From a84b9009d9604902eef2661e1927237255692584 Mon Sep 17 00:00:00 2001 From: Nafies Luthfi Date: Wed, 21 Feb 2018 23:45:56 +0800 Subject: [PATCH] Update authorization checks for task actions --- app/Entities/Projects/Task.php | 2 +- app/Http/Controllers/Projects/FeesController.php | 4 ++-- app/Http/Controllers/Projects/ProjectsController.php | 4 ++-- app/Policies/Projects/TaskPolicy.php | 15 +++++++++------ .../views/jobs/partials/job-tasks-operation.blade.php | 13 +++++++++---- resources/views/jobs/partials/job-tasks.blade.php | 4 ++++ resources/views/jobs/show.blade.php | 2 +- tests/Unit/Policies/TaskPolicyTest.php | 1 - 8 files changed, 28 insertions(+), 17 deletions(-) diff --git a/app/Entities/Projects/Task.php b/app/Entities/Projects/Task.php index ec9c649..8c67079 100755 --- a/app/Entities/Projects/Task.php +++ b/app/Entities/Projects/Task.php @@ -14,6 +14,6 @@ class Task extends Model public function job() { - return $this->belongsTo(Job::class, 'project_id'); + return $this->belongsTo(Job::class, 'job_id'); } } diff --git a/app/Http/Controllers/Projects/FeesController.php b/app/Http/Controllers/Projects/FeesController.php index e4eab9c..9caf7c5 100644 --- a/app/Http/Controllers/Projects/FeesController.php +++ b/app/Http/Controllers/Projects/FeesController.php @@ -16,7 +16,7 @@ class FeesController extends Controller { public function create(Project $project) { - $this->authorize('create', new Payment); + $this->authorize('create', new Payment()); $partners = User::pluck('name', 'id')->all(); @@ -25,7 +25,7 @@ class FeesController extends Controller public function store(Project $project) { - $this->authorize('create', new Payment); + $this->authorize('create', new Payment()); $newPaymentData = request()->validate([ 'type_id' => 'required|numeric', diff --git a/app/Http/Controllers/Projects/ProjectsController.php b/app/Http/Controllers/Projects/ProjectsController.php index 4b606f5..0bea489 100755 --- a/app/Http/Controllers/Projects/ProjectsController.php +++ b/app/Http/Controllers/Projects/ProjectsController.php @@ -38,7 +38,7 @@ class ProjectsController extends Controller public function create() { - $this->authorize('create', new Project); + $this->authorize('create', new Project()); $customers = $this->repo->getCustomersList(); @@ -47,7 +47,7 @@ class ProjectsController extends Controller public function store(CreateRequest $request) { - $this->authorize('create', new Project); + $this->authorize('create', new Project()); $project = $this->repo->create($request->except('_token')); flash()->success(trans('project.created')); diff --git a/app/Policies/Projects/TaskPolicy.php b/app/Policies/Projects/TaskPolicy.php index 1b396fc..f7e3b34 100644 --- a/app/Policies/Projects/TaskPolicy.php +++ b/app/Policies/Projects/TaskPolicy.php @@ -13,8 +13,9 @@ class TaskPolicy /** * Determine whether the user can create tasks. * - * @param \App\Entities\Users\User $user - * @param \App\Entities\Projects\Task $task + * @param \App\Entities\Users\User $user + * @param \App\Entities\Projects\Task $task + * * @return mixed */ public function create(User $user, Task $task) @@ -25,8 +26,9 @@ class TaskPolicy /** * Determine whether the user can update the task. * - * @param \App\Entities\Users\User $user - * @param \App\Entities\Projects\Task $task + * @param \App\Entities\Users\User $user + * @param \App\Entities\Projects\Task $task + * * @return mixed */ public function update(User $user, Task $task) @@ -38,8 +40,9 @@ class TaskPolicy /** * Determine whether the user can delete the task. * - * @param \App\Entities\Users\User $user - * @param \App\Entities\Projects\Task $task + * @param \App\Entities\Users\User $user + * @param \App\Entities\Projects\Task $task + * * @return mixed */ public function delete(User $user, Task $task) diff --git a/resources/views/jobs/partials/job-tasks-operation.blade.php b/resources/views/jobs/partials/job-tasks-operation.blade.php index e0c5cea..d4a868d 100644 --- a/resources/views/jobs/partials/job-tasks-operation.blade.php +++ b/resources/views/jobs/partials/job-tasks-operation.blade.php @@ -1,4 +1,5 @@ @if (Request::has('action') == false) +@can('create', new App\Entities\Projects\Task) {!! Form::open(['route' => ['tasks.store', $job->id]])!!}

{{ trans('task.create') }}

@@ -7,11 +8,8 @@
{!! FormField::text('name', ['label' => trans('task.name')]) !!}
{!! Form::label('progress', trans('task.progress'), ['class' => 'control-label']) !!} - {!! Form::input('range', 'progress', 0, [ - 'min' => '0', - 'max' => '100', - 'step' => '10', + 'min' => '0', 'max' => '100', 'step' => '10', ]) !!}
@@ -23,8 +21,11 @@ {!! Form::close() !!}
+@endcan @endif + @if (Request::get('action') == 'task_edit' && $editableTask) +@can('update', $editableTask) {!! Form::model($editableTask, ['route' => ['tasks.update', $editableTask->id],'method' => 'patch'])!!}

{{ trans('task.edit') }}

@@ -55,8 +56,11 @@ {!! Form::close() !!}
+@endcan @endif + @if (Request::get('action') == 'task_delete' && $editableTask) +@can('delete', $editableTask)

{{ trans('task.delete') }}

@@ -78,4 +82,5 @@
+@endcan @endif diff --git a/resources/views/jobs/partials/job-tasks.blade.php b/resources/views/jobs/partials/job-tasks.blade.php index a2d1b5a..53bc269 100644 --- a/resources/views/jobs/partials/job-tasks.blade.php +++ b/resources/views/jobs/partials/job-tasks.blade.php @@ -24,6 +24,7 @@ {{ $task->progress }} % + @can('update', $task) {!! html_link_to_route('jobs.show', '', [ $job->id, 'action' => 'task_edit', @@ -34,6 +35,8 @@ 'id' => $task->id . '-tasks-edit', 'icon' => 'edit' ]) !!} + @endcan + @can('delete', $task) {!! html_link_to_route('jobs.show', '', [ $job->id, 'action' => 'task_delete', @@ -44,6 +47,7 @@ 'id' => $task->id . '-tasks-delete', 'icon' => 'close' ]) !!} + @endcan @empty diff --git a/resources/views/jobs/show.blade.php b/resources/views/jobs/show.blade.php index 48e4506..73db391 100755 --- a/resources/views/jobs/show.blade.php +++ b/resources/views/jobs/show.blade.php @@ -7,7 +7,7 @@

- @can('create', $job) + @can('create', new App\Entities\Projects\Job) {!! html_link_to_route('projects.jobs.create', trans('job.create'), [$job->project_id], ['class' => 'btn btn-success','icon' => 'plus']) !!} @endcan @can('update', $job) diff --git a/tests/Unit/Policies/TaskPolicyTest.php b/tests/Unit/Policies/TaskPolicyTest.php index e224bdc..843c316 100644 --- a/tests/Unit/Policies/TaskPolicyTest.php +++ b/tests/Unit/Policies/TaskPolicyTest.php @@ -58,6 +58,5 @@ class TaskPolicyTest extends TestCase $task = factory(Task::class)->create(['job_id' => $job->id]); $this->assertFalse($worker->can('delete', $task)); - } }