Episode 16 Complete

laracasts · Jan 18, 2019 · 40afb9c · 40afb9c
1 parent 2192501
commit 40afb9c
Show file tree

Hide file tree

Showing 8 changed files with 100 additions and 16 deletions.
diff --git a/app/Http/Controllers/ProjectTasksController.php b/app/Http/Controllers/ProjectTasksController.php
@@ -12,12 +12,11 @@ class ProjectTasksController extends Controller
      *
      * @param Project $project
      * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function store(Project $project)
     {
-        if (auth()->user()->isNot($project->owner)) {
-            abort(403);
-        }
+        $this->authorize('update', $project);
 
         request()->validate(['body' => 'required']);
 
@@ -32,12 +31,11 @@ public function store(Project $project)
      * @param  Project $project
      * @param  Task    $task
      * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function update(Project $project, Task $task)
     {
-        if (auth()->user()->isNot($project->owner)) {
-            abort(403);
-        }
+        $this->authorize('update', $task->project);
 
         request()->validate(['body' => 'required']);
 

diff --git a/app/Http/Controllers/ProjectsController.php b/app/Http/Controllers/ProjectsController.php
@@ -21,15 +21,14 @@ public function index()
     /**
      * Show a single project.
      *
-     * @param \App\Project $project
+     * @param Project $project
      *
      * @return \Illuminate\Http\Response
+     * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function show(Project $project)
     {
-        if (auth()->user()->isNot($project->owner)) {
-            abort(403);
-        }
+        $this->authorize('update', $project);
 
         return view('projects.show', compact('project'));
     }
@@ -53,11 +52,28 @@ public function store()
     {
         $attributes = request()->validate([
             'title' => 'required',
-            'description' => 'required'
+            'description' => 'required',
+            'notes' => 'min:3'
         ]);
 
         $project = auth()->user()->projects()->create($attributes);
 
         return redirect($project->path());
     }
+
+    /**
+     * Update the project.
+     *
+     * @param  Project $project
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function update(Project $project)
+    {
+        $this->authorize('update', $project);
+
+        $project->update(request(['notes']));
+
+        return redirect($project->path());
+    }
 }
diff --git a/app/Policies/ProjectPolicy.php b/app/Policies/ProjectPolicy.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace App\Policies;
+
+use App\Project;
+use App\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class ProjectPolicy
+{
+    use HandlesAuthorization;
+
+    /**
+     * Determine if the user may update the project.
+     *
+     * @param  User    $user
+     * @param  Project $project
+     * @return bool
+     */
+    public function update(User $user, Project $project)
+    {
+        return $user->is($project->owner);
+    }
+}
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
@@ -13,7 +13,7 @@ class AuthServiceProvider extends ServiceProvider
      * @var array
      */
     protected $policies = [
-        'App\Model' => 'App\Policies\ModelPolicy',
+        'App\Project' => 'App\Policies\ProjectPolicy',
     ];
 
     /**

diff --git a/database/migrations/2018_12_17_150648_create_projects_table.php b/database/migrations/2018_12_17_150648_create_projects_table.php
@@ -18,6 +18,7 @@ public function up()
             $table->unsignedInteger('owner_id');
             $table->string('title');
             $table->text('description');
+            $table->text('notes')->nullable();
             $table->timestamps();
 
             $table->foreign('owner_id')->references('id')->on('users')->onDelete('cascade');

diff --git a/resources/views/projects/show.blade.php b/resources/views/projects/show.blade.php
@@ -46,7 +46,19 @@
                     <h2 class="text-lg text-grey font-normal mb-3">General Notes</h2>
 
                     {{-- general notes --}}
-                    <textarea class="card w-full" style="min-height: 200px">Lorem ipsum.</textarea>
+                    <form method="POST" action="{{ $project->path() }}">
+                        @csrf
+                        @method('PATCH')
+
+                        <textarea
+                            name="notes"
+                            class="card w-full mb-4"
+                            style="min-height: 200px"
+                            placeholder="Anything special that you want to make a note of?"
+                        >{{ $project->notes }}</textarea>
+
+                        <button type="submit" class="button">Save</button>
+                    </form>
                 </div>
             </div>
 

diff --git a/routes/web.php b/routes/web.php
@@ -19,6 +19,7 @@
     Route::get('/projects', 'ProjectsController@index');
     Route::get('/projects/create', 'ProjectsController@create');
     Route::get('/projects/{project}', 'ProjectsController@show');
+    Route::patch('/projects/{project}', 'ProjectsController@update');
     Route::post('/projects', 'ProjectsController@store');
 
     Route::post('/projects/{project}/tasks', 'ProjectTasksController@store');

diff --git a/tests/Feature/ManageProjectsTest.php b/tests/Feature/ManageProjectsTest.php
@@ -33,16 +33,38 @@ public function a_user_can_create_a_project()
 
         $attributes = [
             'title' => $this->faker->sentence,
-            'description' => $this->faker->paragraph
+            'description' => $this->faker->sentence,
+            'notes' => 'General notes here.'
         ];
 
         $response = $this->post('/projects', $attributes);
 
-        $response->assertRedirect(Project::where($attributes)->first()->path());
+        $project = Project::where($attributes)->first();
+
+        $response->assertRedirect($project->path());
 
         $this->assertDatabaseHas('projects', $attributes);
 
-        $this->get('/projects')->assertSee($attributes['title']);
+        $this->get($project->path())
+            ->assertSee($attributes['title'])
+            ->assertSee($attributes['description'])
+            ->assertSee($attributes['notes']);
+    }
+
+    /** @test */
+    function a_user_can_update_a_project()
+    {
+        $this->signIn();
+
+        $this->withoutExceptionHandling();
+
+        $project = factory('App\Project')->create(['owner_id' => auth()->id()]);
+
+        $this->patch($project->path(), [
+            'notes' => 'Changed'
+        ])->assertRedirect($project->path());
+
+        $this->assertDatabaseHas('projects', ['notes' => 'Changed']);
     }
 
     /** @test */
@@ -69,6 +91,16 @@ public function an_authenticated_user_cannot_view_the_projects_of_others()
         $this->get($project->path())->assertStatus(403);
     }
 
+    /** @test */
+    public function an_authenticated_user_cannot_update_the_projects_of_others()
+    {
+        $this->signIn();
+
+        $project = factory('App\Project')->create();
+
+        $this->patch($project->path(), [])->assertStatus(403);
+    }
+
     /** @test */
     public function a_project_requires_a_title()
     {