Add authorization to saving saved reports route

app/Http/Controllers/SavedReportsController.php

@@ -8,6 +8,8 @@ class SavedReportsController extends Controller
 {
     public function store(Request $request)
     {
+        $this->authorize('reports.view');
+
         $report = $request->user()->savedReports()->create([
             'name' => $request->get('report_name'),
             'options' => $request->except(['_token', 'report_name']),

routes/web.php

@@ -357,6 +357,7 @@ Route::group(['middleware' => ['auth']], function () {
     )->name('reports/export/accessories');
     Route::get('reports/custom', [ReportsController::class, 'getCustomReport'])->name('reports/custom');
     Route::post('reports/custom', [ReportsController::class, 'postCustom']);
+    // @todo: change to saved-template?
     Route::post('reports/savedtemplate', [SavedReportsController::class, 'store'])->name('savedreports/store');
 
     Route::get(

tests/Feature/SavedReports/SavedReportsTest.php

@@ -49,4 +49,22 @@ class SavedReportsTest extends TestCase
     {
         $this->markTestIncomplete();
     }
+
+    public function testSavingReportRequiresValidFields()
+    {
+        $this->markTestIncomplete();
+
+        $this->actingAs(User::factory()->canViewReports()->create())
+            ->post(route('savedreports/store'), [
+                //
+            ])
+            ->assertSessionHasErrors('report_name');
+    }
+
+    public function testSavingReportRequiresCorrectPermission()
+    {
+        $this->actingAs(User::factory()->create())
+            ->post(route('savedreports/store'))
+            ->assertForbidden();
+    }
 }