Update vendor policy for vendor actions

8 years ago · afe28c70a8
2 changed files with 35 additions and 21 deletions
--- a/app/Policies/Partners/VendorPolicy.php
+++ b/app/Policies/Partners/VendorPolicy.php
@ -16,7 +16,7 @@ class VendorPolicy
    use HandlesAuthorization;

    /**
-     * Determine whether the user can view the project.
+     * Determine whether the user can view the vendor.
     *
     * @param \App\Entities\Users\User      $user
     * @param \App\Entities\Partners\Vendor $vendor
@ -25,11 +25,11 @@ class VendorPolicy
     */
    public function view(User $user, Vendor $vendor)
    {
-        return true;
+        return $user->hasRole('admin');
    }

    /**
-     * Determine whether the user can create projects.
+     * Determine whether the user can create vendors.
     *
     * @param \App\Entities\Users\User      $user
     * @param \App\Entities\Partners\Vendor $vendor
@ -38,11 +38,11 @@ class VendorPolicy
     */
    public function create(User $user, Vendor $vendor)
    {
-        return true;
+        return $user->hasRole('admin');
    }

    /**
-     * Determine whether the user can update the project.
+     * Determine whether the user can update the vendor.
     *
     * @param \App\Entities\Users\User      $user
     * @param \App\Entities\Partners\Vendor $vendor
@ -55,7 +55,7 @@ class VendorPolicy
    }

    /**
-     * Determine whether the user can delete the project.
+     * Determine whether the user can delete the vendor.
     *
     * @param \App\Entities\Users\User      $user
     * @param \App\Entities\Partners\Vendor $vendor
--- a/tests/Unit/Policies/VendorPolicyTest.php
+++ b/tests/Unit/Policies/VendorPolicyTest.php
@ -3,41 +3,55 @@
 namespace Tests\Unit\Policies;

 use App\Entities\Partners\Vendor;
-use Illuminate\Foundation\Testing\DatabaseMigrations;
 use Tests\TestCase as TestCase;

+/**
+ * Vendor Policy Test.
+ *
+ * @author Nafies Luthfi <nafiesl@gmail.com>
+ */
 class VendorPolicyTest extends TestCase
 {
-    use DatabaseMigrations;
-
    /** @test */
-    public function user_can_create_vendor()
+    public function only_admin_can_create_vendor()
    {
-        $user = $this->adminUserSigningIn();
-        $this->assertTrue($user->can('create', new Vendor()));
+        $admin = $this->createUser('admin');
+        $this->assertTrue($admin->can('create', new Vendor()));
+
+        $worker = $this->createUser('worker');
+        $this->assertFalse($worker->can('create', new Vendor()));
    }

    /** @test */
-    public function user_can_view_vendor()
+    public function only_admin_can_view_vendor()
    {
-        $user = $this->adminUserSigningIn();
+        $admin = $this->createUser('admin');
+        $worker = $this->createUser('worker');
        $vendor = factory(Vendor::class)->create();
-        $this->assertTrue($user->can('view', $vendor));
+
+        $this->assertTrue($admin->can('view', $vendor));
+        $this->assertFalse($worker->can('view', $vendor));
    }

    /** @test */
-    public function user_can_update_vendor()
+    public function only_admin_can_update_vendor()
    {
-        $user = $this->adminUserSigningIn();
+        $admin = $this->createUser('admin');
+        $worker = $this->createUser('worker');
        $vendor = factory(Vendor::class)->create();
-        $this->assertTrue($user->can('update', $vendor));
+
+        $this->assertTrue($admin->can('update', $vendor));
+        $this->assertFalse($worker->can('update', $vendor));
    }

    /** @test */
-    public function user_can_delete_vendor()
+    public function only_admin_can_delete_vendor()
    {
-        $user = $this->adminUserSigningIn();
+        $admin = $this->createUser('admin');
+        $worker = $this->createUser('worker');
        $vendor = factory(Vendor::class)->create();
-        $this->assertTrue($user->can('delete', $vendor));
+
+        $this->assertTrue($admin->can('delete', $vendor));
+        $this->assertFalse($worker->can('delete', $vendor));
    }
 }