snipe-it/tests/Feature/Api/Users/UpdateUserApiTest.php

<?php

namespace Tests\Feature\Api\Users;

use App\Models\Company;
use App\Models\User;
use Tests\TestCase;

class UpdateUserApiTest extends TestCase
{
    public function testApiUsersCanBeActivatedWithNumber()
    {
        $admin = User::factory()->superuser()->create();
        $user = User::factory()->create(['activated' => 0]);

        $this->actingAsForApi($admin)
            ->patch(route('api.users.update', $user), [
                'activated' => 1,
            ]);

        $this->assertEquals(1, $user->refresh()->activated);
    }

    public function testApiUsersCanBeActivatedWithBooleanTrue()
    {
        $admin = User::factory()->superuser()->create();
        $user = User::factory()->create(['activated' => false]);

        $this->actingAsForApi($admin)
            ->patch(route('api.users.update', $user), [
                'activated' => true,
            ]);

        $this->assertEquals(1, $user->refresh()->activated);
    }

    public function testApiUsersCanBeDeactivatedWithNumber()
    {
        $admin = User::factory()->superuser()->create();
        $user = User::factory()->create(['activated' => true]);

        $this->actingAsForApi($admin)
            ->patch(route('api.users.update', $user), [
                'activated' => 0,
            ]);

        $this->assertEquals(0, $user->refresh()->activated);
    }

    public function testApiUsersCanBeDeactivatedWithBooleanFalse()
    {
        $admin = User::factory()->superuser()->create();
        $user = User::factory()->create(['activated' => true]);

        $this->actingAsForApi($admin)
            ->patch(route('api.users.update', $user), [
                'activated' => false,
            ]);

        $this->assertEquals(0, $user->refresh()->activated);
    }

    public function testUsersScopedToCompanyDuringUpdateWhenMultipleFullCompanySupportEnabled()
    {
        $this->settings->enableMultipleFullCompanySupport();

        $companyA = Company::factory()->create(['name'=>'Company A']);
        $companyB = Company::factory()->create(['name'=>'Company B']);

        $adminA = User::factory(['company_id' => $companyA->id])->admin()->create();
        $adminB = User::factory(['company_id' => $companyB->id])->admin()->create();
        $adminNoCompany = User::factory(['company_id' => null])->admin()->create();

        // Create a user that belongs to company B
        $userA = User::factory()->create(['activated' => true, 'company_id' => $companyA->id]);
        $userB = User::factory()->create(['activated' => true, 'company_id' => $companyB->id]);
        $userNoCompany = User::factory()->create(['activated' => true, 'company_id' => null]);

        // Admin for Company A should allow updating user from Company A
        $this->actingAsForApi($adminA)
            ->patchJson(route('api.users.update', $userA))
            ->assertStatus(200);

        // Admin for Company A should get denied updating user from Company B
        $this->actingAsForApi($adminA)
            ->patchJson(route('api.users.update', $userB))
            ->assertStatus(403);

        // Admin for Company A should get denied updating user without a company
        $this->actingAsForApi($adminA)
            ->patchJson(route('api.users.update', $userNoCompany))
            ->assertStatus(403);

        // Admin for Company B should allow updating user from Company B
        $this->actingAsForApi($adminB)
            ->patchJson(route('api.users.update', $userB))
            ->assertStatus(200);

        // Admin for Company B should get denied updating user from Company A
        $this->actingAsForApi($adminB)
            ->patchJson(route('api.users.update', $userA))
            ->assertStatus(403);

        // Admin for Company B should get denied updating user without a company
        $this->actingAsForApi($adminB)
            ->patchJson(route('api.users.update', $userNoCompany))
            ->assertStatus(403);

        // Admin without a company should allow updating user without a company
        $this->actingAsForApi($adminNoCompany)
            ->patchJson(route('api.users.update', $userNoCompany))
            ->assertStatus(200);

        // Admin without a company should get denied updating user from Company A
        $this->actingAsForApi($adminNoCompany)
            ->patchJson(route('api.users.update', $userA))
            ->assertStatus(403);

        // Admin without a company should get denied updating user from Company B
        $this->actingAsForApi($adminNoCompany)
            ->patchJson(route('api.users.update', $userB))
            ->assertStatus(403);


    }
}
Added tests Signed-off-by: snipe <snipe@snipe.net> 2023-08-30 11:13:38 -07:00			`<?php`

			`namespace Tests\Feature\Api\Users;`

Added API tests Signed-off-by: snipe <snipe@snipe.net> 2024-04-17 02:47:48 -07:00			`use App\Models\Company;`
Added tests Signed-off-by: snipe <snipe@snipe.net> 2023-08-30 11:13:38 -07:00			`use App\Models\User;`
			`use Tests\TestCase;`

			`class UpdateUserApiTest extends TestCase`
			`{`
			`public function testApiUsersCanBeActivatedWithNumber()`
			`{`
			`$admin = User::factory()->superuser()->create();`
			`$user = User::factory()->create(['activated' => 0]);`

			`$this->actingAsForApi($admin)`
			`->patch(route('api.users.update', $user), [`
			`'activated' => 1,`
			`]);`

			`$this->assertEquals(1, $user->refresh()->activated);`
			`}`

			`public function testApiUsersCanBeActivatedWithBooleanTrue()`
			`{`
			`$admin = User::factory()->superuser()->create();`
			`$user = User::factory()->create(['activated' => false]);`

			`$this->actingAsForApi($admin)`
			`->patch(route('api.users.update', $user), [`
			`'activated' => true,`
			`]);`

			`$this->assertEquals(1, $user->refresh()->activated);`
			`}`

			`public function testApiUsersCanBeDeactivatedWithNumber()`
			`{`
			`$admin = User::factory()->superuser()->create();`
			`$user = User::factory()->create(['activated' => true]);`

			`$this->actingAsForApi($admin)`
			`->patch(route('api.users.update', $user), [`
			`'activated' => 0,`
			`]);`

			`$this->assertEquals(0, $user->refresh()->activated);`
			`}`

			`public function testApiUsersCanBeDeactivatedWithBooleanFalse()`
			`{`
			`$admin = User::factory()->superuser()->create();`
			`$user = User::factory()->create(['activated' => true]);`

			`$this->actingAsForApi($admin)`
			`->patch(route('api.users.update', $user), [`
			`'activated' => false,`
			`]);`

			`$this->assertEquals(0, $user->refresh()->activated);`
			`}`
Added API tests Signed-off-by: snipe <snipe@snipe.net> 2024-04-17 02:47:48 -07:00
			`public function testUsersScopedToCompanyDuringUpdateWhenMultipleFullCompanySupportEnabled()`
			`{`
			`$this->settings->enableMultipleFullCompanySupport();`

			`$companyA = Company::factory()->create(['name'=>'Company A']);`
			`$companyB = Company::factory()->create(['name'=>'Company B']);`

			`$adminA = User::factory(['company_id' => $companyA->id])->admin()->create();`
			`$adminB = User::factory(['company_id' => $companyB->id])->admin()->create();`
			`$adminNoCompany = User::factory(['company_id' => null])->admin()->create();`

			`// Create a user that belongs to company B`
			`$userA = User::factory()->create(['activated' => true, 'company_id' => $companyA->id]);`
			`$userB = User::factory()->create(['activated' => true, 'company_id' => $companyB->id]);`
			`$userNoCompany = User::factory()->create(['activated' => true, 'company_id' => null]);`

			`// Admin for Company A should allow updating user from Company A`
			`$this->actingAsForApi($adminA)`
			`->patchJson(route('api.users.update', $userA))`
			`->assertStatus(200);`

			`// Admin for Company A should get denied updating user from Company B`
			`$this->actingAsForApi($adminA)`
			`->patchJson(route('api.users.update', $userB))`
			`->assertStatus(403);`

			`// Admin for Company A should get denied updating user without a company`
			`$this->actingAsForApi($adminA)`
			`->patchJson(route('api.users.update', $userNoCompany))`
			`->assertStatus(403);`

			`// Admin for Company B should allow updating user from Company B`
			`$this->actingAsForApi($adminB)`
			`->patchJson(route('api.users.update', $userB))`
			`->assertStatus(200);`

			`// Admin for Company B should get denied updating user from Company A`
			`$this->actingAsForApi($adminB)`
			`->patchJson(route('api.users.update', $userA))`
			`->assertStatus(403);`

			`// Admin for Company B should get denied updating user without a company`
			`$this->actingAsForApi($adminB)`
			`->patchJson(route('api.users.update', $userNoCompany))`
			`->assertStatus(403);`

			`// Admin without a company should allow updating user without a company`
			`$this->actingAsForApi($adminNoCompany)`
			`->patchJson(route('api.users.update', $userNoCompany))`
			`->assertStatus(200);`

			`// Admin without a company should get denied updating user from Company A`
			`$this->actingAsForApi($adminNoCompany)`
			`->patchJson(route('api.users.update', $userA))`
			`->assertStatus(403);`

			`// Admin without a company should get denied updating user from Company B`
			`$this->actingAsForApi($adminNoCompany)`
			`->patchJson(route('api.users.update', $userB))`
			`->assertStatus(403);`


			`}`
Added tests Signed-off-by: snipe <snipe@snipe.net> 2023-08-30 11:13:38 -07:00			`}`