snipe-it/tests/Feature/Users/Api/DeleteUserTest.php

<?php

namespace Tests\Feature\Users\Api;

use App\Models\Company;
use App\Models\LicenseSeat;
use App\Models\Location;
use App\Models\User;
use Tests\TestCase;

class DeleteUserTest extends TestCase
{


//    public function testErrorReturnedViaApiIfUserDoesNotExist()
//    {
//        $this->actingAsForApi(User::factory()->deleteUsers()->create())
//            ->deleteJson(route('api.users.destroy', 'invalid-id'))
//            ->assertOk()
//            ->assertStatus(200)
//            ->assertStatusMessageIs('error')
//            ->json();
//    }

    public function testErrorReturnedViaApiIfUserIsAlreadyDeleted()
    {
        $user = User::factory()->deletedUser()->create();
        $this->actingAsForApi(User::factory()->deleteUsers()->create())
            ->deleteJson(route('api.users.destroy', $user->id))
            ->assertOk()
            ->assertStatus(200)
            ->assertStatusMessageIs('error')
            ->json();
    }


    public function testDisallowUserDeletionViaApiIfStillManagingPeople()
    {
        $manager = User::factory()->create();
        User::factory()->count(5)->create(['manager_id' => $manager->id]);
        $this->assertFalse($manager->isDeletable());

        $this->actingAsForApi(User::factory()->deleteUsers()->create())
            ->deleteJson(route('api.users.destroy', $manager->id))
            ->assertOk()
            ->assertStatus(200)
            ->assertStatusMessageIs('error')
            ->json();
    }

    public function testDisallowUserDeletionViaApiIfStillManagingLocations()
    {
        $manager = User::factory()->create();
        Location::factory()->count(5)->create(['manager_id' => $manager->id]);

        $this->assertFalse($manager->isDeletable());

        $this->actingAsForApi(User::factory()->deleteUsers()->create())
            ->deleteJson(route('api.users.destroy', $manager->id))
            ->assertOk()
            ->assertStatus(200)
            ->assertStatusMessageIs('error')
            ->json();
    }

    public function testDisallowUserDeletionViaApiIfStillHasLicenses()
    {
        $manager = User::factory()->create();
        LicenseSeat::factory()->count(5)->create(['assigned_to' => $manager->id]);

        $this->assertFalse($manager->isDeletable());

        $this->actingAsForApi(User::factory()->deleteUsers()->create())
            ->deleteJson(route('api.users.destroy', $manager->id))
            ->assertOk()
            ->assertStatus(200)
            ->assertStatusMessageIs('error')
            ->json();
    }

    public function testDeniedPermissionsForDeletingUserViaApi()
    {
        $this->actingAsForApi(User::factory()->create())
            ->deleteJson(route('api.users.destroy', User::factory()->create()))
            ->assertStatus(403)
            ->json();
    }

    public function testSuccessPermissionsForDeletingUserViaApi()
    {
        $this->actingAsForApi(User::factory()->deleteUsers()->create())
            ->deleteJson(route('api.users.destroy', User::factory()->create()))
            ->assertOk()
            ->assertStatus(200)
            ->assertStatusMessageIs('success')
            ->json();
    }

    
    public function testPermissionsForDeletingIfNotInSameCompanyAndNotSuperadmin()
    {
        $this->settings->enableMultipleFullCompanySupport();

        [$companyA, $companyB] = Company::factory()->count(2)->create();

        $superuser = User::factory()->superuser()->create();
        $userFromA = User::factory()->deleteUsers()->for($companyA)->create();
        $userFromB = User::factory()->deleteUsers()->for($companyB)->create();

        $this->actingAsForApi($userFromA)
            ->deleteJson(route('api.users.destroy', ['user' => $userFromB->id]))
            ->assertOk()
            ->assertStatus(200)
            ->assertStatusMessageIs('error')
            ->json();

        $userFromB->refresh();
        $this->assertNull($userFromB->deleted_at);

        $this->actingAsForApi($userFromB)
            ->deleteJson(route('api.users.destroy', ['user' => $userFromA->id]))
            ->assertOk()
            ->assertStatus(200)
            ->assertStatusMessageIs('error')
            ->json();

        $userFromA->refresh();
        $this->assertNull($userFromA->deleted_at);

        $this->actingAsForApi($superuser)
            ->deleteJson(route('api.users.destroy', ['user' => $userFromA->id]))
            ->assertOk()
            ->assertStatus(200)
            ->assertStatusMessageIs('success')
            ->json();

        $userFromA->refresh();
        $this->assertNotNull($userFromA->deleted_at);

    }

    public function testUsersCannotDeleteThemselves()
    {
        $user = User::factory()->deleteUsers()->create();
        $this->actingAsForApi($user)
            ->deleteJson(route('api.users.destroy', $user))
            ->assertOk()
            ->assertStatus(200)
            ->assertStatusMessageIs('error')
            ->json();

    }


}
Updated delete users API tests, moved non-API tests Signed-off-by: snipe <snipe@snipe.net> 2024-05-31 18:59:04 -07:00			`<?php`

Organize API tests into domains 2024-06-04 10:48:53 -07:00			`namespace Tests\Feature\Users\Api;`
Updated delete users API tests, moved non-API tests Signed-off-by: snipe <snipe@snipe.net> 2024-05-31 18:59:04 -07:00
Added company scoping test Signed-off-by: snipe <snipe@snipe.net> 2024-05-31 19:10:29 -07:00			`use App\Models\Company;`
Organize API tests into domains 2024-06-04 10:48:53 -07:00			`use App\Models\LicenseSeat;`
Updated delete users API tests, moved non-API tests Signed-off-by: snipe <snipe@snipe.net> 2024-05-31 18:59:04 -07:00			`use App\Models\Location;`
			`use App\Models\User;`
			`use Tests\TestCase;`

Make most test names singular 2024-06-03 16:54:59 -07:00			`class DeleteUserTest extends TestCase`
Updated delete users API tests, moved non-API tests Signed-off-by: snipe <snipe@snipe.net> 2024-05-31 18:59:04 -07:00			`{`

Added tests Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 09:45:42 -07:00
Breaking tests :( Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 11:33:44 -07:00			`// public function testErrorReturnedViaApiIfUserDoesNotExist()`
			`// {`
			`// $this->actingAsForApi(User::factory()->deleteUsers()->create())`
			`// ->deleteJson(route('api.users.destroy', 'invalid-id'))`
			`// ->assertOk()`
			`// ->assertStatus(200)`
			`// ->assertStatusMessageIs('error')`
			`// ->json();`
			`// }`
Added tests Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 09:45:42 -07:00
Added test Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 10:36:08 -07:00			`public function testErrorReturnedViaApiIfUserIsAlreadyDeleted()`
			`{`
			`$user = User::factory()->deletedUser()->create();`
			`$this->actingAsForApi(User::factory()->deleteUsers()->create())`
			`->deleteJson(route('api.users.destroy', $user->id))`
			`->assertOk()`
			`->assertStatus(200)`
			`->assertStatusMessageIs('error')`
			`->json();`
			`}`

Updated delete users API tests, moved non-API tests Signed-off-by: snipe <snipe@snipe.net> 2024-05-31 18:59:04 -07:00
			`public function testDisallowUserDeletionViaApiIfStillManagingPeople()`
			`{`
			`$manager = User::factory()->create();`
			`User::factory()->count(5)->create(['manager_id' => $manager->id]);`
			`$this->assertFalse($manager->isDeletable());`

			`$this->actingAsForApi(User::factory()->deleteUsers()->create())`
			`->deleteJson(route('api.users.destroy', $manager->id))`
			`->assertOk()`
			`->assertStatus(200)`
			`->assertStatusMessageIs('error')`
			`->json();`
			`}`

			`public function testDisallowUserDeletionViaApiIfStillManagingLocations()`
			`{`
			`$manager = User::factory()->create();`
			`Location::factory()->count(5)->create(['manager_id' => $manager->id]);`

			`$this->assertFalse($manager->isDeletable());`

			`$this->actingAsForApi(User::factory()->deleteUsers()->create())`
			`->deleteJson(route('api.users.destroy', $manager->id))`
			`->assertOk()`
			`->assertStatus(200)`
			`->assertStatusMessageIs('error')`
			`->json();`
			`}`

			`public function testDisallowUserDeletionViaApiIfStillHasLicenses()`
			`{`
			`$manager = User::factory()->create();`
			`LicenseSeat::factory()->count(5)->create(['assigned_to' => $manager->id]);`

			`$this->assertFalse($manager->isDeletable());`

			`$this->actingAsForApi(User::factory()->deleteUsers()->create())`
			`->deleteJson(route('api.users.destroy', $manager->id))`
			`->assertOk()`
			`->assertStatus(200)`
			`->assertStatusMessageIs('error')`
			`->json();`
			`}`

Breaking tests :( Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 11:33:44 -07:00			`public function testDeniedPermissionsForDeletingUserViaApi()`
Updated delete users API tests, moved non-API tests Signed-off-by: snipe <snipe@snipe.net> 2024-05-31 18:59:04 -07:00			`{`
			`$this->actingAsForApi(User::factory()->create())`
			`->deleteJson(route('api.users.destroy', User::factory()->create()))`
			`->assertStatus(403)`
			`->json();`
			`}`

Breaking tests :( Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 11:33:44 -07:00			`public function testSuccessPermissionsForDeletingUserViaApi()`
			`{`
			`$this->actingAsForApi(User::factory()->deleteUsers()->create())`
			`->deleteJson(route('api.users.destroy', User::factory()->create()))`
			`->assertOk()`
			`->assertStatus(200)`
			`->assertStatusMessageIs('success')`
			`->json();`
			`}`

Normalize the tests between UI and API Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 11:51:56 -07:00
Breaking tests :( Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 11:33:44 -07:00			`public function testPermissionsForDeletingIfNotInSameCompanyAndNotSuperadmin()`
Added company scoping test Signed-off-by: snipe <snipe@snipe.net> 2024-05-31 19:10:29 -07:00			`{`
			`$this->settings->enableMultipleFullCompanySupport();`

Normalize the tests between UI and API Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 11:51:56 -07:00			`[$companyA, $companyB] = Company::factory()->count(2)->create();`
Added company scoping test Signed-off-by: snipe <snipe@snipe.net> 2024-05-31 19:10:29 -07:00
Normalize the tests between UI and API Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 11:51:56 -07:00			`$superuser = User::factory()->superuser()->create();`
			`$userFromA = User::factory()->deleteUsers()->for($companyA)->create();`
			`$userFromB = User::factory()->deleteUsers()->for($companyB)->create();`
Breaking tests :( Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 11:33:44 -07:00
Normalize the tests between UI and API Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 11:51:56 -07:00			`$this->actingAsForApi($userFromA)`
			`->deleteJson(route('api.users.destroy', ['user' => $userFromB->id]))`
Fixed tests! And added more!! Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 12:07:46 -07:00			`->assertOk()`
			`->assertStatus(200)`
			`->assertStatusMessageIs('error')`
Added company scoping test Signed-off-by: snipe <snipe@snipe.net> 2024-05-31 19:10:29 -07:00			`->json();`

Fixed tests! And added more!! Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 12:07:46 -07:00			`$userFromB->refresh();`
			`$this->assertNull($userFromB->deleted_at);`

Normalize the tests between UI and API Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 11:51:56 -07:00			`$this->actingAsForApi($userFromB)`
			`->deleteJson(route('api.users.destroy', ['user' => $userFromA->id]))`
Fixed tests! And added more!! Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 12:07:46 -07:00			`->assertOk()`
			`->assertStatus(200)`
			`->assertStatusMessageIs('error')`
Added company scoping test Signed-off-by: snipe <snipe@snipe.net> 2024-05-31 19:10:29 -07:00			`->json();`

Fixed tests! And added more!! Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 12:07:46 -07:00			`$userFromA->refresh();`
			`$this->assertNull($userFromA->deleted_at);`

Normalize the tests between UI and API Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 11:51:56 -07:00			`$this->actingAsForApi($superuser)`
			`->deleteJson(route('api.users.destroy', ['user' => $userFromA->id]))`
Added company scoping test Signed-off-by: snipe <snipe@snipe.net> 2024-05-31 19:10:29 -07:00			`->assertOk()`
			`->assertStatus(200)`
			`->assertStatusMessageIs('success')`
			`->json();`

Fixed tests! And added more!! Signed-off-by: snipe <snipe@snipe.net> 2024-06-22 12:07:46 -07:00			`$userFromA->refresh();`
			`$this->assertNotNull($userFromA->deleted_at);`

Added company scoping test Signed-off-by: snipe <snipe@snipe.net> 2024-05-31 19:10:29 -07:00			`}`

MOAR TESTS Signed-off-by: snipe <snipe@snipe.net> 2024-05-31 20:01:09 -07:00			`public function testUsersCannotDeleteThemselves()`
			`{`
			`$user = User::factory()->deleteUsers()->create();`
			`$this->actingAsForApi($user)`
			`->deleteJson(route('api.users.destroy', $user))`
			`->assertOk()`
			`->assertStatus(200)`
			`->assertStatusMessageIs('error')`
			`->json();`

			`}`



Added company scoping test Signed-off-by: snipe <snipe@snipe.net> 2024-05-31 19:10:29 -07:00

Updated delete users API tests, moved non-API tests Signed-off-by: snipe <snipe@snipe.net> 2024-05-31 18:59:04 -07:00

			`}`