Add task policy object for user authorization

app/Policies/Projects/TaskPolicy.php

@@ -0,0 +1,49 @@
+<?php
+
+namespace App\Policies\Projects;
+
+use App\Entities\Projects\Task;
+use App\Entities\Users\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class TaskPolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Determine whether the user can create tasks.
+     *
+     * @param  \App\Entities\Users\User    $user
+     * @param  \App\Entities\Projects\Task $task
+     * @return mixed
+     */
+    public function create(User $user, Task $task)
+    {
+        return $user->hasRole('admin');
+    }
+
+    /**
+     * Determine whether the user can update the task.
+     *
+     * @param  \App\Entities\Users\User    $user
+     * @param  \App\Entities\Projects\Task $task
+     * @return mixed
+     */
+    public function update(User $user, Task $task)
+    {
+        return $user->hasRole('admin')
+            || ($user->hasRole('worker') && $task->job->worker_id == $user->id);
+    }
+
+    /**
+     * Determine whether the user can delete the task.
+     *
+     * @param  \App\Entities\Users\User    $user
+     * @param  \App\Entities\Projects\Task $task
+     * @return mixed
+     */
+    public function delete(User $user, Task $task)
+    {
+        return $user->hasRole('admin');
+    }
+}

app/Providers/AuthServiceProvider.php

@@ -17,6 +17,7 @@ class AuthServiceProvider extends ServiceProvider
         'App\Entities\Partners\Customer' => 'App\Policies\Partners\CustomerPolicy',
         'App\Entities\Projects\Project'  => 'App\Policies\Projects\ProjectPolicy',
         'App\Entities\Projects\Job'      => 'App\Policies\Projects\JobPolicy',
+        'App\Entities\Projects\Task'     => 'App\Policies\Projects\TaskPolicy',
         'App\Entities\Users\User'        => 'App\Policies\UserPolicy',
         'App\Entities\Users\Event'       => 'App\Policies\EventPolicy',
     ];

tests/Unit/Policies/TaskPolicyTest.php

@@ -0,0 +1,63 @@
+<?php
+
+namespace Tests\Unit\Policies;
+
+use App\Entities\Projects\Job;
+use App\Entities\Projects\Task;
+use Tests\TestCase as TestCase;
+
+class TaskPolicyTest extends TestCase
+{
+    /** @test */
+    public function only_admin_can_create_task_on_a_job()
+    {
+        $admin = $this->createUser('admin');
+        $worker = $this->createUser('worker');
+
+        $this->assertTrue($admin->can('create', new Task()));
+        $this->assertFalse($worker->can('create', new Task()));
+    }
+
+    /** @test */
+    public function an_admin_can_update_task()
+    {
+        $admin = $this->createUser('admin');
+        $task = factory(Task::class)->create();
+
+        $this->assertTrue($admin->can('update', $task));
+    }
+
+    /** @test */
+    public function a_worker_can_only_update_task_that_belongs_to_a_job_that_has_assign_to_them()
+    {
+        $worker = $this->createUser('worker');
+        $job = factory(Job::class)->create(['worker_id' => $worker->id]);
+        $task = factory(Task::class)->create(['job_id' => $job->id]);
+
+        $this->assertTrue($worker->can('update', $worker));
+    }
+
+    /** @test */
+    public function an_admin_can_delete_any_task()
+    {
+        $admin = $this->createUser('admin');
+        $task = factory(Task::class)->create();
+
+        $this->assertTrue($admin->can('delete', $task));
+    }
+
+    /** @test */
+    public function a_worker_cannot_delete_their_tasks()
+    {
+        $worker = $this->createUser('worker');
+        $task = factory(Task::class)->create();
+
+        $this->assertFalse($worker->can('delete', $task));
+
+        $job = factory(Job::class)->create(['worker_id' => $worker->id]);
+        $task = factory(Task::class)->create(['job_id' => $job->id]);
+
+        $this->assertFalse($worker->can('delete', $task));
+
+    }
+}