains($project->id)); } /** @@ -39,7 +39,6 @@ class ProjectPolicy */ public function create(User $user, Project $project) { - // User can create a project if they owns an agency. return $user->hasRole('admin'); } diff --git a/tests/Unit/Policies/ProjectPolicyTest.php b/tests/Unit/Policies/ProjectPolicyTest.php index ac9dc21..846d076 100644 --- a/tests/Unit/Policies/ProjectPolicyTest.php +++ b/tests/Unit/Policies/ProjectPolicyTest.php @@ -2,29 +2,24 @@ namespace Tests\Unit\Policies; +use App\Entities\Projects\Job; use App\Entities\Projects\Project; use Tests\TestCase as TestCase; class ProjectPolicyTest extends TestCase { /** @test */ - public function an_admin_can_create_project() + public function only_admin_can_create_project() { $admin = $this->createUser('admin'); - - $this->assertTrue($admin->can('create', new Project())); - } - - /** @test */ - public function a_worker_cannot_create_project() - { $worker = $this->createUser('worker'); + $this->assertTrue($admin->can('create', new Project())); $this->assertFalse($worker->can('create', new Project())); } /** @test */ - public function an_admin_can_view_project() + public function an_admin_can_view_all_project_detail() { $admin = $this->createUser('admin'); $project = factory(Project::class)->create(); @@ -33,38 +28,42 @@ class ProjectPolicyTest extends TestCase } /** @test */ - public function an_admin_can_update_project() + public function a_worker_can_only_view_the_project_in_which_they_are_involved() { - $admin = $this->createUser('admin'); + $worker = $this->createUser('worker'); $project = factory(Project::class)->create(); - $this->assertTrue($admin->can('update', $project)); - } + // Worker cannot view the project + $this->assertFalse($worker->can('view', $project)); - /** @test */ - public function a_worker_cannot_update_project() - { - $worker = $this->createUser('worker'); - $project = factory(Project::class)->create(); + // Assign a job to worker on the project + factory(Job::class)->create([ + 'project_id' => $project->id, + 'worker_id' => $worker->id, + ]); - $this->assertFalse($worker->can('update', $project)); + // Worker can view the project after assignment + $this->assertTrue($worker->fresh()->can('view', $project)); } /** @test */ - public function an_admin_can_delete_project() + public function only_admin_can_update_project() { $admin = $this->createUser('admin'); - $project = factory(Project::class)->create(); + $worker = $this->createUser('worker'); - $this->assertTrue($admin->can('delete', $project)); + $this->assertTrue($admin->can('update', new Project())); + $this->assertFalse($worker->can('update', new Project())); } /** @test */ - public function a_worker_cannot_delete_project() + public function only_admin_can_delete_project() { + $admin = $this->createUser('admin'); $worker = $this->createUser('worker'); $project = factory(Project::class)->create(); + $this->assertTrue($admin->can('delete', $project)); $this->assertFalse($worker->can('delete', $project)); } }