Merge branch 'user-module'

2026-05-11 14:24:29 +08:00
parent 8f15610aab e404aee576
commit 7351398114
23 changed files with 814 additions and 0 deletions
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@@ -0,0 +1,10 @@
+{
+  "permissions": {
+    "allow": [
+      "mcp__laravel-boost__database-schema",
+      "Bash(php artisan *)",
+      "Bash(vendor/bin/pint --dirty --format agent)",
+      "mcp__laravel-boost__search-docs"
+    ]
+  }
+}
--- a/app/Http/Controllers/RoleController.php
+++ b/app/Http/Controllers/RoleController.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Http\Requests\StoreRoleRequest;
+use App\Models\Role;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\View\View;
+
+class RoleController extends Controller
+{
+    public function index(Request $request)
+    {
+        $roles = Role::orderBy('name')->paginate(10);
+
+        if ($request->ajax()) {
+            return view('roles._table', compact('roles'));
+        }
+
+        return view('roles.index', compact('roles'));
+    }
+
+    public function create(): View
+    {
+        return view('roles.create');
+    }
+
+    public function store(StoreRoleRequest $request): RedirectResponse
+    {
+        Role::create($request->validated());
+
+        return redirect()->route('roles.index')
+            ->with('status', 'role-created');
+    }
+}
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Http\Requests\UpdateUserRolesRequest;
+use App\Models\Role;
+use App\Models\User;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\View\View;
+
+class UserController extends Controller
+{
+    public function index(Request $request)
+    {
+        $users = User::orderBy('name')->paginate(10);
+
+        if ($request->ajax()) {
+            return view('users._table', compact('users'));
+        }
+
+        return view('users.index', compact('users'));
+    }
+
+    public function edit(User $user): View
+    {
+        $roles = Role::orderBy('name')->get();
+
+        return view('users.edit', compact('user', 'roles'));
+    }
+
+    public function update(UpdateUserRolesRequest $request, User $user): RedirectResponse
+    {
+        $user->roles()->sync($request->validated()['roles'] ?? []);
+
+        return redirect()->route('users.index')
+            ->with('status', 'user-updated');
+    }
+}
--- a/app/Http/Requests/StoreRoleRequest.php
+++ b/app/Http/Requests/StoreRoleRequest.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Http\Requests;
+
+use Illuminate\Contracts\Validation\ValidationRule;
+use Illuminate\Foundation\Http\FormRequest;
+
+class StoreRoleRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     */
+    public function authorize(): bool
+    {
+        return true;
+    }
+
+    /**
+     * @return array<string, ValidationRule|array<mixed>|string>
+     */
+    public function rules(): array
+    {
+        return [
+            'name' => ['required', 'string', 'max:255', 'unique:roles,name'],
+            'description' => ['nullable', 'string', 'max:500'],
+        ];
+    }
+}
--- a/app/Http/Requests/UpdateUserRolesRequest.php
+++ b/app/Http/Requests/UpdateUserRolesRequest.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Http\Requests;
+
+use Illuminate\Contracts\Validation\ValidationRule;
+use Illuminate\Foundation\Http\FormRequest;
+
+class UpdateUserRolesRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     */
+    public function authorize(): bool
+    {
+        return true;
+    }
+
+    /**
+     * @return array<string, ValidationRule|array<mixed>|string>
+     */
+    public function rules(): array
+    {
+        return [
+            'roles' => ['nullable', 'array'],
+            'roles.*' => ['integer', 'exists:roles,id'],
+        ];
+    }
+}
--- a/app/Models/Role.php
+++ b/app/Models/Role.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace App\Models;
+
+use Database\Factories\RoleFactory;
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\Relations\BelongsToMany;
+
+class Role extends Model
+{
+    /** @use HasFactory<RoleFactory> */
+    use HasFactory;
+
+    protected $fillable = ['name', 'description'];
+
+    public function users(): BelongsToMany
+    {
+        return $this->belongsToMany(User::class);
+    }
+}
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -7,6 +7,7 @@ use Database\Factories\UserFactory;
 use Illuminate\Database\Eloquent\Attributes\Fillable;
 use Illuminate\Database\Eloquent\Attributes\Hidden;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Relations\BelongsToMany;
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;

@@ -29,4 +30,9 @@ class User extends Authenticatable
            'password' => 'hashed',
        ];
    }
+
+    public function roles(): BelongsToMany
+    {
+        return $this->belongsToMany(Role::class);
+    }
 }
--- a/database/factories/RoleFactory.php
+++ b/database/factories/RoleFactory.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace Database\Factories;
+
+use App\Models\Role;
+use Illuminate\Database\Eloquent\Factories\Factory;
+
+/**
+ * @extends Factory<Role>
+ */
+class RoleFactory extends Factory
+{
+    /**
+     * Define the model's default state.
+     *
+     * @return array<string, mixed>
+     */
+    public function definition(): array
+    {
+        return [
+            'name' => fake()->unique()->word(),
+            'description' => fake()->sentence(),
+        ];
+    }
+}
--- a/database/migrations/2026_05_11_042341_create_roles_table.php
+++ b/database/migrations/2026_05_11_042341_create_roles_table.php
@@ -0,0 +1,29 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::create('roles', function (Blueprint $table) {
+            $table->id();
+            $table->string('name')->unique();
+            $table->string('description')->nullable();
+            $table->timestamps();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::dropIfExists('roles');
+    }
+};
--- a/database/migrations/2026_05_11_044620_create_role_user_table.php
+++ b/database/migrations/2026_05_11_044620_create_role_user_table.php
@@ -0,0 +1,28 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::create('role_user', function (Blueprint $table) {
+            $table->foreignId('user_id')->constrained()->cascadeOnDelete();
+            $table->foreignId('role_id')->constrained()->cascadeOnDelete();
+            $table->primary(['user_id', 'role_id']);
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::dropIfExists('role_user');
+    }
+};
--- a/database/seeders/RoleSeeder.php
+++ b/database/seeders/RoleSeeder.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace Database\Seeders;
+
+use App\Models\Role;
+use Illuminate\Database\Seeder;
+
+class RoleSeeder extends Seeder
+{
+    public function run(): void
+    {
+        $roles = [
+            ['name' => 'Admin', 'description' => 'Full access to all resources'],
+            ['name' => 'Editor', 'description' => 'Can create and edit content'],
+            ['name' => 'Viewer', 'description' => 'Read-only access'],
+        ];
+
+        foreach ($roles as $role) {
+            Role::firstOrCreate(['name' => $role['name']], $role);
+        }
+    }
+}
--- a/resources/views/layouts/navigation.blade.php
+++ b/resources/views/layouts/navigation.blade.php
@@ -15,6 +15,12 @@
                    <x-nav-link :href="route('dashboard')" :active="request()->routeIs('dashboard')">
                        {{ __('Dashboard') }}
                    </x-nav-link>
+                    <x-nav-link :href="route('users.index')" :active="request()->routeIs('users.*')">
+                        {{ __('Users') }}
+                    </x-nav-link>
+                    <x-nav-link :href="route('roles.index')" :active="request()->routeIs('roles.*')">
+                        {{ __('Roles') }}
+                    </x-nav-link>
                </div>
            </div>

@@ -70,6 +76,12 @@
            <x-responsive-nav-link :href="route('dashboard')" :active="request()->routeIs('dashboard')">
                {{ __('Dashboard') }}
            </x-responsive-nav-link>
+            <x-responsive-nav-link :href="route('users.index')" :active="request()->routeIs('users.*')">
+                {{ __('Users') }}
+            </x-responsive-nav-link>
+            <x-responsive-nav-link :href="route('roles.index')" :active="request()->routeIs('roles.*')">
+                {{ __('Roles') }}
+            </x-responsive-nav-link>
        </div>

        <!-- Responsive Settings Options -->
--- a/resources/views/roles/_table.blade.php
+++ b/resources/views/roles/_table.blade.php
@@ -0,0 +1,34 @@
+<table class="w-full text-sm text-left text-gray-900 dark:text-gray-100">
+    <thead class="text-xs text-gray-700 dark:text-gray-400 uppercase bg-gray-50 dark:bg-gray-700">
+        <tr>
+            <th class="px-6 py-3">#</th>
+            <th class="px-6 py-3">{{ __('Name') }}</th>
+            <th class="px-6 py-3">{{ __('Description') }}</th>
+            <th class="px-6 py-3">{{ __('Created') }}</th>
+        </tr>
+    </thead>
+    <tbody>
+        @foreach ($roles as $role)
+            <tr class="{{ $loop->even ? 'bg-gray-50 dark:bg-gray-700' : 'bg-white dark:bg-gray-800' }} border-b border-gray-200 dark:border-gray-600">
+                <td class="px-6 py-4">{{ $roles->firstItem() + $loop->index }}</td>
+                <td class="px-6 py-4 font-medium">{{ $role->name }}</td>
+                <td class="px-6 py-4">{{ $role->description ?? '—' }}</td>
+                <td class="px-6 py-4">{{ $role->created_at->format('d M Y') }}</td>
+            </tr>
+        @endforeach
+
+        @if ($roles->isEmpty())
+            <tr>
+                <td colspan="4" class="px-6 py-4 text-center text-gray-500 dark:text-gray-400">
+                    {{ __('No roles found.') }}
+                </td>
+            </tr>
+        @endif
+    </tbody>
+</table>
+
+@if ($roles->hasPages())
+    <div class="mt-4">
+        {{ $roles->links() }}
+    </div>
+@endif
--- a/resources/views/roles/create.blade.php
+++ b/resources/views/roles/create.blade.php
@@ -0,0 +1,56 @@
+<x-app-layout>
+    <x-slot name="header">
+        <h2 class="font-semibold text-xl text-gray-800 dark:text-gray-200 leading-tight">
+            {{ __('New Role') }}
+        </h2>
+    </x-slot>
+
+    <div class="py-12">
+        <div class="max-w-7xl mx-auto sm:px-6 lg:px-8">
+            <div class="p-4 sm:p-8 bg-white dark:bg-gray-800 shadow sm:rounded-lg">
+                <div class="max-w-xl">
+                    <section>
+                        <header>
+                            <h2 class="text-lg font-medium text-gray-900 dark:text-gray-100">
+                                {{ __('Role Details') }}
+                            </h2>
+
+                            <p class="mt-1 text-sm text-gray-600 dark:text-gray-400">
+                                {{ __('Create a new role to assign to users in the system.') }}
+                            </p>
+                        </header>
+
+                        <form method="post" action="{{ route('roles.store') }}" class="mt-6 space-y-6">
+                            @csrf
+
+                            <div>
+                                <x-input-label for="name" :value="__('Name')" />
+                                <x-text-input id="name" name="name" type="text" class="mt-1 block w-full" :value="old('name')" required autofocus autocomplete="off" />
+                                <x-input-error class="mt-2" :messages="$errors->get('name')" />
+                            </div>
+
+                            <div>
+                                <x-input-label for="description" :value="__('Description')" />
+                                <textarea
+                                    id="description"
+                                    name="description"
+                                    rows="3"
+                                    class="mt-1 block w-full border-gray-300 dark:border-gray-700 dark:bg-gray-900 dark:text-gray-300 focus:border-indigo-500 dark:focus:border-indigo-600 focus:ring-indigo-500 dark:focus:ring-indigo-600 rounded-md shadow-sm"
+                                >{{ old('description') }}</textarea>
+                                <x-input-error class="mt-2" :messages="$errors->get('description')" />
+                            </div>
+
+                            <div class="flex items-center gap-4">
+                                <x-primary-button>{{ __('Create Role') }}</x-primary-button>
+
+                                <a href="{{ route('roles.index') }}" class="text-sm text-gray-600 dark:text-gray-400 hover:text-gray-900 dark:hover:text-gray-100 underline">
+                                    {{ __('Cancel') }}
+                                </a>
+                            </div>
+                        </form>
+                    </section>
+                </div>
+            </div>
+        </div>
+    </div>
+</x-app-layout>
--- a/resources/views/roles/index.blade.php
+++ b/resources/views/roles/index.blade.php
@@ -0,0 +1,59 @@
+<x-app-layout>
+    <x-slot name="header">
+        <div class="flex items-center justify-between">
+            <h2 class="font-semibold text-xl text-gray-800 dark:text-gray-200 leading-tight">
+                {{ __('Roles') }}
+            </h2>
+            <a href="{{ route('roles.create') }}">
+                <x-primary-button>{{ __('New Role') }}</x-primary-button>
+            </a>
+        </div>
+    </x-slot>
+
+    <div class="py-12">
+        <div class="max-w-7xl mx-auto sm:px-6 lg:px-8">
+            @if (session('status') === 'role-created')
+                <div
+                    x-data="{ show: true }"
+                    x-show="show"
+                    x-transition
+                    x-init="setTimeout(() => show = false, 3000)"
+                    class="mb-4 p-4 bg-green-100 dark:bg-green-900 text-green-800 dark:text-green-200 text-sm rounded-lg"
+                >
+                    {{ __('Role created successfully.') }}
+                </div>
+            @endif
+
+            <div class="bg-white dark:bg-gray-800 overflow-hidden shadow-sm sm:rounded-lg">
+                <div
+                    class="p-6"
+                    x-data="{
+                        loading: false,
+                        async paginate(url) {
+                            this.loading = true;
+                            const response = await fetch(url, {
+                                headers: { 'X-Requested-With': 'XMLHttpRequest' }
+                            });
+                            this.$refs.tableContainer.innerHTML = await response.text();
+                            this.loading = false;
+                        }
+                    }"
+                    @click.prevent="
+                        const link = $event.target.closest('a[href]');
+                        if (link && $refs.tableContainer.contains(link)) {
+                            paginate(link.href);
+                        }
+                    "
+                >
+                    <div x-show="loading" class="text-center py-4 text-gray-500 dark:text-gray-400">
+                        {{ __('Loading...') }}
+                    </div>
+
+                    <div x-ref="tableContainer" x-show="!loading">
+                        @include('roles._table')
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</x-app-layout>
--- a/resources/views/users/_table.blade.php
+++ b/resources/views/users/_table.blade.php
@@ -0,0 +1,40 @@
+<table class="w-full text-sm text-left text-gray-900 dark:text-gray-100">
+    <thead class="text-xs text-gray-700 dark:text-gray-400 uppercase bg-gray-50 dark:bg-gray-700">
+        <tr>
+            <th class="px-6 py-3">#</th>
+            <th class="px-6 py-3">{{ __('Name') }}</th>
+            <th class="px-6 py-3">{{ __('Email') }}</th>
+            <th class="px-6 py-3">{{ __('Joined') }}</th>
+            <th class="px-6 py-3"></th>
+        </tr>
+    </thead>
+    <tbody>
+        @foreach ($users as $user)
+            <tr class="{{ $loop->even ? 'bg-gray-50 dark:bg-gray-700' : 'bg-white dark:bg-gray-800' }} border-b border-gray-200 dark:border-gray-600">
+                <td class="px-6 py-4">{{ $users->firstItem() + $loop->index }}</td>
+                <td class="px-6 py-4 font-medium">{{ $user->name }}</td>
+                <td class="px-6 py-4">{{ $user->email }}</td>
+                <td class="px-6 py-4">{{ $user->created_at->format('d M Y') }}</td>
+                <td class="px-6 py-4 text-right">
+                    <a href="{{ route('users.edit', $user) }}" class="text-indigo-600 dark:text-indigo-400 hover:underline text-sm font-medium">
+                        {{ __('Edit') }}
+                    </a>
+                </td>
+            </tr>
+        @endforeach
+
+        @if ($users->isEmpty())
+            <tr>
+                <td colspan="5" class="px-6 py-4 text-center text-gray-500 dark:text-gray-400">
+                    {{ __('No users found.') }}
+                </td>
+            </tr>
+        @endif
+    </tbody>
+</table>
+
+@if ($users->hasPages())
+    <div class="mt-4">
+        {{ $users->links() }}
+    </div>
+@endif
--- a/resources/views/users/edit.blade.php
+++ b/resources/views/users/edit.blade.php
@@ -0,0 +1,65 @@
+<x-app-layout>
+    <x-slot name="header">
+        <h2 class="font-semibold text-xl text-gray-800 dark:text-gray-200 leading-tight">
+            {{ __('Edit User') }}: {{ $user->name }}
+        </h2>
+    </x-slot>
+
+    <div class="py-12">
+        <div class="max-w-7xl mx-auto sm:px-6 lg:px-8">
+            <div class="p-4 sm:p-8 bg-white dark:bg-gray-800 shadow sm:rounded-lg">
+                <div class="max-w-xl">
+                    <section>
+                        <header>
+                            <h2 class="text-lg font-medium text-gray-900 dark:text-gray-100">
+                                {{ __('Assign Roles') }}
+                            </h2>
+
+                            <p class="mt-1 text-sm text-gray-600 dark:text-gray-400">
+                                {{ __('Select the roles to assign to this user.') }}
+                            </p>
+                        </header>
+
+                        <form method="post" action="{{ route('users.update', $user) }}" class="mt-6 space-y-6">
+                            @csrf
+                            @method('put')
+
+                            <div class="space-y-3">
+                                @forelse ($roles as $role)
+                                    <label class="flex items-start gap-3 cursor-pointer">
+                                        <input
+                                            type="checkbox"
+                                            name="roles[]"
+                                            value="{{ $role->id }}"
+                                            {{ $user->roles->contains($role) ? 'checked' : '' }}
+                                            class="mt-0.5 rounded border-gray-300 dark:border-gray-700 text-indigo-600 shadow-sm focus:ring-indigo-500 dark:focus:ring-indigo-600 dark:bg-gray-900"
+                                        />
+                                        <div>
+                                            <span class="text-sm font-medium text-gray-900 dark:text-gray-100">{{ $role->name }}</span>
+                                            @if ($role->description)
+                                                <p class="text-xs text-gray-500 dark:text-gray-400">{{ $role->description }}</p>
+                                            @endif
+                                        </div>
+                                    </label>
+                                @empty
+                                    <p class="text-sm text-gray-500 dark:text-gray-400">{{ __('No roles available. Create one first.') }}</p>
+                                @endforelse
+                            </div>
+
+                            <x-input-error class="mt-2" :messages="$errors->get('roles')" />
+                            <x-input-error class="mt-2" :messages="$errors->get('roles.*')" />
+
+                            <div class="flex items-center gap-4">
+                                <x-primary-button>{{ __('Save Roles') }}</x-primary-button>
+
+                                <a href="{{ route('users.index') }}" class="text-sm text-gray-600 dark:text-gray-400 hover:text-gray-900 dark:hover:text-gray-100 underline">
+                                    {{ __('Cancel') }}
+                                </a>
+                            </div>
+                        </form>
+                    </section>
+                </div>
+            </div>
+        </div>
+    </div>
+</x-app-layout>
--- a/resources/views/users/index.blade.php
+++ b/resources/views/users/index.blade.php
@@ -0,0 +1,43 @@
+<x-app-layout>
+    <x-slot name="header">
+        <h2 class="font-semibold text-xl text-gray-800 dark:text-gray-200 leading-tight">
+            {{ __('Users') }}
+        </h2>
+    </x-slot>
+
+    <div class="py-12">
+        <div class="max-w-7xl mx-auto sm:px-6 lg:px-8">
+            <div class="bg-white dark:bg-gray-800 overflow-hidden shadow-sm sm:rounded-lg">
+                <div
+                    class="p-6"
+                    x-data="{
+                        loading: false,
+                        async paginate(url) {
+                            this.loading = true;
+                            const response = await fetch(url, {
+                                headers: { 'X-Requested-With': 'XMLHttpRequest' }
+                            });
+                            this.$refs.tableContainer.innerHTML = await response.text();
+                            this.loading = false;
+                        }
+                    }"
+                    @click="
+                        const link = $event.target.closest('a[href]');
+                        if (link && link.closest('nav[role=navigation]') && $refs.tableContainer.contains(link)) {
+                            $event.preventDefault();
+                            paginate(link.href);
+                        }
+                    "
+                >
+                    <div x-show="loading" class="text-center py-4 text-gray-500 dark:text-gray-400">
+                        {{ __('Loading...') }}
+                    </div>
+
+                    <div x-ref="tableContainer" x-show="!loading">
+                        @include('users._table')
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</x-app-layout>
--- a/routes/web.php
+++ b/routes/web.php
@@ -1,6 +1,8 @@
 <?php

 use App\Http\Controllers\ProfileController;
+use App\Http\Controllers\RoleController;
+use App\Http\Controllers\UserController;
 use Illuminate\Support\Facades\Route;

 Route::get('/', function () {
@@ -12,6 +14,12 @@ Route::get('/dashboard', function () {
 })->middleware(['auth', 'verified'])->name('dashboard');

 Route::middleware('auth')->group(function () {
+    Route::get('/users', [UserController::class, 'index'])->name('users.index');
+    Route::get('/users/{user}/edit', [UserController::class, 'edit'])->name('users.edit');
+    Route::put('/users/{user}', [UserController::class, 'update'])->name('users.update');
+    Route::get('/roles', [RoleController::class, 'index'])->name('roles.index');
+    Route::get('/roles/create', [RoleController::class, 'create'])->name('roles.create');
+    Route::post('/roles', [RoleController::class, 'store'])->name('roles.store');
    Route::get('/profile', [ProfileController::class, 'edit'])->name('profile.edit');
    Route::patch('/profile', [ProfileController::class, 'update'])->name('profile.update');
    Route::delete('/profile', [ProfileController::class, 'destroy'])->name('profile.destroy');
--- a/tests/Feature/EditUserTest.php
+++ b/tests/Feature/EditUserTest.php
@@ -0,0 +1,85 @@
+<?php
+
+use App\Models\Role;
+use App\Models\User;
+
+test('guests cannot access the edit user page', function () {
+    $user = User::factory()->create();
+
+    $this->get(route('users.edit', $user))->assertRedirect('/login');
+});
+
+test('authenticated users can access the edit user page', function () {
+    $user = User::factory()->create();
+
+    $this->actingAs($user)
+        ->get(route('users.edit', $user))
+        ->assertOk()
+        ->assertViewIs('users.edit')
+        ->assertViewHas('user', $user)
+        ->assertViewHas('roles');
+});
+
+test('edit page shows all available roles', function () {
+    $roles = Role::factory()->count(3)->create();
+    $user = User::factory()->create();
+
+    $this->actingAs($user)
+        ->get(route('users.edit', $user))
+        ->assertOk()
+        ->assertViewHas('roles', fn ($viewRoles) => $viewRoles->count() === $roles->count());
+});
+
+test('can assign roles to a user', function () {
+    $user = User::factory()->create();
+    $roles = Role::factory()->count(2)->create();
+
+    $this->actingAs($user)
+        ->put(route('users.update', $user), ['roles' => $roles->pluck('id')->all()])
+        ->assertRedirect(route('users.index'))
+        ->assertSessionHas('status', 'user-updated');
+
+    expect($user->roles()->count())->toBe(2);
+});
+
+test('can remove all roles from a user', function () {
+    $user = User::factory()->create();
+    $role = Role::factory()->create();
+    $user->roles()->attach($role);
+
+    $this->actingAs($user)
+        ->put(route('users.update', $user), [])
+        ->assertRedirect(route('users.index'));
+
+    expect($user->roles()->count())->toBe(0);
+});
+
+test('syncs roles replacing previous assignments', function () {
+    $user = User::factory()->create();
+    $oldRole = Role::factory()->create();
+    $newRole = Role::factory()->create();
+    $user->roles()->attach($oldRole);
+
+    $this->actingAs($user)
+        ->put(route('users.update', $user), ['roles' => [$newRole->id]]);
+
+    expect($user->roles()->pluck('id')->all())->toBe([$newRole->id]);
+});
+
+test('role ids must exist in the database', function () {
+    $user = User::factory()->create();
+
+    $this->actingAs($user)
+        ->put(route('users.update', $user), ['roles' => [999]])
+        ->assertSessionHasErrors('roles.*');
+});
+
+test('guests cannot update user roles', function () {
+    $user = User::factory()->create();
+    $role = Role::factory()->create();
+
+    $this->put(route('users.update', $user), ['roles' => [$role->id]])
+        ->assertRedirect('/login');
+
+    expect($user->roles()->count())->toBe(0);
+});
--- a/tests/Feature/RoleIndexTest.php
+++ b/tests/Feature/RoleIndexTest.php
@@ -0,0 +1,41 @@
+<?php
+
+use App\Models\Role;
+use App\Models\User;
+
+test('guests are redirected to login from roles page', function () {
+    $this->get('/roles')->assertRedirect('/login');
+});
+
+test('authenticated users can view the roles page', function () {
+    $this->actingAs(User::factory()->create())
+        ->get('/roles')
+        ->assertOk()
+        ->assertViewIs('roles.index');
+});
+
+test('roles page passes paginated roles to view', function () {
+    $this->actingAs(User::factory()->create())
+        ->get('/roles')
+        ->assertOk()
+        ->assertViewHas('roles');
+});
+
+test('ajax request returns roles table partial', function () {
+    $this->actingAs(User::factory()->create())
+        ->withHeader('X-Requested-With', 'XMLHttpRequest')
+        ->get('/roles')
+        ->assertOk()
+        ->assertViewIs('roles._table');
+});
+
+test('ajax pagination returns correct page', function () {
+    Role::factory()->count(15)->create();
+
+    $this->actingAs(User::factory()->create())
+        ->withHeader('X-Requested-With', 'XMLHttpRequest')
+        ->get('/roles?page=2')
+        ->assertOk()
+        ->assertViewIs('roles._table')
+        ->assertViewHas('roles', fn ($roles) => $roles->currentPage() === 2);
+});
--- a/tests/Feature/StoreRoleTest.php
+++ b/tests/Feature/StoreRoleTest.php
@@ -0,0 +1,52 @@
+<?php
+
+use App\Models\Role;
+use App\Models\User;
+
+test('guests cannot access the create role page', function () {
+    $this->get('/roles/create')->assertRedirect('/login');
+});
+
+test('authenticated users can access the create role page', function () {
+    $this->actingAs(User::factory()->create())
+        ->get('/roles/create')
+        ->assertOk()
+        ->assertViewIs('roles.create');
+});
+
+test('authenticated users can create a role', function () {
+    $this->actingAs(User::factory()->create())
+        ->post('/roles', ['name' => 'Manager', 'description' => 'Manages things'])
+        ->assertRedirect(route('roles.index'))
+        ->assertSessionHas('status', 'role-created');
+
+    $this->assertDatabaseHas('roles', ['name' => 'Manager', 'description' => 'Manages things']);
+});
+
+test('role name is required', function () {
+    $this->actingAs(User::factory()->create())
+        ->post('/roles', ['name' => '', 'description' => 'Some description'])
+        ->assertSessionHasErrors('name');
+});
+
+test('role name must be unique', function () {
+    Role::factory()->create(['name' => 'Admin']);
+
+    $this->actingAs(User::factory()->create())
+        ->post('/roles', ['name' => 'Admin'])
+        ->assertSessionHasErrors('name');
+});
+
+test('description is optional', function () {
+    $this->actingAs(User::factory()->create())
+        ->post('/roles', ['name' => 'Viewer'])
+        ->assertRedirect(route('roles.index'));
+
+    $this->assertDatabaseHas('roles', ['name' => 'Viewer', 'description' => null]);
+});
+
+test('guests cannot create a role', function () {
+    $this->post('/roles', ['name' => 'Admin'])->assertRedirect('/login');
+
+    $this->assertDatabaseMissing('roles', ['name' => 'Admin']);
+});
--- a/tests/Feature/UserIndexTest.php
+++ b/tests/Feature/UserIndexTest.php
@@ -0,0 +1,47 @@
+<?php
+
+use App\Models\User;
+
+test('guests are redirected to login from users page', function () {
+    $this->get('/users')->assertRedirect('/login');
+});
+
+test('authenticated users can view the users page', function () {
+    $user = User::factory()->create();
+
+    $this->actingAs($user)
+        ->get('/users')
+        ->assertOk()
+        ->assertViewIs('users.index');
+});
+
+test('users page passes paginated users to view', function () {
+    $user = User::factory()->create();
+
+    $this->actingAs($user)
+        ->get('/users')
+        ->assertOk()
+        ->assertViewHas('users');
+});
+
+test('ajax request returns table partial', function () {
+    $user = User::factory()->create();
+
+    $this->actingAs($user)
+        ->withHeader('X-Requested-With', 'XMLHttpRequest')
+        ->get('/users')
+        ->assertOk()
+        ->assertViewIs('users._table');
+});
+
+test('ajax pagination returns correct page', function () {
+    $user = User::factory()->create();
+    User::factory()->count(15)->create();
+
+    $this->actingAs($user)
+        ->withHeader('X-Requested-With', 'XMLHttpRequest')
+        ->get('/users?page=2')
+        ->assertOk()
+        ->assertViewIs('users._table')
+        ->assertViewHas('users', fn ($users) => $users->currentPage() === 2);
+});