diff --git a/tests/Feature/Api/Users/UpdateUserApiTest.php b/tests/Feature/Api/Users/UpdateUserApiTest.php index f5bd5d1e83..af5d42e64b 100644 --- a/tests/Feature/Api/Users/UpdateUserApiTest.php +++ b/tests/Feature/Api/Users/UpdateUserApiTest.php @@ -179,7 +179,6 @@ class UpdateUserApiTest extends TestCase public function testNonSuperuserCannotUpdateOwnGroups() { $groupToJoin = Group::factory()->create(); - $user = User::factory()->editUsers()->create(); $this->actingAsForApi($user) @@ -187,7 +186,6 @@ class UpdateUserApiTest extends TestCase 'groups' => [$groupToJoin->id], ]); - $this->assertFalse($user->refresh()->groups->contains($groupToJoin), 'Non-super-user was able to modify user group' ); @@ -229,4 +227,22 @@ class UpdateUserApiTest extends TestCase $this->assertTrue($user->refresh()->groups->contains($group)); } + public function testMultipleGroupsUpdateBySuperUser() + { + $user = User::factory()->create(); + $superUser = User::factory()->superuser()->create(); + + $groupA = Group::factory()->create(['name'=>'Group A']); + $groupB = Group::factory()->create(['name'=>'Group B']); + + $response = $this->actingAsForApi($superUser) + ->patchJson(route('api.users.update', $user), [ + 'groups' => [$groupA->id, $groupB->id], + ])->json(); + + \Log::error($response); + $this->assertTrue($user->refresh()->groups->contains($groupA)); + $this->assertTrue($user->refresh()->groups->contains($groupB)); + } + }