Laravel Teams
This episode is for members only

Sign up to access "Laravel Teams" right now.

Get started
Already a member? Sign in to continue
Playing
15. Leaving a team

Episodes

0%
Your progress
  • Total: 4h 36m
  • Played: 0m
  • Remaining: 4h 36m
Join or sign in to track your progress
01. Introduction and demo
4m 49s
0%
02. Setup with Pest
4m 2s
0%
03. Building the user teams relations
6m 5s
0%
04. Creating a personal team when registering
6m 3s
0%
05. Leaving all teams when an account is deleted
3m 55s
0%
06. Tracking the current team
4m 50s
0%
07. Showing team details in the UI
2m 55s
0%
08. Switching to another team
7m 24s
0%
09. Authorising team switching
6m 53s
0%
10. Updating a team name
10m 48s
0%
11. Basic roles and permissions setup
5m 26s
0%
12. Team roles and permissions middleware
9m 18s
0%
13. Authorising current team updates
3m 43s
0%
14. Testing team permissions through HTTP requests
3m 58s
0%
15. Leaving a team
10m 50s
0%
16. Displaying team members
8m 42s
0%
17. Making team members look better
5m 3s
0%
18. Removing a team member
15m 18s
0%
19. Preventing self removal from a team
4m 7s
0%
20. Storing invitations
13m 31s
0%
21. Validating invitations
6m 38s
0%
22. Authorising team invitation creation
6m 22s
0%
23. Displaying invitations
3m 16s
0%
24. Revoking invitations
12m 46s
0%
25. Sending an invitation email
13m 6s
0%
26. Accepting an invitation
12m 22s
0%
27. Displaying a modal to change a member’s role
10m 31s
0%
28. Updating a member’s role
9m 5s
0%
29. More authorisation and checks for role changing
10m 14s
0%
30. Fixing up the email sending test details
49s
0%
31. Fixing and validating email addresses for invites
1m 32s
0%
32. Tidying up @can directive checks
3m 25s
0%
33. Detaching roles when removing users
5m
0%
34. Adding an extra layer of protection to the team middleware
6m 35s
0%
35. Getting related models through teams
5m 37s
0%
36. Building a helper to access the current team
10m 47s
0%
37. Getting all related models through all teams
7m 15s
0%
38. Creating new teams
13m 7s
0%

Transcript

00:00
While we're on our team settings page let's add the ability to leave a team. Now there are a couple
00:05
of really important conditions around leaving a team so why don't we just head over to our tests and just scaffold these out. We'll go ahead and build the functionality and kind of write the tests at the same time. So when can we not leave a team? Well we can't leave a team if we only have as a user one team remaining. So cannot leave team if we have one team remaining. That would
00:29
mean that we can't leave our own personal team or if we deleted our personal team later on down the line we can't leave a team if we only have one left because then we would just be left with no teams. We have to at least be part of one team. We also cannot leave a team that we don't belong to. That kind of makes sense there's no point it won't really break anything it's not really a
00:54
massive security risk because we can't leave a team that we don't belong to anyway but we may as well include that in a test. And then finally we'll just do the best case scenario where we can leave a team. Okay let's go and just get started on this so we'll go over to our team controller and let's create our method in here. We're just going to call this leave I'm not going to keep the
01:15
restful convention here it's bringing our request and it's bringing the team that we're actually leaving and for now we'll just die dump one team. Okay if we head over to our team edit page we can basically just copy this down here we are going to be wrapping that in a can as well at some point but we'll get rid of that just for now because we don't have one to find out in our policy and
01:38
rather than including a partial here I'm just going to do this all in line because it's so simple. So let's go ahead and use a danger button this is again just from the breeze framework but you can build out a standard button it doesn't really matter and let's call this leave team and we're going to put this through to a specific action with a method of post and we know that we're
01:57
going to have our cross-site request forgery field in there as well. So there's a couple of ways that we can handle this we can make a delete request through to this but I think it kind of makes sense just to build the route out like this so we'll have a route in here where we just post through to team slash leave. These things get so complex there's not really much point in
02:21
trying to keep them restful it doesn't really matter too much so let's call that team leave and then at least we can update this form to go through to the right place. So let's pull in our route helper and we'll go through to team leave and of course we're going to pass that current team in there as well. So we have something that looks like this now at the moment anyone can click
02:41
on this it's visible to anyone even around our conditions that we need to add in. Let's get this functionality working then we'll go ahead and add in the conditions. So how do we leave a team? Well we might just think it's as easy as saying something like user teams and then detach and detaching the current team and we do need to do that but we also need to take into account that
03:05
the current team id needs switching over to another team because if we leave the team we want to change the current team id within that user record. So let's do it in this way instead let's go ahead and grab the user out first of all just so we've got a local reference to it then let's go ahead and detach that team and then let's go ahead and set a team to another team
03:30
or set the current team to another team. To do this we can do this like this so current team associate and we could just grab from the user and we'll use fresh here to grab the fresh data out of the database because remember we've just detached a team and then let's say teams and first so basically just get the next available team from that user and then go ahead and save
03:55
that out. Okay let's go ahead and return and redirect back and where do we want to redirect to? Well probably a more neutral route like the dashboard since we've just switched this team over. Okay so rather than do this in the UI and actually get rid of any data let's go ahead and write out our test for this so we'll just do this can leave team for now and let's pull
04:15
this in here so it can leave a team well once again we need a user in here so let's go ahead and pull out a user factory and create at the same time let's go ahead and assign this user to another team that they can leave so or that they might not leave and we might choose to leave the current team it doesn't really matter which direction we do things in so let's at least create
04:39
another team for them and then we can go ahead and say team to leave and we'll grab the user's current team so basically we want to be a part of this original team that gets created as part of our observer remember that automatically sets the current user id or the current team id sorry so then if we leave the current team then it should switch us back to the other team
05:05
so let's say acting as user and let's make a request down to that route that we've just created so team.leave and again we need to pass the team in here which is the team to leave and we basically want to be redirected so we can say assert redirect and we can even choose that we're redirected to the right place let's run this one first of all so let's say pest
05:28
and we'll go directly into our controllers and team controller test and that looks like it worked great so we know that we're redirected back but we also want to check that the current team id is changed so let's say expect user again we'll use fresh here to pull that data freshly out of the database teams and contains team to leave id and we'll say to be false so basically we want to know
05:56
that we don't have that team within the list of teams that we have so basically make sure it's been detached okay let's run that test and that looks good and what else do we want to do here so what we can do with pest is say and so we can just continue chaining these on or you could create another expectation it doesn't really matter we're going to say user fresh current team id and we want
06:19
to make sure this is not equal so we can say not to equal team to leave id so basically make sure that the current team id that the user is currently in based on that current underscore user underscore id value doesn't equal the team that we have just left because if that's hanging around it's going to cause issues in the ui so let's check that out and there we go great so everything
06:41
looks good in here now let's go ahead and create out the policy which is going to handle these two scenarios so if we come over to our team policy let's go and create out another method in here called leave and again we're going to get the user directly in there the team that we're trying to leave in there and let's just add these conditions and write the tests for it so the
07:04
first one is really easy and we've done this a bunch of times before we're going to return false if the user teams doesn't contain the team we're trying to leave and then we're going to return user teams count and make sure that that is greater than or equal to two so basically is it not one and you could do it either way you could say doesn't equal one whatever you
07:28
want to do but i'm going to say greater than or equal to two so we can only leave a team if we have at least one left okay let's try this out so let's go over to our team controller test and we'll start with this one just here so let's say it can not leave a team if we have one remaining this might sound like it's going to be pretty complicated but it's not we basically just need
07:51
to create our user that gives us one personal team so when we make a request to this endpoint it shouldn't let us delete the team we should get an error so let's say acting as user let's go ahead and post through to teams leave passing in the user's current team so we're just trying to leave so we're just trying to leave our current team which is the only one left and we want to just
08:17
assert that that's forbidden that's all we need to do for this test okay it's going to fail at the moment because we haven't added this to our controller so let's go and hop over to our team controller and we'll add this into here so again we can create our form request for this to make it a little bit easier let's go ahead and make out a request here team leave request let's replace
08:41
this over team leave request and let's open this up and authorize this so this user can leave the team that we're passing through okay let's run our test here and we should be good now we don't so we've got a failure here let's just take a look and see what has happened and yeah we've got contained does not exist that's just an error in our code here so over in the policy want to make
09:10
sure that contains let's try this one more time and there we go great okay so the last test again is pretty straightforward to build out so let's go over to here we've got this one down is can't leave a team that we don't belong to we've done a similar thing for some of the other tests that we've already created so this shouldn't be too much trouble so let's again create out a user here
09:34
factory and create and we'll do pretty much the same thing for another user now this other user also has a personal team so let's try and leave their team acting as this user let's try and leave that team so team leave and another user current team and again we're going to expect this to be forbidden so let's use assert forbidden okay let's try this again and there we go great so we know
10:05
that our policy is working and now this should work in our ui now the only problem with the ui is we're not really testing the ui that much i'd probably use end-to-end tests for that but this is still here now when i click on this it does work for my personal team but when i come over to the team settings for code course and i click on that we get 403 as expected so in this scenario
10:27
this is the only team i've got left so i shouldn't even be able to see this button so let's go ahead and just change that around in the ui so let's go over to team edit and again for this entire thing we can just use cam so can leave team pretty straightforward end the cam down here let's pull that in and just indent that and obviously we shouldn't see the option

Episode summary

In this episode, we focus on adding the ability for users to leave a team in our application. While it might sound simple at first, there are a few important conditions we need to consider—for example, we shouldn't let users leave if they're only part of one team, and obviously, they shouldn't be able to leave teams they aren't a member of!

We start by laying out these rules directly in our test suite, scaffolding the different scenarios that should be covered. Next, we move into actually building out the functionality in our team controller, setting up the leave action, and wiring it up to a simple button on our team settings page. There's also a bit of logic to ensure that when a user leaves a team, we properly update their current team to another they belong to.

Once the main functionality is implemented, we add a policy to enforce our rules, making sure that attempts to leave a team when not allowed are forbidden. Of course, we write tests along the way to ensure everything is working as expected—including edge cases like trying to leave a team you don't belong to, or trying to leave your last team.

Finally, we tidy up the UI by only showing the "Leave Team" button when it's actually allowed. That way, users won't even see the option if they're not supposed to leave, which makes for a better experience all round.

By the end of this episode, you'll have a robust leave team feature, complete with checks and tests to keep everything secure and user-friendly!

Episode discussion

No comments, yet. Be the first!