createApiUserWithRole('teacher'); $this->actingAs($user, 'api'); $this->postJson('/api/v1/preferences', [ 'theme' => 'dark', 'language' => 'en', 'receive_email_notifications' => true, 'receive_sms_notifications' => false, ]) ->assertStatus(201) ->assertJsonPath('status', true); $this->getJson('/api/v1/preferences') ->assertOk() ->assertJsonPath('status', true) ->assertJsonPath('data.preferences.theme', 'dark'); $this->putJson("/api/v1/preferences/{$user->id}", [ 'theme' => 'light', 'language' => 'es', ]) ->assertOk() ->assertJsonPath('status', true); $this->getJson("/api/v1/preferences/{$user->id}") ->assertOk() ->assertJsonPath('data.preferences.theme', 'light') ->assertJsonPath('data.preferences.language', 'es'); $this->deleteJson("/api/v1/preferences/{$user->id}") ->assertOk() ->assertJsonPath('status', true); } public function test_non_admin_cannot_list_or_manage_another_users_preferences(): void { $owner = $this->createApiUserWithRole('teacher'); $other = $this->createApiUserWithRole('parent'); $this->actingAs($owner, 'api'); $this->postJson('/api/v1/preferences', [ 'theme' => 'dark', 'language' => 'en', ])->assertStatus(201); $this->actingAs($other, 'api'); $this->postJson('/api/v1/preferences', [ 'theme' => 'light', 'language' => 'en', ])->assertStatus(201); $this->getJson('/api/v1/preferences/list') ->assertForbidden(); $this->getJson("/api/v1/preferences/{$owner->id}") ->assertForbidden(); $this->putJson("/api/v1/preferences/{$owner->id}", [ 'theme' => 'light', 'language' => 'es', ])->assertForbidden(); $this->deleteJson("/api/v1/preferences/{$owner->id}") ->assertForbidden(); } public function test_admin_can_list_and_delete_any_users_preferences(): void { $owner = $this->createApiUserWithRole('teacher'); $admin = $this->createApiUserWithRole('administrator'); $this->actingAs($owner, 'api'); $this->postJson('/api/v1/preferences', [ 'theme' => 'dark', 'language' => 'en', ])->assertStatus(201); $this->actingAs($admin, 'api'); $this->getJson('/api/v1/preferences/list') ->assertOk() ->assertJsonPath('status', true); $this->deleteJson("/api/v1/preferences/{$owner->id}") ->assertOk() ->assertJsonPath('status', true); } public function test_preferences_validation_rejects_invalid_options(): void { $user = $this->createApiUserWithRole('teacher'); $this->actingAs($user, 'api'); $this->postJson('/api/v1/preferences', [ 'theme' => 'neon-chaos', 'language' => 'klingon', ]) ->assertStatus(422) ->assertJsonValidationErrors(['theme', 'language']); } }