Added the rest of the policy files

app/Http/Controllers/AdministrativeTestController.php

@@ -21,65 +21,21 @@ class AdministrativeTestController extends Controller
 
     /**
      *
-     * Common controller functions between moderators and administrators for handling tests and associated questions
+     * Common controller functions between moderators and administrators for handling tests
      *
      */
-    public function addTest(StoreTest $request)
-    {
-        $test = new Test();
-        $test->createTest($request->all());
-        return redirect("/admin/tests/$test->id");
-    }
-
-    public function confirmDeleteTest(Test $test)
-    {
-        return view('tests.delete', compact('test'));
-    }
-
-    public function confirmDeleteQuestion(Question $question)
-    {
-        return view('tests.question.delete', compact('question'));
-    }
-
-    public function deleteQuestion(Question $question)
-    {
-        $test = $question->test;
-        $question->deleteQuestion();
-        return redirect("/admin/tests/$test->id");
-    }
-
-    public function deleteTest(Test $test)
-    {
-        $test->deleteTest();
-        return redirect('/admin/tests');
-    }
-
-    public function editQuestion(Question $question)
-    {
-        $options = $question->options;
-        return view('tests.question.edit', compact('question'), compact('options'));
-    }
-
-    public function newQuestion(Test $test)
-    {
-        $question_number = $test->nextQuestionNumber();
-        return view('tests.question.new', compact('test'), compact('question_number'));
-    }
-
-    public function updateTest(Test $test, StoreTest $request)
-    {
-        $test->updateTest($request->all());
-        return redirect("/admin/tests/$test->id");
-    }
-
     public function showTest(Test $test)
     {
+        $this->authorize('view', $test);
+
         $questions = $test->questions;
         return view('tests.show', compact('test'), compact('questions'));
     }
 
     public function newTest()
     {
+        $this->authorize('create', Test::class);
+
         if (Auth::user()->isAdministrator()) {
             $groups = Group::all();
             return view('tests.new', compact('groups'));
@@ -87,17 +43,68 @@ class AdministrativeTestController extends Controller
         return view('tests.new');
     }
 
+    public function addTest(StoreTest $request)
+    {
+        $this->authorize('create', Test::class);
+
+        $test = new Test();
+        $test->createTest($request->all());
+        return redirect("/admin/tests/$test->id");
+    }
+
     public function editTest(Test $test)
     {
+        $this->authorize('update', $test);
+
         if (Auth::user()->isAdministrator()) {
             $groups = Group::all();
             return view('tests.edit', compact('test'), compact('groups'));
         }
         return view('tests.edit', compact('test'));
-    }   
+    }
+
+    public function updateTest(Test $test, StoreTest $request)
+    {
+        $this->authorize('update', $test);
+
+        $test->updateTest($request->all());
+        return redirect("/admin/tests/$test->id");
+    }
+
+    public function confirmDeleteTest(Test $test)
+    {
+        $this->authorize('delete', $test);
+
+        return view('tests.delete', compact('test'));
+    }
+
+    public function deleteTest(Test $test)
+    {
+        $this->authorize('delete', $test);
+
+        $test->deleteTest();
+        return redirect('/admin/tests');
+    }
+
+    /**
+     *
+     * Common controller functions between moderators and administrators for handling questions
+     *
+     */
+    public function newQuestion(Test $test)
+    {
+        $this->authorize('createQuestion', $test);
+        $this->authorize('create', Question::class);
+
+        $question_number = $test->nextQuestionNumber();
+        return view('tests.question.new', compact('test'), compact('question_number'));
+    }
 
     public function addQuestion(Test $test, StoreQuestion $request)
     {
+        $this->authorize('createQuestion', $test);
+        $this->authorize('create', Question::class);
+
         $question = new Question;
         $question->addQuestion($test, $request);
         foreach ($request["options"] as $optionData) {
@@ -107,8 +114,18 @@ class AdministrativeTestController extends Controller
         return redirect("/admin/tests/$test->id");
     }
 
+    public function editQuestion(Question $question)
+    {
+        $this->authorize('update', $question);
+
+        $options = $question->options;
+        return view('tests.question.edit', compact('question'), compact('options'));
+    }
+
     public function updateQuestion(Question $question, StoreQuestion $request)
     {
+        $this->authorize('update', $question);
+
         $test = $question->test;
         $question->updateQuestion($request);
         $options = $question->options;
@@ -118,4 +135,20 @@ class AdministrativeTestController extends Controller
         }
         return redirect("/admin/tests/$test->id");
     }
-}
+
+    public function confirmDeleteQuestion(Question $question)
+    {
+        $this->authorize('delete', $question);
+
+        return view('tests.question.delete', compact('question'));
+    }
+
+    public function deleteQuestion(Question $question)
+    {
+        $this->authorize('delete', $question);
+
+        $test = $question->test;
+        $question->deleteQuestion();
+        return redirect("/admin/tests/$test->id");
+    }
+}