Sign up to access "Laravel Teams" right now.

So let's go ahead and do this. It's an incredibly short test, and then we'll go ahead and do some manual testing in the UI. So let's go ahead and create our user and basically acting as this user, we're going to try and remove ourselves from the team, which at the moment will work, which is not great. So let's go over and send a request over to that team members destroy route.

Again, we're going to pass the current team in here and the user that we're trying to delete, which is ourselves. And we're going to assert that this is forbidden. Now, at the moment, if we just run our test here, that should fail. Yeah, we get a redirect, which is not great. So to do this, it's incredibly easy over in the team policy. Basically, just to make sure that the user that we're trying to delete doesn't equal the or the user that we are,

that ID doesn't equal the member that we're trying to delete. It's as simple as that. So let's go ahead and say if the user ID is equal to the member that we're trying to delete, then we're just going to return false. And that's pretty much it. I'll just not authorize that. Let's run our test. And yeah, we get great. OK, so now that we've done this,

let's just do a little bit of experimenting, because at the moment we're still going to see the option. So I can still click remove from team. Of course, it's not going to work. And we know that we've written tests, but it's not a good idea to display this. So let's go ahead back to the database and we'll add this user back into our team.

And we can even log in as them as well. They can have the same password. So let's go over to team user and let's add that user ID of five into here. A little bit annoying because we've not added the ability to invite yet, but there's that user. So I should be able to remove them from the team, but I shouldn't be able to remove myself from the team.

And vice versa, when we're logged in as this user, we shouldn't be able to remove me from the team because they're not an admin. In fact, we can even set up their role as well, just so this makes sense. So let's go and set that user ID of five, the current team of seven with a role ID of two, which is if we just take a look at our roles. Let's find our roles. That should be a role ID. Oh, yeah, we've missed the model type.

Let's send that in. OK, great. So that should now be a team member. OK, so let's go back to our UI and figure this out. So if we go back over to our team member item, let's go and add a condition around this. So this is basically if we can remove team member.

And remember, we need to pass all of this data in as well. So this is always going to be in the context of the current team that the user who is logged in as in. And then we're going to have the member that we're trying to apply this on. So let's go ahead and end that can just down here.

Just indent this and let's take a look. So there we go. That is now missing from here because I can't remove myself from the team, but I can remove Mabel from the team. I'm not going to click on that yet because I'm going to switch over to Mabel's account and I'm going to see if the reverse works. So let's log out here and let's go ahead and log in as that user that we just created.

And let's go over to Team Alex under team settings. Now, obviously, we have the list of team members. We can't see the edit stuff because we don't have permission to do this. We can't remove this user from the team. We can't remove ourselves from the team. So, again, that's kicked in, but we can also not remove this user as well because we're not an admin.

So I can't remove this user. OK, so you can change these fine grained permissions if you want to a little bit later with additional conditions like not being able to remove the owner of the team. You could add a flag in the database. You just want to add any of these conditions in your policy. And, of course, go ahead and write a test for that. But there we go. We now have the ability to remove team members, but also all of the conditions around this as well.