From 80e80a40f5d3a35e74942422e75ca994adcfa297 Mon Sep 17 00:00:00 2001
From: Nafies Luthfi <nafiesl@gmail.com>
Date: Thu, 31 May 2018 08:51:07 +0800
Subject: [PATCH] Add user's manager authorization to delete a user

---
 app/Policies/UserPolicy.php            |  5 +++++
 tests/Unit/Policies/UserPolicyTest.php | 13 +++++++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php
index 10de3cc..bd952a3 100644
--- a/app/Policies/UserPolicy.php
+++ b/app/Policies/UserPolicy.php
@@ -13,4 +13,9 @@ class UserPolicy
     {
         return $editableUser->manager_id == $user->id;
     }
+
+    public function delete(User $user, User $editableUser)
+    {
+        return $editableUser->manager_id == $user->id;
+    }
 }
diff --git a/tests/Unit/Policies/UserPolicyTest.php b/tests/Unit/Policies/UserPolicyTest.php
index 8a1c3f8..17f2a26 100644
--- a/tests/Unit/Policies/UserPolicyTest.php
+++ b/tests/Unit/Policies/UserPolicyTest.php
@@ -3,19 +3,28 @@
 namespace Tests\Unit\Policies;
 
 use App\User;
-use Illuminate\Foundation\Testing\RefreshDatabase;
 use Tests\TestCase;
+use Illuminate\Foundation\Testing\RefreshDatabase;
 
 class UserPolicyTest extends TestCase
 {
     use RefreshDatabase;
 
     /** @test */
-    public function admin_can_edit_users_profile()
+    public function manager_can_edit_users_profile()
     {
         $manager = factory(User::class)->create();
         $user = factory(User::class)->create(['manager_id' => $manager->id]);
 
         $this->assertTrue($manager->can('edit', $user));
     }
+
+    /** @test */
+    public function manager_can_delete_a_user()
+    {
+        $manager = factory(User::class)->create();
+        $user = factory(User::class)->create(['manager_id' => $manager->id]);
+
+        $this->assertTrue($manager->can('delete', $user));
+    }
 }