troccoli · troccoli · Jun 7, 2020 · Jun 7, 2020 · Jun 7, 2020 · Jun 7, 2020
diff --git a/app/Http/Controllers/ClubController.php b/app/Http/Controllers/ClubController.php
@@ -10,6 +10,11 @@
 
 class ClubController extends Controller
 {
+    public function __construct()
+    {
+        $this->authorizeResource(Club::class, 'club');
+    }
+
     public function index(): View
     {
         return view('CRUD.clubs.index', ['clubs' => Club::orderBy('name')->paginate(15)]);

diff --git a/app/Http/Controllers/TeamController.php b/app/Http/Controllers/TeamController.php
@@ -15,20 +15,26 @@ class TeamController extends Controller
 {
     public function index(Club $club): View
     {
+        $this->authorize('viewAny', [Team::class, $club]);
+
         $teams = Team::query()->inClub($club)->orderByName()->get();
 
         return view('CRUD.teams.index', compact('club', 'teams'));
     }
 
     public function create(Club $club): View
     {
+        $this->authorize('create', [Team::class, $club]);
+
         $venues = Venue::all();
 
         return view('CRUD.teams.create', compact('club', 'venues'));
     }
 
     public function store(Request $request, Club $club): RedirectResponse
     {
+        $this->authorize('create', [Team::class, $club]);
+
         $this->validate($request,
             [
                 'club_id' => 'required|exists:clubs,id',
@@ -55,13 +61,17 @@ public function store(Request $request, Club $club): RedirectResponse
 
     public function edit(Club $club, Team $team): View
     {
+        $this->authorize('update', $team);
+
         $venues = Venue::all();
 
         return view('CRUD.teams.edit', compact('club', 'team', 'venues'));
     }
 
     public function update(Request $request, Club $club, Team $team): RedirectResponse
     {
+        $this->authorize('update', $team);
+
         $this->validate($request,
             [
                 'name' => [
@@ -89,6 +99,8 @@ public function update(Request $request, Club $club, Team $team): RedirectRespon
 
     public function destroy(Club $club, Team $team): RedirectResponse
     {
+        $this->authorize('delete', $team);
+
         $team->delete();
 
         return redirect()

diff --git a/app/Http/Controllers/VenueController.php b/app/Http/Controllers/VenueController.php
@@ -9,6 +9,11 @@
 
 class VenueController extends Controller
 {
+    public function __construct()
+    {
+        $this->authorizeResource(Venue::class, 'venue');
+    }
+
     public function index(): View
     {
         return view('CRUD.venues.index', ['venues' => Venue::paginate(15)]);

diff --git a/app/Policies/CheckRoles.php b/app/Policies/CheckRoles.php
@@ -48,9 +48,13 @@ public function hasAnyClubSecretaryRole(User $user): bool
         })->toArray());
     }
 
-    public function hasAnyTeamSecretaryRole(User $user): bool
+    public function hasAnyTeamSecretaryRole(User $user, ?Club $club = null): bool
     {
-        return $user->hasRole(Team::all()->map(function (Team $team): string {
+        $teams = $club
+            ? $club->getTeams()
+            : Team::all();
+
+        return $user->hasRole($teams->map(function (Team $team): string {
             return RolesHelper::teamSecretaryName($team);
         })->toArray());
     }

diff --git a/app/Policies/ClubPolicy.php b/app/Policies/ClubPolicy.php
@@ -0,0 +1,35 @@
+<?php
+
+namespace App\Policies;
+
+use App\Helpers\RolesHelper;
+use App\Models\Club;
+use App\Models\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class ClubPolicy
+{
+    use HandlesAuthorization, CheckRoles;
+
+    public function viewAny(User $user): bool
+    {
+        return $this->hasAnyClubSecretaryRole($user);
+    }
+
+    public function create(User $user): bool
+    {
+        // No-one but Site Administrator can create a new season
+        return false;
+    }
+
+    public function update(User $user, Club $club): bool
+    {
+        return $user->hasRole(RolesHelper::clubSecretaryName($club));
+    }
+
+    public function delete(User $user, Club $club): bool
+    {
+        // No-one but Site Administrator can create a new season
+        return false;
+    }
+}
diff --git a/app/Policies/TeamPolicy.php b/app/Policies/TeamPolicy.php
@@ -0,0 +1,41 @@
+<?php
+
+namespace App\Policies;
+
+use App\Helpers\RolesHelper;
+use App\Models\Club;
+use App\Models\Team;
+use App\Models\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class TeamPolicy
+{
+    use HandlesAuthorization, CheckRoles;
+
+    public function viewAny(User $user, Club $club): bool
+    {
+        if ($user->hasRole(RolesHelper::clubSecretaryName($club))) {
+            return true;
+        }
+
+        return $this->hasAnyTeamSecretaryRole($user, $club);
+    }
+
+    public function create(User $user, Club $club): bool
+    {
+        return $user->hasRole(RolesHelper::clubSecretaryName($club));
+    }
+
+    public function update(User $user, Team $team): bool
+    {
+        return $user->hasAnyRole(
+            RolesHelper::clubSecretaryName($team->getClub()),
+            RolesHelper::teamSecretaryName($team)
+        );
+    }
+
+    public function delete(User $user, Team $team): bool
+    {
+        return $user->hasRole(RolesHelper::clubSecretaryName($team->getClub()));
+    }
+}
diff --git a/app/Policies/VenuePolicy.php b/app/Policies/VenuePolicy.php
@@ -0,0 +1,38 @@
+<?php
+
+namespace App\Policies;
+
+use App\Helpers\RolesHelper;
+use App\Models\Club;
+use App\Models\User;
+use App\Models\Venue;
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class VenuePolicy
+{
+    use HandlesAuthorization, CheckRoles;
+
+    public function viewAny(User $user): bool
+    {
+        // No-one but Site Administrator can create a new season
+        return false;
+    }
+
+    public function create(User $user): bool
+    {
+        // No-one but Site Administrator can create a new season
+        return false;
+    }
+
+    public function update(User $user, Venue $venue): bool
+    {
+        // No-one but Site Administrator can create a new season
+        return false;
+    }
+
+    public function delete(User $user, Venue $venue): bool
+    {
+        // No-one but Site Administrator can create a new season
+        return false;
+    }
+}
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
@@ -2,14 +2,20 @@
 
 namespace App\Providers;
 
+use App\Models\Club;
 use App\Models\Competition;
 use App\Models\Division;
 use App\Models\Fixture;
 use App\Models\Season;
+use App\Models\Team;
+use App\Models\Venue;
+use App\Policies\ClubPolicy;
 use App\Policies\CompetitionPolicy;
 use App\Policies\DivisionPolicy;
 use App\Policies\FixturePolicy;
 use App\Policies\SeasonPolicy;
+use App\Policies\TeamPolicy;
+use App\Policies\VenuePolicy;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
 use Illuminate\Support\Facades\Gate;
 use Laravel\Passport\Passport;
@@ -26,6 +32,9 @@ class AuthServiceProvider extends ServiceProvider
         Competition::class => CompetitionPolicy::class,
         Division::class => DivisionPolicy::class,
         Fixture::class => FixturePolicy::class,
+        Club::class => ClubPolicy::class,
+        Team::class => TeamPolicy::class,
+        Venue::class => VenuePolicy::class,
     ];
 
     /**

diff --git a/database/seeds/UsersTableSeeder.php b/database/seeds/UsersTableSeeder.php
@@ -1,5 +1,6 @@
 <?php
 
+use App\Helpers\RolesHelper;
 use App\Models\Club;
 use App\Models\Competition;
 use App\Models\Division;
@@ -15,7 +16,13 @@ class UsersTableSeeder extends Seeder
 
     public function run(): void
     {
-        $this->initProgressBar(Role::count());
+        $this->initProgressBar(Role::count() + 1);
+
+        factory(User::class)->create([
+            'name' => "Test User",
+            'email' => "[email protected]",
+        ]);
+        $this->advanceProgressBar();
 
         $user = factory(User::class)->create([
             'name' => "Site Administrator",
@@ -25,34 +32,34 @@ public function run(): void
         $this->advanceProgressBar();
 
         $user = factory(User::class)->create([
-            'name' => "Referee Administrator",
-            'email' => "referee[email protected]",
+            'name' => "Referees Administrator",
+            'email' => "referees[email protected]",
         ]);
-        $user->assignRole("Referee Administrator");
+        $user->assignRole("Referees Administrator");
         $this->advanceProgressBar();
 
         Season::all()->each(function (Season $season) {
             $user = factory(User::class)->create([
                 'name' => "Season {$season->getId()} Administrator",
                 'email' => "season-{$season->getId()}[email protected]",
             ]);
-            $user->assignRole("Season {$season->getId()} Administrator");
+            $user->assignRole(RolesHelper::seasonAdminName($season));
             $this->advanceProgressBar();
         });
         Competition::all()->each(function (Competition $competition) {
             $user = factory(User::class)->create([
                 'name' => "Competition {$competition->getId()} Administrator",
                 'email' => "competition-{$competition->getId()}[email protected]",
             ]);
-            $user->assignRole("Competition {$competition->getId()} Administrator");
+            $user->assignRole(RolesHelper::competitionAdminName($competition));
             $this->advanceProgressBar();
         });
         Division::all()->each(function (Division $division) {
             $user = factory(User::class)->create([
                 'name' => "Division {$division->getId()} Administrator",
                 'email' => "division-{$division->getId()}[email protected]",
             ]);
-            $user->assignRole("Division {$division->getId()} Administrator");
+            $user->assignRole(RolesHelper::divisionAdminName($division));
             $this->advanceProgressBar();
         });
 
@@ -61,15 +68,15 @@ public function run(): void
                 'name' => "Club {$club->getId()} Secretary",
                 'email' => "club-{$club->getId()}[email protected]",
             ]);
-            $user->assignRole("Club {$club->getId()} Secretary");
+            $user->assignRole(RolesHelper::clubSecretaryName($club));
             $this->advanceProgressBar();
         });
         Team::all()->each(function (Team $team) {
             $user = factory(User::class)->create([
                 'name' => "Team {$team->getId()} Secretary",
                 'email' => "team-{$team->getId()}[email protected]",
             ]);
-            $user->assignRole("Team {$team->getId()} Secretary");
+            $user->assignRole(RolesHelper::teamSecretaryName($team));
             $this->advanceProgressBar();
         });
 

diff --git a/routes/web.php b/routes/web.php
@@ -22,13 +22,10 @@
         Route::get('fixtures')
             ->uses('FixturesController@index')
             ->name('fixtures.index');
-        Route::middleware(['can:view-seasons'])
+        Route::resource('clubs', 'ClubController')->except('show');
+        Route::prefix('clubs/{club}')
             ->group(function (): void {
-                Route::resource('clubs', 'ClubController')->except('show');
-                Route::prefix('clubs/{club}')
-                    ->group(function (): void {
-                        Route::resource('teams', 'TeamController')->except('show');
-                    });
-                Route::resource('venues', 'VenueController');
+                Route::resource('teams', 'TeamController')->except('show');
             });
+        Route::resource('venues', 'VenueController');
     });
diff --git a/tests/Browser/CRUD/ClubTest.php b/tests/Browser/CRUD/ClubTest.php
@@ -26,7 +26,7 @@ protected function setUp(): void
     public function testListingAllClubs(): void
     {
         $this->browse(function (Browser $browser): void {
-            $browser->loginAs(factory(User::class)->create()->givePermissionTo('view-seasons'));
+            $browser->loginAs($this->siteAdmin);
 
             $browser->visit('/clubs')
                 ->assertSeeIn('@list', 'There are no clubs yet.');
@@ -77,7 +77,7 @@ public function testListingAllClubs(): void
     public function testAddingAClub(): void
     {
         $this->browse(function (Browser $browser): void {
-            $browser->loginAs(factory(User::class)->create()->givePermissionTo('view-seasons'));
+            $browser->loginAs($this->siteAdmin);
 
             // Check we can add a club from the landing page
             $browser->visit('/clubs')
@@ -137,7 +137,7 @@ public function testAddingAClub(): void
     public function testEditingAClub(): void
     {
         $this->browse(function (Browser $browser): void {
-            $browser->loginAs(factory(User::class)->create()->givePermissionTo('view-seasons'));
+            $browser->loginAs($this->siteAdmin);
 
             $browser->visit("/clubs/1/edit")
                 ->assertTitle('Not Found')
@@ -212,7 +212,7 @@ public function testEditingAClub(): void
     public function testDeletingAClub(): void
     {
         $this->browse(function (Browser $browser): void {
-            $browser->loginAs(factory(User::class)->create()->givePermissionTo('view-seasons'));
+            $browser->loginAs($this->siteAdmin);
 
             $clubId = aClub()->build()->getId();
 
@@ -248,7 +248,7 @@ public function testDeletingAClub(): void
     public function testViewingTheClubTeams(): void
     {
         $this->browse(function (Browser $browser): void {
-            $browser->loginAs(factory(User::class)->create()->givePermissionTo('view-seasons'));
+            $browser->loginAs($this->siteAdmin);
 
             /** @var Club $club */
             $club = aClub()->build();