Permalink
Browse files

Episode 31

  • Loading branch information...
JeffreyWay committed Apr 27, 2017
1 parent a7aee70 commit 8a388cc022d2a6459354e033d982c52208cc5bf4
@@ -2,6 +2,7 @@
namespace App\Http\Controllers;
use App\Reply;
use App\Thread;
class RepliesController extends Controller
@@ -32,4 +33,19 @@ public function store($channelId, Thread $thread)
return back()->with('flash', 'Your reply has been left.');
}
/**
* Delete the given reply.
*
* @param Reply $reply
* @return \Illuminate\Http\RedirectResponse
*/
public function destroy(Reply $reply)
{
$this->authorize('update', $reply);
$reply->delete();
return back();
}
}
@@ -0,0 +1,24 @@
<?php
namespace App\Policies;
use App\Reply;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class ReplyPolicy
{
use HandlesAuthorization;
/**
* Determine if the authenticated user has permission to update a reply.
*
* @param User $user
* @param Reply $reply
* @return bool
*/
public function update(User $user, Reply $reply)
{
return $reply->user_id == $user->id;
}
}
@@ -14,6 +14,7 @@ class AuthServiceProvider extends ServiceProvider
*/
protected $policies = [
'App\Thread' => 'App\Policies\ThreadPolicy',
'App\Reply' => 'App\Policies\ReplyPolicy',
];
/**
@@ -23,4 +23,15 @@
{{ $reply->body }}
</div>
@can ('update', $reply)
<div class="panel-footer">
<form method="POST" action="/replies/{{ $reply->id }}">
{{ csrf_field() }}
{{ method_field('DELETE') }}
<button type="submit" class="btn btn-danger btn-xs">Delete</button>
</form>
</div>
@endcan
</div>
@@ -25,6 +25,7 @@
Route::post('threads', 'ThreadsController@store');
Route::get('threads/{channel}', 'ThreadsController@index');
Route::post('/threads/{channel}/{thread}/replies', 'RepliesController@store');
Route::delete('/replies/{reply}', 'RepliesController@destroy');
Route::post('/replies/{reply}/favorites', 'FavoritesController@store');
Route::get('/profiles/{user}', 'ProfilesController@show')->name('profile');
@@ -42,4 +42,30 @@ function a_reply_requires_a_body()
$this->post($thread->path() . '/replies', $reply->toArray())
->assertSessionHasErrors('body');
}
/** @test */
function unauthorized_users_cannot_delete_replies()
{
$this->withExceptionHandling();
$reply = create('App\Reply');
$this->delete("/replies/{$reply->id}")
->assertRedirect('login');
$this->signIn()
->delete("/replies/{$reply->id}")
->assertStatus(403);
}
/** @test */
function authorized_users_can_delete_replies()
{
$this->signIn();
$reply = create('App\Reply', ['user_id' => auth()->id()]);
$this->delete("/replies/{$reply->id}")->assertStatus(302);
$this->assertDatabaseMissing('replies', ['id' => $reply->id]);
}
}

0 comments on commit 8a388cc

Please sign in to comment.