laravel-elearning/app/Policies/TestPolicy.php

<?php

namespace App\Policies;

use App\User;
use App\Question;
use App\Test;
use Illuminate\Auth\Access\HandlesAuthorization;

class TestPolicy
{
    use HandlesAuthorization;

    /**
     * Determine whether the user can view the test.
     *
     * @param  \App\User  $user
     * @param  \App\Test  $test
     * @return mixed
     */
    public function view(User $user, Test $test)
    {
        if ($user->isAdministrator() || ($user->isModerator() AND ($user->group_id === $test->group_id || $test->group_id === 1))) {
            return true;
        }
        return false;
    }

    /**
     * Determine whether the user can create tests.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function create(User $user)
    {
        if ($user->isAdministrator() || $user->isModerator()) {
            return true;
        }
        return false;
    }

    /**
     * Determine whether the user can update the test.
     *
     * @param  \App\User  $user
     * @param  \App\Test  $test
     * @return mixed
     */
    public function update(User $user, Test $test)
    {
        if ($user->isAdministrator() || ($user->isModerator() AND $user->group_id === $test->group_id)) {
            return true;
        }
        return false;
    }

    /**
     * Determine whether the user can delete the test.
     *
     * @param  \App\User  $user
     * @param  \App\Test  $test
     * @return mixed
     */
    public function delete(User $user, Test $test)
    {
        if ($user->isAdministrator() || ($user->isModerator() AND $user->group_id === $test->group_id)) {
            return true;
        }
        return false;
    }

    public function createQuestion(User $user, Test $test)
    {
        if ($user->isAdministrator() || ($user->isModerator() AND $user->group_id === $test->group_id)) {
            return true;
        }
        return false;
    }
}