fix: warehouse_head role can only view orders with brigadier and installation dat set

app/Http/Controllers/OrderController.php

@@ -106,6 +106,11 @@ class OrderController extends Controller
             $q->where('brigadier_id', auth()->id());
         }
 
+        if(hasRole(Role::WAREHOUSE_HEAD)) {
+            $q->whereNotNull('brigadier_id');
+            $q->whereNotNull('installation_date');
+        }
+
         $this->applyStableSorting($q);
         $this->data['orders'] = $q->paginate($this->data['per_page'])->withQueryString();
 

tests/Feature/WarehouseHeadOrderVisibilityTest.php

@@ -0,0 +1,63 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\Models\Order;
+use App\Models\OrderView;
+use App\Models\Role;
+use App\Models\User;
+use Database\Seeders\OrderStatusSeeder;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class WarehouseHeadOrderVisibilityTest extends TestCase
+{
+    use RefreshDatabase;
+
+    public function setUp(): void
+    {
+        parent::setUp();
+        $this->seed(OrderStatusSeeder::class);
+    }
+
+    public function test_warehouse_head_sees_only_orders_with_brigadier_and_installation_date()
+    {
+        // 1. Create a user with the "warehouse_head" role.
+        $warehouseHead = User::factory()->create(['role' => Role::WAREHOUSE_HEAD]);
+
+        $brigadier = User::factory()->create(['role' => Role::BRIGADIER]);
+
+        // 2. Create orders
+        $orderVisible = Order::factory()->create([
+            'brigadier_id' => $brigadier->id,
+            'installation_date' => now(),
+        ]);
+
+        $orderNotVisible1 = Order::factory()->create([
+            'brigadier_id' => $brigadier->id,
+            'installation_date' => null,
+        ]);
+
+        $orderNotVisible2 = Order::factory()->create([
+            'brigadier_id' => null,
+            'installation_date' => now(),
+        ]);
+
+        $orderNotVisible3 = Order::factory()->create([
+            'brigadier_id' => null,
+            'installation_date' => null,
+        ]);
+
+        // 3. Authenticate as the "warehouse_head" user.
+        $this->actingAs($warehouseHead);
+
+        // 4. Make a request to the `order.index` route.
+        $response = $this->get(route('order.index'));
+
+        // 5. Assert that the response only contains the order that has both a brigadier and an installation date.
+        $response->assertStatus(200);
+        $orders = $response->viewData('orders');
+        $this->assertCount(1, $orders);
+        $this->assertEquals($orderVisible->id, $orders->first()->id);
+    }
+}