From a279cdca4db484ba3af114fec3d8aa12b4edf57a Mon Sep 17 00:00:00 2001 From: Mior Muhammad Zaki Date: Mon, 7 Sep 2020 08:05:59 +0800 Subject: [PATCH] Implement TeamPolicy::create authorization check before creating a team. Signed-off-by: Mior Muhammad Zaki --- src/Http/Middleware/ShareInertiaData.php | 4 ++++ stubs/app/Actions/Jetstream/CreateTeam.php | 4 ++++ stubs/inertia/resources/js/Layouts/AppLayout.vue | 2 +- .../livewire/resources/views/layouts/app.blade.php | 2 ++ tests/CreateTeamTest.php | 13 ++++++++++++- tests/CurrentTeamControllerTest.php | 12 ++++++++++++ tests/DeleteUserWithTeamsTest.php | 4 ++++ tests/TeamBehaviorTest.php | 10 ++++++++++ 8 files changed, 49 insertions(+), 2 deletions(-) diff --git a/src/Http/Middleware/ShareInertiaData.php b/src/Http/Middleware/ShareInertiaData.php index 04eecc1c2..b4a39f1ce 100644 --- a/src/Http/Middleware/ShareInertiaData.php +++ b/src/Http/Middleware/ShareInertiaData.php @@ -2,6 +2,7 @@ namespace Laravel\Jetstream\Http\Middleware; +use Illuminate\Support\Facades\Gate; use Illuminate\Support\Facades\Route; use Illuminate\Support\Facades\Session; use Inertia\Inertia; @@ -42,6 +43,9 @@ public function handle($request, $next) 'all_teams' => Jetstream::hasTeamFeatures() ? $request->user()->allTeams() : null, ]), [ 'two_factor_enabled' => ! is_null($request->user()->two_factor_secret), + 'can' => [ + 'create_team' => Jetstream::hasTeamFeatures() && Gate::forUser($user)->authorize('create', Jetstream::newTeamModel()), + ], ]); }, 'errorBags' => function () { diff --git a/stubs/app/Actions/Jetstream/CreateTeam.php b/stubs/app/Actions/Jetstream/CreateTeam.php index 94b857194..fc1ef3366 100644 --- a/stubs/app/Actions/Jetstream/CreateTeam.php +++ b/stubs/app/Actions/Jetstream/CreateTeam.php @@ -2,8 +2,10 @@ namespace App\Actions\Jetstream; +use Illuminate\Support\Facades\Gate; use Illuminate\Support\Facades\Validator; use Laravel\Jetstream\Contracts\CreatesTeams; +use Laravel\Jetstream\Jetstream; class CreateTeam implements CreatesTeams { @@ -16,6 +18,8 @@ class CreateTeam implements CreatesTeams */ public function create($user, array $input) { + Gate::forUser($user)->authorize('create', Jetstream::newTeamModel()); + Validator::make($input, [ 'name' => 'required|string|max:255', ])->validateWithBag('createTeam'); diff --git a/stubs/inertia/resources/js/Layouts/AppLayout.vue b/stubs/inertia/resources/js/Layouts/AppLayout.vue index c9bdcb52d..73106e13b 100644 --- a/stubs/inertia/resources/js/Layouts/AppLayout.vue +++ b/stubs/inertia/resources/js/Layouts/AppLayout.vue @@ -57,7 +57,7 @@ Team Settings - + Create New Team diff --git a/stubs/livewire/resources/views/layouts/app.blade.php b/stubs/livewire/resources/views/layouts/app.blade.php index 1b73f8256..88e8c31fc 100644 --- a/stubs/livewire/resources/views/layouts/app.blade.php +++ b/stubs/livewire/resources/views/layouts/app.blade.php @@ -78,9 +78,11 @@ Team Settings + @can('create', Laravel\Jetstream\Jetstream::newTeamModel()) Create New Team + @endcan
diff --git a/tests/CreateTeamTest.php b/tests/CreateTeamTest.php index 10c2c6eb2..4ae61ba3b 100644 --- a/tests/CreateTeamTest.php +++ b/tests/CreateTeamTest.php @@ -3,12 +3,23 @@ namespace Laravel\Jetstream\Tests; use App\Actions\Jetstream\CreateTeam; +use App\Models\Team; +use Illuminate\Support\Facades\Gate; use Illuminate\Validation\ValidationException; -use Laravel\Jetstream\Team; +use Laravel\Jetstream\Jetstream; +use Laravel\Jetstream\Tests\Fixtures\TeamPolicy; use Laravel\Jetstream\Tests\Fixtures\User; class CreateTeamTest extends OrchestraTestCase { + public function setUp(): void + { + parent::setUp(); + + Gate::policy(Team::class, TeamPolicy::class); + Jetstream::useUserModel(User::class); + } + public function test_team_name_can_be_updated() { $this->migrate(); diff --git a/tests/CurrentTeamControllerTest.php b/tests/CurrentTeamControllerTest.php index 340b93f68..0467cc537 100644 --- a/tests/CurrentTeamControllerTest.php +++ b/tests/CurrentTeamControllerTest.php @@ -3,10 +3,22 @@ namespace Laravel\Jetstream\Tests; use App\Actions\Jetstream\CreateTeam; +use App\Models\Team; +use Illuminate\Support\Facades\Gate; +use Laravel\Jetstream\Jetstream; +use Laravel\Jetstream\Tests\Fixtures\TeamPolicy; use Laravel\Jetstream\Tests\Fixtures\User; class CurrentTeamControllerTest extends OrchestraTestCase { + public function setUp(): void + { + parent::setUp(); + + Gate::policy(Team::class, TeamPolicy::class); + Jetstream::useUserModel(User::class); + } + public function test_can_switch_to_team_the_user_belongs_to() { $this->migrate(); diff --git a/tests/DeleteUserWithTeamsTest.php b/tests/DeleteUserWithTeamsTest.php index bc9e24448..618a8c3f9 100644 --- a/tests/DeleteUserWithTeamsTest.php +++ b/tests/DeleteUserWithTeamsTest.php @@ -5,9 +5,12 @@ use App\Actions\Jetstream\CreateTeam; use App\Actions\Jetstream\DeleteTeam; use App\Actions\Jetstream\DeleteUser; +use App\Models\Team; use Illuminate\Support\Facades\DB; +use Illuminate\Support\Facades\Gate; use Illuminate\Support\Str; use Laravel\Jetstream\Jetstream; +use Laravel\Jetstream\Tests\Fixtures\TeamPolicy; use Laravel\Jetstream\Tests\Fixtures\User; class DeleteUserWithTeamsTest extends OrchestraTestCase @@ -16,6 +19,7 @@ public function setUp(): void { parent::setUp(); + Gate::policy(Team::class, TeamPolicy::class); Jetstream::useUserModel(User::class); } diff --git a/tests/TeamBehaviorTest.php b/tests/TeamBehaviorTest.php index a9e0167b6..dfeb18d82 100644 --- a/tests/TeamBehaviorTest.php +++ b/tests/TeamBehaviorTest.php @@ -3,13 +3,23 @@ namespace Laravel\Jetstream\Tests; use App\Actions\Jetstream\CreateTeam; +use Illuminate\Support\Facades\Gate; use Laravel\Jetstream\Jetstream; use Laravel\Jetstream\Team; +use Laravel\Jetstream\Tests\Fixtures\TeamPolicy; use Laravel\Jetstream\Tests\Fixtures\User; use Laravel\Sanctum\TransientToken; class TeamBehaviorTest extends OrchestraTestCase { + public function setUp(): void + { + parent::setUp(); + + Gate::policy(\App\Models\Team::class, TeamPolicy::class); + Jetstream::useUserModel(User::class); + } + public function test_team_relationship_methods() { $this->migrate();