116 lines
3.6 KiB
PHP
116 lines
3.6 KiB
PHP
<?php
|
|
|
|
use App\Models\User;
|
|
use Spatie\Permission\Models\Permission;
|
|
use Spatie\Permission\Models\Role;
|
|
|
|
beforeEach(function () {
|
|
Permission::firstOrCreate(['name' => 'user.view', 'guard_name' => 'web']);
|
|
Permission::firstOrCreate(['name' => 'user.create', 'guard_name' => 'web']);
|
|
Permission::firstOrCreate(['name' => 'user.edit', 'guard_name' => 'web']);
|
|
Permission::firstOrCreate(['name' => 'user.delete', 'guard_name' => 'web']);
|
|
Permission::firstOrCreate(['name' => 'role.view', 'guard_name' => 'web']);
|
|
Permission::firstOrCreate(['name' => 'role.manage', 'guard_name' => 'web']);
|
|
Permission::firstOrCreate(['name' => 'settings.manage', 'guard_name' => 'web']);
|
|
|
|
$userRole = Role::firstOrCreate(['name' => 'user', 'guard_name' => 'web']);
|
|
$userRole->syncPermissions(['user.view']);
|
|
|
|
$adminRole = Role::firstOrCreate(['name' => 'admin', 'guard_name' => 'web']);
|
|
$adminRole->syncPermissions(['user.view', 'user.create', 'user.edit', 'user.delete', 'role.view', 'role.manage']);
|
|
|
|
Role::firstOrCreate(['name' => 'super-admin', 'guard_name' => 'web']);
|
|
});
|
|
|
|
it('prevents user role from accessing users list on web', function () {
|
|
$user = User::factory()->create();
|
|
$user->assignRole('user');
|
|
|
|
$this->actingAs($user)
|
|
->get('/users')
|
|
->assertStatus(200);
|
|
});
|
|
|
|
it('prevents user role from deleting users via API', function () {
|
|
$user = User::factory()->create();
|
|
$user->assignRole('user');
|
|
|
|
$target = User::factory()->create();
|
|
|
|
$this->actingAs($user)
|
|
->deleteJson("/api/v1/users/{$target->id}")
|
|
->assertForbidden();
|
|
});
|
|
|
|
it('allows admin to create users via API', function () {
|
|
$admin = User::factory()->create();
|
|
$admin->assignRole('admin');
|
|
|
|
$payload = [
|
|
'firstName' => 'New',
|
|
'lastName' => 'User',
|
|
'email' => 'newuser@example.com',
|
|
'password' => 'password123',
|
|
];
|
|
|
|
$this->actingAs($admin)
|
|
->postJson('/api/v1/users', $payload)
|
|
->assertCreated()
|
|
->assertJsonPath('data.email', 'newuser@example.com');
|
|
});
|
|
|
|
it('allows admin to update users via API', function () {
|
|
$admin = User::factory()->create();
|
|
$admin->assignRole('admin');
|
|
|
|
$target = User::factory()->create();
|
|
|
|
$this->actingAs($admin)
|
|
->putJson("/api/v1/users/{$target->id}", ['firstName' => 'Updated'])
|
|
->assertOk()
|
|
->assertJsonPath('data.firstName', 'Updated');
|
|
});
|
|
|
|
it('allows super-admin to delete users via API', function () {
|
|
$superAdmin = User::factory()->create();
|
|
$superAdmin->assignRole('super-admin');
|
|
|
|
$target = User::factory()->create();
|
|
|
|
$this->actingAs($superAdmin)
|
|
->deleteJson("/api/v1/users/{$target->id}")
|
|
->assertOk();
|
|
|
|
expect(User::withTrashed()->find($target->id)->deleted_at)->not->toBeNull();
|
|
});
|
|
|
|
it('prevents user from deleting themselves via web', function () {
|
|
$user = User::factory()->create();
|
|
$user->assignRole('super-admin');
|
|
|
|
$this->actingAs($user)
|
|
->delete("/users/{$user->id}")
|
|
->assertRedirect();
|
|
|
|
expect(User::find($user->id))->not->toBeNull();
|
|
});
|
|
|
|
it('correctly returns full name', function () {
|
|
$user = User::factory()->create([
|
|
'first_name' => 'John',
|
|
'last_name' => 'Doe',
|
|
]);
|
|
|
|
expect($user->getFullName())->toBe('John Doe');
|
|
});
|
|
|
|
it('returns user with roles and permissions on API me endpoint', function () {
|
|
$user = User::factory()->create();
|
|
$user->assignRole('admin');
|
|
|
|
$this->actingAs($user)
|
|
->getJson('/api/v1/auth/me')
|
|
->assertOk()
|
|
->assertJsonStructure(['data' => ['id', 'email', 'roles', 'permissions']]);
|
|
});
|