Permalink
Browse files

Episode 85

  • Loading branch information...
JeffreyWay committed Oct 13, 2017
1 parent 1172048 commit ea241a7c76f85da4246747861e1103e7af81dbd1
@@ -0,0 +1,18 @@
<?php
namespace App\Http\Controllers;
use App\Thread;
class LockedThreadsController extends Controller
{
/**
* Lock the given thread.
*
* @param \App\Thread $thread
*/
public function store(Thread $thread)
{
$thread->lock();
}
}
@@ -2,6 +2,7 @@
namespace App\Http;
use App\Http\Middleware\Administrator;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
@@ -56,6 +57,7 @@ class Kernel extends HttpKernel
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'must-be-confirmed' => \App\Http\Middleware\RedirectIfEmailNotConfirmed::class
'must-be-confirmed' => \App\Http\Middleware\RedirectIfEmailNotConfirmed::class,
'admin' => Administrator::class
];
}
@@ -0,0 +1,24 @@
<?php
namespace App\Http\Middleware;
use Closure;
class Administrator
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (auth()->check() && auth()->user()->isAdmin()) {
return $next($request);
}
abort(403, 'You do not have permission to perform this action.');
}
}
@@ -93,6 +93,16 @@ public function confirm()
$this->save();
}
/**
* Determine if the user is an administrator.
*
* @return bool
*/
public function isAdmin()
{
return in_array($this->name, ['JohnDoe', 'JaneDoe']);
}
/**
* Record that the user has read the given thread.
*
@@ -31,6 +31,12 @@
];
});
$factory->state(App\User::class, 'administrator', function () {
return [
'name' => 'JohnDoe'
];
});
$factory->define(App\Thread::class, function ($faker) {
$title = $faker->sentence;
@@ -25,6 +25,9 @@
Route::delete('threads/{channel}/{thread}', 'ThreadsController@destroy');
Route::post('threads', 'ThreadsController@store')->middleware('must-be-confirmed');
Route::get('threads/{channel}', 'ThreadsController@index');
Route::post('locked-threads/{thread}', 'LockedThreadsController@store')->name('locked-threads.store')->middleware('admin');
Route::get('/threads/{channel}/{thread}/replies', 'RepliesController@index');
Route::post('/threads/{channel}/{thread}/replies', 'RepliesController@store');
Route::patch('/replies/{reply}', 'RepliesController@update');
@@ -2,15 +2,41 @@
namespace Tests\Feature;
use Tests\TestCase;
use Illuminate\Foundation\Testing\DatabaseMigrations;
use Tests\TestCase;
class LockThreadsTest extends TestCase
{
use DatabaseMigrations;
/** @test */
public function an_adminstrator_can_lock_any_thread()
function non_administrators_may_not_lock_threads()
{
$this->withExceptionHandling();
$this->signIn();
$thread = create('App\Thread', ['user_id' => auth()->id()]);
$this->post(route('locked-threads.store', $thread))->assertStatus(403);
$this->assertFalse(! ! $thread->fresh()->locked);
}
/** @test */
function administrators_can_lock_threads()
{
$this->signIn(factory('App\User')->states('administrator')->create());
$thread = create('App\Thread', ['user_id' => auth()->id()]);
$this->post(route('locked-threads.store', $thread));
$this->assertTrue(! ! $thread->fresh()->locked, 'Failed asserting that the thread was locked.');
}
/** @test */
public function once_locked_a_thread_may_not_receive_new_replies()
{
$this->signIn();

0 comments on commit ea241a7

Please sign in to comment.