Update authorization checks for task actions

app/Entities/Projects/Task.php

@@ -14,6 +14,6 @@ class Task extends Model
 
     public function job()
     {
-        return $this->belongsTo(Job::class, 'project_id');
+        return $this->belongsTo(Job::class, 'job_id');
     }
 }

app/Http/Controllers/Projects/FeesController.php

@@ -16,7 +16,7 @@ class FeesController extends Controller
 {
     public function create(Project $project)
     {
-        $this->authorize('create', new Payment);
+        $this->authorize('create', new Payment());
 
         $partners = User::pluck('name', 'id')->all();
 
@@ -25,7 +25,7 @@ class FeesController extends Controller
 
     public function store(Project $project)
     {
-        $this->authorize('create', new Payment);
+        $this->authorize('create', new Payment());
 
         $newPaymentData = request()->validate([
             'type_id'     => 'required|numeric',

app/Http/Controllers/Projects/ProjectsController.php

@@ -38,7 +38,7 @@ class ProjectsController extends Controller
 
     public function create()
     {
-        $this->authorize('create', new Project);
+        $this->authorize('create', new Project());
 
         $customers = $this->repo->getCustomersList();
 
@@ -47,7 +47,7 @@ class ProjectsController extends Controller
 
     public function store(CreateRequest $request)
     {
-        $this->authorize('create', new Project);
+        $this->authorize('create', new Project());
 
         $project = $this->repo->create($request->except('_token'));
         flash()->success(trans('project.created'));

app/Policies/Projects/TaskPolicy.php

@@ -15,6 +15,7 @@ class TaskPolicy
      *
      * @param \App\Entities\Users\User    $user
      * @param \App\Entities\Projects\Task $task
+     *
      * @return mixed
      */
     public function create(User $user, Task $task)
@@ -27,6 +28,7 @@ class TaskPolicy
      *
      * @param \App\Entities\Users\User    $user
      * @param \App\Entities\Projects\Task $task
+     *
      * @return mixed
      */
     public function update(User $user, Task $task)
@@ -40,6 +42,7 @@ class TaskPolicy
      *
      * @param \App\Entities\Users\User    $user
      * @param \App\Entities\Projects\Task $task
+     *
      * @return mixed
      */
     public function delete(User $user, Task $task)

resources/views/jobs/partials/job-tasks-operation.blade.php

@@ -1,4 +1,5 @@
 @if (Request::has('action') == false)
+@can('create', new App\Entities\Projects\Task)
 {!! Form::open(['route' => ['tasks.store', $job->id]])!!}
 <div class="panel panel-default">
     <div class="panel-heading"><h3 class="panel-title">{{ trans('task.create') }}</h3></div>
@@ -7,11 +8,8 @@
             <div class="col-sm-6">{!! FormField::text('name', ['label' => trans('task.name')]) !!}</div>
             <div class="col-md-4">
                 {!! Form::label('progress', trans('task.progress'), ['class' => 'control-label']) !!}
-
                 {!! Form::input('range', 'progress', 0, [
-                    'min' => '0',
-                    'max' => '100',
-                    'step' => '10',
+                    'min' => '0', 'max' => '100', 'step' => '10',
                 ]) !!}
             </div>
             <div class="col-md-2" style="font-size: 28px; margin-top: 15px;">
@@ -23,8 +21,11 @@
         {!! Form::close() !!}
     </div>
 </div>
+@endcan
 @endif
+
 @if (Request::get('action') == 'task_edit' && $editableTask)
+@can('update', $editableTask)
 {!! Form::model($editableTask, ['route' => ['tasks.update', $editableTask->id],'method' => 'patch'])!!}
 <div class="panel panel-default">
     <div class="panel-heading"><h3 class="panel-title">{{ trans('task.edit') }}</h3></div>
@@ -55,8 +56,11 @@
         {!! Form::close() !!}
     </div>
 </div>
+@endcan
 @endif
+
 @if (Request::get('action') == 'task_delete' && $editableTask)
+@can('delete', $editableTask)
 <div class="panel panel-default">
     <div class="panel-heading"><h3 class="panel-title">{{ trans('task.delete') }}</h3></div>
     <div class="panel-body">
@@ -78,4 +82,5 @@
             </div>
         </div>
 </div>
+@endcan
 @endif

resources/views/jobs/partials/job-tasks.blade.php

@@ -24,6 +24,7 @@
                 </td>
                 <td class="text-center">{{ $task->progress }} %</td>
                 <td class="text-center">
+                @can('update', $task)
                     {!! html_link_to_route('jobs.show', '', [
                         $job->id,
                         'action' => 'task_edit',
@@ -34,6 +35,8 @@
                         'id' => $task->id . '-tasks-edit',
                         'icon' => 'edit'
                     ]) !!}
+                @endcan
+                @can('delete', $task)
                     {!! html_link_to_route('jobs.show', '', [
                         $job->id,
                         'action' => 'task_delete',
@@ -44,6 +47,7 @@
                         'id' => $task->id . '-tasks-delete',
                         'icon' => 'close'
                     ]) !!}
+                @endcan
                 </td>
             </tr>
             @empty

resources/views/jobs/show.blade.php

@@ -7,7 +7,7 @@
 
 <h1 class="page-header">
     <div class="pull-right">
-        @can('create', $job)
+        @can('create', new App\Entities\Projects\Job)
             {!! html_link_to_route('projects.jobs.create', trans('job.create'), [$job->project_id], ['class' => 'btn btn-success','icon' => 'plus']) !!}
         @endcan
         @can('update', $job)

tests/Unit/Policies/TaskPolicyTest.php

@@ -58,6 +58,5 @@ class TaskPolicyTest extends TestCase
         $task = factory(Task::class)->create(['job_id' => $job->id]);
 
         $this->assertFalse($worker->can('delete', $task));
-
     }
 }