2024-05-31 18:59:04 -07:00
|
|
|
<?php
|
|
|
|
|
2024-06-04 10:48:53 -07:00
|
|
|
namespace Tests\Feature\Users\Api;
|
2024-05-31 18:59:04 -07:00
|
|
|
|
2024-05-31 19:10:29 -07:00
|
|
|
use App\Models\Company;
|
2024-06-04 10:48:53 -07:00
|
|
|
use App\Models\LicenseSeat;
|
2024-05-31 18:59:04 -07:00
|
|
|
use App\Models\Location;
|
|
|
|
use App\Models\User;
|
|
|
|
use Tests\TestCase;
|
|
|
|
|
2024-06-03 16:54:59 -07:00
|
|
|
class DeleteUserTest extends TestCase
|
2024-05-31 18:59:04 -07:00
|
|
|
{
|
2024-06-22 12:09:04 -07:00
|
|
|
public function testErrorReturnedViaApiIfUserDoesNotExist()
|
|
|
|
{
|
|
|
|
$this->actingAsForApi(User::factory()->deleteUsers()->create())
|
|
|
|
->deleteJson(route('api.users.destroy', 'invalid-id'))
|
|
|
|
->assertOk()
|
|
|
|
->assertStatus(200)
|
|
|
|
->assertStatusMessageIs('error')
|
|
|
|
->json();
|
|
|
|
}
|
2024-06-22 09:45:42 -07:00
|
|
|
|
2024-06-22 10:36:08 -07:00
|
|
|
public function testErrorReturnedViaApiIfUserIsAlreadyDeleted()
|
|
|
|
{
|
|
|
|
$user = User::factory()->deletedUser()->create();
|
|
|
|
$this->actingAsForApi(User::factory()->deleteUsers()->create())
|
|
|
|
->deleteJson(route('api.users.destroy', $user->id))
|
|
|
|
->assertOk()
|
|
|
|
->assertStatus(200)
|
|
|
|
->assertStatusMessageIs('error')
|
|
|
|
->json();
|
|
|
|
}
|
|
|
|
|
2024-05-31 18:59:04 -07:00
|
|
|
public function testDisallowUserDeletionViaApiIfStillManagingPeople()
|
|
|
|
{
|
|
|
|
$manager = User::factory()->create();
|
|
|
|
User::factory()->count(5)->create(['manager_id' => $manager->id]);
|
|
|
|
$this->assertFalse($manager->isDeletable());
|
|
|
|
|
|
|
|
$this->actingAsForApi(User::factory()->deleteUsers()->create())
|
|
|
|
->deleteJson(route('api.users.destroy', $manager->id))
|
|
|
|
->assertOk()
|
|
|
|
->assertStatus(200)
|
|
|
|
->assertStatusMessageIs('error')
|
|
|
|
->json();
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testDisallowUserDeletionViaApiIfStillManagingLocations()
|
|
|
|
{
|
|
|
|
$manager = User::factory()->create();
|
|
|
|
Location::factory()->count(5)->create(['manager_id' => $manager->id]);
|
|
|
|
|
|
|
|
$this->assertFalse($manager->isDeletable());
|
|
|
|
|
|
|
|
$this->actingAsForApi(User::factory()->deleteUsers()->create())
|
|
|
|
->deleteJson(route('api.users.destroy', $manager->id))
|
|
|
|
->assertOk()
|
|
|
|
->assertStatus(200)
|
|
|
|
->assertStatusMessageIs('error')
|
|
|
|
->json();
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testDisallowUserDeletionViaApiIfStillHasLicenses()
|
|
|
|
{
|
|
|
|
$manager = User::factory()->create();
|
|
|
|
LicenseSeat::factory()->count(5)->create(['assigned_to' => $manager->id]);
|
|
|
|
|
|
|
|
$this->assertFalse($manager->isDeletable());
|
|
|
|
|
|
|
|
$this->actingAsForApi(User::factory()->deleteUsers()->create())
|
|
|
|
->deleteJson(route('api.users.destroy', $manager->id))
|
|
|
|
->assertOk()
|
|
|
|
->assertStatus(200)
|
|
|
|
->assertStatusMessageIs('error')
|
|
|
|
->json();
|
|
|
|
}
|
|
|
|
|
2024-06-22 11:33:44 -07:00
|
|
|
public function testDeniedPermissionsForDeletingUserViaApi()
|
2024-05-31 18:59:04 -07:00
|
|
|
{
|
|
|
|
$this->actingAsForApi(User::factory()->create())
|
|
|
|
->deleteJson(route('api.users.destroy', User::factory()->create()))
|
|
|
|
->assertStatus(403)
|
|
|
|
->json();
|
|
|
|
}
|
|
|
|
|
2024-06-22 11:33:44 -07:00
|
|
|
public function testSuccessPermissionsForDeletingUserViaApi()
|
|
|
|
{
|
|
|
|
$this->actingAsForApi(User::factory()->deleteUsers()->create())
|
|
|
|
->deleteJson(route('api.users.destroy', User::factory()->create()))
|
|
|
|
->assertOk()
|
|
|
|
->assertStatus(200)
|
|
|
|
->assertStatusMessageIs('success')
|
|
|
|
->json();
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testPermissionsForDeletingIfNotInSameCompanyAndNotSuperadmin()
|
2024-05-31 19:10:29 -07:00
|
|
|
{
|
|
|
|
$this->settings->enableMultipleFullCompanySupport();
|
|
|
|
|
2024-06-22 11:51:56 -07:00
|
|
|
[$companyA, $companyB] = Company::factory()->count(2)->create();
|
2024-05-31 19:10:29 -07:00
|
|
|
|
2024-06-22 11:51:56 -07:00
|
|
|
$superuser = User::factory()->superuser()->create();
|
|
|
|
$userFromA = User::factory()->deleteUsers()->for($companyA)->create();
|
|
|
|
$userFromB = User::factory()->deleteUsers()->for($companyB)->create();
|
2024-06-22 11:33:44 -07:00
|
|
|
|
2024-06-22 11:51:56 -07:00
|
|
|
$this->actingAsForApi($userFromA)
|
|
|
|
->deleteJson(route('api.users.destroy', ['user' => $userFromB->id]))
|
2024-06-22 12:07:46 -07:00
|
|
|
->assertOk()
|
|
|
|
->assertStatus(200)
|
|
|
|
->assertStatusMessageIs('error')
|
2024-05-31 19:10:29 -07:00
|
|
|
->json();
|
|
|
|
|
2024-06-22 12:07:46 -07:00
|
|
|
$userFromB->refresh();
|
|
|
|
$this->assertNull($userFromB->deleted_at);
|
|
|
|
|
2024-06-22 11:51:56 -07:00
|
|
|
$this->actingAsForApi($userFromB)
|
|
|
|
->deleteJson(route('api.users.destroy', ['user' => $userFromA->id]))
|
2024-06-22 12:07:46 -07:00
|
|
|
->assertOk()
|
|
|
|
->assertStatus(200)
|
|
|
|
->assertStatusMessageIs('error')
|
2024-05-31 19:10:29 -07:00
|
|
|
->json();
|
|
|
|
|
2024-06-22 12:07:46 -07:00
|
|
|
$userFromA->refresh();
|
|
|
|
$this->assertNull($userFromA->deleted_at);
|
|
|
|
|
2024-06-22 11:51:56 -07:00
|
|
|
$this->actingAsForApi($superuser)
|
|
|
|
->deleteJson(route('api.users.destroy', ['user' => $userFromA->id]))
|
2024-05-31 19:10:29 -07:00
|
|
|
->assertOk()
|
|
|
|
->assertStatus(200)
|
|
|
|
->assertStatusMessageIs('success')
|
|
|
|
->json();
|
|
|
|
|
2024-06-22 12:07:46 -07:00
|
|
|
$userFromA->refresh();
|
|
|
|
$this->assertNotNull($userFromA->deleted_at);
|
|
|
|
|
2024-05-31 19:10:29 -07:00
|
|
|
}
|
|
|
|
|
2024-05-31 20:01:09 -07:00
|
|
|
public function testUsersCannotDeleteThemselves()
|
|
|
|
{
|
|
|
|
$user = User::factory()->deleteUsers()->create();
|
|
|
|
$this->actingAsForApi($user)
|
|
|
|
->deleteJson(route('api.users.destroy', $user))
|
|
|
|
->assertOk()
|
|
|
|
->assertStatus(200)
|
|
|
|
->assertStatusMessageIs('error')
|
|
|
|
->json();
|
|
|
|
|
|
|
|
}
|
2024-05-31 18:59:04 -07:00
|
|
|
}
|