snipe-it/tests/Feature/Users/Api/ViewUserTest.php
snipe 756a2ac25c Added API tests
Signed-off-by: snipe <snipe@snipe.net>
2024-06-12 11:58:12 +01:00

54 lines
1.6 KiB
PHP

<?php
namespace Tests\Feature\Users\Api;
use App\Models\Company;
use App\Models\User;
use Illuminate\Testing\Fluent\AssertableJson;
use Laravel\Passport\Passport;
use Tests\TestCase;
class ViewUserTest extends TestCase
{
public function testCanReturnUser()
{
$user = User::factory()->create();
$this->actingAs(User::factory()->viewUsers()->create())
->getJson(route('api.users.show', $user))
->assertOk();
}
public function testUserWithoutCompanyPermissionsCannotDeleteUser()
{
$this->settings->enableMultipleFullCompanySupport();
[$companyA, $companyB] = Company::factory()->count(2)->create();
$superuser = User::factory()->superuser()->create();
$userFromA = User::factory()->for($companyA)->create();
$userFromB = User::factory()->for($companyB)->create();
$this->followingRedirects()->actingAsForApi(User::factory()->deleteUsers()->for($companyA)->create())
->delete(route('users.destroy', ['user' => $userFromB->id]))
->assertStatus(403);
$this->actingAs(User::factory()->deleteUsers()->for($companyA)->create())
->delete(route('users.destroy', ['user' => $userFromA->id]))
->assertStatus(302)
->assertRedirect(route('users.index'));
$this->actingAs($superuser)
->post(route('users.destroy', ['userId' => $userFromA->id]))
->assertStatus(302);
$this->actingAs($superuser)
->post(route('users.destroy', ['userId' => $userFromB->id]))
->assertStatus(302);
}
}