From 0b4acf04f1be764f835f9d412273a274d9d11839 Mon Sep 17 00:00:00 2001
From: Nafies Luthfi <nafiesl@gmail.com>
Date: Sat, 11 Apr 2020 19:32:59 +0800
Subject: [PATCH] System admin can edit any couple data

---
 app/Policies/CouplePolicy.php            |  2 +-
 tests/Unit/Policies/CouplePolicyTest.php | 30 +++++++++++++++++++++++++++---
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/app/Policies/CouplePolicy.php b/app/Policies/CouplePolicy.php
index 60ef143..c09d29d 100644
--- a/app/Policies/CouplePolicy.php
+++ b/app/Policies/CouplePolicy.php
@@ -19,6 +19,6 @@ class CouplePolicy
      */
     public function edit(User $user, Couple $couple)
     {
-        return $couple->manager_id == $user->id;
+        return $couple->manager_id == $user->id || is_system_admin($user);
     }
 }
diff --git a/tests/Unit/Policies/CouplePolicyTest.php b/tests/Unit/Policies/CouplePolicyTest.php
index c6efe71..5e2639e 100644
--- a/tests/Unit/Policies/CouplePolicyTest.php
+++ b/tests/Unit/Policies/CouplePolicyTest.php
@@ -3,7 +3,9 @@
 namespace Tests\Unit\Policies;
 
 use App\Couple;
+use App\User;
 use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Str;
 use Tests\TestCase;
 
 class CouplePolicyTest extends TestCase
@@ -11,11 +13,33 @@ class CouplePolicyTest extends TestCase
     use RefreshDatabase;
 
     /** @test */
-    public function admin_can_edit_couple_data()
+    public function manager_can_edit_couples()
     {
-        $couple = factory(Couple::class)->create();
-        $manager = $couple->manager;
+        $otherCoupleManagerId = Str::random();
+        $manager = factory(User::class)->create();
+        $couple = factory(Couple::class)->create(['manager_id' => $manager->id]);
+        $otherCouple = factory(Couple::class)->create(['manager_id' => $otherCoupleManagerId]);
 
         $this->assertTrue($manager->can('edit', $couple));
+        $this->assertFalse($manager->can('edit', $otherCouple));
+    }
+
+    /** @test */
+    public function admins_can_edit_any_couple_data()
+    {
+        $adminEmail = 'admin@example.net';
+        $otherCoupleManagerId = Str::random();
+        config(['app.system_admin_emails' => $adminEmail]);
+
+        $manager = factory(User::class)->create();
+        $admin = factory(User::class)->create(['email' => $adminEmail]);
+        $couple = factory(Couple::class)->create(['manager_id' => $manager->id]);
+        $otherCouple = factory(Couple::class)->create(['manager_id' => $otherCoupleManagerId]);
+
+        $this->assertTrue($admin->can('edit', $couple));
+        $this->assertTrue($admin->can('edit', $otherCouple));
+
+        $this->assertTrue($manager->can('edit', $couple));
+        $this->assertFalse($manager->can('edit', $otherCouple));
     }
 }