forgetCachedPermissions(); Role::create(['name' => 'Admin']); Role::create(['name' => 'Retailer']); Role::create(['name' => 'Manufacturer']); Role::create(['name' => 'Customer']); $permission = Permission::firstOrCreate(['name' => 'curate products']); Role::findByName('Admin')->givePermissionTo($permission); }); test('admin can view any product', function () { $admin = User::factory()->create(); $admin->assignRole('Admin'); expect((new ProductPolicy)->viewAny($admin))->toBeTrue(); }); test('retailer can view any product', function () { $retailer = User::factory()->create(); $retailer->assignRole('Retailer'); expect((new ProductPolicy)->viewAny($retailer))->toBeTrue(); }); test('customer cannot view any product in backend', function () { $customer = User::factory()->create(); $customer->assignRole('Customer'); expect((new ProductPolicy)->viewAny($customer))->toBeFalse(); }); test('admin can view specific product', function () { $admin = User::factory()->create(); $admin->assignRole('Admin'); $product = Product::factory()->create(); expect((new ProductPolicy)->view($admin, $product))->toBeTrue(); }); test('partner user can view own product', function () { $partner = Partner::factory()->create(); $user = User::factory()->create(['partner_id' => $partner->id]); $user->assignRole('Retailer'); $product = Product::factory()->create(['partner_id' => $partner->id]); expect((new ProductPolicy)->view($user, $product))->toBeTrue(); }); test('partner user cannot view other partner product', function () { $myPartner = Partner::factory()->create(); $otherPartner = Partner::factory()->create(); $user = User::factory()->create(['partner_id' => $myPartner->id]); $user->assignRole('Retailer'); $product = Product::factory()->create(['partner_id' => $otherPartner->id]); expect((new ProductPolicy)->view($user, $product))->toBeFalse(); }); test('retailer can create products', function () { $retailer = User::factory()->create(); $retailer->assignRole('Retailer'); expect((new ProductPolicy)->create($retailer))->toBeTrue(); }); test('manufacturer can create products', function () { $manufacturer = User::factory()->create(); $manufacturer->assignRole('Manufacturer'); expect((new ProductPolicy)->create($manufacturer))->toBeTrue(); }); test('customer cannot create products', function () { $customer = User::factory()->create(); $customer->assignRole('Customer'); expect((new ProductPolicy)->create($customer))->toBeFalse(); }); test('admin can update any product', function () { $admin = User::factory()->create(); $admin->assignRole('Admin'); $product = Product::factory()->create(); expect((new ProductPolicy)->update($admin, $product))->toBeTrue(); }); test('partner can update own product', function () { $partner = Partner::factory()->create(); $user = User::factory()->create(['partner_id' => $partner->id]); $user->assignRole('Retailer'); $product = Product::factory()->create(['partner_id' => $partner->id]); expect((new ProductPolicy)->update($user, $product))->toBeTrue(); }); test('partner cannot update other partner product', function () { $myPartner = Partner::factory()->create(); $otherPartner = Partner::factory()->create(); $user = User::factory()->create(['partner_id' => $myPartner->id]); $user->assignRole('Retailer'); $product = Product::factory()->create(['partner_id' => $otherPartner->id]); expect((new ProductPolicy)->update($user, $product))->toBeFalse(); }); test('admin can curate products', function () { $admin = User::factory()->create(); $admin->assignRole('Admin'); expect((new ProductPolicy)->curate($admin))->toBeTrue(); }); test('retailer cannot curate products', function () { $retailer = User::factory()->create(); $retailer->assignRole('Retailer'); expect((new ProductPolicy)->curate($retailer))->toBeFalse(); });