postAsUser('api/user', [ 'name' => 'Foo', 'email' => 'bar@baz.com', 'password' => 'qux', ]) ->seeStatusCode(403); // But admins can $this->postAsUser('api/user', [ 'name' => 'Foo', 'email' => 'bar@baz.com', 'password' => 'qux', ], factory(User::class, 'admin')->create()); $this->seeInDatabase('users', ['name' => 'Foo']); } public function testUpdateUser() { $user = factory(User::class)->create(); $this->putAsUser("api/user/{$user->id}", [ 'name' => 'Foo', 'email' => 'bar@baz.com', 'password' => 'qux', ], factory(User::class, 'admin')->create()); $this->seeInDatabase('users', ['name' => 'Foo', 'email' => 'bar@baz.com']); } public function testDeleteUser() { $user = factory(User::class)->create(); $admin = factory(User::class, 'admin')->create(); $this->deleteAsUser("api/user/{$user->id}", [], $admin) ->notSeeInDatabase('users', ['id' => $user->id]); // A user can't delete himself $this->deleteAsUser("api/user/{$admin->id}", [], $admin) ->seeStatusCode(403) ->seeInDatabase('users', ['id' => $admin->id]); } public function testUserPreferences() { $user = factory(User::class)->create(); $this->assertNull($user->getPreference('foo')); $user->setPreference('foo', 'bar'); $this->assertEquals('bar', $user->getPreference('foo')); $user->deletePreference('foo'); $this->assertNull($user->getPreference('foo')); } public function testHidingUserPreferences() { $user = factory(User::class)->create([ 'preferences' => [ 'lastfm_session_key' => '123456', ], ]); $this->assertEquals('hidden', $user->preferences['lastfm_session_key']); } }