2023-08-30 11:13:38 -07:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace Tests\Feature\Api\Users;
|
|
|
|
|
2024-04-17 02:47:48 -07:00
|
|
|
use App\Models\Company;
|
2023-08-30 11:13:38 -07:00
|
|
|
use App\Models\User;
|
|
|
|
use Tests\TestCase;
|
|
|
|
|
|
|
|
class UpdateUserApiTest extends TestCase
|
|
|
|
{
|
|
|
|
public function testApiUsersCanBeActivatedWithNumber()
|
|
|
|
{
|
|
|
|
$admin = User::factory()->superuser()->create();
|
|
|
|
$user = User::factory()->create(['activated' => 0]);
|
|
|
|
|
|
|
|
$this->actingAsForApi($admin)
|
|
|
|
->patch(route('api.users.update', $user), [
|
|
|
|
'activated' => 1,
|
|
|
|
]);
|
|
|
|
|
|
|
|
$this->assertEquals(1, $user->refresh()->activated);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testApiUsersCanBeActivatedWithBooleanTrue()
|
|
|
|
{
|
|
|
|
$admin = User::factory()->superuser()->create();
|
|
|
|
$user = User::factory()->create(['activated' => false]);
|
|
|
|
|
|
|
|
$this->actingAsForApi($admin)
|
|
|
|
->patch(route('api.users.update', $user), [
|
|
|
|
'activated' => true,
|
|
|
|
]);
|
|
|
|
|
|
|
|
$this->assertEquals(1, $user->refresh()->activated);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testApiUsersCanBeDeactivatedWithNumber()
|
|
|
|
{
|
|
|
|
$admin = User::factory()->superuser()->create();
|
|
|
|
$user = User::factory()->create(['activated' => true]);
|
|
|
|
|
|
|
|
$this->actingAsForApi($admin)
|
|
|
|
->patch(route('api.users.update', $user), [
|
|
|
|
'activated' => 0,
|
|
|
|
]);
|
|
|
|
|
|
|
|
$this->assertEquals(0, $user->refresh()->activated);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testApiUsersCanBeDeactivatedWithBooleanFalse()
|
|
|
|
{
|
|
|
|
$admin = User::factory()->superuser()->create();
|
|
|
|
$user = User::factory()->create(['activated' => true]);
|
|
|
|
|
|
|
|
$this->actingAsForApi($admin)
|
|
|
|
->patch(route('api.users.update', $user), [
|
|
|
|
'activated' => false,
|
|
|
|
]);
|
|
|
|
|
|
|
|
$this->assertEquals(0, $user->refresh()->activated);
|
|
|
|
}
|
2024-04-17 02:47:48 -07:00
|
|
|
|
|
|
|
public function testUsersScopedToCompanyDuringUpdateWhenMultipleFullCompanySupportEnabled()
|
|
|
|
{
|
|
|
|
$this->settings->enableMultipleFullCompanySupport();
|
|
|
|
|
|
|
|
$companyA = Company::factory()->create(['name'=>'Company A']);
|
|
|
|
$companyB = Company::factory()->create(['name'=>'Company B']);
|
|
|
|
|
|
|
|
$adminA = User::factory(['company_id' => $companyA->id])->admin()->create();
|
|
|
|
$adminB = User::factory(['company_id' => $companyB->id])->admin()->create();
|
|
|
|
$adminNoCompany = User::factory(['company_id' => null])->admin()->create();
|
|
|
|
|
2024-04-17 12:29:01 -07:00
|
|
|
// Create users that belongs to company A and B and one that is unscoped
|
2024-04-17 12:29:51 -07:00
|
|
|
$scoped_user_in_companyA = User::factory()->create(['company_id' => $companyA->id]);
|
|
|
|
$scoped_user_in_companyB = User::factory()->create(['company_id' => $companyB->id]);
|
|
|
|
$scoped_user_in_no_company = User::factory()->create(['company_id' => null]);
|
2024-04-17 02:47:48 -07:00
|
|
|
|
|
|
|
// Admin for Company A should allow updating user from Company A
|
|
|
|
$this->actingAsForApi($adminA)
|
2024-04-17 12:29:01 -07:00
|
|
|
->patchJson(route('api.users.update', $scoped_user_in_companyA))
|
2024-04-17 02:47:48 -07:00
|
|
|
->assertStatus(200);
|
|
|
|
|
|
|
|
// Admin for Company A should get denied updating user from Company B
|
|
|
|
$this->actingAsForApi($adminA)
|
2024-04-17 12:29:01 -07:00
|
|
|
->patchJson(route('api.users.update', $scoped_user_in_companyB))
|
2024-04-17 02:47:48 -07:00
|
|
|
->assertStatus(403);
|
|
|
|
|
|
|
|
// Admin for Company A should get denied updating user without a company
|
|
|
|
$this->actingAsForApi($adminA)
|
2024-04-17 12:29:01 -07:00
|
|
|
->patchJson(route('api.users.update', $scoped_user_in_no_company))
|
2024-04-17 02:47:48 -07:00
|
|
|
->assertStatus(403);
|
|
|
|
|
|
|
|
// Admin for Company B should allow updating user from Company B
|
|
|
|
$this->actingAsForApi($adminB)
|
2024-04-17 12:29:01 -07:00
|
|
|
->patchJson(route('api.users.update', $scoped_user_in_companyB))
|
2024-04-17 02:47:48 -07:00
|
|
|
->assertStatus(200);
|
|
|
|
|
|
|
|
// Admin for Company B should get denied updating user from Company A
|
|
|
|
$this->actingAsForApi($adminB)
|
2024-04-17 12:29:01 -07:00
|
|
|
->patchJson(route('api.users.update', $scoped_user_in_companyA))
|
2024-04-17 02:47:48 -07:00
|
|
|
->assertStatus(403);
|
|
|
|
|
|
|
|
// Admin for Company B should get denied updating user without a company
|
|
|
|
$this->actingAsForApi($adminB)
|
2024-04-17 12:29:01 -07:00
|
|
|
->patchJson(route('api.users.update', $scoped_user_in_no_company))
|
2024-04-17 02:47:48 -07:00
|
|
|
->assertStatus(403);
|
|
|
|
|
|
|
|
// Admin without a company should allow updating user without a company
|
|
|
|
$this->actingAsForApi($adminNoCompany)
|
2024-04-17 12:29:01 -07:00
|
|
|
->patchJson(route('api.users.update', $scoped_user_in_no_company))
|
2024-04-17 02:47:48 -07:00
|
|
|
->assertStatus(200);
|
|
|
|
|
|
|
|
// Admin without a company should get denied updating user from Company A
|
|
|
|
$this->actingAsForApi($adminNoCompany)
|
2024-04-17 12:29:01 -07:00
|
|
|
->patchJson(route('api.users.update', $scoped_user_in_companyA))
|
2024-04-17 02:47:48 -07:00
|
|
|
->assertStatus(403);
|
|
|
|
|
|
|
|
// Admin without a company should get denied updating user from Company B
|
|
|
|
$this->actingAsForApi($adminNoCompany)
|
2024-04-17 12:29:01 -07:00
|
|
|
->patchJson(route('api.users.update', $scoped_user_in_companyB))
|
2024-04-17 02:47:48 -07:00
|
|
|
->assertStatus(403);
|
|
|
|
|
|
|
|
}
|
2023-08-30 11:13:38 -07:00
|
|
|
}
|