diff --git a/app/Http/Controllers/Projects/ProjectsController.php b/app/Http/Controllers/Projects/ProjectsController.php index 0bea489..8250fc7 100755 --- a/app/Http/Controllers/Projects/ProjectsController.php +++ b/app/Http/Controllers/Projects/ProjectsController.php @@ -120,6 +120,8 @@ class ProjectsController extends Controller public function statusUpdate(Request $request, Project $project) { + $this->authorize('update', $project); + $project = $this->repo->updateStatus($request->get('status_id'), $project->id); flash()->success(trans('project.updated')); @@ -128,6 +130,8 @@ class ProjectsController extends Controller public function jobsReorder(Request $request, Project $project) { + $this->authorize('update', $project); + if ($request->ajax()) { $data = $this->repo->jobsReorder($request->get('postData')); diff --git a/app/Policies/Projects/ProjectPolicy.php b/app/Policies/Projects/ProjectPolicy.php index 97f9eb0..20be936 100644 --- a/app/Policies/Projects/ProjectPolicy.php +++ b/app/Policies/Projects/ProjectPolicy.php @@ -134,4 +134,17 @@ class ProjectPolicy return $user->hasRole('admin') || ($user->hasRole('worker') && $user->projects->contains($project->id)); } + + /** + * Determine whether the user can see project pricings. + * + * @param \App\Entities\Users\User $user + * @param \App\Entities\Projects\Project $project + * + * @return mixed + */ + public function seePricings(User $user, Project $project) + { + return $user->hasRole('admin'); + } } diff --git a/resources/views/layouts/dashboard.blade.php b/resources/views/layouts/dashboard.blade.php index 48e22c5..8aaf9b3 100644 --- a/resources/views/layouts/dashboard.blade.php +++ b/resources/views/layouts/dashboard.blade.php @@ -10,10 +10,12 @@ 'style' => 'width:100%;max-width:350px' ]) !!} {!! Form::submit(trans('project.search'), ['class' => 'btn btn-info btn-sm']) !!} - {{ link_to_route('projects.create', trans('project.create'), [], [ - 'class' => 'btn btn-success pull-right', - 'style' => 'margin: -2px 0px;' - ]) }} + @can('create', new App\Entities\Projects\Project) + {{ link_to_route('projects.create', trans('project.create'), [], [ + 'class' => 'btn btn-success pull-right', + 'style' => 'margin: -2px 0px;' + ]) }} + @endcan {!! Form::close() !!} diff --git a/resources/views/projects/jobs/index.blade.php b/resources/views/projects/jobs/index.blade.php index c68ab20..2a01404 100755 --- a/resources/views/projects/jobs/index.blade.php +++ b/resources/views/projects/jobs/index.blade.php @@ -22,13 +22,17 @@
- @if (request('action') == 'sort_jobs') - {{ link_to_route('projects.jobs.index', trans('app.done'), [$project->id], ['class' => 'btn btn-default btn-xs pull-right', 'style' => 'margin-top: -2px; margin-left: 6px; margin-right: -8px']) }} - @else - {{ link_to_route('projects.jobs.index', trans('project.sort_jobs'), [$project->id, 'action' => 'sort_jobs', '#project-jobs'], ['class' => 'btn btn-default btn-xs pull-right', 'style' => 'margin-top: -2px; margin-left: 6px; margin-right: -8px']) }} - {!! link_to_route('projects.jobs-export', trans('project.jobs_list_export_html'), [$project->id, 'html', 'job_type' => $key], ['class' => '','target' => '_blank']) !!} | - {!! link_to_route('projects.job-progress-export', trans('project.jobs_progress_export_html'), [$project->id, 'html', 'job_type' => $key], ['class' => '','target' => '_blank']) !!} - @endif + @can('update', $project) + @if (request('action') == 'sort_jobs') + {{ link_to_route('projects.jobs.index', trans('app.done'), [$project->id], ['class' => 'btn btn-default btn-xs pull-right', 'style' => 'margin-top: -2px; margin-left: 6px; margin-right: -8px']) }} + @else + {{ link_to_route('projects.jobs.index', trans('project.sort_jobs'), [$project->id, 'action' => 'sort_jobs', '#project-jobs'], ['class' => 'btn btn-default btn-xs pull-right', 'style' => 'margin-top: -2px; margin-left: 6px; margin-right: -8px']) }} + @can('see-pricings', $project) + {!! link_to_route('projects.jobs-export', trans('project.jobs_list_export_html'), [$project->id, 'html', 'job_type' => $key], ['class' => '','target' => '_blank']) !!} | + {!! link_to_route('projects.job-progress-export', trans('project.jobs_progress_export_html'), [$project->id, 'html', 'job_type' => $key], ['class' => '','target' => '_blank']) !!} + @endcan + @endif + @endcan

{{ $key == 1 ? trans('project.jobs') : trans('project.additional_jobs') }} @@ -89,11 +93,13 @@ {{ formatRp($groupedJobs->sum('price')) }} - @if (request('action') == 'sort_jobs') - {{ link_to_route('projects.jobs.index', trans('app.done'), [$project->id], ['class' => 'btn btn-default btn-xs pull-right']) }} - @else - {{ link_to_route('projects.jobs.index', trans('project.sort_jobs'), [$project->id, 'action' => 'sort_jobs', '#project-jobs'], ['class' => 'btn btn-default btn-xs pull-right']) }} - @endif + @can('update', $project) + @if (request('action') == 'sort_jobs') + {{ link_to_route('projects.jobs.index', trans('app.done'), [$project->id], ['class' => 'btn btn-default btn-xs pull-right']) }} + @else + {{ link_to_route('projects.jobs.index', trans('project.sort_jobs'), [$project->id, 'action' => 'sort_jobs', '#project-jobs'], ['class' => 'btn btn-default btn-xs pull-right']) }} + @endif + @endcan @@ -104,6 +110,7 @@ @endif @endsection +@can('update', $project) @if (request('action') == 'sort_jobs') @section('ext_js') @@ -125,3 +132,4 @@ @endsection @endif +@endcan diff --git a/resources/views/projects/partials/project-show.blade.php b/resources/views/projects/partials/project-show.blade.php index 9bc2939..bd5c1d1 100644 --- a/resources/views/projects/partials/project-show.blade.php +++ b/resources/views/projects/partials/project-show.blade.php @@ -6,8 +6,10 @@ {{ trans('project.name') }}{{ $project->name }} {{ trans('project.description') }}{!! nl2br($project->description) !!} {{ trans('project.proposal_date') }}{{ dateId($project->proposal_date) }} + @can('see-pricings', $project) {{ trans('project.proposal_value') }}{{ formatRp($project->proposal_value) }} {{ trans('project.project_value') }}{{ formatRp($project->project_value) }} + @endcan {{ trans('project.start_date') }}{{ dateId($project->start_date) }} {{ trans('project.end_date') }}{{ dateId($project->end_date) }} {{ trans('app.status') }}{{ $project->present()->status }} diff --git a/resources/views/projects/partials/project-stats.blade.php b/resources/views/projects/partials/project-stats.blade.php index bc921b4..be26b97 100644 --- a/resources/views/projects/partials/project-stats.blade.php +++ b/resources/views/projects/partials/project-stats.blade.php @@ -29,6 +29,7 @@

+ @can('see-pricings', $project)
@@ -44,5 +45,6 @@
+ @endcan
diff --git a/resources/views/projects/show.blade.php b/resources/views/projects/show.blade.php index c10ff65..bed80ee 100755 --- a/resources/views/projects/show.blade.php +++ b/resources/views/projects/show.blade.php @@ -14,10 +14,12 @@ @include('projects.partials.project-show')
+ @can('update', $project) {!! Form::model($project, ['route' => ['projects.status-update', $project->id], 'method' => 'patch','class' => 'well well-sm form-inline']) !!} {!! FormField::select('status_id', ProjectStatus::toArray(), ['label' => trans('project.status')]) !!} {!! Form::submit('Update Project Status', ['class' => 'btn btn-info btn-sm']) !!} {!! Form::close() !!} + @endcan @include('projects.partials.project-stats')
diff --git a/tests/Unit/Policies/ProjectPolicyTest.php b/tests/Unit/Policies/ProjectPolicyTest.php index 91021dd..abd7174 100644 --- a/tests/Unit/Policies/ProjectPolicyTest.php +++ b/tests/Unit/Policies/ProjectPolicyTest.php @@ -125,4 +125,20 @@ class ProjectPolicyTest extends TestCase $this->assertTrue($admin->can('view-files', $project)); $this->assertTrue($worker->can('view-files', $project)); } + + /** @test */ + public function only_admin_can_see_project_pricings() + { + $admin = $this->createUser('admin'); + $worker = $this->createUser('worker'); + + $project = factory(Project::class)->create(); + $job = factory(Job::class)->create([ + 'project_id' => $project->id, + 'worker_id' => $worker->id, + ]); + + $this->assertTrue($admin->can('see-pricings', $project)); + $this->assertFalse($worker->can('see-pricings', $project)); + } }