mirror of
https://github.com/snipe/snipe-it.git
synced 2025-01-12 14:27:33 -08:00
Added company scoping test
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
parent
03b0268dc2
commit
52af8afac2
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
namespace Tests\Feature\Api\Users;
|
namespace Tests\Feature\Api\Users;
|
||||||
|
|
||||||
|
use App\Models\Asset;
|
||||||
|
use App\Models\Company;
|
||||||
use App\Models\Location;
|
use App\Models\Location;
|
||||||
use App\Models\User;
|
use App\Models\User;
|
||||||
use App\Models\LicenseSeat;
|
use App\Models\LicenseSeat;
|
||||||
|
@ -64,6 +66,36 @@ class DeleteUsersTest extends TestCase
|
||||||
->json();
|
->json();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testDisallowUserDeletionIfNotInSameCompanyIfNotSuperadmin()
|
||||||
|
{
|
||||||
|
$this->settings->enableMultipleFullCompanySupport();
|
||||||
|
[$companyA, $companyB] = Company::factory()->count(2)->create();
|
||||||
|
|
||||||
|
$superUser = $companyA->users()->save(User::factory()->superuser()->make());
|
||||||
|
$userInCompanyA = $companyA->users()->save(User::factory()->deleteUsers()->make());
|
||||||
|
$userInCompanyB = $companyB->users()->save(User::factory()->deleteUsers()->make());
|
||||||
|
|
||||||
|
$this->actingAsForApi($userInCompanyA)
|
||||||
|
->deleteJson(route('api.users.destroy', $userInCompanyB))
|
||||||
|
->assertStatus(403)
|
||||||
|
->json();
|
||||||
|
|
||||||
|
$this->actingAsForApi($userInCompanyB)
|
||||||
|
->deleteJson(route('api.users.destroy', $userInCompanyA))
|
||||||
|
->assertStatus(403)
|
||||||
|
->json();
|
||||||
|
|
||||||
|
$this->actingAsForApi($superUser)
|
||||||
|
->deleteJson(route('api.users.destroy', $userInCompanyA))
|
||||||
|
->assertOk()
|
||||||
|
->assertStatus(200)
|
||||||
|
->assertStatusMessageIs('success')
|
||||||
|
->json();
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue