Added API tests

Signed-off-by: snipe <snipe@snipe.net>
2024-09-19 23:37:38 -07:00 · 2024-06-12 11:58:12 +01:00 · 2024-06-12 11:58:12 +01:00 · 756a2ac25c
parent acaceb4103
commit 756a2ac25c
2 changed files with 54 additions and 1 deletions
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@ -415,7 +415,7 @@ class UsersController extends Controller
    {
        $this->authorize('view', User::class);

-        if ($user = User::withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count', 'managesUsers as manages_users_count', 'managedLocations as manages_locations_count')) {
+        if ($user = User::withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count', 'managesUsers as manages_users_count', 'managedLocations as manages_locations_count')->find($id)) {
            $this->authorize('view', $user);
            return (new UsersTransformer)->transformUser($user);
        }
--- a/tests/Feature/Users/Api/ViewUserTest.php
+++ b/tests/Feature/Users/Api/ViewUserTest.php
@ -0,0 +1,53 @@
+<?php
+
+namespace Tests\Feature\Users\Api;
+
+use App\Models\Company;
+use App\Models\User;
+use Illuminate\Testing\Fluent\AssertableJson;
+use Laravel\Passport\Passport;
+use Tests\TestCase;
+
+class ViewUserTest extends TestCase
+{
+
+        public function testCanReturnUser()
+    {
+        $user = User::factory()->create();
+
+        $this->actingAs(User::factory()->viewUsers()->create())
+            ->getJson(route('api.users.show', $user))
+            ->assertOk();
+    }
+
+    public function testUserWithoutCompanyPermissionsCannotDeleteUser()
+    {
+
+        $this->settings->enableMultipleFullCompanySupport();
+
+        [$companyA, $companyB] = Company::factory()->count(2)->create();
+
+        $superuser = User::factory()->superuser()->create();
+        $userFromA = User::factory()->for($companyA)->create();
+        $userFromB = User::factory()->for($companyB)->create();
+
+        $this->followingRedirects()->actingAsForApi(User::factory()->deleteUsers()->for($companyA)->create())
+            ->delete(route('users.destroy', ['user' => $userFromB->id]))
+            ->assertStatus(403);
+
+        $this->actingAs(User::factory()->deleteUsers()->for($companyA)->create())
+            ->delete(route('users.destroy', ['user' => $userFromA->id]))
+            ->assertStatus(302)
+            ->assertRedirect(route('users.index'));
+
+        $this->actingAs($superuser)
+            ->post(route('users.destroy', ['userId' => $userFromA->id]))
+            ->assertStatus(302);
+
+        $this->actingAs($superuser)
+            ->post(route('users.destroy', ['userId' => $userFromB->id]))
+            ->assertStatus(302);
+
+    }
+
+}