first commit
This commit is contained in:
@@ -0,0 +1,157 @@
|
||||
<?php
|
||||
|
||||
namespace Tests\Feature\Api\Authorization;
|
||||
|
||||
use Facades\Tests\Setup\UserFactory;
|
||||
use Tests\Feature\ApiTestCase;
|
||||
use Vanguard\Http\Resources\PermissionResource;
|
||||
use Vanguard\Permission;
|
||||
use Vanguard\User;
|
||||
|
||||
class PermissionsControllerTest extends ApiTestCase
|
||||
{
|
||||
/** @test */
|
||||
public function unauthenticated()
|
||||
{
|
||||
$this->getJson('/api/permissions')->assertStatus(401);
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function get_users_without_permission()
|
||||
{
|
||||
$user = User::factory()->create();
|
||||
|
||||
$this->actingAs($user, self::API_GUARD)
|
||||
->getJson('/api/permissions')
|
||||
->assertForbidden();
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function get_permissions()
|
||||
{
|
||||
Permission::factory()->times(3)->create();
|
||||
|
||||
$response = $this->actingAs($this->getUser(), self::API_GUARD)
|
||||
->getJson("/api/permissions")
|
||||
->assertOk();
|
||||
|
||||
// 7 default permissions + 3 newly created
|
||||
$this->assertCount(10, $response->original);
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function get_permission()
|
||||
{
|
||||
$permission = Permission::factory()->create();
|
||||
|
||||
$this->actingAs($this->getUser(), self::API_GUARD)
|
||||
->getJson("/api/permissions/{$permission->id}")
|
||||
->assertOk()
|
||||
->assertJson([
|
||||
'data' => (new PermissionResource($permission))->toArray(request())
|
||||
]);
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function create_permission()
|
||||
{
|
||||
$data = [
|
||||
'name' => 'foo',
|
||||
'display_name' => 'Foo Permission',
|
||||
'description' => 'This is foo permission.'
|
||||
];
|
||||
|
||||
$this->actingAs($this->getUser(), self::API_GUARD)
|
||||
->postJson("/api/permissions", $data)
|
||||
->assertStatus(201)
|
||||
->assertJsonFragment($data);
|
||||
|
||||
$this->assertDatabaseHas('permissions', $data);
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function create_permission_with_invalid_name()
|
||||
{
|
||||
$this->actingAs($this->getUser(), self::API_GUARD)
|
||||
->postJson("/api/permissions")
|
||||
->assertStatus(422)
|
||||
->assertJsonValidationErrors('name');
|
||||
|
||||
$existingPermission = Permission::first();
|
||||
|
||||
$this->postJson("/api/permissions", ['name' => $existingPermission->name])
|
||||
->assertStatus(422)
|
||||
->assertJsonValidationErrors('name');
|
||||
|
||||
$this->postJson("/api/permissions", ['name' => 'foo bar'])
|
||||
->assertStatus(422)
|
||||
->assertJsonValidationErrors('name');
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function partially_update_permission()
|
||||
{
|
||||
$this->getUser();
|
||||
|
||||
$permission = Permission::factory()->create();
|
||||
|
||||
$data = ['name' => 'foo'];
|
||||
$expected = $data + ['id' => $permission->id];
|
||||
|
||||
$this->actingAs($this->getUser(), self::API_GUARD)
|
||||
->patchJson("/api/permissions/{$permission->id}", $data)
|
||||
->assertJsonFragment($expected);
|
||||
|
||||
$this->assertDatabaseHas('permissions', $expected);
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function update_permission()
|
||||
{
|
||||
$permission = Permission::factory()->create();
|
||||
|
||||
$data = [
|
||||
'name' => 'foo',
|
||||
'display_name' => 'Foo Role',
|
||||
'description' => 'This is foo role.'
|
||||
];
|
||||
$expected = $data + ['id' => $permission->id];
|
||||
|
||||
$this->actingAs($this->getUser(), self::API_GUARD)
|
||||
->patchJson("/api/permissions/{$permission->id}", $data)
|
||||
->assertJsonFragment($expected);
|
||||
|
||||
$this->assertDatabaseHas('permissions', $expected);
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function remove_permission()
|
||||
{
|
||||
$permission = Permission::factory()->create(['removable' => true]);
|
||||
|
||||
$this->actingAs($this->getUser(), self::API_GUARD)
|
||||
->deleteJson("/api/permissions/{$permission->id}")
|
||||
->assertOk()
|
||||
->assertJson(['success' => true]);
|
||||
|
||||
$this->assertDatabaseMissing('permissions', ['id' => $permission->id]);
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function remove_non_removable_permission()
|
||||
{
|
||||
$permission = Permission::factory()->create(['removable' => false]);
|
||||
|
||||
$this->actingAs($this->getUser(), self::API_GUARD)
|
||||
->deleteJson("/api/permissions/{$permission->id}")
|
||||
->assertStatus(403);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return mixed
|
||||
*/
|
||||
private function getUser()
|
||||
{
|
||||
return UserFactory::user()->withPermissions('permissions.manage')->create();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,91 @@
|
||||
<?php
|
||||
|
||||
namespace Tests\Feature\Api\Authorization;
|
||||
|
||||
use Facades\Tests\Setup\UserFactory;
|
||||
use Tests\Feature\ApiTestCase;
|
||||
use Vanguard\Http\Resources\PermissionResource;
|
||||
use Vanguard\Permission;
|
||||
use Vanguard\Role;
|
||||
use Vanguard\User;
|
||||
|
||||
class RolePermissionsControllerTest extends ApiTestCase
|
||||
{
|
||||
/** @test */
|
||||
public function unauthenticated()
|
||||
{
|
||||
$role = Role::factory()->create();
|
||||
|
||||
$this->getJson("/api/roles/{$role->id}/permissions")
|
||||
->assertStatus(401);
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function get_settings_without_permission()
|
||||
{
|
||||
$role = Role::factory()->create();
|
||||
|
||||
$user = User::factory()->create();
|
||||
|
||||
$this->actingAs($user, self::API_GUARD)
|
||||
->getJson("/api/roles/{$role->id}/permissions")
|
||||
->assertStatus(403);
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function get_role_permissions()
|
||||
{
|
||||
$role = Role::factory()->create();
|
||||
$permission = Permission::factory()->create();
|
||||
|
||||
$role->attachPermission($permission);
|
||||
|
||||
$this->actingAs($this->getUser(), self::API_GUARD)
|
||||
->getJson("/api/roles/{$role->id}/permissions")
|
||||
->assertOk()
|
||||
->assertJsonFragment(
|
||||
PermissionResource::collection([$permission])->toArray(request())
|
||||
);
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function update_role_permissions()
|
||||
{
|
||||
$role = Role::factory()->create();
|
||||
$permissions1 = Permission::factory()->times(2)->create();
|
||||
$permissions2 = Permission::factory()->times(3)->create();
|
||||
|
||||
$role->attachPermissions($permissions1);
|
||||
|
||||
$this->actingAs($this->getUser(), self::API_GUARD)
|
||||
->putJson("/api/roles/{$role->id}/permissions", [
|
||||
'permissions' => $permissions2->pluck('id')
|
||||
])
|
||||
->assertOk()
|
||||
->assertJsonFragment(
|
||||
(new PermissionResource($permissions2[0]))->toArray(null)
|
||||
)
|
||||
->assertJsonFragment(
|
||||
(new PermissionResource($permissions2[1]))->toArray(null)
|
||||
)
|
||||
->assertJsonFragment(
|
||||
(new PermissionResource($permissions2[2]))->toArray(null)
|
||||
);
|
||||
|
||||
|
||||
foreach ($permissions2 as $perm) {
|
||||
$this->assertDatabaseHas('permission_role', [
|
||||
'permission_id' => $perm->id,
|
||||
'role_id' => $role->id
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return mixed
|
||||
*/
|
||||
private function getUser()
|
||||
{
|
||||
return UserFactory::user()->withPermissions('permissions.manage')->create();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,162 @@
|
||||
<?php
|
||||
|
||||
namespace Tests\Feature\Api\Authorization;
|
||||
|
||||
use Facades\Tests\Setup\RoleFactory;
|
||||
use Facades\Tests\Setup\UserFactory;
|
||||
use Tests\Feature\ApiTestCase;
|
||||
use Vanguard\Http\Resources\RoleResource;
|
||||
use Vanguard\Role;
|
||||
use Vanguard\User;
|
||||
|
||||
class RolesControllerTest extends ApiTestCase
|
||||
{
|
||||
/** @test */
|
||||
public function unauthenticated()
|
||||
{
|
||||
$this->getJson('/api/roles')
|
||||
->assertStatus(401);
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function get_settings_without_permission()
|
||||
{
|
||||
$user = User::factory()->create();
|
||||
|
||||
$this->actingAs($user, self::API_GUARD)
|
||||
->getJson('/api/roles')
|
||||
->assertStatus(403);
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function get_roles()
|
||||
{
|
||||
Role::factory()->times(4)->create();
|
||||
|
||||
$response = $this->actingAs($this->getUser(), self::API_GUARD)
|
||||
->getJson("/api/roles")
|
||||
->assertOk();
|
||||
|
||||
$this->assertCount(7, $response->original);
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function get_role()
|
||||
{
|
||||
$userRole = Role::whereName('User')->first();
|
||||
|
||||
$this->actingAs($this->getUser(), self::API_GUARD)
|
||||
->getJson("/api/roles/{$userRole->id}")
|
||||
->assertOk()
|
||||
->assertJson([
|
||||
'data' => (new RoleResource($userRole))->resolve()
|
||||
]);
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function create_role()
|
||||
{
|
||||
$this->getUser();
|
||||
|
||||
$data = [
|
||||
'name' => 'foo',
|
||||
'display_name' => 'Foo Role',
|
||||
'description' => 'This is foo role.'
|
||||
];
|
||||
|
||||
$this->actingAs($this->getUser(), self::API_GUARD)
|
||||
->postJson("/api/roles", $data)
|
||||
->assertStatus(201)
|
||||
->assertJsonFragment($data);
|
||||
|
||||
$this->assertDatabaseHas('roles', $data);
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function create_role_with_invalid_name()
|
||||
{
|
||||
$this->be($this->getUser(), self::API_GUARD);
|
||||
|
||||
$this->postJson("/api/roles")
|
||||
->assertStatus(422)
|
||||
->assertJsonValidationErrors('name');
|
||||
|
||||
$this->postJson("/api/roles", ['name' => 'User'])
|
||||
->assertStatus(422)
|
||||
->assertJsonValidationErrors('name');
|
||||
|
||||
$this->postJson("/api/roles", ['name' => 'foo bar'])
|
||||
->assertStatus(422)
|
||||
->assertJsonValidationErrors('name');
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function update_role()
|
||||
{
|
||||
$user = $this->getUser();
|
||||
|
||||
$data = ['name' => 'foo'];
|
||||
$expected = $data + ['id' => $user->role_id];
|
||||
|
||||
$this->actingAs($user, self::API_GUARD)
|
||||
->patchJson("/api/roles/{$user->role_id}", $data)
|
||||
->assertOk()
|
||||
->assertJsonFragment($expected);
|
||||
|
||||
$this->assertDatabaseHas('roles', $expected);
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function partially_update_role()
|
||||
{
|
||||
$user = $this->getUser();
|
||||
|
||||
$data = [
|
||||
'name' => 'foo',
|
||||
'display_name' => 'Foo Role',
|
||||
'description' => 'This is foo role.'
|
||||
];
|
||||
$expected = $data + ['id' => $user->role_id];
|
||||
|
||||
$this->actingAs($user, self::API_GUARD)
|
||||
->patchJson("/api/roles/{$user->role_id}", $data)
|
||||
->assertOk()
|
||||
->assertJsonFragment($expected);
|
||||
|
||||
$this->assertDatabaseHas('roles', $expected);
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function remove_role()
|
||||
{
|
||||
$userRole = Role::whereName('User')->first();
|
||||
$role = RoleFactory::removable()->withPermissions('roles.manage')->create();
|
||||
$user = UserFactory::role($role)->create();
|
||||
|
||||
$this->actingAs($user, self::API_GUARD)
|
||||
->deleteJson("/api/roles/{$role->id}")
|
||||
->assertOk()
|
||||
->assertJson(['success' => true]);
|
||||
|
||||
$this->assertDatabaseMissing('roles', ['id' => $role->id]);
|
||||
$this->assertEquals($userRole->id, $user->fresh()->role_id);
|
||||
}
|
||||
|
||||
/** @test */
|
||||
public function remove_non_removable_role()
|
||||
{
|
||||
$role = RoleFactory::withPermissions('roles.manage')->create();
|
||||
|
||||
$this->actingAs($this->getUser(), self::API_GUARD)
|
||||
->deleteJson("/api/roles/{$role->id}")
|
||||
->assertForbidden();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return mixed
|
||||
*/
|
||||
private function getUser()
|
||||
{
|
||||
return UserFactory::user()->withPermissions('roles.manage')->create();
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user