Policies and testing (#52)

* Add OrganisationPolicy

* Add tests to make sure users can't register or update with an email that already exists

* Install Sass

* Fix button styles

Author: SebKay

app/Http/Requests/Organisation/OrganisationEdit.php

@@ -2,13 +2,13 @@
 
 namespace App\Http\Requests\Organisation;
 
-use App\Enums\Permission;
 use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Support\Facades\Gate;
 
 class OrganisationEdit extends FormRequest
 {
     public function authorize()
     {
-        return $this->user()->can(Permission::EDIT_ORGANISATION->value);
+        return Gate::allows('edit', $this->user()->currentOrganisation);
     }
 }

app/Http/Requests/Organisation/OrganisationUpdate.php

@@ -2,14 +2,14 @@
 
 namespace App\Http\Requests\Organisation;
 
-use App\Enums\Permission;
 use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Support\Facades\Gate;
 
 class OrganisationUpdate extends FormRequest
 {
     public function authorize()
     {
-        return $this->user()->can(Permission::UPDATE_ORGANISATION->value);
+        return Gate::allows('update', $this->user()->currentOrganisation);
     }
 
     public function rules()

app/Policies/OrganisationPolicy.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace App\Policies;
+
+use App\Enums\Permission;
+use App\Models\Organisation;
+use App\Models\User;
+
+class OrganisationPolicy
+{
+    public function edit(User $user, Organisation $organisation)
+    {
+        return $user->can(Permission::EDIT_ORGANISATION->value) && $user->currentOrganisation->is($organisation);
+    }
+
+    public function update(User $user, Organisation $organisation)
+    {
+        return $user->can(Permission::UPDATE_ORGANISATION->value) && $user->currentOrganisation->is($organisation);
+    }
+}

bun.lockb

@@ -12,6 +12,7 @@
     "autoprefixer": "^10.4.16",
     "laravel-vite-plugin": "^0.7.8",
     "postcss": "^8.4.31",
+    "sass": "^1.70.0",
     "tailwindcss": "^3.3.5",
     "vite": "^4.3.9",
     "vite-svg-loader": "^4.0.0",

package.json

@@ -1,5 +1,7 @@
 <template>
-    <button class="rounded-md bg-slate-800 px-6 py-3 text-sm font-semibold text-white inline-flex shadow-sm hover:bg-slate-500">
+    <button
+        class="rounded-md bg-slate-800 px-6 py-3 text-sm font-semibold text-white inline-flex shadow-sm hover:bg-slate-500"
+    >
         <span v-text="text"></span>
     </button>
 </template>
@@ -11,25 +13,6 @@
                 type: String,
                 default: "Submit",
             },
-            styles: String | Array,
-        },
-
-        computed: {
-            classes() {
-                let classes = ["btn"];
-
-                if (this.styles) {
-                    if (this.styles.constructor.name === "String") {
-                        classes.push(`btn--${this.styles}`);
-                    } else if (this.styles.constructor.name === "Array") {
-                        this.styles.forEach((style) => {
-                            classes.push(`btn--${style}`);
-                        });
-                    }
-                }
-
-                return classes.join(" ");
-            },
         },
     };
 </script>

resources/js/Components/Button.vue

@@ -61,7 +61,7 @@
                 <div class="col-span-full">
                     <Button
                         text="Log In"
-                        styles="full"
+                        class="w-full text-center justify-center"
                         :disabled="loginForm.processing"
                     />
                 </div>

resources/js/Pages/Login/Show.vue

@@ -92,7 +92,7 @@
                 <div class="col-span-full">
                     <Button
                         text="Register"
-                        styles="full"
+                        class="w-full text-center justify-center"
                         :disabled="registerForm.processing"
                     />
                 </div>

resources/js/Pages/Register/Show.vue

@@ -9,7 +9,7 @@
 use function Pest\Laravel\patch;
 
 describe('Users', function () {
-    test('Can edit their accounts', function () {
+    test('Can access the edit page', function () {
         $user = User::factory()->create();
 
         actingAs($user)
@@ -25,20 +25,13 @@
     });
 
     test('Can update their details', function () {
-        $user = User::factory()->create($oldData = [
+        $user = User::factory()->create([
             'first_name' => 'Jim',
             'last_name' => 'Gordon',
             'email' => '[email protected]',
             'password' => 'oldPassword#123',
         ]);
 
-        expect($user)
-            ->first_name->toBe($oldData['first_name'])
-            ->last_name->toBe($oldData['last_name'])
-            ->email->toBe($oldData['email']);
-
-        expect(Hash::check($oldData['password'], $user->password))->toBeTrue();
-
         actingAs($user)
             ->patch(route('account.update'), $newData = [
                 'first_name' => 'Tim',
@@ -56,10 +49,28 @@
 
         expect(Hash::check($newData['password'], $user->password))->toBeTrue();
     });
+
+    test("Can't update their email to one that already exists", function () {
+        User::factory()->create([
+            'email' => '[email protected]',
+        ]);
+
+        $user = User::factory()->create([
+            'email' => '[email protected]',
+        ]);
+
+        actingAs($user)
+            ->patch(route('account.update'), $newData = [
+                'email' => '[email protected]',
+            ])
+            ->assertSessionHasErrors('email');
+
+        expect($user->refresh()->email)->not()->toBe($newData['email']);
+    });
 });
 
 describe('Guests', function () {
-    test("Can't edit accounts", function () {
+    test("Can't access the edit page", function () {
         get(route('account.edit'))
             ->assertRedirect(route('login'));
     });

tests/Feature/Controllers/AccountControllerTest.php

@@ -7,7 +7,7 @@
 use function Pest\Laravel\get;
 
 describe('Users', function () {
-    test('Can access home page', function () {
+    test('Can access the home page', function () {
         actingAs(User::factory()->create())
             ->get(route('home'))
             ->assertInertia(
@@ -18,7 +18,7 @@
 });
 
 describe('Guests', function () {
-    test("Can't access home page", function () {
+    test("Can't access the home page", function () {
         get(route('home'))
             ->assertRedirect(route('login'));
     });

tests/Feature/Controllers/HomeControllerTest.php

@@ -10,15 +10,15 @@
 use function Pest\Laravel\post;
 
 describe('Users', function () {
-    test("Can't access login page", function () {
+    test("Can't access the login page", function () {
         actingAs(User::factory()->create())
             ->get(route('login'))
             ->assertRedirect(route('home'));
     });
 });
 
 describe('Guests', function () {
-    test('Can access login page', function () {
+    test('Can access the login page', function () {
         get(route('login'))
             ->assertOk()
             ->assertInertia(

tests/Feature/Controllers/LoginControllerTest.php

@@ -14,17 +14,18 @@
     $this->adminUser->organisations()->create([
         'name' => 'GCPD',
     ]);
+
     $this->adminUser->currentOrganisation()->associate($this->adminUser->organisations->first())->save();
 });
 
 describe('Admins', function () {
-    test('Can see the edit page their organisation', function () {
+    test('Can see the edit page for their current organisation', function () {
         actingAs($this->adminUser)
             ->get(route('organisation.edit'))
             ->assertOk();
     });
 
-    test('Can update their organisation name', function () {
+    test("Can update their organisation's name", function () {
         expect($this->adminUser->currentOrganisation->name)->toBe('GCPD');
 
         actingAs($this->adminUser)
@@ -38,7 +39,7 @@
 });
 
 describe('Non-Admins', function () {
-    test("Can't see the edit page their organisation", function () {
+    test("Can't see the edit page for their organisation", function () {
         $user = User::factory()->create();
 
         $user->organisations()->save($this->adminUser->currentOrganisation);
@@ -49,7 +50,7 @@
             ->assertForbidden();
     });
 
-    test("Can't update their organisation name", function () {
+    test("Can't update their organisation's name", function () {
         $user = User::factory()->create();
 
         $user->organisations()->save($this->adminUser->currentOrganisation);

tests/Feature/Controllers/OrganisationControllerTest.php

@@ -11,15 +11,15 @@
 use function Pest\Laravel\post;
 
 describe('Users', function () {
-    test("Can't access register page", function () {
+    test("Can't access the register page", function () {
         actingAs(User::factory()->create())
             ->get(route('register'))
             ->assertRedirect(route('home'));
     });
 });
 
 describe('Guests', function () {
-    test('Can access register page', function () {
+    test('Can access the register page', function () {
         get(route('register'))
             ->assertOk()
             ->assertInertia(
@@ -53,4 +53,21 @@
 
         assertAuthenticated();
     });
+
+    test("Can't register with an email that already exists", function () {
+        $email = '[email protected]';
+
+        User::factory()->create([
+            'email' => $email,
+        ]);
+
+        post(route('register.store'), [
+            'organisation_name' => fake()->company(),
+            'first_name' => fake()->firstName(),
+            'last_name' => fake()->lastName(),
+            'email' => $email,
+            'password' => fake()->password(),
+        ])
+            ->assertSessionHasErrors('email');
+    });
 });