From 7f8d91db29092f6aebd58ba02b4e894b6461af85 Mon Sep 17 00:00:00 2001
From: Nafies Luthfi <nafiesl@gmail.com>
Date: Thu, 2 Nov 2017 22:26:15 +0800
Subject: [PATCH] Add User model policy

---
 app/Entities/Users/UsersRepository.php  |  4 ++-
 app/Policies/UserPolicy.php             | 60 +++++++++++++++++++++++++++++++++
 app/Providers/AuthServiceProvider.php   |  1 +
 tests/Feature/Users/ManageUsersTest.php | 17 ++++++++++
 tests/Unit/Policies/UserPolicyTest.php  | 50 +++++++++++++++++++++++++++
 5 files changed, 131 insertions(+), 1 deletion(-)
 create mode 100644 app/Policies/UserPolicy.php
 create mode 100644 tests/Unit/Policies/UserPolicyTest.php

diff --git a/app/Entities/Users/UsersRepository.php b/app/Entities/Users/UsersRepository.php
index 8a05668..6698031 100755
--- a/app/Entities/Users/UsersRepository.php
+++ b/app/Entities/Users/UsersRepository.php
@@ -20,7 +20,7 @@ class UsersRepository extends BaseRepository
 
     public function getUsers($q)
     {
-        return $this->model->latest()
+        return auth()->user()->agency->workers()
             ->where('name', 'like', '%'.$q.'%')
             ->get();
     }
@@ -33,6 +33,8 @@ class UsersRepository extends BaseRepository
 
         $user = $this->storeArray($userData);
 
+        auth()->user()->agency->addWorker($user);
+
         return $user;
     }
 
diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php
new file mode 100644
index 0000000..4ed1d53
--- /dev/null
+++ b/app/Policies/UserPolicy.php
@@ -0,0 +1,60 @@
+<?php
+
+namespace App\Policies;
+
+use App\Entities\Users\User;
+use App\Entities\Users\User as Worker;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class UserPolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Determine whether the user can view the user.
+     *
+     * @param  \App\Entities\Users\User  $user
+     * @param  \App\Entities\Users\User  $user
+     * @return mixed
+     */
+    public function view(User $user, Worker $worker)
+    {
+        return $user->id == $user->id;
+    }
+
+    /**
+     * Determine whether the user can create users.
+     *
+     * @param  \App\Entities\Users\User  $user
+     * @param  \App\Entities\Users\User  $user
+     * @return mixed
+     */
+    public function create(User $user, Worker $worker)
+    {
+        return  !  ! $user->agency;
+    }
+
+    /**
+     * Determine whether the user can update the user.
+     *
+     * @param  \App\Entities\Users\User  $user
+     * @param  \App\Entities\Users\User  $user
+     * @return mixed
+     */
+    public function update(User $user, Worker $worker)
+    {
+        return $user->agency->workers->contains($worker);
+    }
+
+    /**
+     * Determine whether the user can delete the user.
+     *
+     * @param  \App\Entities\Users\User  $user
+     * @param  \App\Entities\Users\User  $user
+     * @return mixed
+     */
+    public function delete(User $user, Worker $worker)
+    {
+        return $this->update($user, $worker);
+    }
+}
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
index 7b0c203..ccb04d0 100644
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -17,6 +17,7 @@ class AuthServiceProvider extends ServiceProvider
         'App\Entities\Partners\Vendor'   => 'App\Policies\Partners\VendorPolicy',
         'App\Entities\Partners\Customer' => 'App\Policies\Partners\CustomerPolicy',
         'App\Entities\Projects\Project'  => 'App\Policies\Projects\ProjectPolicy',
+        'App\Entities\Users\User'        => 'App\Policies\UserPolicy',
         'App\Entities\Agencies\Agency'   => 'App\Policies\AgencyPolicy',
         'App\Entities\Users\Event'       => 'App\Policies\EventPolicy',
     ];
diff --git a/tests/Feature/Users/ManageUsersTest.php b/tests/Feature/Users/ManageUsersTest.php
index f745de8..214c4dc 100644
--- a/tests/Feature/Users/ManageUsersTest.php
+++ b/tests/Feature/Users/ManageUsersTest.php
@@ -8,6 +8,23 @@ use Tests\TestCase;
 class ManageUsersTest extends TestCase
 {
     /** @test */
+    public function user_can_see_user_list_from_dashboard_tab()
+    {
+        $user   = $this->adminUserSigningIn();
+        $agency = $user->agency;
+
+        $user1 = factory(User::class)->create();
+        $user2 = factory(User::class)->create();
+
+        $agency->addWorker($user1);
+        $agency->addWorker($user2);
+
+        $this->visit(route('users.index'));
+        $this->see($user1->name);
+        $this->see($user2->name);
+    }
+
+    /** @test */
     public function admin_can_insert_new_user()
     {
         $user = $this->adminUserSigningIn();
diff --git a/tests/Unit/Policies/UserPolicyTest.php b/tests/Unit/Policies/UserPolicyTest.php
new file mode 100644
index 0000000..780ca17
--- /dev/null
+++ b/tests/Unit/Policies/UserPolicyTest.php
@@ -0,0 +1,50 @@
+<?php
+
+namespace Tests\Unit\Policies;
+
+use App\Entities\Users\User;
+use Illuminate\Foundation\Testing\DatabaseMigrations;
+use Tests\TestCase as TestCase;
+
+class UserPolicyTest extends TestCase
+{
+    use DatabaseMigrations;
+
+    /** @test */
+    public function admin_can_create_user()
+    {
+        $admin = $this->adminUserSigningIn();
+
+        $this->assertTrue($admin->can('create', new User));
+    }
+
+    /** @test */
+    public function admin_can_view_user()
+    {
+        $admin = $this->adminUserSigningIn();
+        $user  = factory(User::class)->create();
+        $admin->agency->addWorker($user);
+
+        $this->assertTrue($admin->can('view', $user));
+    }
+
+    /** @test */
+    public function admin_can_update_user()
+    {
+        $admin = $this->adminUserSigningIn();
+        $user  = factory(User::class)->create();
+        $admin->agency->addWorker($user);
+
+        $this->assertTrue($admin->can('update', $user));
+    }
+
+    /** @test */
+    public function admin_can_delete_user()
+    {
+        $admin = $this->adminUserSigningIn();
+        $user  = factory(User::class)->create();
+        $admin->agency->addWorker($user);
+
+        $this->assertTrue($admin->can('delete', $user));
+    }
+}