mirror of
https://github.com/koel/koel
synced 2024-11-10 06:34:14 +00:00
899c7176c1
The comment below motivated me to find a better solution for the repeated authorisation checks: ```php // This can't be put into a Request authorize(), due to Laravel(?)'s limitation. ``` This is the result.
65 lines
1.8 KiB
PHP
65 lines
1.8 KiB
PHP
<?php
|
|
|
|
use Illuminate\Foundation\Testing\WithoutMiddleware;
|
|
use Illuminate\Foundation\Testing\DatabaseTransactions;
|
|
use App\Models\User;
|
|
|
|
class UserTest extends TestCase
|
|
{
|
|
use WithoutMiddleware;
|
|
|
|
public function testCreateUser()
|
|
{
|
|
// Non-admins can't do shit
|
|
$this->actingAs(factory(User::class)->create())
|
|
->post('api/user', [
|
|
'name' => 'Foo',
|
|
'email' => 'bar@baz.com',
|
|
'password' => 'qux',
|
|
])
|
|
->seeStatusCode(403);
|
|
|
|
// But admins can
|
|
$this->actingAs(factory(User::class, 'admin')->create())
|
|
->post('api/user', [
|
|
'name' => 'Foo',
|
|
'email' => 'bar@baz.com',
|
|
'password' => 'qux',
|
|
]);
|
|
|
|
$this->seeInDatabase('users', ['name' => 'Foo']);
|
|
}
|
|
|
|
public function testUpdateProfile()
|
|
{
|
|
$user = factory(User::class)->create();
|
|
|
|
$this->actingAs($user)
|
|
->put('api/me', ['name' => 'Foo', 'email' => 'bar@baz.com']);
|
|
|
|
$this->seeInDatabase('users', ['name' => 'Foo', 'email' => 'bar@baz.com']);
|
|
}
|
|
|
|
public function testUpdateUser()
|
|
{
|
|
$user = factory(User::class)->create();
|
|
|
|
$this->actingAs(factory(User::class, 'admin')->create())
|
|
->put("api/user/{$user->id}", [
|
|
'name' => 'Foo',
|
|
'email' => 'bar@baz.com',
|
|
'password' => 'qux',
|
|
]);
|
|
|
|
$this->seeInDatabase('users', ['name' => 'Foo', 'email' => 'bar@baz.com']);
|
|
}
|
|
|
|
public function testDeleteUser()
|
|
{
|
|
$user = factory(User::class)->create();
|
|
$this->actingAs(factory(User::class, 'admin')->create())
|
|
->delete("api/user/{$user->id}");
|
|
|
|
$this->notSeeInDatabase('users', ['id' => $user->id]);
|
|
}
|
|
}
|