Add permissions checks to asset tests

Implement tests to ensure users without appropriate permissions are denied access to asset endpoints. Update tests to verify proper soft deletions and asset existence checks in delete scenarios.
2025-03-05 20:52:15 -08:00 · 2024-11-26 14:47:16 -06:00 · 2024-11-26 14:47:16 -06:00 · e056da6b2a
parent 09d4e0cb05
commit e056da6b2a
3 changed files with 32 additions and 0 deletions
--- a/tests/Feature/Assets/Ui/DeleteAssetTest.php
+++ b/tests/Feature/Assets/Ui/DeleteAssetTest.php
@ -16,6 +16,8 @@ class DeleteAssetTest extends TestCase
        $this->actingAs($user)
            ->delete(route('hardware.destroy', $asset))
            ->assertRedirect(route('hardware.index'));
+
+        $this->assertSoftDeleted($asset);
    }

    public function test_asset_cannot_be_deleted_without_permissions()
@ -26,6 +28,8 @@ class DeleteAssetTest extends TestCase
        $this->actingAs($user)
            ->delete(route('hardware.destroy', $asset))
            ->assertForbidden();
+
+        $this->assertModelExists($asset);
    }

 }
--- a/tests/Feature/Assets/Ui/EditAssetTest.php
+++ b/tests/Feature/Assets/Ui/EditAssetTest.php
@ -68,6 +68,19 @@ class EditAssetTest extends TestCase
        $this->assertDatabaseHas('assets', ['asset_tag' => 'New Asset Tag']);
    }

+    public function test_user_without_permission_is_denied()
+    {
+        $user = User::factory()->create();
+        $asset = Asset::factory()->create();
+
+        $this->actingAs($user)->put(route('hardware.update', $asset), [
+            'name'       => 'New name',
+            'asset_tags' => 'New Asset Tag',
+            'status_id'  => StatusLabel::factory()->create()->id,
+            'model_id'   => AssetModel::factory()->create()->id,
+        ])->assertForbidden();
+    }
+
    public function testNewCheckinIsLoggedIfStatusChangedToUndeployable()
    {
        Event::fake([CheckoutableCheckedIn::class]);
--- a/tests/Feature/Assets/Ui/StoreAssetTest.php
+++ b/tests/Feature/Assets/Ui/StoreAssetTest.php
@ -131,4 +131,19 @@ class StoreAssetTest extends TestCase
        $this->assertDatabaseHas('assets', array_merge($commonData, ['asset_tag' => 'TEST-ASSET-2', 'serial' => 'TEST-SERIAL-2', 'image' => $storedAsset2->image]));
    }

+    public function test_user_without_permission_denied()
+    {
+        $user = User::factory()->create();
+        $model = AssetModel::factory()->create();
+        $status = Statuslabel::factory()->readyToDeploy()->create();
+
+        $this->actingAs($user)->post(route('hardware.store'), [
+            'redirect_option' => 'index',
+            'name'            => 'Test Assets',
+            'model_id'        => $model->id,
+            'status_id'       => $status->id,
+            'asset_tags'      => ['', 'TEST-ASSET-1'],
+            'serials'         => ['', 'TEST-SERIAL-1'],
+        ])->assertForbidden();
+    }
 }