fix: add canCreate() policy checks for GedcomResource and DnaResource with Filament Shield/Spatie Permissions

Co-authored-by: delicatacurtis <247246500+delicatacurtis@users.noreply.github.com>

Author: Copilot

app/Filament/App/Resources/DnaResource.php

@@ -46,7 +46,12 @@ public static function shouldRegisterNavigation(): bool
 
     public static function canCreate(): bool
     {
-        return auth()->user()->canUploadDna();
+        $user = auth()->user();
+        if (!$user) {
+            return false;
+        }
+
+        return $user->can('create_dna') && $user->canUploadDna();
     }
 
     #[Override]

app/Filament/App/Resources/GedcomResource.php

@@ -47,6 +47,11 @@ class GedcomResource extends AppResource
 
     protected static string | \UnitEnum | null $navigationGroup = "🛠️ Data Management";
 
+    public static function canCreate(): bool
+    {
+        return auth()->user()?->can('create_gedcom') ?? false;
+    }
+
     public static function getPages(): array
     {
         return [

tests/Feature/Filament/Resources/GedcomResourceTest.php

@@ -9,6 +9,7 @@
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Queue;
+use Spatie\Permission\Models\Permission;
 use Tests\TestCase;
 
 class GedcomResourceTest extends TestCase
@@ -43,6 +44,29 @@ public function test_resource_has_pages_defined(): void
         $this->assertArrayHasKey('create', $pages);
     }
 
+    public function test_can_create_returns_true_for_user_with_permission(): void
+    {
+        Permission::findOrCreate('create_gedcom', 'web');
+        $this->user->givePermissionTo('create_gedcom');
+        Auth::login($this->user);
+
+        $this->assertTrue(GedcomResource::canCreate());
+    }
+
+    public function test_can_create_returns_false_for_user_without_permission(): void
+    {
+        Auth::login($this->user);
+
+        $this->assertFalse(GedcomResource::canCreate());
+    }
+
+    public function test_can_create_returns_false_when_unauthenticated(): void
+    {
+        Auth::logout();
+
+        $this->assertFalse(GedcomResource::canCreate());
+    }
+
     public function test_export_gedcom_dispatches_job_with_authenticated_user(): void
     {
         Auth::login($this->user);

tests/Filament/Resources/DnaResourceTest.php

@@ -4,7 +4,10 @@
 
 use App\Filament\App\Resources\DnaResource;
 use App\Models\Dna;
+use App\Models\User;
 use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Facades\Auth;
+use Spatie\Permission\Models\Permission;
 use Tests\TestCase;
 
 class DnaResourceTest extends TestCase
@@ -35,4 +38,39 @@ public function test_model_class_is_dna(): void
     {
         $this->assertEquals(\App\Models\Dna::class, DnaResource::getModel());
     }
+
+    public function test_can_create_returns_true_for_user_with_permission_and_upload_allowed(): void
+    {
+        Permission::findOrCreate('create_dna', 'web');
+        $user = User::factory()->create(['dna_uploads_count' => 0]);
+        $user->givePermissionTo('create_dna');
+        Auth::login($user);
+
+        $this->assertTrue(DnaResource::canCreate());
+    }
+
+    public function test_can_create_returns_false_for_user_without_permission(): void
+    {
+        $user = User::factory()->create(['dna_uploads_count' => 0]);
+        Auth::login($user);
+
+        $this->assertFalse(DnaResource::canCreate());
+    }
+
+    public function test_can_create_returns_false_when_upload_limit_reached(): void
+    {
+        Permission::findOrCreate('create_dna', 'web');
+        $user = User::factory()->create(['dna_uploads_count' => 1, 'is_premium' => false]);
+        $user->givePermissionTo('create_dna');
+        Auth::login($user);
+
+        $this->assertFalse(DnaResource::canCreate());
+    }
+
+    public function test_can_create_returns_false_when_unauthenticated(): void
+    {
+        Auth::logout();
+
+        $this->assertFalse(DnaResource::canCreate());
+    }
 }