User authentication & authorized

authen_acl_recipes.md

Testcase

Authentication

1. Guest can access login form and see form
2. Guest cannot access forbidden area and redirect to login form
3. Customer user can login and see logout link

Authorized

1. Logged in user can access profile page
2. Customer role cannot access admin form
3. Admin role can access admin form

Routes

1. /auth/login
2. /auth/logout
3. /user/profile
4. /admin/user

Controllers

1. AuthenticationController
2. UserController
3. AdminController

Views

1. /auth/login.blade.php
2. /user/profile.blade.php
3. /admin/user.blade.php
4. /_layouts/html.blade.php
5. /_layouts/header.blade.php
6. /_layouts/footer.blade.php
7. /_layouts/breadcrumb.blade.php
8. /_layouts/menu.blade.php

Develop

Part 1

1. Create acceptance#1 test that we can see login form in /auth/login
2. Create AuthenticationController@login and define route to /auth/login
3. Create Views /auth/login.blade.php that contains login form
4. Make an acceptance#1 test pass
5. Create UserController@profile and define route to /user/profile
6. Create acceptance#2 test that guest cannot access and see link to login form
7. Make UserController@profile forbid from guest user
8. Redirect guest to login form on require authentication page
9. Make an acceptance#2 test pass

Part 2

1. Create migration that create user table
2. Create seed admin user

Part 3

1. Create acceptance#3 test that user can login and see logout link
2. Add logout link to Views /user/profile.blade.php
3. Make an acceptance#3 test pass
4. Create acceptance#4 test that user can access /user/profile page
5. Make an acceptance#4 test pass

Part 4

1. Create migration that create group table
2. Create seed customer user

Part 5

1. Create acceptance#5 test that user cannot access /admin/user page
2. Create Authentication middleware that prevent access by group
3. Make an acceptance#5 test pass
4. Create acceptance#6 test that admin can access /admin/user page
5. Make an acceptance#6 test pass