From 92267d528404b1b1d2106cdcf142c3b1e6876def Mon Sep 17 00:00:00 2001
From: Nafies Luthfi <nafiesl@gmail.com>
Date: Sat, 11 Apr 2020 17:07:07 +0800
Subject: [PATCH] System admin can edit any user profile

---
 app/Helpers/functions.php              | 12 ++++++++++++
 app/Policies/UserPolicy.php            |  2 +-
 tests/Unit/Policies/UserPolicyTest.php | 25 ++++++++++++++++++++++++-
 3 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/app/Helpers/functions.php b/app/Helpers/functions.php
index 7d01353..ea13fae 100644
--- a/app/Helpers/functions.php
+++ b/app/Helpers/functions.php
@@ -58,3 +58,15 @@ function userPhotoPath($photoPath, $genderId)
 
     return asset('images/icon_user_'.$genderId.'.png');
 }
+
+function is_system_admin(User $user)
+{
+    if ($user->email) {
+        if (env('SYSTEM_ADMIN_EMAILS')) {
+            $adminEmails = explode(';', env('SYSTEM_ADMIN_EMAILS'));
+            return in_array($user->email, $adminEmails);
+        }
+    }
+
+    return false;
+}
diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php
index 9338d94..4dd7b41 100644
--- a/app/Policies/UserPolicy.php
+++ b/app/Policies/UserPolicy.php
@@ -18,7 +18,7 @@ class UserPolicy
      */
     public function edit(User $user, User $editableUser)
     {
-        return $editableUser->id == $user->id || $editableUser->manager_id == $user->id;
+        return $editableUser->id == $user->id || $editableUser->manager_id == $user->id || is_system_admin($user);
     }
 
     /**
diff --git a/tests/Unit/Policies/UserPolicyTest.php b/tests/Unit/Policies/UserPolicyTest.php
index 8e15134..793eeaa 100644
--- a/tests/Unit/Policies/UserPolicyTest.php
+++ b/tests/Unit/Policies/UserPolicyTest.php
@@ -3,8 +3,9 @@
 namespace Tests\Unit\Policies;
 
 use App\User;
-use Tests\TestCase;
 use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Str;
+use Tests\TestCase;
 
 class UserPolicyTest extends TestCase
 {
@@ -13,10 +14,32 @@ class UserPolicyTest extends TestCase
     /** @test */
     public function manager_can_edit_users_profile()
     {
+        $otherUserManagerId = Str::random();
+        $manager = factory(User::class)->create();
+        $user = factory(User::class)->create(['manager_id' => $manager->id]);
+        $otherUser = factory(User::class)->create(['manager_id' => $otherUserManagerId]);
+
+        $this->assertTrue($manager->can('edit', $user));
+        $this->assertFalse($manager->can('edit', $otherUser));
+    }
+
+    /** @test */
+    public function admins_can_edit_any_user_profile()
+    {
+        $adminEmail = 'admin@example.net';
+        $otherUserManagerId = Str::random();
+        putenv('SYSTEM_ADMIN_EMAILS='.$adminEmail);
+
         $manager = factory(User::class)->create();
+        $admin = factory(User::class)->create(['email' => $adminEmail]);
         $user = factory(User::class)->create(['manager_id' => $manager->id]);
+        $otherUser = factory(User::class)->create(['manager_id' => $otherUserManagerId]);
+
+        $this->assertTrue($admin->can('edit', $user));
+        $this->assertTrue($admin->can('edit', $otherUser));
 
         $this->assertTrue($manager->can('edit', $user));
+        $this->assertFalse($manager->can('edit', $otherUser));
     }
 
     /** @test */