diff --git a/app/Http/Controllers/JobsController.php b/app/Http/Controllers/JobsController.php
index a694988..8d1d64f 100755
--- a/app/Http/Controllers/JobsController.php
+++ b/app/Http/Controllers/JobsController.php
@@ -25,7 +25,7 @@ class JobsController extends Controller
 
     public function index()
     {
-        $projects = Project::whereIn('status_id', [2, 3])->pluck('name','id');
+        $projects = Project::whereIn('status_id', [2, 3])->pluck('name', 'id');
         $jobs = $this->repo->getUnfinishedJobs(auth()->user(), request('project_id'));
 
         return view('jobs.unfinished', compact('jobs', 'projects'));
diff --git a/app/Http/Middleware/Role.php b/app/Http/Middleware/Role.php
index f0a0d3c..d7d3e96 100644
--- a/app/Http/Middleware/Role.php
+++ b/app/Http/Middleware/Role.php
@@ -24,11 +24,17 @@ class Role
         $nameArray = explode('|', $names);
 
         if (auth()->check() == false) {
-            return redirect()->guest('login');
+            return $request->expectsJson()
+            ? response()->json(['message' => 'Forbidden.'], 403)
+            : redirect()->guest('login');
         }
 
         // Cek apakah grup user ada di dalam array $nameArray?
         if (auth()->user()->hasRoles($nameArray) == false) {
+            if ($request->expectsJson()) {
+                return response()->json(['message' => 'Forbidden.'], 403);
+            }
+
             flash(__('auth.unauthorized_access', ['url' => $request->path()]), 'danger');
 
             return redirect()->route('home');
diff --git a/tests/Feature/Projects/UploadFilesTest.php b/tests/Feature/Projects/UploadFilesTest.php
index ece96ca..e945730 100644
--- a/tests/Feature/Projects/UploadFilesTest.php
+++ b/tests/Feature/Projects/UploadFilesTest.php
@@ -44,10 +44,6 @@ class UploadFilesTest extends TestCase
         Storage::fake('avatar');
         $user = $this->adminUserSigningIn();
         $project = factory(Project::class)->create();
-        // $file = factory(File::class, 'project')->create(['fileable_id' => $project->id]);
-        // dd(get_class_methods((new FileFactory)->create('123.txt')));
-        // $result = Storage::disk('avatar')->put('public/files', (new FileFactory)->create('123.txt'));
-        // dd($result);
 
         $this->visit(route('projects.files', [$project->id]));
 
diff --git a/tests/Unit/Http/Middlewares/RoleTest.php b/tests/Unit/Http/Middlewares/RoleTest.php
new file mode 100644
index 0000000..78078b5
--- /dev/null
+++ b/tests/Unit/Http/Middlewares/RoleTest.php
@@ -0,0 +1,111 @@
+<?php
+
+namespace Tests\Unit\Http\Middlewares;
+
+use Tests\TestCase;
+use App\Http\Middleware\Role;
+use Illuminate\Foundation\Testing\DatabaseMigrations;
+
+/**
+ * Role middleware test.
+ *
+ * @author Nafies Luthfi <nafiesL@gmail.com>
+ */
+class RoleTest extends TestCase
+{
+    use DatabaseMigrations;
+
+    /**
+     * Call the given middleware.
+     *
+     * @param  string|string[]  $middleware
+     * @param  string  $method
+     * @param  array  $data
+     * @return $this
+     */
+    protected function callMiddleware($middleware, $method = 'GET', array $data = [])
+    {
+        return $this->call(
+            $method, $this->makeMiddlewareRoute($method, $middleware), $data
+        );
+    }
+
+    /**
+     * Call the given middleware using a JSON request.
+     *
+     * @param  string|string[]  $middleware
+     * @param  string  $method
+     * @param  array  $data
+     * @return $this
+     */
+    protected function callMiddlewareJson($middleware, $method = 'GET', array $data = [])
+    {
+        return $this->json(
+            $method, $this->makeMiddlewareRoute($method, $middleware), $data
+        );
+    }
+
+    /**
+     * Make a dummy route with the given middleware applied.
+     *
+     * @param  string  $method
+     * @param  string|string[]  $middleware
+     * @return string
+     */
+    protected function makeMiddlewareRoute($method, $middleware)
+    {
+        $method = strtolower($method);
+
+        return $this->app->make('router')->{$method}('/__middleware__', [
+            'middleware' => $middleware,
+            function () {
+                return '__passed__';
+            },
+        ])->uri();
+    }
+
+    /** @test */
+    public function it_passes_for_user_roles_on_parameters()
+    {
+        $user = $this->createUser('admin');
+
+        $this->actingAs($user)->callMiddleware(Role::class.':admin|worker');
+        $this->assertResponseStatus(200);
+    }
+
+    /** @test */
+    public function it_redirects_non_accepted_roles_to_the_home()
+    {
+        $user = $this->createUser('worker');
+
+        $this->actingAs($user)->callMiddleware(Role::class.':admin');
+
+        $this->assertRedirectedTo(route('home'));
+    }
+
+    /** @test */
+    public function it_redirects_guests_to_login()
+    {
+        $this->callMiddleware(Role::class.':admin');
+
+        $this->assertRedirectedTo(route('auth.login'));
+    }
+
+    /** @test */
+    public function it_returns_a_forbidden_json_response_for_non_accepted_roles()
+    {
+        $user = $this->createUser('worker');
+
+        $this->actingAs($user)->callMiddlewareJson(Role::class.':admin');
+
+        $this->assertResponseStatus(403);
+    }
+
+    /** @test */
+    public function it_returns_a_forbidden_json_response_for_guests()
+    {
+        $this->callMiddlewareJson(Role::class.':admin');
+
+        $this->assertResponseStatus(403);
+    }
+}