mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-26 22:19:41 -08:00
Minor updates to tests
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
parent
4450351b75
commit
0fc9fc7516
|
@ -71,56 +71,55 @@ class UpdateUserApiTest extends TestCase
|
||||||
$adminB = User::factory(['company_id' => $companyB->id])->admin()->create();
|
$adminB = User::factory(['company_id' => $companyB->id])->admin()->create();
|
||||||
$adminNoCompany = User::factory(['company_id' => null])->admin()->create();
|
$adminNoCompany = User::factory(['company_id' => null])->admin()->create();
|
||||||
|
|
||||||
// Create a user that belongs to company B
|
// Create users that belongs to company A and B and one that is unscoped
|
||||||
$userA = User::factory()->create(['activated' => true, 'company_id' => $companyA->id]);
|
$scoped_user_in_companyA = User::factory()->create(['activated' => true, 'company_id' => $companyA->id]);
|
||||||
$userB = User::factory()->create(['activated' => true, 'company_id' => $companyB->id]);
|
$scoped_user_in_companyB = User::factory()->create(['activated' => true, 'company_id' => $companyB->id]);
|
||||||
$userNoCompany = User::factory()->create(['activated' => true, 'company_id' => null]);
|
$scoped_user_in_no_company = User::factory()->create(['activated' => true, 'company_id' => null]);
|
||||||
|
|
||||||
// Admin for Company A should allow updating user from Company A
|
// Admin for Company A should allow updating user from Company A
|
||||||
$this->actingAsForApi($adminA)
|
$this->actingAsForApi($adminA)
|
||||||
->patchJson(route('api.users.update', $userA))
|
->patchJson(route('api.users.update', $scoped_user_in_companyA))
|
||||||
->assertStatus(200);
|
->assertStatus(200);
|
||||||
|
|
||||||
// Admin for Company A should get denied updating user from Company B
|
// Admin for Company A should get denied updating user from Company B
|
||||||
$this->actingAsForApi($adminA)
|
$this->actingAsForApi($adminA)
|
||||||
->patchJson(route('api.users.update', $userB))
|
->patchJson(route('api.users.update', $scoped_user_in_companyB))
|
||||||
->assertStatus(403);
|
->assertStatus(403);
|
||||||
|
|
||||||
// Admin for Company A should get denied updating user without a company
|
// Admin for Company A should get denied updating user without a company
|
||||||
$this->actingAsForApi($adminA)
|
$this->actingAsForApi($adminA)
|
||||||
->patchJson(route('api.users.update', $userNoCompany))
|
->patchJson(route('api.users.update', $scoped_user_in_no_company))
|
||||||
->assertStatus(403);
|
->assertStatus(403);
|
||||||
|
|
||||||
// Admin for Company B should allow updating user from Company B
|
// Admin for Company B should allow updating user from Company B
|
||||||
$this->actingAsForApi($adminB)
|
$this->actingAsForApi($adminB)
|
||||||
->patchJson(route('api.users.update', $userB))
|
->patchJson(route('api.users.update', $scoped_user_in_companyB))
|
||||||
->assertStatus(200);
|
->assertStatus(200);
|
||||||
|
|
||||||
// Admin for Company B should get denied updating user from Company A
|
// Admin for Company B should get denied updating user from Company A
|
||||||
$this->actingAsForApi($adminB)
|
$this->actingAsForApi($adminB)
|
||||||
->patchJson(route('api.users.update', $userA))
|
->patchJson(route('api.users.update', $scoped_user_in_companyA))
|
||||||
->assertStatus(403);
|
->assertStatus(403);
|
||||||
|
|
||||||
// Admin for Company B should get denied updating user without a company
|
// Admin for Company B should get denied updating user without a company
|
||||||
$this->actingAsForApi($adminB)
|
$this->actingAsForApi($adminB)
|
||||||
->patchJson(route('api.users.update', $userNoCompany))
|
->patchJson(route('api.users.update', $scoped_user_in_no_company))
|
||||||
->assertStatus(403);
|
->assertStatus(403);
|
||||||
|
|
||||||
// Admin without a company should allow updating user without a company
|
// Admin without a company should allow updating user without a company
|
||||||
$this->actingAsForApi($adminNoCompany)
|
$this->actingAsForApi($adminNoCompany)
|
||||||
->patchJson(route('api.users.update', $userNoCompany))
|
->patchJson(route('api.users.update', $scoped_user_in_no_company))
|
||||||
->assertStatus(200);
|
->assertStatus(200);
|
||||||
|
|
||||||
// Admin without a company should get denied updating user from Company A
|
// Admin without a company should get denied updating user from Company A
|
||||||
$this->actingAsForApi($adminNoCompany)
|
$this->actingAsForApi($adminNoCompany)
|
||||||
->patchJson(route('api.users.update', $userA))
|
->patchJson(route('api.users.update', $scoped_user_in_companyA))
|
||||||
->assertStatus(403);
|
->assertStatus(403);
|
||||||
|
|
||||||
// Admin without a company should get denied updating user from Company B
|
// Admin without a company should get denied updating user from Company B
|
||||||
$this->actingAsForApi($adminNoCompany)
|
$this->actingAsForApi($adminNoCompany)
|
||||||
->patchJson(route('api.users.update', $userB))
|
->patchJson(route('api.users.update', $scoped_user_in_companyB))
|
||||||
->assertStatus(403);
|
->assertStatus(403);
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue