diff --git a/app/Policies/Partners/VendorPolicy.php b/app/Policies/Partners/VendorPolicy.php index a235722..0d69748 100644 --- a/app/Policies/Partners/VendorPolicy.php +++ b/app/Policies/Partners/VendorPolicy.php @@ -16,7 +16,7 @@ class VendorPolicy use HandlesAuthorization; /** - * Determine whether the user can view the project. + * Determine whether the user can view the vendor. * * @param \App\Entities\Users\User $user * @param \App\Entities\Partners\Vendor $vendor @@ -25,11 +25,11 @@ class VendorPolicy */ public function view(User $user, Vendor $vendor) { - return true; + return $user->hasRole('admin'); } /** - * Determine whether the user can create projects. + * Determine whether the user can create vendors. * * @param \App\Entities\Users\User $user * @param \App\Entities\Partners\Vendor $vendor @@ -38,11 +38,11 @@ class VendorPolicy */ public function create(User $user, Vendor $vendor) { - return true; + return $user->hasRole('admin'); } /** - * Determine whether the user can update the project. + * Determine whether the user can update the vendor. * * @param \App\Entities\Users\User $user * @param \App\Entities\Partners\Vendor $vendor @@ -55,7 +55,7 @@ class VendorPolicy } /** - * Determine whether the user can delete the project. + * Determine whether the user can delete the vendor. * * @param \App\Entities\Users\User $user * @param \App\Entities\Partners\Vendor $vendor diff --git a/tests/Unit/Policies/VendorPolicyTest.php b/tests/Unit/Policies/VendorPolicyTest.php index e8afae7..92f6394 100644 --- a/tests/Unit/Policies/VendorPolicyTest.php +++ b/tests/Unit/Policies/VendorPolicyTest.php @@ -3,41 +3,55 @@ namespace Tests\Unit\Policies; use App\Entities\Partners\Vendor; -use Illuminate\Foundation\Testing\DatabaseMigrations; use Tests\TestCase as TestCase; +/** + * Vendor Policy Test. + * + * @author Nafies Luthfi + */ class VendorPolicyTest extends TestCase { - use DatabaseMigrations; - /** @test */ - public function user_can_create_vendor() + public function only_admin_can_create_vendor() { - $user = $this->adminUserSigningIn(); - $this->assertTrue($user->can('create', new Vendor())); + $admin = $this->createUser('admin'); + $this->assertTrue($admin->can('create', new Vendor())); + + $worker = $this->createUser('worker'); + $this->assertFalse($worker->can('create', new Vendor())); } /** @test */ - public function user_can_view_vendor() + public function only_admin_can_view_vendor() { - $user = $this->adminUserSigningIn(); + $admin = $this->createUser('admin'); + $worker = $this->createUser('worker'); $vendor = factory(Vendor::class)->create(); - $this->assertTrue($user->can('view', $vendor)); + + $this->assertTrue($admin->can('view', $vendor)); + $this->assertFalse($worker->can('view', $vendor)); } /** @test */ - public function user_can_update_vendor() + public function only_admin_can_update_vendor() { - $user = $this->adminUserSigningIn(); + $admin = $this->createUser('admin'); + $worker = $this->createUser('worker'); $vendor = factory(Vendor::class)->create(); - $this->assertTrue($user->can('update', $vendor)); + + $this->assertTrue($admin->can('update', $vendor)); + $this->assertFalse($worker->can('update', $vendor)); } /** @test */ - public function user_can_delete_vendor() + public function only_admin_can_delete_vendor() { - $user = $this->adminUserSigningIn(); + $admin = $this->createUser('admin'); + $worker = $this->createUser('worker'); $vendor = factory(Vendor::class)->create(); - $this->assertTrue($user->can('delete', $vendor)); + + $this->assertTrue($admin->can('delete', $vendor)); + $this->assertFalse($worker->can('delete', $vendor)); } }