mirror of
https://github.com/snipe/snipe-it.git
synced 2024-11-14 09:34:10 -08:00
95 lines
3.3 KiB
PHP
95 lines
3.3 KiB
PHP
<?php
|
|
|
|
namespace Tests\Feature\Api\Departments;
|
|
|
|
use App\Models\Company;
|
|
use App\Models\Department;
|
|
use App\Models\User;
|
|
use Illuminate\Routing\Route;
|
|
use Illuminate\Testing\Fluent\AssertableJson;
|
|
use Tests\Support\InteractsWithSettings;
|
|
use Tests\TestCase;
|
|
|
|
class DepartmentIndexTest extends TestCase
|
|
{
|
|
use InteractsWithSettings;
|
|
|
|
public function testViewingDepartmentIndexRequiresAuthentication()
|
|
{
|
|
$this->getJson(route('api.departments.index'))->assertRedirect();
|
|
}
|
|
|
|
public function testViewingDepartmentIndexRequiresPermission()
|
|
{
|
|
$this->actingAsForApi(User::factory()->create())
|
|
->getJson(route('api.departments.index'))
|
|
->assertForbidden();
|
|
}
|
|
|
|
public function testDepartmentIndexReturnsExpectedDepartments()
|
|
{
|
|
Department::factory()->count(3)->create();
|
|
|
|
$this->actingAsForApi(User::factory()->superuser()->create())
|
|
->getJson(
|
|
route('api.departments.index', [
|
|
'sort' => 'name',
|
|
'order' => 'asc',
|
|
'offset' => '0',
|
|
'limit' => '20',
|
|
]))
|
|
->assertOk()
|
|
->assertJsonStructure([
|
|
'total',
|
|
'rows',
|
|
])
|
|
->assertJson(fn(AssertableJson $json) => $json->has('rows', 3)->etc());
|
|
}
|
|
|
|
public function testDepartmentIndexAdheresToCompanyScoping()
|
|
{
|
|
[$companyA, $companyB] = Company::factory()->count(2)->create();
|
|
|
|
$departmentA = Department::factory()->for($companyA)->create();
|
|
$departmentB = Department::factory()->for($companyB)->create();
|
|
|
|
$superUser = $companyA->users()->save(User::factory()->superuser()->make());
|
|
$userInCompanyA = $companyA->users()->save(User::factory()->viewDepartments()->make());
|
|
$userInCompanyB = $companyB->users()->save(User::factory()->viewDepartments()->make());
|
|
|
|
$this->settings->disableMultipleFullCompanySupport();
|
|
|
|
$this->actingAsForApi($superUser)
|
|
->getJson(route('api.departments.index'))
|
|
->assertResponseContainsInRows($departmentA)
|
|
->assertResponseContainsInRows($departmentB);
|
|
|
|
$this->actingAsForApi($userInCompanyA)
|
|
->getJson(route('api.departments.index'))
|
|
->assertResponseContainsInRows($departmentA)
|
|
->assertResponseContainsInRows($departmentB);
|
|
|
|
$this->actingAsForApi($userInCompanyB)
|
|
->getJson(route('api.departments.index'))
|
|
->assertResponseContainsInRows($departmentA)
|
|
->assertResponseContainsInRows($departmentB);
|
|
|
|
$this->settings->enableMultipleFullCompanySupport();
|
|
|
|
$this->actingAsForApi($superUser)
|
|
->getJson(route('api.departments.index'))
|
|
->assertResponseContainsInRows($departmentA)
|
|
->assertResponseContainsInRows($departmentB);
|
|
|
|
$this->actingAsForApi($userInCompanyA)
|
|
->getJson(route('api.departments.index'))
|
|
->assertResponseContainsInRows($departmentA)
|
|
->assertResponseDoesNotContainInRows($departmentB);
|
|
|
|
$this->actingAsForApi($userInCompanyB)
|
|
->getJson(route('api.departments.index'))
|
|
->assertResponseDoesNotContainInRows($departmentA)
|
|
->assertResponseContainsInRows($departmentB);
|
|
}
|
|
}
|