feat: inisialisasi project kit v2

2026-05-21 15:57:29 +07:00
commit d4fd478e1f
271 changed files with 35300 additions and 0 deletions
@@ -0,0 +1,115 @@
+<?php
+
+use App\Models\User;
+use Spatie\Permission\Models\Permission;
+use Spatie\Permission\Models\Role;
+
+beforeEach(function () {
+    Permission::firstOrCreate(['name' => 'user.view',   'guard_name' => 'web']);
+    Permission::firstOrCreate(['name' => 'user.create', 'guard_name' => 'web']);
+    Permission::firstOrCreate(['name' => 'user.edit',   'guard_name' => 'web']);
+    Permission::firstOrCreate(['name' => 'user.delete', 'guard_name' => 'web']);
+    Permission::firstOrCreate(['name' => 'role.view',   'guard_name' => 'web']);
+    Permission::firstOrCreate(['name' => 'role.manage', 'guard_name' => 'web']);
+    Permission::firstOrCreate(['name' => 'settings.manage', 'guard_name' => 'web']);
+
+    $userRole = Role::firstOrCreate(['name' => 'user', 'guard_name' => 'web']);
+    $userRole->syncPermissions(['user.view']);
+
+    $adminRole = Role::firstOrCreate(['name' => 'admin', 'guard_name' => 'web']);
+    $adminRole->syncPermissions(['user.view', 'user.create', 'user.edit', 'user.delete', 'role.view', 'role.manage']);
+
+    Role::firstOrCreate(['name' => 'super-admin', 'guard_name' => 'web']);
+});
+
+it('prevents user role from accessing users list on web', function () {
+    $user = User::factory()->create();
+    $user->assignRole('user');
+
+    $this->actingAs($user)
+         ->get('/users')
+         ->assertStatus(200);
+});
+
+it('prevents user role from deleting users via API', function () {
+    $user = User::factory()->create();
+    $user->assignRole('user');
+
+    $target = User::factory()->create();
+
+    $this->actingAs($user)
+         ->deleteJson("/api/v1/users/{$target->id}")
+         ->assertForbidden();
+});
+
+it('allows admin to create users via API', function () {
+    $admin = User::factory()->create();
+    $admin->assignRole('admin');
+
+    $payload = [
+        'firstName' => 'New',
+        'lastName'  => 'User',
+        'email'     => 'newuser@example.com',
+        'password'  => 'password123',
+    ];
+
+    $this->actingAs($admin)
+         ->postJson('/api/v1/users', $payload)
+         ->assertCreated()
+         ->assertJsonPath('data.email', 'newuser@example.com');
+});
+
+it('allows admin to update users via API', function () {
+    $admin = User::factory()->create();
+    $admin->assignRole('admin');
+
+    $target = User::factory()->create();
+
+    $this->actingAs($admin)
+         ->putJson("/api/v1/users/{$target->id}", ['firstName' => 'Updated'])
+         ->assertOk()
+         ->assertJsonPath('data.firstName', 'Updated');
+});
+
+it('allows super-admin to delete users via API', function () {
+    $superAdmin = User::factory()->create();
+    $superAdmin->assignRole('super-admin');
+
+    $target = User::factory()->create();
+
+    $this->actingAs($superAdmin)
+         ->deleteJson("/api/v1/users/{$target->id}")
+         ->assertOk();
+
+    expect(User::withTrashed()->find($target->id)->deleted_at)->not->toBeNull();
+});
+
+it('prevents user from deleting themselves via web', function () {
+    $user = User::factory()->create();
+    $user->assignRole('super-admin');
+
+    $this->actingAs($user)
+         ->delete("/users/{$user->id}")
+         ->assertRedirect();
+
+    expect(User::find($user->id))->not->toBeNull();
+});
+
+it('correctly returns full name', function () {
+    $user = User::factory()->create([
+        'first_name' => 'John',
+        'last_name'  => 'Doe',
+    ]);
+
+    expect($user->getFullName())->toBe('John Doe');
+});
+
+it('returns user with roles and permissions on API me endpoint', function () {
+    $user = User::factory()->create();
+    $user->assignRole('admin');
+
+    $this->actingAs($user)
+         ->getJson('/api/v1/auth/me')
+         ->assertOk()
+         ->assertJsonStructure(['data' => ['id', 'email', 'roles', 'permissions']]);
+});