Merge pull request laravel#27 from Artisans-PXM/permissions

Author: utsavsomaiya

app/Http/Controllers/Api/PermissionController.php

@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Api;
+
+use App\Http\Controllers\Controller;
+use App\Http\Requests\Api\PermissionRequest;
+use App\Queries\PermissionQueries;
+use Illuminate\Http\JsonResponse;
+
+class PermissionController extends Controller
+{
+    public function __construct(
+        protected PermissionQueries $permissionQueries
+    ) {
+
+    }
+
+    public function givePermissions(PermissionRequest $request): JsonResponse
+    {
+        $validatedData = $request->validated();
+
+        $this->permissionQueries->givePermissions($validatedData);
+
+        return response()->json([
+            'success' => __('Permission given successfully.'),
+        ]);
+    }
+
+    public function revokePermissions(PermissionRequest $request): JsonResponse
+    {
+        $validatedData = $request->validated();
+
+        $this->permissionQueries->revokePermissions($validatedData);
+
+        return response()->json([
+            'success' => __('Permission revoked successfully.'),
+        ]);
+    }
+}

app/Http/Controllers/Api/RoleController.php

@@ -23,7 +23,7 @@ public function fetch(): AnonymousResourceCollection
     {
         $roles = $this->roleQueries->listQuery();
 
-        return RoleResource::collection($roles);
+        return RoleResource::collection($roles->getCollection());
     }
 
     public function create(RoleRequest $request): JsonResponse

app/Http/Controllers/Api/UserController.php

@@ -19,9 +19,9 @@ public function __construct(
 
     }
 
-    public function fetch(): AnonymousResourceCollection
+    public function fetch(string $roleId = null): AnonymousResourceCollection
     {
-        $users = $this->userQueries->listQuery();
+        $users = $this->userQueries->listQuery($roleId);
 
         return UserResource::collection($users->getCollection());
     }
@@ -61,11 +61,4 @@ public function update(UserRequest $request, string $id): JsonResponse
             'success' => __('User updated successfully.'),
         ]);
     }
-
-    public function fetchByRole(string $roleId): AnonymousResourceCollection
-    {
-        $users = $this->userQueries->fetchByRole($roleId);
-
-        return UserResource::collection($users->getCollection());
-    }
 }

app/Http/Requests/Api/PermissionRequest.php

@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\Api;
+
+use App\Permission;
+use Illuminate\Contracts\Validation\ValidationRule;
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Validation\Rule;
+use Illuminate\Validation\Rules\In;
+
+class PermissionRequest extends FormRequest
+{
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, (ValidationRule | array<int, string | In> | string)>
+     */
+    public function rules(): array
+    {
+        return [
+            'role' => ['required', 'string', 'uuid', 'exists:roles,id'],
+            'permissions' => ['required', 'array'],
+            'permissions.*' => ['required_with:permissions', 'string', Rule::in(Permission::getFeatureGates()->toArray())],
+        ];
+    }
+}

app/Models/Permission.php

@@ -7,6 +7,7 @@
 use Illuminate\Database\Eloquent\Concerns\HasUuids;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
 
 class Permission extends Model
 {
@@ -19,4 +20,9 @@ class Permission extends Model
      * @var array<int, string>
      */
     protected $fillable = ['role_id', 'title'];
+
+    public function role(): BelongsTo
+    {
+        return $this->belongsTo(Role::class);
+    }
 }

app/Permission.php

@@ -31,6 +31,8 @@ public function __construct(
         protected array $permissions = [
             'assign-user-roles',
             'dissociate-user-roles',
+            'give-permissions',
+            'revoke-permissions',
         ]
     ) {
 

app/Queries/PermissionQueries.php

@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Queries;
+
+use App\Models\Permission;
+
+class PermissionQueries
+{
+    /**
+     * @param  array<string, string|array<int, string>>  $data
+     */
+    public function givePermissions(array $data): void
+    {
+        /** @var array<int, string> $permissions */
+        $permissions = $data['permissions'];
+
+        $insertData = [];
+
+        foreach ($permissions as $permission) {
+            $insertData[] = [
+                'role_id' => $data['role'],
+                'title' => $permission,
+            ];
+        }
+
+        Permission::upsert($insertData, ['role_id', 'title']);
+    }
+
+    /**
+     * @param  array<string, string|array<int, string>>  $data
+     */
+    public function revokePermissions(array $data): void
+    {
+        Permission::query()
+            ->where('role_id', $data['role'])
+            ->whereIn('title', $data['permissions'])
+            ->delete();
+    }
+}

app/Queries/UserQueries.php

@@ -10,7 +10,7 @@
 
 class UserQueries extends GlobalQueries
 {
-    public function listQuery(): LengthAwarePaginator
+    public function listQuery(?string $roleId): LengthAwarePaginator
     {
         return QueryBuilder::for(User::class)
             ->allowedFields(['first_name', 'last_name', 'username', 'email', 'created_at'])
@@ -27,6 +27,11 @@ public function listQuery(): LengthAwarePaginator
                 'tokens:id,tokenable_id,tokenable_type,last_used_at',
                 'roles:id,name',
             ])
+            ->when($roleId, function ($query) use ($roleId): void {
+                $query->whereHas('roles', function ($query) use ($roleId): void {
+                    $query->where('role_id', $roleId);
+                });
+            })
             ->jsonPaginate();
     }
 
@@ -62,23 +67,4 @@ public function findByEmail(string $email): ?User
     {
         return User::query()->firstWhere('email', $email);
     }
-
-    public function fetchByRole(string $roleId): LengthAwarePaginator
-    {
-        return QueryBuilder::for(User::class)
-            ->allowedFields(['first_name', 'last_name', 'username', 'email', 'created_at'])
-            ->allowedFilters([
-                $this->filter('first_name'),
-                $this->filter('last_name'),
-                $this->filter('username'),
-                $this->filter('email'),
-            ])
-            ->defaultSort('-created_at')
-            ->allowedSorts(['first_name', 'last_name', 'created_at'])
-            ->mergeSelect('id')
-            ->withWhereHas('roles', function ($query) use ($roleId): void {
-                $query->where('role_id', $roleId);
-            })
-            ->jsonPaginate();
-    }
 }

routes/api.php

@@ -8,6 +8,7 @@
 use App\Http\Controllers\Api\GenerateTokenController;
 use App\Http\Controllers\Api\HierarchyController;
 use App\Http\Controllers\Api\LocaleController;
+use App\Http\Controllers\Api\PermissionController;
 use App\Http\Controllers\Api\PriceBookController;
 use App\Http\Controllers\Api\RoleController;
 use App\Http\Controllers\Api\RoleUserController;
@@ -25,8 +26,7 @@
 
     Route::middleware(['auth:sanctum', 'set.company'])->group(function (): void {
         Route::controller(UserController::class)->name('users.')->prefix('users')->group(function (): void {
-            Route::get('fetch', 'fetch')->can('fetch-users')->name('fetch');
-            Route::get('fetch/{roleId}', 'fetchByRole')->can('fetch-users')->name('fetch_by_role');
+            Route::get('fetch/{roleId?}', 'fetch')->can('fetch-users')->name('fetch');
             Route::post('create', 'create')->can('create-user')->name('create');
             Route::delete('{id}/delete', 'delete')->can('delete-user')->name('delete');
             Route::post('{id}/restore', 'restore')->can('delete-user')->name('restore');
@@ -45,6 +45,11 @@
             Route::post('dissociate-roles', 'dissociateRoles')->can('dissociate-user-roles')->name('dissociate_roles');
         });
 
+        Route::controller(PermissionController::class)->name('permissions.')->prefix('permissions')->group(function (): void {
+            Route::post('give-permissions', 'givePermissions')->can('give-permissions')->name('give');
+            Route::post('revoke-permissions', 'revokePermissions')->can('revoke-permissions')->name('revoke');
+        });
+
         Route::controller(LocaleController::class)->name('locales.')->prefix('locales')->group(function (): void {
             Route::get('fetch', 'fetch')->can('fetch-locales')->name('fetch');
             Route::post('create', 'create')->can('create-locale')->name('create');

stubs/request.stub

@@ -9,7 +9,7 @@ class {{ class }} extends FormRequest
     /**
      * Get the validation rules that apply to the request.
      *
-     * @return array<string, \Illuminate\Contracts\Validation\ValidationRule|array|string>
+     * @return array<string, \Illuminate\Contracts\Validation\ValidationRule|array<int, string>|string>
      */
     public function rules(): array
     {

tests/Feature/Api/CompanyControllerTest.php

@@ -25,7 +25,7 @@
                         ->has(
                             '0',
                             fn (AssertableJson $json): AssertableJson => $json
-                                ->where('id', ($user = $user->companies()->first())->id)
+                                ->where('id', ($user = $user->companies->sortByDesc('created_at')->first())->id)
                                 ->where('name', $user->name)
                                 ->where('email', $user->email)
                                 ->etc()

tests/Feature/Api/PermissionControllerTest.php

@@ -0,0 +1,46 @@
+<?php
+
+declare(strict_types=1);
+
+use App\Models\Permission;
+
+beforeEach(function (): void {
+    [$this->user, $this->company, $this->token] = frontendApiLoginWithUser('Super Admin');
+});
+
+test('it can give the permissions', function (): void {
+    $role = $this->user->roles->first();
+
+    Permission::factory()->for($role)->create();
+
+    $response = $this->withToken($this->token)->postJson(route('api.permissions.give'), [
+        'role' => $role->id,
+        'permissions' => ['create-user'],
+    ]);
+
+    $response->assertOk()->assertJsonStructure(['success']);
+
+    $this->assertDatabaseHas(Permission::class, [
+        'role_id' => $role->id,
+        'title' => 'create-user',
+    ]);
+});
+
+test('it can revoke the permissions', function (): void {
+    $role = $this->user->roles->first();
+
+    $permissions = Permission::factory(3)->for($role)->sequence(
+        ['title' => 'create-user'],
+        ['title' => 'delete-user'],
+        ['title' => 'fetch-users']
+    )->create();
+
+    $response = $this->withToken($this->token)->postJson(route('api.permissions.revoke'), [
+        'role' => $role->id,
+        'permissions' => ['create-user', 'delete-user', 'fetch-users'],
+    ]);
+
+    $response->assertOk()->assertJsonStructure(['success']);
+
+    expect(Permission::first())->toBeNull();
+});

tests/Feature/Api/RoleControllerTest.php

@@ -2,6 +2,77 @@
 
 declare(strict_types=1);
 
-test('example test', function (): void {
+use App\Models\Role;
+use Illuminate\Http\Response;
+use Illuminate\Testing\Fluent\AssertableJson;
 
+beforeEach(function (): void {
+    [$this->user, $this->company, $this->token] = frontendApiLoginWithUser('Super Admin');
+});
+
+test('it can fetch roles', function (): void {
+    $response = $this->withToken($this->token)->getJson(route('api.roles.fetch'));
+
+    $response->assertOk()
+        ->assertJson(
+            fn (AssertableJson $json): AssertableJson => $json
+                ->has(
+                    'data',
+                    fn (AssertableJson $json): AssertableJson => $json
+                        ->has(
+                            '0',
+                            fn (AssertableJson $json): AssertableJson => $json
+                                ->where('id', ($role = Role::latest()->first())->id)
+                                ->where('name', $role->name)
+                                ->etc()
+                        )
+                        ->etc()
+                )
+        );
+});
+
+test('it can create role', function (): void {
+    $response = $this->withToken($this->token)->postJson(route('api.roles.create'), [
+        'name' => $name = 'Access Manager',
+    ]);
+
+    $response->assertOk()->assertJsonStructure(['success', 'role_id']);
+
+    $this->assertDatabaseHas(Role::class, [
+        'name' => $name,
+    ]);
+});
+
+test('it can delete the role', function (): void {
+    $role = Role::factory()->named('Access Manager')->create();
+
+    $response = $this->withToken($this->token)->deleteJson(route('api.roles.delete', [
+        'id' => $role->id,
+    ]));
+
+    $response->assertOk()->assertJsonStructure(['success']);
+
+    $this->assertModelMissing($role);
+});
+
+test('it cannot delete the role if it assign to the user', function (): void {
+    $response = $this->withToken($this->token)->deleteJson(route('api.roles.delete', [
+        'id' => Role::min('id'),
+    ]));
+
+    $response->assertStatus(Response::HTTP_NOT_ACCEPTABLE);
+});
+
+test('it can update the role', function (): void {
+    $response = $this->withToken($this->token)->postJson(route('api.roles.update', [
+        'id' => Role::min('id'),
+    ]), [
+        'name' => $name = 'Access Manager',
+    ]);
+
+    $response->assertOk()->assertJsonStructure(['success']);
+
+    $this->assertDatabaseHas(Role::class, [
+        'name' => $name,
+    ]);
 });