settings->enableMultipleFullCompanySupport(); [$companyA, $companyB] = Company::factory()->count(2)->create(); $superuser = User::factory()->superuser()->create(); $user = User::factory()->for($companyB)->create(); $this->actingAs(User::factory()->editUsers()->for($companyA)->create()) ->get(route('users.show', ['user' => $user->id])) ->assertStatus(403); $this->actingAs($superuser) ->get(route('users.show', ['user' => $user->id])) ->assertOk() ->assertStatus(200); } public function testUserWithoutPermissionsCannotViewPrintAllInventoryPage() { $this->settings->enableMultipleFullCompanySupport(); //$this->withoutExceptionHandling(); [$companyA, $companyB] = Company::factory()->count(2)->create(); $superuser = User::factory()->superuser()->create(); $user = User::factory()->for($companyB)->create(); $this->actingAs(User::factory()->viewUsers()->for($companyA)->create()) ->get(route('users.print', ['userId' => $user->id])) ->assertStatus(403); $this->actingAs(User::factory()->viewUsers()->for($companyB)->create()) ->get(route('users.print', ['userId' => $user->id])) ->assertStatus(200); $this->actingAs($superuser) ->get(route('users.print', ['userId' => $user->id])) ->assertOk() ->assertStatus(200); } public function testUserWithoutPermissionsCannotSendInventory() { Notification::fake(); $this->settings->enableMultipleFullCompanySupport(); [$companyA, $companyB] = Company::factory()->count(2)->create(); $superuser = User::factory()->superuser()->create(); $user = User::factory()->for($companyB)->create(); $this->actingAs(User::factory()->viewUsers()->for($companyA)->create()) ->post(route('users.email', ['userId' => $user->id])) ->assertStatus(403); $this->actingAs(User::factory()->viewUsers()->for($companyB)->create()) ->post(route('users.email', ['userId' => $user->id])) ->assertStatus(302); $this->actingAs($superuser) ->post(route('users.email', ['userId' => $user->id])) ->assertStatus(302); Notification::assertSentTo( [$user], CurrentInventory::class ); } public function testUserWithoutPermissionsCannotDeleteUser() { $this->settings->enableMultipleFullCompanySupport(); [$companyA, $companyB] = Company::factory()->count(2)->create(); $superuser = User::factory()->superuser()->create(); $userFromA = User::factory()->for($companyA)->create(); $userFromB = User::factory()->for($companyB)->create(); $this->followingRedirects()->actingAs(User::factory()->deleteUsers()->for($companyA)->create()) ->delete(route('users.destroy', ['user' => $userFromB->id])) ->assertStatus(403); $this->actingAs(User::factory()->deleteUsers()->for($companyA)->create()) ->delete(route('users.destroy', ['user' => $userFromA->id])) ->assertStatus(302) ->assertRedirect(route('users.index')); } }