Add role middleware

app/Http/Controllers/ApprovedUserController.php

@@ -13,6 +13,7 @@ final class ApprovedUserController extends Controller
 
     public function __construct(UserRepository $userRepository)
     {
+        $this->middleware(['auth', 'approved']);
         $this->userRepository = $userRepository;
     }
 

app/Http/Controllers/Auth/LoginController.php

@@ -3,7 +3,6 @@
 namespace App\Http\Controllers\Auth;
 
 use App\Http\Controllers\Controller;
-use App\Providers\RouteServiceProvider;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
 
 class LoginController extends Controller
@@ -26,7 +25,7 @@ class LoginController extends Controller
      *
      * @var string
      */
-    protected $redirectTo = RouteServiceProvider::HOME;
+    protected $redirectTo = '/approved';
 
     /**
      * Create a new controller instance.

app/Http/Controllers/HomeController.php

@@ -10,7 +10,7 @@ final class HomeController extends Controller
 {
     public function __construct()
     {
-        $this->middleware('auth');
+        $this->middleware(['auth', 'approved']);
     }
 
     public function index(): View

app/Http/Controllers/UnapprovedUserController.php

@@ -13,6 +13,7 @@ final class UnapprovedUserController extends Controller
 
     public function __construct(UserRepository $userRepository)
     {
+        $this->middleware(['auth']);
         $this->userRepository = $userRepository;
     }
 

app/Http/Kernel.php

@@ -2,7 +2,29 @@
 
 namespace App\Http;
 
+use App\Http\Middleware\Authenticate;
+use App\Http\Middleware\CheckForMaintenanceMode;
+use App\Http\Middleware\EncryptCookies;
+use App\Http\Middleware\GuardApproved;
+use App\Http\Middleware\RedirectIfAuthenticated;
+use App\Http\Middleware\TrimStrings;
+use App\Http\Middleware\TrustProxies;
+use App\Http\Middleware\VerifyCsrfToken;
+use Fruitcake\Cors\HandleCors;
+use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
+use Illuminate\Auth\Middleware\Authorize;
+use Illuminate\Auth\Middleware\EnsureEmailIsVerified;
+use Illuminate\Auth\Middleware\RequirePassword;
+use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
 use Illuminate\Foundation\Http\Kernel as HttpKernel;
+use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
+use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
+use Illuminate\Http\Middleware\SetCacheHeaders;
+use Illuminate\Routing\Middleware\SubstituteBindings;
+use Illuminate\Routing\Middleware\ThrottleRequests;
+use Illuminate\Routing\Middleware\ValidateSignature;
+use Illuminate\Session\Middleware\StartSession;
+use Illuminate\View\Middleware\ShareErrorsFromSession;
 
 class Kernel extends HttpKernel
 {
@@ -15,12 +37,12 @@ class Kernel extends HttpKernel
      */
     protected $middleware = [
         // \App\Http\Middleware\TrustHosts::class,
-        \App\Http\Middleware\TrustProxies::class,
-        \Fruitcake\Cors\HandleCors::class,
-        \App\Http\Middleware\CheckForMaintenanceMode::class,
-        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
-        \App\Http\Middleware\TrimStrings::class,
-        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
+        TrustProxies::class,
+        HandleCors::class,
+        CheckForMaintenanceMode::class,
+        ValidatePostSize::class,
+        TrimStrings::class,
+        ConvertEmptyStringsToNull::class,
     ];
 
     /**
@@ -30,18 +52,18 @@ class Kernel extends HttpKernel
      */
     protected $middlewareGroups = [
         'web' => [
-            \App\Http\Middleware\EncryptCookies::class,
-            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
-            \Illuminate\Session\Middleware\StartSession::class,
+            EncryptCookies::class,
+            AddQueuedCookiesToResponse::class,
+            StartSession::class,
             // \Illuminate\Session\Middleware\AuthenticateSession::class,
-            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-            \App\Http\Middleware\VerifyCsrfToken::class,
-            \Illuminate\Routing\Middleware\SubstituteBindings::class,
+            ShareErrorsFromSession::class,
+            VerifyCsrfToken::class,
+            SubstituteBindings::class,
         ],
 
         'api' => [
             'throttle:60,1',
-            \Illuminate\Routing\Middleware\SubstituteBindings::class,
+            SubstituteBindings::class,
         ],
     ];
 
@@ -53,15 +75,16 @@ class Kernel extends HttpKernel
      * @var array
      */
     protected $routeMiddleware = [
-        'auth' => \App\Http\Middleware\Authenticate::class,
-        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
-        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
-        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
-        'can' => \Illuminate\Auth\Middleware\Authorize::class,
-        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
-        'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
-        'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
-        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
-        'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
+        'auth' => Authenticate::class,
+        'auth.basic' => AuthenticateWithBasicAuth::class,
+        'bindings' => SubstituteBindings::class,
+        'cache.headers' => SetCacheHeaders::class,
+        'can' => Authorize::class,
+        'guest' => RedirectIfAuthenticated::class,
+        'password.confirm' => RequirePassword::class,
+        'signed' => ValidateSignature::class,
+        'throttle' => ThrottleRequests::class,
+        'verified' => EnsureEmailIsVerified::class,
+        'approved' => GuardApproved::class,
     ];
 }

app/Http/Middleware/GuardApproved.php

@@ -0,0 +1,18 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+
+class GuardApproved
+{
+    public function handle(Request $request, Closure $next)
+    {
+        if (! auth()->user()->approved_at) {
+            return redirect()->route('unapproved');
+        }
+
+        return $next($request);
+    }
+}

tests/Feature/ApprovedUsersTest.php

@@ -12,9 +12,12 @@
 final class ApprovedUsersTest extends TestCase
 {
     use RefreshDatabase;
+    use WithLoggedInUser;
 
     public function testICanOnlySeeUnApprovedUsers(): void
     {
+        $this->createLoggedInUser();
+
         factory(User::class)->create([
             'name' => 'Taylor Swift',
             'approved_at' => Carbon::now(),
@@ -31,4 +34,30 @@ public function testICanOnlySeeUnApprovedUsers(): void
         $response->assertDontSeeText('Lorde');
         $response->assertSeeText('Taylor Swift');
     }
+
+    public function testICanNotGetToTheApprovedPageAsAnUnapprovedUser():void
+    {
+        $this->createUnApprovedLoggedInUser();
+
+        factory(User::class)->create([
+            'name' => 'Taylor Swift',
+            'approved_at' => Carbon::now(),
+        ]);
+
+        $response = $this->get('/approved');
+        $response->assertStatus(302);
+        $response->assertRedirect('/unapproved');
+    }
+
+    public function testICanNotGetToTheApprovedPageAsAGuest():void
+    {
+        factory(User::class)->create([
+            'name' => 'Taylor Swift',
+            'approved_at' => Carbon::now(),
+        ]);
+
+        $response = $this->get('/approved');
+        $response->assertStatus(302);
+        $response->assertRedirect('/login');
+    }
 }

tests/Feature/UnapprovedUsersTest.php

@@ -12,9 +12,12 @@
 final class UnapprovedUsersTest extends TestCase
 {
     use RefreshDatabase;
+    use WithLoggedInUser;
 
-    public function testICanOnlySeeUnApprovedUsers() : void
+    public function testICanOnlySeeUnApprovedUsers(): void
     {
+        $this->createLoggedInUser();
+
         factory(User::class)->create([
             'name' => 'Taylor Swift',
             'approved_at' => Carbon::now(),
@@ -24,11 +27,22 @@ public function testICanOnlySeeUnApprovedUsers() : void
             'name' => 'Lorde',
             'approved_at' => null,
         ]);
-
         $response = $this->get('/unapproved');
 
         $response->assertStatus(200);
         $response->assertDontSeeText('Taylor Swift');
         $response->assertSeeText('Lorde');
     }
+
+    public function testICanNotGetToTheUnApprovedPageAsAGuest():void
+    {
+        factory(User::class)->create([
+            'name' => 'Taylor Swift',
+            'approved_at' => Carbon::now(),
+        ]);
+
+        $response = $this->get('/unapproved');
+        $response->assertStatus(302);
+        $response->assertRedirect('/login');
+    }
 }

tests/Feature/WithLoggedInUser.php

@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tests\Feature;
+
+use App\Models\User;
+use Carbon\Carbon;
+use Illuminate\Support\Facades\Auth;
+
+trait WithLoggedInUser
+{
+    protected function createLoggedInUser()
+    {
+        $user = factory(User::class)->create([
+            'name' => 'Ariana Grande',
+            'approved_at' => Carbon::now(),
+        ]);
+
+        Auth::login($user);
+
+        return $user;
+    }
+
+    protected function createUnApprovedLoggedInUser()
+    {
+        $user = factory(User::class)->create([
+            'name' => 'Katy Perry',
+            'approved_at' => null,
+        ]);
+
+        Auth::login($user);
+
+        return $user;
+    }
+}