tests/PortfolioPolicyTest.php

<?php

namespace Tests;

use Tests\TestCase;
use App\Models\User;
use App\Models\Portfolio;
use App\Policies\PortfolioPolicy;
use Illuminate\Support\Facades\Auth;
use Illuminate\Foundation\Testing\RefreshDatabase;

class PortfolioPolicyTest extends TestCase
{
    use RefreshDatabase;

    protected $policy;
    protected $owner;
    protected $user;
    protected $portfolio;

    protected function setUp(): void
    {
        parent::setUp();

        $this->policy = new PortfolioPolicy();

        $this->owner = User::factory()->create();
        Auth::login($this->owner);
        $this->portfolio = Portfolio::factory()->create();

        // Attach the users to the portfolio
        $this->user = User::factory()->create();
        $this->portfolio->users()->syncWithoutDetaching([
            $this->user->id => [
                'full_access' => false,
                'owner' => false,
            ]
        ]);
    }

    public function test_stranger_access_via_web()
    {
        $user = User::factory()->create();

        $result = $this->actingAs($user)->get(route('portfolio.show', ['portfolio' => $this->portfolio]));

        $result->assertStatus(403);
    }

    public function test_stranger_access_via_policy()
    {
        $user = User::factory()->create();

        $result = $this->policy->readOnly($user, $this->portfolio);
        $this->assertFalse($result, 'User should not have readonly access');

        $result = $this->policy->fullAccess($user, $this->portfolio);
        $this->assertFalse($result, 'User should not have full access');

        $result = $this->policy->owner($user, $this->portfolio);
        $this->assertFalse($result, 'User should not have owner access');
    }

    public function test_read_only_policy()
    {
        $result = $this->policy->readOnly($this->user, $this->portfolio);
        $this->assertTrue($result, 'User should have read-only access');
    }

    public function test_read_only_via_web()
    {
        $result = $this->actingAs($this->user)->get(route('portfolio.show', ['portfolio' => $this->portfolio]));

        $result->assertStatus(200);
    }

    public function test_full_access_policy_with_full_access()
    {
        // Update pivot table to give full access
        $this->portfolio->users()->updateExistingPivot($this->user->id, [
            'full_access' => true,
        ]);

        $result = $this->policy->fullAccess($this->user, $this->portfolio);
        $this->assertTrue($result, 'User should have full access');
    }

    public function test_full_access_policy_without_full_access()
    {
        // Check that the user doesn't have full access
        $result = $this->policy->fullAccess($this->user, $this->portfolio);
        $this->assertFalse($result, 'User should not have full access');
    }

    public function test_owner_policy_when_user_is_owner()
    {
        // Update pivot table to make the user the owner
        $this->portfolio->users()->updateExistingPivot($this->user->id, [
            'owner' => true,
        ]);

        $result = $this->policy->owner($this->user, $this->portfolio);
        $this->assertTrue($result, 'User should be the owner');
    }

    public function test_owner_policy_when_user_is_not_owner()
    {
        // Check that the user is not the owner
        $result = $this->policy->owner($this->user, $this->portfolio);
        $this->assertFalse($result, 'User should not be the owner');
    }

}
tests:adds testing to portfolio access policy 2024-10-22 22:24:39 -05:00			`<?php`

			`namespace Tests;`

			`use Tests\TestCase;`
			`use App\Models\User;`
			`use App\Models\Portfolio;`
			`use App\Policies\PortfolioPolicy;`
			`use Illuminate\Support\Facades\Auth;`
			`use Illuminate\Foundation\Testing\RefreshDatabase;`

			`class PortfolioPolicyTest extends TestCase`
			`{`
			`use RefreshDatabase;`

			`protected $policy;`
fix:optimize portfolio_users query 2024-10-25 22:06:46 -05:00			`protected $owner;`
tests:adds testing to portfolio access policy 2024-10-22 22:24:39 -05:00			`protected $user;`
			`protected $portfolio;`

			`protected function setUp(): void`
			`{`
			`parent::setUp();`

			`$this->policy = new PortfolioPolicy();`

fix:optimize portfolio_users query 2024-10-25 22:06:46 -05:00			`$this->owner = User::factory()->create();`
			`Auth::login($this->owner);`
tests:adds testing to portfolio access policy 2024-10-22 22:24:39 -05:00			`$this->portfolio = Portfolio::factory()->create();`

			`// Attach the users to the portfolio`
fix:optimize portfolio_users query 2024-10-25 22:06:46 -05:00			`$this->user = User::factory()->create();`
tests:adds testing to portfolio access policy 2024-10-22 22:24:39 -05:00			`$this->portfolio->users()->syncWithoutDetaching([`
			`$this->user->id => [`
			`'full_access' => false,`
			`'owner' => false,`
			`]`
			`]);`
			`}`

fix:optimize portfolio_users query 2024-10-25 22:06:46 -05:00			`public function test_stranger_access_via_web()`
tests:adds testing to portfolio access policy 2024-10-22 22:24:39 -05:00			`{`
			`$user = User::factory()->create();`

			`$result = $this->actingAs($user)->get(route('portfolio.show', ['portfolio' => $this->portfolio]));`

			`$result->assertStatus(403);`
			`}`

			`public function test_stranger_access_via_policy()`
			`{`
			`$user = User::factory()->create();`

			`$result = $this->policy->readOnly($user, $this->portfolio);`
			`$this->assertFalse($result, 'User should not have readonly access');`

			`$result = $this->policy->fullAccess($user, $this->portfolio);`
			`$this->assertFalse($result, 'User should not have full access');`

			`$result = $this->policy->owner($user, $this->portfolio);`
			`$this->assertFalse($result, 'User should not have owner access');`
			`}`

			`public function test_read_only_policy()`
			`{`
			`$result = $this->policy->readOnly($this->user, $this->portfolio);`
			`$this->assertTrue($result, 'User should have read-only access');`
			`}`

			`public function test_read_only_via_web()`
			`{`
			`$result = $this->actingAs($this->user)->get(route('portfolio.show', ['portfolio' => $this->portfolio]));`

			`$result->assertStatus(200);`
			`}`

			`public function test_full_access_policy_with_full_access()`
			`{`
			`// Update pivot table to give full access`
			`$this->portfolio->users()->updateExistingPivot($this->user->id, [`
			`'full_access' => true,`
			`]);`

			`$result = $this->policy->fullAccess($this->user, $this->portfolio);`
			`$this->assertTrue($result, 'User should have full access');`
			`}`

			`public function test_full_access_policy_without_full_access()`
			`{`
			`// Check that the user doesn't have full access`
			`$result = $this->policy->fullAccess($this->user, $this->portfolio);`
			`$this->assertFalse($result, 'User should not have full access');`
			`}`

			`public function test_owner_policy_when_user_is_owner()`
			`{`
			`// Update pivot table to make the user the owner`
			`$this->portfolio->users()->updateExistingPivot($this->user->id, [`
			`'owner' => true,`
			`]);`

			`$result = $this->policy->owner($this->user, $this->portfolio);`
			`$this->assertTrue($result, 'User should be the owner');`
			`}`

			`public function test_owner_policy_when_user_is_not_owner()`
			`{`
			`// Check that the user is not the owner`
			`$result = $this->policy->owner($this->user, $this->portfolio);`
			`$this->assertFalse($result, 'User should not be the owner');`
			`}`

			`}`