From 3a05d72124f0964c59d990ba3ec9161e10cbc7e7 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Sat, 22 Jun 2024 20:35:40 +0100
Subject: [PATCH] Based restore API test

Signed-off-by: snipe <snipe@snipe.net>
---
 tests/Feature/Users/Api/RestoreUserTest.php | 109 ++++++++++++++++++++
 1 file changed, 109 insertions(+)
 create mode 100644 tests/Feature/Users/Api/RestoreUserTest.php

diff --git a/tests/Feature/Users/Api/RestoreUserTest.php b/tests/Feature/Users/Api/RestoreUserTest.php
new file mode 100644
index 0000000000..e73509a1ac
--- /dev/null
+++ b/tests/Feature/Users/Api/RestoreUserTest.php
@@ -0,0 +1,109 @@
+<?php
+
+namespace Tests\Feature\Users\Api;
+
+use App\Models\Company;
+use App\Models\LicenseSeat;
+use App\Models\Location;
+use App\Models\User;
+use Tests\TestCase;
+
+class RestoreUserTest extends TestCase
+{
+
+
+    public function testErrorReturnedViaApiIfUserDoesNotExist()
+    {
+        $this->actingAsForApi(User::factory()->deleteUsers()->create())
+            ->postJson(route('api.users.restore', 'invalid-id'))
+            ->assertOk()
+            ->assertStatus(200)
+            ->assertStatusMessageIs('error')
+            ->json();
+    }
+
+    public function testErrorReturnedViaApiIfUserIsNotDeleted()
+    {
+        $user = User::factory()->create();
+        $this->actingAsForApi(User::factory()->deleteUsers()->create())
+            ->postJson(route('api.users.restore', $user->id))
+            ->assertOk()
+            ->assertStatus(200)
+            ->assertStatusMessageIs('error')
+            ->json();
+    }
+
+
+    public function testDeniedPermissionsForRestoringUserViaApi()
+    {
+        $this->actingAsForApi(User::factory()->create())
+            ->postJson(route('api.users.restore', User::factory()->deletedUser()->create()))
+            ->assertStatus(403)
+            ->json();
+    }
+
+    public function testSuccessPermissionsForRestoringUserViaApi()
+    {
+        $deleted_user = User::factory()->deletedUser()->create();
+        \Log::warning($deleted_user);
+
+        $admin = User::factory()->deleteUsers()->create();
+        \Log::warning($admin->permissions);
+
+        $this->actingAsForApi($admin)
+            ->postJson(route('api.users.restore', ['user' => $deleted_user]))
+            ->assertOk()
+            ->assertStatus(200)
+            ->assertStatusMessageIs('success')
+            ->json();
+
+        $deleted_user->refresh();
+        $this->assertNull($deleted_user->deleted_at);
+    }
+
+    public function testPermissionsForRestoringIfNotInSameCompanyAndNotSuperadmin()
+    {
+        $this->settings->enableMultipleFullCompanySupport();
+
+        [$companyA, $companyB] = Company::factory()->count(2)->create();
+
+        $superuser = User::factory()->superuser()->create();
+        $userFromA = User::factory()->deletedUser()->deleteUsers()->for($companyA)->create();
+        $userFromB = User::factory()->deletedUser()->deleteUsers()->for($companyB)->create();
+
+        $this->actingAsForApi($userFromA)
+            ->postJson(route('api.users.restore', ['user' => $userFromB->id]))
+            ->assertOk()
+            ->assertStatus(200)
+            ->assertStatusMessageIs('error')
+            ->json();
+
+        $userFromB->refresh();
+        $this->assertNotNull($userFromB->deleted_at);
+
+        $this->actingAsForApi($userFromB)
+            ->postJson(route('api.users.restore', ['user' => $userFromA->id]))
+            ->assertOk()
+            ->assertStatus(200)
+            ->assertStatusMessageIs('error')
+            ->json();
+
+        $userFromA->refresh();
+        $this->assertNotNull($userFromA->deleted_at);
+
+        $this->actingAsForApi($superuser)
+            ->postJson(route('api.users.restore', ['user' => $userFromA->id]))
+            ->assertOk()
+            ->assertStatus(200)
+            ->assertStatusMessageIs('success')
+            ->json();
+
+        $userFromA->refresh();
+        $this->assertNull($userFromA->deleted_at);
+
+    }
+
+
+
+
+}