update tests
This commit is contained in:
@@ -0,0 +1,106 @@
|
||||
<?php
|
||||
|
||||
namespace Tests\Feature\Api\V1\Parents;
|
||||
|
||||
use App\Models\AuthorizedUser;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Tests\Concerns\CreatesApiTestUsers;
|
||||
use Tests\TestCase;
|
||||
|
||||
class AuthorizedUsersControllerTest extends TestCase
|
||||
{
|
||||
use CreatesApiTestUsers;
|
||||
use RefreshDatabase;
|
||||
|
||||
private function makeAuthorizedUser(int $parentId, array $overrides = []): AuthorizedUser
|
||||
{
|
||||
return AuthorizedUser::query()->create(array_merge([
|
||||
'user_id' => $parentId,
|
||||
'firstname' => 'Aunt',
|
||||
'lastname' => 'Carer',
|
||||
'email' => 'carer-' . uniqid() . '@example.test',
|
||||
'phone_number' => '5551112222',
|
||||
'relation_to_user' => 'Aunt',
|
||||
'status' => 'pending',
|
||||
], $overrides));
|
||||
}
|
||||
|
||||
public function test_index_requires_authentication(): void
|
||||
{
|
||||
$this->getJson('/api/v1/parents/authorized-users')
|
||||
->assertStatus(401);
|
||||
}
|
||||
|
||||
public function test_index_is_forbidden_for_non_parent_users(): void
|
||||
{
|
||||
$teacher = $this->createApiUserWithRole('teacher');
|
||||
|
||||
$this->actingAs($teacher, 'api')
|
||||
->getJson('/api/v1/parents/authorized-users')
|
||||
->assertStatus(403);
|
||||
}
|
||||
|
||||
public function test_index_returns_only_the_parents_own_authorized_users(): void
|
||||
{
|
||||
$parent = $this->createApiUserWithRole('parent');
|
||||
$otherParent = $this->createApiUserWithRole('parent');
|
||||
|
||||
$own = $this->makeAuthorizedUser($parent->id);
|
||||
$this->makeAuthorizedUser($otherParent->id);
|
||||
|
||||
$response = $this->actingAs($parent, 'api')
|
||||
->getJson('/api/v1/parents/authorized-users')
|
||||
->assertOk()
|
||||
->assertJsonPath('status', true);
|
||||
|
||||
$this->assertCount(1, $response->json('data'));
|
||||
$this->assertSame($own->id, $response->json('data.0.id'));
|
||||
}
|
||||
|
||||
public function test_show_returns_404_for_unknown_authorized_user(): void
|
||||
{
|
||||
$parent = $this->createApiUserWithRole('parent');
|
||||
|
||||
$this->actingAs($parent, 'api')
|
||||
->getJson('/api/v1/parents/authorized-users/999999')
|
||||
->assertNotFound()
|
||||
->assertJsonPath('status', false);
|
||||
}
|
||||
|
||||
public function test_show_returns_404_for_another_parents_authorized_user(): void
|
||||
{
|
||||
$parent = $this->createApiUserWithRole('parent');
|
||||
$otherParent = $this->createApiUserWithRole('parent');
|
||||
$foreign = $this->makeAuthorizedUser($otherParent->id);
|
||||
|
||||
$this->actingAs($parent, 'api')
|
||||
->getJson('/api/v1/parents/authorized-users/' . $foreign->id)
|
||||
->assertNotFound();
|
||||
}
|
||||
|
||||
public function test_destroy_deletes_the_parents_authorized_user(): void
|
||||
{
|
||||
$parent = $this->createApiUserWithRole('parent');
|
||||
$record = $this->makeAuthorizedUser($parent->id);
|
||||
|
||||
$this->actingAs($parent, 'api')
|
||||
->deleteJson('/api/v1/parents/authorized-users/' . $record->id)
|
||||
->assertOk()
|
||||
->assertJsonPath('status', true);
|
||||
|
||||
$this->assertDatabaseMissing('authorized_users', ['id' => $record->id]);
|
||||
}
|
||||
|
||||
public function test_parent_cannot_delete_another_parents_authorized_user(): void
|
||||
{
|
||||
$parent = $this->createApiUserWithRole('parent');
|
||||
$otherParent = $this->createApiUserWithRole('parent');
|
||||
$foreign = $this->makeAuthorizedUser($otherParent->id);
|
||||
|
||||
$this->actingAs($parent, 'api')
|
||||
->deleteJson('/api/v1/parents/authorized-users/' . $foreign->id)
|
||||
->assertNotFound();
|
||||
|
||||
$this->assertDatabaseHas('authorized_users', ['id' => $foreign->id]);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user