Skip to content
Permalink
Browse files

Episode 34

  • Loading branch information...
JeffreyWay committed Mar 20, 2019
1 parent 96ddf7c commit 5c38e83ae33aaf270d0d1d93b8dbb22b08a605f4
@@ -8,14 +8,21 @@
class ProjectInvitationRequest extends FormRequest
{
/**
* The key to be used for the view error bag.
*
* @var string
*/
protected $errorBag = 'invitations';
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return Gate::allows('update', $this->route('project'));
return Gate::allows('manage', $this->route('project'));
}
/**
@@ -10,6 +10,18 @@ class ProjectPolicy
{
use HandlesAuthorization;
/**
* Determine if the user may manage a project.
*
* @param User $user
* @param Project $project
* @return bool
*/
public function manage(User $user, Project $project)
{
return $user->is($project->owner);
}
/**
* Determine if the user may update the project.
*
@@ -1,7 +1,7 @@
@if ($errors->any())
<div class="field mt-6">
@foreach ($errors->all() as $error)
@if ($errors->{ $bag ?? 'default' }->any())
<ul class="field mt-6 list-reset">
@foreach ($errors->{ $bag ?? 'default' }->all() as $error)
<li class="text-sm text-red">{{ $error }}</li>
@endforeach
</div>
</ul>
@endif
@@ -1,9 +1,9 @@
<div class="card" style="height: 200px">
<div class="card flex flex-col" style="height: 200px">
<h3 class="font-normal text-xl py-4 -ml-5 mb-3 border-l-4 border-blue-light pl-4">
<a href="{{ $project->path() }}" class="text-black no-underline">{{ $project->title }}</a>
</h3>

<div class="text-grey mb-4">{{ str_limit($project->description, 100) }}</div>
<div class="text-grey mb-4 flex-1">{{ str_limit($project->description, 100) }}</div>

<footer>
<form method="POST" action="{{ $project->path() }}" class="text-right">
@@ -0,0 +1,17 @@
<div class="card flex flex-col mt-3">
<h3 class="font-normal text-xl py-4 -ml-5 mb-3 border-l-4 border-blue-light pl-4">
Invite a User
</h3>

<form method="POST" action="{{ $project->path() . '/invitations' }}">
@csrf

<div class="mb-3">
<input type="email" name="email" class="border border-grey-light rounded w-full py-2 px-3" placeholder="Email address">
</div>

<button type="submit" class="button">Invite</button>
</form>

@include ('errors', ['bag' => 'invitations'])
</div>
@@ -81,6 +81,10 @@ class="card w-full mb-4"
<div class="lg:w-1/4 px-3 lg:py-8">
@include ('projects.card')
@include ('projects.activity.card')

@can ('manage', $project)
@include ('projects.invite')
@endcan
</div>
</div>
</main>
@@ -14,9 +14,20 @@ class InvitationsTest extends TestCase
/** @test */
function non_owners_may_not_invite_users()
{
$this->actingAs(factory(User::class)->create())
->post(ProjectFactory::create()->path() . '/invitations')
->assertStatus(403);
$project = ProjectFactory::create();
$user = factory(User::class)->create();
$assertInvitationForbidden = function () use ($user, $project) {
$this->actingAs($user)
->post($project->path() . '/invitations')
->assertStatus(403);
};
$assertInvitationForbidden();
$project->invite($user);
$assertInvitationForbidden();
}
/** @test */
@@ -46,7 +57,7 @@ function the_email_address_must_be_associated_with_a_valid_birdboard_account()
])
->assertSessionHasErrors([
'email' => 'The user you are inviting must have a Birdboard account.'
]);
], null, 'invitations');
}
/** @test */

0 comments on commit 5c38e83

Please sign in to comment.
You can’t perform that action at this time.