odon
/
free-pmo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Update user policies for viewing project detail 

Only admin can see project pricings
Prevent worker form reorder job priority
pull/6/head
Nafies Luthfi 8 years ago
parent
a84b9009d9
commit
db1e4903f7
8 changed files with 65 additions and 16 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      app/Http/Controllers/Projects/ProjectsController.php
  2. 13
      app/Policies/Projects/ProjectPolicy.php
  3. 10
      resources/views/layouts/dashboard.blade.php
  4. 32
      resources/views/projects/jobs/index.blade.php
  5. 2
      resources/views/projects/partials/project-show.blade.php
  6. 2
      resources/views/projects/partials/project-stats.blade.php
  7. 2
      resources/views/projects/show.blade.php
  8. 16
      tests/Unit/Policies/ProjectPolicyTest.php

4
app/Http/Controllers/Projects/ProjectsController.php
View File

@ -120,6 +120,8 @@ class ProjectsController extends Controller
public function statusUpdate(Request $request, Project $project)
{
$this->authorize('update', $project);
$project = $this->repo->updateStatus($request->get('status_id'), $project->id);
flash()->success(trans('project.updated'));
@ -128,6 +130,8 @@ class ProjectsController extends Controller
public function jobsReorder(Request $request, Project $project)
{
$this->authorize('update', $project);
if ($request->ajax()) {
$data = $this->repo->jobsReorder($request->get('postData'));

13
app/Policies/Projects/ProjectPolicy.php
View File

@ -134,4 +134,17 @@ class ProjectPolicy
return $user->hasRole('admin')
|| ($user->hasRole('worker') && $user->projects->contains($project->id));
}
/**
* Determine whether the user can see project pricings.
*
* @param \App\Entities\Users\User $user
* @param \App\Entities\Projects\Project $project
*
* @return mixed
*/
public function seePricings(User $user, Project $project)
{
return $user->hasRole('admin');
}
}

10
resources/views/layouts/dashboard.blade.php
View File

@ -10,10 +10,12 @@
'style' => 'width:100%;max-width:350px'
]) !!}
{!! Form::submit(trans('project.search'), ['class' => 'btn btn-info btn-sm']) !!}
{{ link_to_route('projects.create', trans('project.create'), [], [
'class' => 'btn btn-success pull-right',
'style' => 'margin: -2px 0px;'
]) }}
@can('create', new App\Entities\Projects\Project)
{{ link_to_route('projects.create', trans('project.create'), [], [
'class' => 'btn btn-success pull-right',
'style' => 'margin: -2px 0px;'
]) }}
@endcan
{!! Form::close() !!}
</div>

32
resources/views/projects/jobs/index.blade.php
View File

@ -22,13 +22,17 @@
<div id="project-jobs" class="panel panel-default table-responsive">
<div class="panel-heading">
<div class="pull-right">
@if (request('action') == 'sort_jobs')
{{ link_to_route('projects.jobs.index', trans('app.done'), [$project->id], ['class' => 'btn btn-default btn-xs pull-right', 'style' => 'margin-top: -2px; margin-left: 6px; margin-right: -8px']) }}
@else
{{ link_to_route('projects.jobs.index', trans('project.sort_jobs'), [$project->id, 'action' => 'sort_jobs', '#project-jobs'], ['class' => 'btn btn-default btn-xs pull-right', 'style' => 'margin-top: -2px; margin-left: 6px; margin-right: -8px']) }}
{!! link_to_route('projects.jobs-export', trans('project.jobs_list_export_html'), [$project->id, 'html', 'job_type' => $key], ['class' => '','target' => '_blank']) !!} |
{!! link_to_route('projects.job-progress-export', trans('project.jobs_progress_export_html'), [$project->id, 'html', 'job_type' => $key], ['class' => '','target' => '_blank']) !!}
@endif
@can('update', $project)
@if (request('action') == 'sort_jobs')
{{ link_to_route('projects.jobs.index', trans('app.done'), [$project->id], ['class' => 'btn btn-default btn-xs pull-right', 'style' => 'margin-top: -2px; margin-left: 6px; margin-right: -8px']) }}
@else
{{ link_to_route('projects.jobs.index', trans('project.sort_jobs'), [$project->id, 'action' => 'sort_jobs', '#project-jobs'], ['class' => 'btn btn-default btn-xs pull-right', 'style' => 'margin-top: -2px; margin-left: 6px; margin-right: -8px']) }}
@can('see-pricings', $project)
{!! link_to_route('projects.jobs-export', trans('project.jobs_list_export_html'), [$project->id, 'html', 'job_type' => $key], ['class' => '','target' => '_blank']) !!} |
{!! link_to_route('projects.job-progress-export', trans('project.jobs_progress_export_html'), [$project->id, 'html', 'job_type' => $key], ['class' => '','target' => '_blank']) !!}
@endcan
@endif
@endcan
</div>
<h3 class="panel-title">
{{ $key == 1 ? trans('project.jobs') : trans('project.additional_jobs') }}
@ -89,11 +93,13 @@
</th>
<th class="text-right">{{ formatRp($groupedJobs->sum('price')) }}</th>
<th colspan="2">
@if (request('action') == 'sort_jobs')
{{ link_to_route('projects.jobs.index', trans('app.done'), [$project->id], ['class' => 'btn btn-default btn-xs pull-right']) }}
@else
{{ link_to_route('projects.jobs.index', trans('project.sort_jobs'), [$project->id, 'action' => 'sort_jobs', '#project-jobs'], ['class' => 'btn btn-default btn-xs pull-right']) }}
@endif
@can('update', $project)
@if (request('action') == 'sort_jobs')
{{ link_to_route('projects.jobs.index', trans('app.done'), [$project->id], ['class' => 'btn btn-default btn-xs pull-right']) }}
@else
{{ link_to_route('projects.jobs.index', trans('project.sort_jobs'), [$project->id, 'action' => 'sort_jobs', '#project-jobs'], ['class' => 'btn btn-default btn-xs pull-right']) }}
@endif
@endcan
</th>
</tr>
</tfoot>
@ -104,6 +110,7 @@
@endif
@endsection
@can('update', $project)
@if (request('action') == 'sort_jobs')
@section('ext_js')
@ -125,3 +132,4 @@
@endsection
@endif
@endcan

2
resources/views/projects/partials/project-show.blade.php
View File

@ -6,8 +6,10 @@
<tr><td class="col-xs-3">{{ trans('project.name') }}</td><td class="col-xs-9">{{ $project->name }}</td></tr>
<tr><td>{{ trans('project.description') }}</td><td>{!! nl2br($project->description) !!}</td></tr>
<tr><td>{{ trans('project.proposal_date') }}</td><td>{{ dateId($project->proposal_date) }}</td></tr>
@can('see-pricings', $project)
<tr><td>{{ trans('project.proposal_value') }}</td><td class="text-right">{{ formatRp($project->proposal_value) }}</td></tr>
<tr><td>{{ trans('project.project_value') }}</td><td class="text-right">{{ formatRp($project->project_value) }}</td></tr>
@endcan
<tr><td>{{ trans('project.start_date') }}</td><td>{{ dateId($project->start_date) }}</td></tr>
<tr><td>{{ trans('project.end_date') }}</td><td>{{ dateId($project->end_date) }}</td></tr>
<tr><td>{{ trans('app.status') }}</td><td>{{ $project->present()->status }}</td></tr>

2
resources/views/projects/partials/project-stats.blade.php
View File

@ -29,6 +29,7 @@
</div>
</a>
</div>
@can('see-pricings', $project)
<div class="col-lg-6 col-md-12">
<a href="{{ route('projects.jobs.index',[$project->id]) }}" title="Collectible Earnings">
<div class="panel panel-success">
@ -44,5 +45,6 @@
</div>
</a>
</div>
@endcan
<div class="clearfix"></div>
</div>

2
resources/views/projects/show.blade.php
View File

@ -14,10 +14,12 @@
@include('projects.partials.project-show')
</div>
<div class="col-md-6">
@can('update', $project)
{!! Form::model($project, ['route' => ['projects.status-update', $project->id], 'method' => 'patch','class' => 'well well-sm form-inline']) !!}
{!! FormField::select('status_id', ProjectStatus::toArray(), ['label' => trans('project.status')]) !!}
{!! Form::submit('Update Project Status', ['class' => 'btn btn-info btn-sm']) !!}
{!! Form::close() !!}
@endcan
@include('projects.partials.project-stats')
</div>
</div>

16
tests/Unit/Policies/ProjectPolicyTest.php
View File

@ -125,4 +125,20 @@ class ProjectPolicyTest extends TestCase
$this->assertTrue($admin->can('view-files', $project));
$this->assertTrue($worker->can('view-files', $project));
}
/** @test */
public function only_admin_can_see_project_pricings()
{
$admin = $this->createUser('admin');
$worker = $this->createUser('worker');
$project = factory(Project::class)->create();
$job = factory(Job::class)->create([
'project_id' => $project->id,
'worker_id' => $worker->id,
]);
$this->assertTrue($admin->can('see-pricings', $project));
$this->assertFalse($worker->can('see-pricings', $project));
}
}
Write Preview
Loading…
Cancel
Save