koel/tests/UserTest.php
Pedro Borges 899c7176c1 Use Laravel built-in authorization
The comment below motivated me to find a better solution for the
repeated authorisation checks:

```php
// This can't be put into a Request authorize(), due to Laravel(?)'s
limitation.
```

This is the result.
2015-12-14 14:27:26 -02:00

65 lines
1.8 KiB
PHP

<?php
use Illuminate\Foundation\Testing\WithoutMiddleware;
use Illuminate\Foundation\Testing\DatabaseTransactions;
use App\Models\User;
class UserTest extends TestCase
{
use WithoutMiddleware;
public function testCreateUser()
{
// Non-admins can't do shit
$this->actingAs(factory(User::class)->create())
->post('api/user', [
'name' => 'Foo',
'email' => 'bar@baz.com',
'password' => 'qux',
])
->seeStatusCode(403);
// But admins can
$this->actingAs(factory(User::class, 'admin')->create())
->post('api/user', [
'name' => 'Foo',
'email' => 'bar@baz.com',
'password' => 'qux',
]);
$this->seeInDatabase('users', ['name' => 'Foo']);
}
public function testUpdateProfile()
{
$user = factory(User::class)->create();
$this->actingAs($user)
->put('api/me', ['name' => 'Foo', 'email' => 'bar@baz.com']);
$this->seeInDatabase('users', ['name' => 'Foo', 'email' => 'bar@baz.com']);
}
public function testUpdateUser()
{
$user = factory(User::class)->create();
$this->actingAs(factory(User::class, 'admin')->create())
->put("api/user/{$user->id}", [
'name' => 'Foo',
'email' => 'bar@baz.com',
'password' => 'qux',
]);
$this->seeInDatabase('users', ['name' => 'Foo', 'email' => 'bar@baz.com']);
}
public function testDeleteUser()
{
$user = factory(User::class)->create();
$this->actingAs(factory(User::class, 'admin')->create())
->delete("api/user/{$user->id}");
$this->notSeeInDatabase('users', ['id' => $user->id]);
}
}