Professional Documents
Culture Documents
05 - Company Owner Manages Users Laravel Daily
05 - Company Owner Manages Users Laravel Daily
Now that the administrator can add users to the company, we need to
01 1716 words
implement a feature where the can add users to the
02 1702 words
company themselves.
03 1041 words
04 2333 words
05 1708 words
06 2536 words
First, let's add `SoftDeletes` for the User Model if someone accidentally 07 4852 words
11 976 words
php artisan make:migration "add soft deletes to users table"
12 933 words
13 644 words
:
public function up(): void
{
Schema::table('users', function (Blueprint $table) {
$table->softDeletes();
});
}
use Illuminate\Database\Eloquent\SoftDeletes;
// ...
}
Let's �x it.
:
$response = $this
->actingAs($user)
->delete('/profile', [
'password' => 'password',
]);
$response
->assertSessionHasNoErrors()
->assertRedirect('/');
$this->assertGuest();
$this->assertNull($user->fresh());
$this->assertSoftDeleted($user->fresh());
}
}
Great, now it's �xed!
PASS Tests\Feature\ProfileTest
✓ user can delete their account 0.13s
Now, let's move on to the main feature. First, let's show the new item
`Administrators` in the navigation, which will be visible only for users with
// ...
<!-- Navigation Links -->
<div class="hidden space-x-8 sm:-my-px sm:ml-10 sm:flex">
<x-nav-link :href="route('dashboard')" :active="request()->routeIs('dashboard')
{{ __('Dashboard') }}
</x-nav-link>
@if(auth()->user()->role_id === \App\Enums\Role::ADMINISTRATOR->value)
<x-nav-link :href="route('companies.index')" :active="request()->routeIs('companies.
{{ __('Companies') }}
</x-nav-link>
@endif
@if(auth()->user()->role_id === \App\Enums\Role::COMPANY_OWNER->value)
<x-nav-link :href="route('companies.users.index', auth()->user()->company_id)
{{ __('Administrators') }}
</x-nav-link>
@endif
</div>
// ...
Now that we have the navigation link, let's implement the backend part.
We do have the CRUD Controller from the last lesson, but now we need to
work on the permissions to "open up" that CRUD to another role.
use App\Models\Company;
use App\Policies\CompanyUserPolicy;
// ...
}
• viewAny
• create
• update
• delete
And we will allow those actions based on user's role `Company Owner` and
their company ID.
use App\Enums\Role;
use App\Models\User;
use App\Models\Company;
class CompanyUserPolicy
{
public function before(User $user): bool|null
{
if ($user->role_id === Role::ADMINISTRATOR->value) {
return true;
}
return null;
}
:
class CompanyUserController extends Controller
{
public function index(Company $company)
{
$this->authorize('viewAny', $company);
// ...
}
// ...
}
// ...
}
// ...
}
// ...
}
}
Great! Now users with the `Company Owner` role can create new users for
their company and cannot do any CRUD actions for other companies.
So now we made some changes to the `CompanyUserController` and added
additional authorization. First, let's check if we didn't break anything for the
users with the `administrator` role.
PASS Tests\Feature\CompanyUserTest
✓ admin can access company users page 0.09s
✓ admin can create user for a company 0.02s
✓ admin can edit user for a company 0.01s
✓ admin can delete user for a company 0.01s
Now let's add more tests to the `CompanyUserTest`. We will check if the user
with the `Company Owner` role can do CRUD actions for his company and
cannot do any for other companies.
Before adding the tests, we need to add another for the
`Company Owner` role.
$response = $this->actingAs($user)->get(route('companies.users.index
$response->assertOk()
->assertSeeText($secondUser->name);
}
$response = $this->actingAs($user)->get(route('companies.users.index
$response->assertForbidden();
}
$response = $this->actingAs($user)->post(route('companies.users.store
'name' => 'test user',
'email' => 'test@test.com',
'password' => 'password',
]);
$response->assertRedirect(route('companies.users.index', $company->id
$this->assertDatabaseHas('users', [
'name' => 'test user',
'email' => 'test@test.com',
'company_id' => $company->id,
]);
}
$response = $this->actingAs($user)->post(route('companies.users.store
'name' => 'test user',
'email' => 'test@test.com',
'password' => 'password',
]);
$response->assertForbidden();
}
$response = $this->actingAs($user)->put(route('companies.users.update
'name' => 'updated user',
'email' => 'test@update.com',
]);
$response->assertRedirect(route('companies.users.index', $company->id
$this->assertDatabaseHas('users', [
'name' => 'updated user',
'email' => 'test@update.com',
'company_id' => $company->id,
]);
}
$response = $this->actingAs($user)->put(route('companies.users.update
'name' => 'updated user',
'email' => 'test@update.com',
]);
$response->assertForbidden();
}
$response = $this->actingAs($user)->delete(route('companies.users.update
$response->assertRedirect(route('companies.users.index', $company->id
$this->assertDatabaseMissing('users', [
'name' => 'updated user',
'email' => 'test@update.com',
]);
}
$response = $this->actingAs($user)->delete(route('companies.users.update
$response->assertForbidden();
}
}
You can unsubscribe at any time. You'll also get -20% off my courses!