2
0
Fork 0
mirror of https://github.com/koel/koel synced 2025-01-06 17:58:46 +00:00
koel/tests/Feature/KoelPlus/SongTest.php
2024-07-06 17:44:42 +02:00

105 lines
3.5 KiB
PHP

<?php
namespace Tests\Feature\KoelPlus;
use App\Facades\License;
use App\Models\Song;
use Illuminate\Support\Collection;
use Tests\TestCase;
use function Tests\create_user;
class SongTest extends TestCase
{
public function setUp(): void
{
parent::setUp();
License::fakePlusLicense();
}
public function testShowSongPolicy(): void
{
$user = create_user();
/** @var Song $publicSong */
$publicSong = Song::factory()->public()->create();
// We can access public songs.
$this->getAs("api/songs/$publicSong->id", $user)->assertSuccessful();
/** @var Song $ownPrivateSong */
$ownPrivateSong = Song::factory()->for($user, 'owner')->private()->create();
// We can access our own private songs.
$this->getAs('api/songs/' . $ownPrivateSong->id, $user)->assertSuccessful();
/** @var Song $externalUnownedSong */
$externalUnownedSong = Song::factory()->private()->create();
// But we can't access private songs that are not ours.
$this->getAs("api/songs/$externalUnownedSong->id", $user)->assertForbidden();
}
public function testEditSongsPolicy(): void
{
$currentUser = create_user();
$anotherUser = create_user();
/** @var Collection<Song> $externalUnownedSongs */
$externalUnownedSongs = Song::factory(3)->for($anotherUser, 'owner')->private()->create();
// We can't edit songs that are not ours.
$this->putAs('api/songs', [
'songs' => $externalUnownedSongs->pluck('id')->toArray(),
'data' => [
'title' => 'New Title',
],
], $currentUser)->assertForbidden();
// Even if some of the songs are owned by us, we still can't edit them.
$mixedSongs = $externalUnownedSongs->merge(Song::factory(2)->for($currentUser, 'owner')->create());
$this->putAs('api/songs', [
'songs' => $mixedSongs->pluck('id')->toArray(),
'data' => [
'title' => 'New Title',
],
], $currentUser)->assertForbidden();
// But we can edit our own songs.
$ownSongs = Song::factory(3)->for($currentUser, 'owner')->create();
$this->putAs('api/songs', [
'songs' => $ownSongs->pluck('id')->toArray(),
'data' => [
'title' => 'New Title',
],
], $currentUser)->assertSuccessful();
}
public function testDeleteSongsPolicy(): void
{
$currentUser = create_user();
$anotherUser = create_user();
/** @var Collection<Song> $externalUnownedSongs */
$externalUnownedSongs = Song::factory(3)->for($anotherUser, 'owner')->private()->create();
// We can't delete songs that are not ours.
$this->deleteAs('api/songs', ['songs' => $externalUnownedSongs->pluck('id')->toArray()], $currentUser)
->assertForbidden();
// Even if some of the songs are owned by us, we still can't delete them.
$mixedSongs = $externalUnownedSongs->merge(Song::factory(2)->for($currentUser, 'owner')->create());
$this->deleteAs('api/songs', ['songs' => $mixedSongs->pluck('id')->toArray()], $currentUser)
->assertForbidden();
// But we can delete our own songs.
$ownSongs = Song::factory(3)->for($currentUser, 'owner')->create();
$this->deleteAs('api/songs', ['songs' => $ownSongs->pluck('id')->toArray()], $currentUser)
->assertSuccessful();
}
}