This episode is for members only
Sign up to access "Laravel Teams" right now.
Get started
Already a member? Sign in to continue
Playing
14. Testing team permissions through HTTP requests
Episodes
01. Introduction and demo
4m 49s
0%
02. Setup with Pest
4m 2s
0%
03. Building the user teams relations
6m 5s
0%
04. Creating a personal team when registering
6m 3s
0%
05. Leaving all teams when an account is deleted
3m 55s
0%
06. Tracking the current team
4m 50s
0%
07. Showing team details in the UI
2m 55s
0%
08. Switching to another team
7m 24s
0%
09. Authorising team switching
6m 53s
0%
10. Updating a team name
10m 48s
0%
11. Basic roles and permissions setup
5m 26s
0%
12. Team roles and permissions middleware
9m 18s
0%
13. Authorising current team updates
3m 43s
0%
14. Testing team permissions through HTTP requests
3m 58s
0%
15. Leaving a team
10m 50s
0%
16. Displaying team members
8m 42s
0%
17. Making team members look better
5m 3s
0%
18. Removing a team member
15m 18s
0%
19. Preventing self removal from a team
4m 7s
0%
20. Storing invitations
13m 31s
0%
21. Validating invitations
6m 38s
0%
22. Authorising team invitation creation
6m 22s
0%
23. Displaying invitations
3m 16s
0%
24. Revoking invitations
12m 46s
0%
25. Sending an invitation email
13m 6s
0%
26. Accepting an invitation
12m 22s
0%
27. Displaying a modal to change a member’s role
10m 31s
0%
28. Updating a member’s role
9m 5s
0%
29. More authorisation and checks for role changing
10m 14s
0%
30. Fixing up the email sending test details
49s
0%
31. Fixing and validating email addresses for invites
1m 32s
0%
32. Tidying up @can directive checks
3m 25s
0%
33. Detaching roles when removing users
5m
0%
34. Adding an extra layer of protection to the team middleware
6m 35s
0%
35. Getting related models through teams
5m 37s
0%
36. Building a helper to access the current team
10m 47s
0%
37. Getting all related models through all teams
7m 15s
0%
38. Creating new teams
13m 7s
0%
Transcript
00:00
Based on what we know about how we set the current team with that set permissions team ID function from the sparsity package, let's go ahead and write a test to check if we can update a team if we don't have permission. So we shouldn't be able to update a team without permission. And of course we covered that over in the team policy just here where we said user can update
00:22
team. Remember these permissions are attached to roles which are attached to the team itself. Okay let's go ahead and write out a test how we normally would and we'll see how this doesn't work and how we can fix it. So what's the test going to be? Well cannot update a team without permission. So we can't go ahead and update this if we don't have permission as we've already seen.
00:47
Okay so to test this let's go ahead and create out the user who will be going ahead and actually making the update. Now remember this user by default will have a personal team and they will be set as a team admin. But let's go ahead and also assign this user or attach this user to another team but we won't specifically give them permission to do anything. Let's call this another
01:10
team. So we use our team factory to go ahead and create this out. Okay so what we basically now want to do is acting as this user we want to send a patch request down to that route. So let's go ahead and put in that team update route passing in another team. So we're trying to update this other team and we'll go ahead and pass down the name here that we want to change for a new team name.
01:38
Now because over in this route we are now using the update method from the policy where it's checking this we would expect to get a forbidden. So let's say assert forbidden and let's see what happens. So let's specifically run this test just so any of the others that might fail or don't get in the way. So let's say pest and filter and we'll filter by this name. Okay so we can see that this
02:05
failed let's have a look. So it looks like we get a 302 redirect. So what's actually happening here? Well remember that when we make a HTTP request within our tests this is going to include the team's permissions middleware that we created earlier. So this middleware will actually be invoked as part of that test request. What that means is because we are acting as a user within
02:30
our tests this is technically going to assign us to the team that we currently have. So for this user here within this test even though we're making a request to another team this is still going to assume that we're within that team. Now there are loads of different ways that we could configure our application so this isn't the case but since this works the best way we basically just need to
02:55
adjust our tests to manually set which team we are a part of. So basically faking this middleware. Now we're not actually going to fake the middleware but what we are going to do is use the without middleware method on this. We're going to pass in the team permission middleware that will exclude the middleware being run for this particular test and then what we can do up here is we can
03:16
manually use the set permissions team id to that another team id. So basically we are saying well this is what happens in the middleware normally so we're going to fake it within our test but then we're going to exclude the middleware when we actually run this. Let's go ahead and run this test again and you can see sure enough we get a green so we're going to have to do this in multiple
03:36
places where we need to basically simulate that we are a part of a different team. There are other ways to do this but I found this is the easiest way and basically within tests anyway all we're doing is just modifying how this request is made so doing this and then just excluding the middleware isn't too much trouble. Okay let's just finally run all of our tests just to make sure and yeah we're all good.
38 episodes•4 hrs 36 mins•5 months ago
Overview
Need team functionality in your Laravel application? Let’s build it from scratch.
We’ll cover the basics of creating teams, switching between them, sending secure team invites by email, and managing team members.
Powering everything will be roles and permissions for each member, with the ability to switch roles directly from your team dashboard.
Once you’re done, you’ll have mastered team functionality in Laravel.
Alex Garrett-Smith
Hey, I'm the founder of Codecourse!
Episode discussion
No comments, yet. Be the first!