Resolves laravel-portugal#30 - An authenticated user can delete a question (laravel-portugal#50)

tiagof · web-flow · commit b3eaae8075b4 · 2020-10-28T11:11:08.000Z
* Update CHANGELOG.md

* added delete question

* Change parameter order to align with project style
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,7 @@ All notable changes to `laravel-portugal/api` will be documented in this file
 
 ### Added
 
+- An authenticated user can delete a question (#30)
 - A guest or an authenticated user can see details of a question (#48)
 
 ### Changed
diff --git a/domains/Discussions/Controllers/AnswersStoreController.php b/domains/Discussions/Controllers/AnswersStoreController.php
@@ -19,7 +19,7 @@ public function __construct(Answer $answer, Question $question)
         $this->question = $question;
     }
 
-    public function __invoke(int $questionId, Request $request): Response
+    public function __invoke(Request $request, int $questionId): Response
     {
         $this->validate($request, [
             'content' => ['required', 'string'],
diff --git a/domains/Discussions/Controllers/QuestionsDeleteController.php b/domains/Discussions/Controllers/QuestionsDeleteController.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace Domains\Discussions\Controllers;
+
+use App\Http\Controllers\Controller;
+use Domains\Discussions\Models\Question;
+use Illuminate\Http\Request;
+use Illuminate\Http\Response;
+
+class QuestionsDeleteController extends Controller
+{
+    private Question $questions;
+
+    public function __construct(Question $questions)
+    {
+        $this->questions = $questions;
+    }
+
+    public function __invoke(Request $request, int $questionId): Response
+    {
+        $question = $this->questions->findOrFail($questionId);
+
+        $this->authorize('delete', $question);
+
+        $question->delete();
+
+        return new Response('', Response::HTTP_NO_CONTENT);
+    }
+}
diff --git a/domains/Discussions/Controllers/QuestionsUpdateController.php b/domains/Discussions/Controllers/QuestionsUpdateController.php
@@ -16,7 +16,7 @@ public function __construct(Question $questions)
         $this->questions = $questions;
     }
 
-    public function __invoke(int $questionId, Request $request): Response
+    public function __invoke(Request $request, int $questionId): Response
     {
         $question = $this->questions->findOrFail($questionId);
 
diff --git a/domains/Discussions/Database/Migrations/2020_10_12_104113_create_questions_table.php b/domains/Discussions/Database/Migrations/2020_10_12_104113_create_questions_table.php
@@ -11,7 +11,7 @@ public function up(): void
     {
         Schema::create('questions', function (Blueprint $table) {
             $table->id();
-            $table->foreignIdFor(User::class, 'author_id');
+            $table->foreignIdFor(User::class, 'author_id')->constrained();
             $table->string('title')->index();
             $table->string('slug');
             $table->text('description');
diff --git a/domains/Discussions/Policies/QuestionPolicy.php b/domains/Discussions/Policies/QuestionPolicy.php
@@ -2,6 +2,7 @@
 
 namespace Domains\Discussions\Policies;
 
+use Domains\Accounts\Enums\AccountTypeEnum;
 use Domains\Accounts\Models\User;
 use Domains\Discussions\Models\Question;
 use Illuminate\Auth\Access\HandlesAuthorization;
@@ -10,8 +11,13 @@ class QuestionPolicy
 {
     use HandlesAuthorization;
 
-    public function update(User $user, Question $question)
+    public function update(User $user, Question $question): bool
     {
         return $question->author->is($user);
     }
+
+    public function delete(User $user, Question $question): bool
+    {
+        return $question->author->is($user) || $user->hasRole(AccountTypeEnum::ADMIN);
+    }
 }
diff --git a/domains/Discussions/Tests/Feature/QuestionsDeleteTest.php b/domains/Discussions/Tests/Feature/QuestionsDeleteTest.php
@@ -0,0 +1,79 @@
+<?php
+
+namespace Domains\Discussions\Tests\Feature;
+
+use Domains\Accounts\Database\Factories\UserFactory;
+use Domains\Accounts\Enums\AccountTypeEnum;
+use Domains\Accounts\Models\User;
+use Domains\Discussions\Database\Factories\QuestionFactory;
+use Domains\Discussions\Models\Question;
+use Faker\Factory;
+use Faker\Generator;
+use Illuminate\Http\Response;
+use Illuminate\Support\Carbon;
+use Laravel\Lumen\Testing\DatabaseMigrations;
+use Tests\TestCase;
+
+class QuestionsDeleteTest extends TestCase
+{
+    use DatabaseMigrations;
+
+    private Generator $faker;
+    private User $user;
+    private Question $question;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->faker = Factory::create();
+        $this->user = UserFactory::new()->create();
+        $this->question = QuestionFactory::new(['author_id' => $this->user->id])->create();
+
+        Carbon::setTestNow();
+    }
+
+    /** @test */
+    public function it_soft_deletes_a_question_i_own(): void
+    {
+        $response = $this->actingAs($this->user)
+            ->delete(route('discussions.questions.delete', ['questionId' => $this->question->id]));
+
+        $this->assertResponseStatus(Response::HTTP_NO_CONTENT);
+        self::assertTrue($response->response->isEmpty());
+        $this->seeInDatabase('questions', [
+            'id' => $this->question->id,
+            'updated_at' => Carbon::now(),
+            'deleted_at' => Carbon::now(),
+        ]);
+    }
+
+    /** @test */
+    public function it_allows_admin_to_soft_delete_another_users_question(): void
+    {
+        $response = $this->actingAs(UserFactory::new()->withRole(AccountTypeEnum::ADMIN)->make())
+            ->delete(route('discussions.questions.update', ['questionId' => $this->question->id]));
+
+        $this->assertResponseStatus(Response::HTTP_NO_CONTENT);
+        self::assertTrue($response->response->isEmpty());
+        $this->seeInDatabase('questions', [
+            'id' => $this->question->id,
+            'updated_at' => Carbon::now(),
+            'deleted_at' => Carbon::now(),
+        ]);
+    }
+
+    /** @test */
+    public function it_forbids_a_non_admin_to_soft_delete_a_question_he_doesnt_own(): void
+    {
+        $this->actingAs(UserFactory::new()->make())
+            ->delete(route('discussions.questions.update', ['questionId' => $this->question->id]));
+
+        $this->assertResponseStatus(Response::HTTP_FORBIDDEN);
+        $this->seeInDatabase('questions', [
+            'id' => $this->question->id,
+            'updated_at' => $this->question->updated_at,
+            'deleted_at' => null,
+        ]);
+    }
+}
diff --git a/domains/Discussions/Tests/Feature/QuestionsUpdateTest.php b/domains/Discussions/Tests/Feature/QuestionsUpdateTest.php
@@ -49,9 +49,7 @@ public function it_updates_questions(): void
             );
 
         $this->assertResponseStatus(Response::HTTP_NO_CONTENT);
-
         self::assertTrue($response->isEmpty());
-
         $this->seeInDatabase('questions', [
             'id' => $this->question->id,
             'author_id' => $this->user->id,
diff --git a/domains/Discussions/routes.php b/domains/Discussions/routes.php
@@ -1,6 +1,7 @@
 <?php
 
 use Domains\Discussions\Controllers\AnswersStoreController;
+use Domains\Discussions\Controllers\QuestionsDeleteController;
 use Domains\Discussions\Controllers\QuestionsStoreController;
 use Domains\Discussions\Controllers\QuestionsUpdateController;
 use Domains\Discussions\Controllers\QuestionsViewController;
@@ -17,6 +18,11 @@
         'uses' => QuestionsUpdateController::class,
     ]);
 
+    Route::delete('/questions/{questionId}', [
+        'as' => 'questions.delete',
+        'uses' => QuestionsDeleteController::class
+    ]);
+
     Route::post('/questions/{questionId}/answers', [
         'as' => 'questions.answers',
         'uses' => AnswersStoreController::class

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ public function __construct(Answer $answer, Question $question)`
`19`	`19`	`$this->question = $question;`
`20`	`20`	`}`
`21`	`21`
`22`		`- public function __invoke(int $questionId, Request $request): Response`
	`22`	`+ public function __invoke(Request $request, int $questionId): Response`
`23`	`23`	`{`
`24`	`24`	`$this->validate($request, [`
`25`	`25`	`'content' => ['required', 'string'],`
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@ public function __construct(Question $questions)`
`16`	`16`	`$this->questions = $questions;`
`17`	`17`	`}`
`18`	`18`
`19`		`- public function __invoke(int $questionId, Request $request): Response`
	`19`	`+ public function __invoke(Request $request, int $questionId): Response`
`20`	`20`	`{`
`21`	`21`	`$question = $this->questions->findOrFail($questionId);`
`22`	`22`
Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ public function up(): void`
`11`	`11`	`{`
`12`	`12`	`Schema::create('questions', function (Blueprint $table) {`
`13`	`13`	`$table->id();`
`14`		`- $table->foreignIdFor(User::class, 'author_id');`
	`14`	`+ $table->foreignIdFor(User::class, 'author_id')->constrained();`
`15`	`15`	`$table->string('title')->index();`
`16`	`16`	`$table->string('slug');`
`17`	`17`	`$table->text('description');`
Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@`
`2`	`2`
`3`	`3`	`namespace Domains\Discussions\Policies;`
`4`	`4`
	`5`	`+use Domains\Accounts\Enums\AccountTypeEnum;`
`5`	`6`	`use Domains\Accounts\Models\User;`
`6`	`7`	`use Domains\Discussions\Models\Question;`
`7`	`8`	`use Illuminate\Auth\Access\HandlesAuthorization;`
`@@ -10,8 +11,13 @@ class QuestionPolicy`
`10`	`11`	`{`
`11`	`12`	`use HandlesAuthorization;`
`12`	`13`
`13`		`- public function update(User $user, Question $question)`
	`14`	`+ public function update(User $user, Question $question): bool`
`14`	`15`	`{`
`15`	`16`	`return $question->author->is($user);`
`16`	`17`	`}`
	`18`	`+`
	`19`	`+ public function delete(User $user, Question $question): bool`
	`20`	`+ {`
	`21`	`+ return $question->author->is($user) \|\| $user->hasRole(AccountTypeEnum::ADMIN);`
	`22`	`+ }`
`17`	`23`	`}`