Laravel Teams
This episode is for members only

Sign up to access "Laravel Teams" right now.

Get started
Already a member? Sign in to continue
Playing
28. Updating a member’s role

Episodes

0%
Your progress
  • Total: 4h 36m
  • Played: 0m
  • Remaining: 4h 36m
Join or sign in to track your progress
01. Introduction and demo
4m 49s
0%
02. Setup with Pest
4m 2s
0%
03. Building the user teams relations
6m 5s
0%
04. Creating a personal team when registering
6m 3s
0%
05. Leaving all teams when an account is deleted
3m 55s
0%
06. Tracking the current team
4m 50s
0%
07. Showing team details in the UI
2m 55s
0%
08. Switching to another team
7m 24s
0%
09. Authorising team switching
6m 53s
0%
10. Updating a team name
10m 48s
0%
11. Basic roles and permissions setup
5m 26s
0%
12. Team roles and permissions middleware
9m 18s
0%
13. Authorising current team updates
3m 43s
0%
14. Testing team permissions through HTTP requests
3m 58s
0%
15. Leaving a team
10m 50s
0%
16. Displaying team members
8m 42s
0%
17. Making team members look better
5m 3s
0%
18. Removing a team member
15m 18s
0%
19. Preventing self removal from a team
4m 7s
0%
20. Storing invitations
13m 31s
0%
21. Validating invitations
6m 38s
0%
22. Authorising team invitation creation
6m 22s
0%
23. Displaying invitations
3m 16s
0%
24. Revoking invitations
12m 46s
0%
25. Sending an invitation email
13m 6s
0%
26. Accepting an invitation
12m 22s
0%
27. Displaying a modal to change a member’s role
10m 31s
0%
28. Updating a member’s role
9m 5s
0%
29. More authorisation and checks for role changing
10m 14s
0%
30. Fixing up the email sending test details
49s
0%
31. Fixing and validating email addresses for invites
1m 32s
0%
32. Tidying up @can directive checks
3m 25s
0%
33. Detaching roles when removing users
5m
0%
34. Adding an extra layer of protection to the team middleware
6m 35s
0%
35. Getting related models through teams
5m 37s
0%
36. Building a helper to access the current team
10m 47s
0%
37. Getting all related models through all teams
7m 15s
0%
38. Creating new teams
13m 7s
0%

Transcript

00:00
Okay so let's figure out where this form is going to go through to. We know it's probably going to be a patch request so let's go ahead and change the method here over to patch with method spoofing and let's go ahead and create this route out. So if we head over to our web routes
00:12
we've got our team controller, team member controller. Let's go ahead and build our route for this. So let's go ahead and choose to patch through to our team members. Still keeping this specific user in here because we know that we want to update a specific user and let's call this patch
00:28
or update doesn't really matter and let's say team members and update. Okay let's go ahead and pass this into our form so let's go ahead and create out a route for this. We know that that's going to require the team that we're currently working
00:44
with and the member that we're currently iterating through. Okay so over in our team member controller let's open this up and let's create out an update method in here. We'll bring in our request but of course
00:57
we're going to change that over to a form request and what do we need in here? Well we need the team that this applies to and we need the user in here which we have called, yeah we've kept the name of user so that's fine. Okay so again we're just going to die
01:11
dump in here just to make sure that this is all good. So let's go ahead and die dump on request and roll just to make sure that we're getting that through. Okay so let's go back to our team. Let's go and try and change Mabel's role from a member to an admin and hit
01:26
change role and there we go we get the name of the role. Again we could pass the id through here it doesn't really matter. The way that we look it up with the package means that we can just use the wrong name. Okay so why don't we go ahead and write a test for the best case
01:39
scenario first of all. So let's open up our team member controller test and let's say it updates a role. So once again we know that we need a user who is performing this and they will have their own team and they will be admin of their own team. So we can just
01:55
add another user to this team and go ahead and update their role and make sure that their role has been updated. So this should work really nicely. So we're going to say current team members and we're going to go ahead and attach a
02:06
member in here manually so we can actually get access to this member. So let's say user factory and we'll say create quietly just so they don't get their own team. We don't really need to do that but it makes a lot more sense. And let's go ahead and make sure that we
02:25
set this user as a team member as part of our current team. When we manually add things like this in a test and don't go through our controller we could of course send a request to our controller to add this user to this team and that would assign
02:39
them that team member role but because we're doing this manually inside of our test it's not going to work. So for example if we look at this and say member has role and team member it's going to come back false.
02:53
So let's just go ahead and run all of our tests here and yeah you can see we get a false. So how do we add this member in our tests to have a role within that team? Well again we use these set permissions team id to set the
03:06
current one in the scope of whatever action we're going to perform. So that will be my team or the user who's performing this team and then we can just take that member and assign them a role. So we could create a helper with this but I find it easier just to
03:20
write this out in the test so we can sort of see what we're doing. So now within the context of this current team that member has now been assigned and when we run our test again we should get true. Great so let's go ahead and specifically target this
03:33
team member controller test and yeah we're all good. So now that we know that that member is now a team member we can go ahead and act as this user who we know is an admin of this so this is the best case scenario and we can go ahead and patch through
03:49
and update them. So let's go to team members and update. Let's pass through the user's current team which is the one that we are currently in the context of and let's pass that member in to update their role.
04:02
So we need to pass some data down to this of course and that is going to be the role that we want to change them over to and let's switch them over to obviously the only other role that we have at the moment and that is the team admin. Let's assert that we're redirected back
04:15
and then we'll add some more assertions just down here in a moment. So obviously when we run this test we know that it's not going to work. Now that is still dying and dumping something so why is that? Ah yeah of course because we're doing
04:29
that directly within our controller so we know that we're getting through to our controller now. Let's go over to there and just get rid of that and we'll just do nothing for now. We know that this is going to fail so we're just going to start fitting this in.
04:40
Okay so we only want to update this user if we actually have a role passed in because we could use this controller to do other things as well. So you might have other pivot items you want to update as part of this team relationship. So the first thing we want to do is only update them here
04:57
if they actually have a role and we'll just go ahead and return back after we've done this. Okay so now let's actually go ahead and fill in some more details of our test. The reason being is that this test will actually pass because we do have a redirect in here so
05:13
it kind of looks like it just passes regardless which is not great. So let's go ahead and expect that the member has a role pretty straightforward of team admin and we'll expect that to be true and what else can we test here? So let's
05:32
say and member roles count to be one. Now the reason that is important is because we don't want to add a new role onto this user. We want to change their role. We don't want them to be a team member
05:48
and a team admin unless that's the kind of functionality that you're going for and you want to assign multiple roles. So let's go ahead and run this test again and of course it fails so let's just have a look. Yeah it's failed to say that false is true. We
06:02
kind of know that already. Well the first thing that we want to do is detach all the roles for this member. We want them to have no roles and then we want to assign them a fresh role. Again this is just the way that I am building it but you can change this up. So what I'm actually going to do here is
06:16
I'm going to use tap. Now what this will do is it will take in the member that we're looking for. So I'm actually again going to use that defensive strategy where we say well let's find that user within the members of the team. Basically what this means is
06:28
if we're trying to update a user that's not a part of this team it's not going to work because it won't find this user. So I always tend to look inside of relationships to help me out here and that just means that we add that little bit more security in terms of permissions.
06:44
Now we have a closure in here so let's bring in our request because we know that we're going to need to actually grab the role. Now that we've used tap basically what this is going to do is find this user. The closure is going to be run and then we're going to have this member in
06:57
scope of here so we can just go ahead and do whatever we want on that user and this will only be run if it can find that user. It just saves having to create another if statement. So let's say member and yeah we'll just call this member just so it makes it a little bit easier and a bit more
07:11
consistency. So let's say member roles and detach so we'll just get rid of all of their roles then we'll go ahead and assign that role that we have chosen in the request. Now we haven't validated this yet
07:26
really important we will go ahead and validate this and test it as well but for now we've detached the role so they should only have one role now and we've assigned the correct role let's go ahead and check if our test passed and yeah sure enough it does great. Okay so the other thing that we
07:41
really want to cover in our test is we only want to update the role if it's actually given that's basically just testing that if statement that we have inside of the controller. So let's go ahead and create our new test and I'm actually going to copy
07:55
pretty much all of this we can just shift this around just so we don't have to keep repeating ourselves typing. So this is going to be it only updates role if provided that's pretty important because we don't update it with a null role something that doesn't exist
08:12
so we're going to do exactly the same setup here add a user to this set the current role that they are so team member and then we just want to go ahead and patch in with nothing inside of here and we want to assert that we're redirected but we want the
08:27
roles to count to be one still but we still want them to be a team member so we can get rid of that if you wanted to but we'll test both of the scenarios that come within that if statement. Okay let's go ahead and just run our test here and yeah that's all good so we
08:40
know now that if we don't pass in a role obviously over in our controller this is protecting that now if we got rid of that then it's gonna fail great. Okay so I think we're just about done here with the base functionality in the best case
08:53
scenario of this what I'm going to do now is head over to the next episode so we can focus on checking that the user has permission of course that's really important and also some validation rules that go around that as well.

Episode summary

In this episode, we work through how to update a member's role in a team. We go step-by-step, starting by figuring out where our form should send its data—we decide on a PATCH request and set up the corresponding route in our application. With the route in place, we head into the Team Member Controller and add an update method to handle the request.

From there, we set up a test for the best case scenario: updating a member's role from "member" to "admin". We walk through attaching a new user to a team in our tests, making sure they have the right role context, and patching their role. We explain how to properly assign roles inside tests using helper methods, and confirm with assertions that roles are being updated as expected (and not stacking multiple roles unless intended).

We also cover important edge cases by testing that roles are only updated when a valid role is provided—preventing accidental null or bogus updates. We attach and detach roles with care, ensuring that if a role is changed, the old one is dropped so there's only ever one role at a time unless multiple roles are part of your app's needs.

Finally, we wrap up by confirming our tests all pass and hint at the next episode, where we'll focus on permission checks and adding validation rules for extra security. Basically, by the end of this episode, you'll know exactly how to update user roles properly in your teams feature and feel confident it's working as intended!

Episode discussion

No comments, yet. Be the first!