Add User model policy

app/Entities/Users/UsersRepository.php

@@ -20,7 +20,7 @@ class UsersRepository extends BaseRepository
 
     public function getUsers($q)
     {
-        return $this->model->latest()
+        return auth()->user()->agency->workers()
             ->where('name', 'like', '%'.$q.'%')
             ->get();
     }
@@ -33,6 +33,8 @@ class UsersRepository extends BaseRepository
 
         $user = $this->storeArray($userData);
 
+        auth()->user()->agency->addWorker($user);
+
         return $user;
     }
 

app/Policies/UserPolicy.php

@@ -0,0 +1,60 @@
+<?php
+
+namespace App\Policies;
+
+use App\Entities\Users\User;
+use App\Entities\Users\User as Worker;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class UserPolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Determine whether the user can view the user.
+     *
+     * @param  \App\Entities\Users\User  $user
+     * @param  \App\Entities\Users\User  $user
+     * @return mixed
+     */
+    public function view(User $user, Worker $worker)
+    {
+        return $user->id == $user->id;
+    }
+
+    /**
+     * Determine whether the user can create users.
+     *
+     * @param  \App\Entities\Users\User  $user
+     * @param  \App\Entities\Users\User  $user
+     * @return mixed
+     */
+    public function create(User $user, Worker $worker)
+    {
+        return  !  ! $user->agency;
+    }
+
+    /**
+     * Determine whether the user can update the user.
+     *
+     * @param  \App\Entities\Users\User  $user
+     * @param  \App\Entities\Users\User  $user
+     * @return mixed
+     */
+    public function update(User $user, Worker $worker)
+    {
+        return $user->agency->workers->contains($worker);
+    }
+
+    /**
+     * Determine whether the user can delete the user.
+     *
+     * @param  \App\Entities\Users\User  $user
+     * @param  \App\Entities\Users\User  $user
+     * @return mixed
+     */
+    public function delete(User $user, Worker $worker)
+    {
+        return $this->update($user, $worker);
+    }
+}

app/Providers/AuthServiceProvider.php

@@ -17,6 +17,7 @@ class AuthServiceProvider extends ServiceProvider
         'App\Entities\Partners\Vendor'   => 'App\Policies\Partners\VendorPolicy',
         'App\Entities\Partners\Customer' => 'App\Policies\Partners\CustomerPolicy',
         'App\Entities\Projects\Project'  => 'App\Policies\Projects\ProjectPolicy',
+        'App\Entities\Users\User'        => 'App\Policies\UserPolicy',
         'App\Entities\Agencies\Agency'   => 'App\Policies\AgencyPolicy',
         'App\Entities\Users\Event'       => 'App\Policies\EventPolicy',
     ];

tests/Feature/Users/ManageUsersTest.php

@@ -8,6 +8,23 @@ use Tests\TestCase;
 class ManageUsersTest extends TestCase
 {
     /** @test */
+    public function user_can_see_user_list_from_dashboard_tab()
+    {
+        $user   = $this->adminUserSigningIn();
+        $agency = $user->agency;
+
+        $user1 = factory(User::class)->create();
+        $user2 = factory(User::class)->create();
+
+        $agency->addWorker($user1);
+        $agency->addWorker($user2);
+
+        $this->visit(route('users.index'));
+        $this->see($user1->name);
+        $this->see($user2->name);
+    }
+
+    /** @test */
     public function admin_can_insert_new_user()
     {
         $user = $this->adminUserSigningIn();

tests/Unit/Policies/UserPolicyTest.php

@@ -0,0 +1,50 @@
+<?php
+
+namespace Tests\Unit\Policies;
+
+use App\Entities\Users\User;
+use Illuminate\Foundation\Testing\DatabaseMigrations;
+use Tests\TestCase as TestCase;
+
+class UserPolicyTest extends TestCase
+{
+    use DatabaseMigrations;
+
+    /** @test */
+    public function admin_can_create_user()
+    {
+        $admin = $this->adminUserSigningIn();
+
+        $this->assertTrue($admin->can('create', new User));
+    }
+
+    /** @test */
+    public function admin_can_view_user()
+    {
+        $admin = $this->adminUserSigningIn();
+        $user  = factory(User::class)->create();
+        $admin->agency->addWorker($user);
+
+        $this->assertTrue($admin->can('view', $user));
+    }
+
+    /** @test */
+    public function admin_can_update_user()
+    {
+        $admin = $this->adminUserSigningIn();
+        $user  = factory(User::class)->create();
+        $admin->agency->addWorker($user);
+
+        $this->assertTrue($admin->can('update', $user));
+    }
+
+    /** @test */
+    public function admin_can_delete_user()
+    {
+        $admin = $this->adminUserSigningIn();
+        $user  = factory(User::class)->create();
+        $admin->agency->addWorker($user);
+
+        $this->assertTrue($admin->can('delete', $user));
+    }
+}