DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-03-05 20:52:15 -08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Add two test cases

Browse source
This commit is contained in:
Marcus Moore 2024-04-17 15:23:26 -07:00
parent 6f195cb8ec
commit 1d64692fd6
No known key found for this signature in database
1 changed files with 53 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
tests/Feature/Api/Users/UpdateUserApiTest.php
View file

@ -3,6 +3,7 @@
namespace Tests\Feature\Api\Users; namespace Tests\Feature\Api\Users;
use App\Models\Company; use App\Models\Company;
use App\Models\Group;
use App\Models\User; use App\Models\User;
use Tests\TestCase; use Tests\TestCase;
@ -120,6 +121,58 @@ class UpdateUserApiTest extends TestCase
$this->actingAsForApi($adminNoCompany) $this->actingAsForApi($adminNoCompany)
->patchJson(route('api.users.update', $scoped_user_in_companyB)) ->patchJson(route('api.users.update', $scoped_user_in_companyB))
->assertStatus(403); ->assertStatus(403);
}
public function testUserGroupsAreOnlyUpdatedIfAuthenticatedUserIsSuperUser()
{
$groupToJoin = Group::factory()->create();
$normalUser = User::factory()->editUsers()->create();
$superUser = User::factory()->superuser()->create();
$oneUserToUpdate = User::factory()->create();
$anotherUserToUpdate = User::factory()->create();
$this->actingAsForApi($normalUser)
->patchJson(route('api.users.update', $oneUserToUpdate), [
'groups' => [$groupToJoin->id],
]);
$this->actingAsForApi($superUser)
->patchJson(route('api.users.update', $anotherUserToUpdate), [
'groups' => [$groupToJoin->id],
]);
$this->assertFalse(
$oneUserToUpdate->refresh()->groups->contains($groupToJoin),
'Non-super-user was able to modify user group'
);
$this->assertTrue($anotherUserToUpdate->refresh()->groups->contains($groupToJoin));
}
public function testUserGroupsCanBeClearedBySuperUser()
{
$normalUser = User::factory()->editUsers()->create();
$superUser = User::factory()->superuser()->create();
$oneUserToUpdate = User::factory()->create();
$anotherUserToUpdate = User::factory()->create();
$joinedGroup = Group::factory()->create();
$oneUserToUpdate->groups()->sync([$joinedGroup->id]);
$anotherUserToUpdate->groups()->sync([$joinedGroup->id]);
$this->actingAsForApi($normalUser)
->patchJson(route('api.users.update', $oneUserToUpdate), [
'groups' => null,
]);
$this->actingAsForApi($superUser)
->patchJson(route('api.users.update', $anotherUserToUpdate), [
'groups' => null,
]);
$this->assertTrue($oneUserToUpdate->refresh()->groups->contains($joinedGroup));
$this->assertFalse($anotherUserToUpdate->refresh()->groups->contains($joinedGroup));
} }
} }