Implement TeamPolicy::create authorization check before creating a team.

crynobone · crynobone · commit a279cdca4db4 · 2020-09-07T08:05:59.000+08:00
Signed-off-by: Mior Muhammad Zaki &lt;crynobone@gmail.com&gt;
diff --git a/src/Http/Middleware/ShareInertiaData.php b/src/Http/Middleware/ShareInertiaData.php
@@ -2,6 +2,7 @@
 
 namespace Laravel\Jetstream\Http\Middleware;
 
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Facades\Route;
 use Illuminate\Support\Facades\Session;
 use Inertia\Inertia;
@@ -42,6 +43,9 @@ public function handle($request, $next)
                     'all_teams' => Jetstream::hasTeamFeatures() ? $request->user()->allTeams() : null,
                 ]), [
                     'two_factor_enabled' => ! is_null($request->user()->two_factor_secret),
+                    'can' => [
+                        'create_team' => Jetstream::hasTeamFeatures() && Gate::forUser($user)->authorize('create', Jetstream::newTeamModel()),
+                    ],
                 ]);
             },
             'errorBags' => function () {
diff --git a/stubs/app/Actions/Jetstream/CreateTeam.php b/stubs/app/Actions/Jetstream/CreateTeam.php
@@ -2,8 +2,10 @@
 
 namespace App\Actions\Jetstream;
 
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Facades\Validator;
 use Laravel\Jetstream\Contracts\CreatesTeams;
+use Laravel\Jetstream\Jetstream;
 
 class CreateTeam implements CreatesTeams
 {
@@ -16,6 +18,8 @@ class CreateTeam implements CreatesTeams
      */
     public function create($user, array $input)
     {
+        Gate::forUser($user)->authorize('create', Jetstream::newTeamModel());
+
         Validator::make($input, [
             'name' => 'required|string|max:255',
         ])->validateWithBag('createTeam');
diff --git a/stubs/inertia/resources/js/Layouts/AppLayout.vue b/stubs/inertia/resources/js/Layouts/AppLayout.vue
@@ -57,7 +57,7 @@
                                             Team Settings
                                         </jet-dropdown-link>
 
-                                        <jet-dropdown-link href="/teams/create">
+                                        <jet-dropdown-link href="/teams/create" v-if="$page.user.can.create_team">
                                             Create New Team
                                         </jet-dropdown-link>
 
diff --git a/stubs/livewire/resources/views/layouts/app.blade.php b/stubs/livewire/resources/views/layouts/app.blade.php
@@ -78,9 +78,11 @@
                                             Team Settings
                                         </x-jet-dropdown-link>
 
+                                        @can('create', Laravel\Jetstream\Jetstream::newTeamModel())
                                         <x-jet-dropdown-link href="/teams/create">
                                             Create New Team
                                         </x-jet-dropdown-link>
+                                        @endcan
 
                                         <div class="border-t border-gray-100"></div>
 
diff --git a/tests/CreateTeamTest.php b/tests/CreateTeamTest.php
@@ -3,12 +3,23 @@
 namespace Laravel\Jetstream\Tests;
 
 use App\Actions\Jetstream\CreateTeam;
+use App\Models\Team;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Validation\ValidationException;
-use Laravel\Jetstream\Team;
+use Laravel\Jetstream\Jetstream;
+use Laravel\Jetstream\Tests\Fixtures\TeamPolicy;
 use Laravel\Jetstream\Tests\Fixtures\User;
 
 class CreateTeamTest extends OrchestraTestCase
 {
+    public function setUp(): void
+    {
+        parent::setUp();
+
+        Gate::policy(Team::class, TeamPolicy::class);
+        Jetstream::useUserModel(User::class);
+    }
+
     public function test_team_name_can_be_updated()
     {
         $this->migrate();
diff --git a/tests/CurrentTeamControllerTest.php b/tests/CurrentTeamControllerTest.php
@@ -3,10 +3,22 @@
 namespace Laravel\Jetstream\Tests;
 
 use App\Actions\Jetstream\CreateTeam;
+use App\Models\Team;
+use Illuminate\Support\Facades\Gate;
+use Laravel\Jetstream\Jetstream;
+use Laravel\Jetstream\Tests\Fixtures\TeamPolicy;
 use Laravel\Jetstream\Tests\Fixtures\User;
 
 class CurrentTeamControllerTest extends OrchestraTestCase
 {
+    public function setUp(): void
+    {
+        parent::setUp();
+
+        Gate::policy(Team::class, TeamPolicy::class);
+        Jetstream::useUserModel(User::class);
+    }
+
     public function test_can_switch_to_team_the_user_belongs_to()
     {
         $this->migrate();
diff --git a/tests/DeleteUserWithTeamsTest.php b/tests/DeleteUserWithTeamsTest.php
@@ -5,9 +5,12 @@
 use App\Actions\Jetstream\CreateTeam;
 use App\Actions\Jetstream\DeleteTeam;
 use App\Actions\Jetstream\DeleteUser;
+use App\Models\Team;
 use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Str;
 use Laravel\Jetstream\Jetstream;
+use Laravel\Jetstream\Tests\Fixtures\TeamPolicy;
 use Laravel\Jetstream\Tests\Fixtures\User;
 
 class DeleteUserWithTeamsTest extends OrchestraTestCase
@@ -16,6 +19,7 @@ public function setUp(): void
     {
         parent::setUp();
 
+        Gate::policy(Team::class, TeamPolicy::class);
         Jetstream::useUserModel(User::class);
     }
 
diff --git a/tests/TeamBehaviorTest.php b/tests/TeamBehaviorTest.php
@@ -3,13 +3,23 @@
 namespace Laravel\Jetstream\Tests;
 
 use App\Actions\Jetstream\CreateTeam;
+use Illuminate\Support\Facades\Gate;
 use Laravel\Jetstream\Jetstream;
 use Laravel\Jetstream\Team;
+use Laravel\Jetstream\Tests\Fixtures\TeamPolicy;
 use Laravel\Jetstream\Tests\Fixtures\User;
 use Laravel\Sanctum\TransientToken;
 
 class TeamBehaviorTest extends OrchestraTestCase
 {
+    public function setUp(): void
+    {
+        parent::setUp();
+
+        Gate::policy(\App\Models\Team::class, TeamPolicy::class);
+        Jetstream::useUserModel(User::class);
+    }
+
     public function test_team_relationship_methods()
     {
         $this->migrate();
