From f7b22f75f3182e34e270d887a438a3398b069e68 Mon Sep 17 00:00:00 2001
From: Nafies Luthfi <nafiesl@gmail.com>
Date: Fri, 1 Jun 2018 21:45:14 +0800
Subject: [PATCH] Prevent user from deleting their own profile

---
 app/Policies/UserPolicy.php            | 2 +-
 tests/Unit/Policies/UserPolicyTest.php | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php
index 6d580b4..df16d7e 100644
--- a/app/Policies/UserPolicy.php
+++ b/app/Policies/UserPolicy.php
@@ -16,6 +16,6 @@ class UserPolicy
 
     public function delete(User $user, User $editableUser)
     {
-        return $editableUser->manager_id == $user->id;
+        return $editableUser->manager_id == $user->id && $editableUser->id != $user->id;
     }
 }
diff --git a/tests/Unit/Policies/UserPolicyTest.php b/tests/Unit/Policies/UserPolicyTest.php
index d9b0e1c..8e15134 100644
--- a/tests/Unit/Policies/UserPolicyTest.php
+++ b/tests/Unit/Policies/UserPolicyTest.php
@@ -35,4 +35,12 @@ class UserPolicyTest extends TestCase
 
         $this->assertTrue($manager->can('delete', $user));
     }
+
+    /** @test */
+    public function user_cannot_delete_their_own_data()
+    {
+        $user = factory(User::class)->create();
+
+        $this->assertFalse($user->can('delete', $user));
+    }
 }