From af77fefc61f09fe420a65f6232eefcdb408514b1 Mon Sep 17 00:00:00 2001 From: Marcus Moore Date: Wed, 21 Jun 2023 16:19:56 -0700 Subject: [PATCH] Scaffold test before removing scopeCompanyables call from AssetsController --- tests/Feature/Api/Assets/AssetIndexTest.php | 49 +++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/tests/Feature/Api/Assets/AssetIndexTest.php b/tests/Feature/Api/Assets/AssetIndexTest.php index 3618c6e01e..9ca415c74d 100644 --- a/tests/Feature/Api/Assets/AssetIndexTest.php +++ b/tests/Feature/Api/Assets/AssetIndexTest.php @@ -3,14 +3,17 @@ namespace Tests\Feature\Api\Assets; use App\Models\Asset; +use App\Models\Company; use App\Models\User; use Illuminate\Testing\Fluent\AssertableJson; use Laravel\Passport\Passport; +use Tests\Support\InteractsWithResponses; use Tests\Support\InteractsWithSettings; use Tests\TestCase; class AssetIndexTest extends TestCase { + use InteractsWithResponses; use InteractsWithSettings; public function testAssetIndexReturnsExpectedAssets() @@ -32,4 +35,50 @@ class AssetIndexTest extends TestCase ]) ->assertJson(fn(AssertableJson $json) => $json->has('rows', 3)->etc()); } + + public function testAssetIndexAdheresToCompanyScoping() + { + [$companyA, $companyB] = Company::factory()->count(2)->create(); + + $assetA = Asset::factory()->for($companyA)->create(); + $assetB = Asset::factory()->for($companyB)->create(); + + $superUser = $companyA->users()->save(User::factory()->superuser()->make()); + $userInCompanyA = $companyA->users()->save(User::factory()->viewAssets()->make()); + $userInCompanyB = $companyB->users()->save(User::factory()->viewAssets()->make()); + + $this->settings->disableMultipleFullCompanySupport(); + + Passport::actingAs($superUser); + $response = $this->getJson(route('api.assets.index')); + $this->assertResponseContainsInRows($response, $assetA, 'asset_tag'); + $this->assertResponseContainsInRows($response, $assetB, 'asset_tag'); + + Passport::actingAs($userInCompanyA); + $response = $this->getJson(route('api.assets.index')); + $this->assertResponseContainsInRows($response, $assetA, 'asset_tag'); + $this->assertResponseContainsInRows($response, $assetB, 'asset_tag'); + + Passport::actingAs($userInCompanyB); + $response = $this->getJson(route('api.assets.index')); + $this->assertResponseContainsInRows($response, $assetA, 'asset_tag'); + $this->assertResponseContainsInRows($response, $assetB, 'asset_tag'); + + $this->settings->enableMultipleFullCompanySupport(); + + Passport::actingAs($superUser); + $response = $this->getJson(route('api.assets.index')); + $this->assertResponseContainsInRows($response, $assetA, 'asset_tag'); + $this->assertResponseContainsInRows($response, $assetB, 'asset_tag'); + + Passport::actingAs($userInCompanyA); + $response = $this->getJson(route('api.assets.index')); + $this->assertResponseContainsInRows($response, $assetA, 'asset_tag'); + $this->assertResponseDoesNotContainInRows($response, $assetB, 'asset_tag'); + + Passport::actingAs($userInCompanyB); + $response = $this->getJson(route('api.assets.index')); + $this->assertResponseDoesNotContainInRows($response, $assetA, 'asset_tag'); + $this->assertResponseContainsInRows($response, $assetB, 'asset_tag'); + } }