Episode 31

laracasts · Apr 27, 2017 · 8a388cc · 8a388cc · payafterwork · Jun 29, 2019
1 parent a7aee70
commit 8a388cc
Show file tree

Hide file tree

Showing 6 changed files with 79 additions and 0 deletions.
diff --git a/app/Http/Controllers/RepliesController.php b/app/Http/Controllers/RepliesController.php
@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers;
 
+use App\Reply;
 use App\Thread;
 
 class RepliesController extends Controller
@@ -32,4 +33,19 @@ public function store($channelId, Thread $thread)
 
         return back()->with('flash', 'Your reply has been left.');
     }
+
+    /**
+     * Delete the given reply.
+     *
+     * @param  Reply $reply
+     * @return \Illuminate\Http\RedirectResponse
+     */
+    public function destroy(Reply $reply)
+    {
+        $this->authorize('update', $reply);
+
+        $reply->delete();
+
+        return back();
+    }
 }
diff --git a/app/Policies/ReplyPolicy.php b/app/Policies/ReplyPolicy.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace App\Policies;
+
+use App\Reply;
+use App\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class ReplyPolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Determine if the authenticated user has permission to update a reply.
+     *
+     * @param  User  $user
+     * @param  Reply $reply
+     * @return bool
+     */
+    public function update(User $user, Reply $reply)
+    {
+        return $reply->user_id == $user->id;
+    }
+}
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
@@ -14,6 +14,7 @@ class AuthServiceProvider extends ServiceProvider
      */
     protected $policies = [
         'App\Thread' => 'App\Policies\ThreadPolicy',
+        'App\Reply' => 'App\Policies\ReplyPolicy',
     ];
 
     /**

diff --git a/resources/views/threads/reply.blade.php b/resources/views/threads/reply.blade.php
@@ -23,4 +23,15 @@
         {{ $reply->body }}
     </div>
 
+    @can ('update', $reply)
+        <div class="panel-footer">
+            <form method="POST" action="/replies/{{ $reply->id }}">
+                {{ csrf_field() }}
+                {{ method_field('DELETE') }}
+
+                <button type="submit" class="btn btn-danger btn-xs">Delete</button>
+            </form>
+        </div>
+    @endcan
+
 </div>
diff --git a/routes/web.php b/routes/web.php
@@ -25,6 +25,7 @@
 Route::post('threads', 'ThreadsController@store');
 Route::get('threads/{channel}', 'ThreadsController@index');
 Route::post('/threads/{channel}/{thread}/replies', 'RepliesController@store');
+Route::delete('/replies/{reply}', 'RepliesController@destroy');
 Route::post('/replies/{reply}/favorites', 'FavoritesController@store');
 
 Route::get('/profiles/{user}', 'ProfilesController@show')->name('profile');
diff --git a/tests/Feature/ParticipateInThreadsTest.php b/tests/Feature/ParticipateInThreadsTest.php
@@ -42,4 +42,30 @@ function a_reply_requires_a_body()
         $this->post($thread->path() . '/replies', $reply->toArray())
              ->assertSessionHasErrors('body');
     }
+
+    /** @test */
+    function unauthorized_users_cannot_delete_replies()
+    {
+        $this->withExceptionHandling();
+
+        $reply = create('App\Reply');
+
+        $this->delete("/replies/{$reply->id}")
+            ->assertRedirect('login');
+
+        $this->signIn()
+            ->delete("/replies/{$reply->id}")
+            ->assertStatus(403);
+    }
+
+    /** @test */
+    function authorized_users_can_delete_replies()
+    {
+        $this->signIn();
+        $reply = create('App\Reply', ['user_id' => auth()->id()]);
+
+        $this->delete("/replies/{$reply->id}")->assertStatus(302);
+
+        $this->assertDatabaseMissing('replies', ['id' => $reply->id]);
+    }
 }