2015-12-13 04:42:28 +00:00
|
|
|
<?php
|
|
|
|
|
2017-02-14 06:53:02 +00:00
|
|
|
namespace Tests\Feature;
|
|
|
|
|
2015-12-13 04:42:28 +00:00
|
|
|
use App\Models\User;
|
2021-05-21 17:14:00 +00:00
|
|
|
use Illuminate\Support\Facades\Hash;
|
2015-12-13 04:42:28 +00:00
|
|
|
|
2017-08-05 16:56:11 +00:00
|
|
|
class UserTest extends TestCase
|
2015-12-13 04:42:28 +00:00
|
|
|
{
|
2019-07-22 07:03:23 +00:00
|
|
|
public function testNonAdminCannotCreateUser(): void
|
2015-12-13 04:42:28 +00:00
|
|
|
{
|
2022-07-27 08:49:33 +00:00
|
|
|
$this->postAs('api/user', [
|
2018-08-22 19:40:04 +00:00
|
|
|
'name' => 'Foo',
|
|
|
|
'email' => 'bar@baz.com',
|
2021-05-21 17:14:00 +00:00
|
|
|
'password' => 'secret',
|
2020-09-06 21:20:42 +00:00
|
|
|
'is_admin' => false,
|
2021-05-21 17:14:00 +00:00
|
|
|
])->assertForbidden();
|
2018-08-22 19:40:04 +00:00
|
|
|
}
|
|
|
|
|
2019-07-22 07:03:23 +00:00
|
|
|
public function testAdminCreatesUser(): void
|
2018-08-22 19:40:04 +00:00
|
|
|
{
|
2022-07-27 15:32:36 +00:00
|
|
|
/** @var User $admin */
|
|
|
|
$admin = User::factory()->admin()->create();
|
|
|
|
|
2022-07-27 08:49:33 +00:00
|
|
|
$this->postAs('api/user', [
|
2020-01-08 14:21:29 +00:00
|
|
|
'name' => 'Foo',
|
|
|
|
'email' => 'bar@baz.com',
|
2021-05-21 17:14:00 +00:00
|
|
|
'password' => 'secret',
|
2020-09-06 21:20:42 +00:00
|
|
|
'is_admin' => true,
|
2022-07-27 15:32:36 +00:00
|
|
|
], $admin)
|
2022-07-07 10:45:57 +00:00
|
|
|
->assertSuccessful();
|
2015-12-13 04:42:28 +00:00
|
|
|
|
2022-08-09 18:45:11 +00:00
|
|
|
/** @var User $user */
|
|
|
|
$user = User::query()->firstWhere('email', 'bar@baz.com');
|
2021-05-21 17:14:00 +00:00
|
|
|
|
|
|
|
self::assertTrue(Hash::check('secret', $user->password));
|
|
|
|
self::assertSame('Foo', $user->name);
|
|
|
|
self::assertSame('bar@baz.com', $user->email);
|
|
|
|
self::assertTrue($user->is_admin);
|
2015-12-13 04:42:28 +00:00
|
|
|
}
|
|
|
|
|
2019-07-22 07:03:23 +00:00
|
|
|
public function testAdminUpdatesUser(): void
|
2015-12-13 04:42:28 +00:00
|
|
|
{
|
2022-07-27 15:32:36 +00:00
|
|
|
/** @var User $admin */
|
|
|
|
$admin = User::factory()->admin()->create();
|
|
|
|
|
2018-08-22 19:40:04 +00:00
|
|
|
/** @var User $user */
|
2021-05-21 17:14:00 +00:00
|
|
|
$user = User::factory()->admin()->create(['password' => 'secret']);
|
2018-08-22 19:40:04 +00:00
|
|
|
|
2022-07-27 08:49:33 +00:00
|
|
|
$this->putAs("api/user/$user->id", [
|
2020-01-08 14:21:29 +00:00
|
|
|
'name' => 'Foo',
|
|
|
|
'email' => 'bar@baz.com',
|
2021-05-21 17:14:00 +00:00
|
|
|
'password' => 'new-secret',
|
2020-06-13 15:19:47 +00:00
|
|
|
'is_admin' => false,
|
2022-07-27 15:32:36 +00:00
|
|
|
], $admin)
|
|
|
|
->assertSuccessful();
|
2015-12-13 04:42:28 +00:00
|
|
|
|
2021-05-21 17:14:00 +00:00
|
|
|
$user->refresh();
|
|
|
|
|
|
|
|
self::assertTrue(Hash::check('new-secret', $user->password));
|
|
|
|
self::assertSame('Foo', $user->name);
|
|
|
|
self::assertSame('bar@baz.com', $user->email);
|
|
|
|
self::assertFalse($user->is_admin);
|
2015-12-13 04:42:28 +00:00
|
|
|
}
|
|
|
|
|
2019-07-22 07:03:23 +00:00
|
|
|
public function testAdminDeletesUser(): void
|
2015-12-13 04:42:28 +00:00
|
|
|
{
|
2020-09-06 18:21:39 +00:00
|
|
|
/** @var User $user */
|
2020-11-14 16:57:25 +00:00
|
|
|
$user = User::factory()->create();
|
2022-07-27 15:32:36 +00:00
|
|
|
|
|
|
|
/** @var User $admin */
|
2020-11-14 16:57:25 +00:00
|
|
|
$admin = User::factory()->admin()->create();
|
2015-12-15 10:32:41 +00:00
|
|
|
|
2022-07-27 08:49:33 +00:00
|
|
|
$this->deleteAs("api/user/$user->id", [], $admin);
|
2022-07-27 15:32:36 +00:00
|
|
|
self::assertModelMissing($user);
|
2018-08-22 19:40:04 +00:00
|
|
|
}
|
|
|
|
|
2019-07-22 07:03:23 +00:00
|
|
|
public function testSeppukuNotAllowed(): void
|
2018-08-22 19:40:04 +00:00
|
|
|
{
|
2020-09-06 18:21:39 +00:00
|
|
|
/** @var User $admin */
|
2020-11-14 16:57:25 +00:00
|
|
|
$admin = User::factory()->admin()->create();
|
2015-12-13 04:42:28 +00:00
|
|
|
|
2015-12-15 10:32:41 +00:00
|
|
|
// A user can't delete himself
|
2022-07-27 15:32:36 +00:00
|
|
|
$this->deleteAs("api/user/$admin->id", [], $admin)->assertForbidden();
|
|
|
|
self::assertModelExists($admin);
|
2015-12-13 04:42:28 +00:00
|
|
|
}
|
|
|
|
}
|