From fefbaaa7b2653b99c8d59387e2a3f3658afcd6c3 Mon Sep 17 00:00:00 2001 From: Nafies Luthfi Date: Wed, 21 Feb 2018 21:53:05 +0800 Subject: [PATCH] Add task policy object for user authorization --- app/Policies/Projects/TaskPolicy.php | 49 ++++++++++++++++++++++++++ app/Providers/AuthServiceProvider.php | 1 + tests/Unit/Policies/TaskPolicyTest.php | 63 ++++++++++++++++++++++++++++++++++ 3 files changed, 113 insertions(+) create mode 100644 app/Policies/Projects/TaskPolicy.php create mode 100644 tests/Unit/Policies/TaskPolicyTest.php diff --git a/app/Policies/Projects/TaskPolicy.php b/app/Policies/Projects/TaskPolicy.php new file mode 100644 index 0000000..1b396fc --- /dev/null +++ b/app/Policies/Projects/TaskPolicy.php @@ -0,0 +1,49 @@ +hasRole('admin'); + } + + /** + * Determine whether the user can update the task. + * + * @param \App\Entities\Users\User $user + * @param \App\Entities\Projects\Task $task + * @return mixed + */ + public function update(User $user, Task $task) + { + return $user->hasRole('admin') + || ($user->hasRole('worker') && $task->job->worker_id == $user->id); + } + + /** + * Determine whether the user can delete the task. + * + * @param \App\Entities\Users\User $user + * @param \App\Entities\Projects\Task $task + * @return mixed + */ + public function delete(User $user, Task $task) + { + return $user->hasRole('admin'); + } +} diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index fb211cf..cf8e691 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -17,6 +17,7 @@ class AuthServiceProvider extends ServiceProvider 'App\Entities\Partners\Customer' => 'App\Policies\Partners\CustomerPolicy', 'App\Entities\Projects\Project' => 'App\Policies\Projects\ProjectPolicy', 'App\Entities\Projects\Job' => 'App\Policies\Projects\JobPolicy', + 'App\Entities\Projects\Task' => 'App\Policies\Projects\TaskPolicy', 'App\Entities\Users\User' => 'App\Policies\UserPolicy', 'App\Entities\Users\Event' => 'App\Policies\EventPolicy', ]; diff --git a/tests/Unit/Policies/TaskPolicyTest.php b/tests/Unit/Policies/TaskPolicyTest.php new file mode 100644 index 0000000..e224bdc --- /dev/null +++ b/tests/Unit/Policies/TaskPolicyTest.php @@ -0,0 +1,63 @@ +createUser('admin'); + $worker = $this->createUser('worker'); + + $this->assertTrue($admin->can('create', new Task())); + $this->assertFalse($worker->can('create', new Task())); + } + + /** @test */ + public function an_admin_can_update_task() + { + $admin = $this->createUser('admin'); + $task = factory(Task::class)->create(); + + $this->assertTrue($admin->can('update', $task)); + } + + /** @test */ + public function a_worker_can_only_update_task_that_belongs_to_a_job_that_has_assign_to_them() + { + $worker = $this->createUser('worker'); + $job = factory(Job::class)->create(['worker_id' => $worker->id]); + $task = factory(Task::class)->create(['job_id' => $job->id]); + + $this->assertTrue($worker->can('update', $worker)); + } + + /** @test */ + public function an_admin_can_delete_any_task() + { + $admin = $this->createUser('admin'); + $task = factory(Task::class)->create(); + + $this->assertTrue($admin->can('delete', $task)); + } + + /** @test */ + public function a_worker_cannot_delete_their_tasks() + { + $worker = $this->createUser('worker'); + $task = factory(Task::class)->create(); + + $this->assertFalse($worker->can('delete', $task)); + + $job = factory(Job::class)->create(['worker_id' => $worker->id]); + $task = factory(Task::class)->create(['job_id' => $job->id]); + + $this->assertFalse($worker->can('delete', $task)); + + } +}