tests:adds testing to portfolio access policy
This commit is contained in:
hackerESQ
@@ -0,0 +1,112 @@
|
||||
<?php
|
||||
|
||||
namespace Tests;
|
||||
|
||||
use Tests\TestCase;
|
||||
use App\Models\User;
|
||||
use App\Models\Portfolio;
|
||||
use App\Policies\PortfolioPolicy;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
|
||||
class PortfolioPolicyTest extends TestCase
|
||||
{
|
||||
use RefreshDatabase;
|
||||
|
||||
protected $policy;
|
||||
protected $user;
|
||||
protected $portfolio;
|
||||
|
||||
protected function setUp(): void
|
||||
{
|
||||
parent::setUp();
|
||||
|
||||
$this->policy = new PortfolioPolicy();
|
||||
|
||||
$this->user = User::factory()->create();
|
||||
|
||||
Auth::login($this->user);
|
||||
$this->portfolio = Portfolio::factory()->create();
|
||||
|
||||
// Attach the users to the portfolio
|
||||
$this->portfolio->users()->syncWithoutDetaching([
|
||||
$this->user->id => [
|
||||
'full_access' => false,
|
||||
'owner' => false,
|
||||
]
|
||||
]);
|
||||
}
|
||||
|
||||
public function test_stranger_access_viaweb()
|
||||
{
|
||||
$user = User::factory()->create();
|
||||
|
||||
$result = $this->actingAs($user)->get(route('portfolio.show', ['portfolio' => $this->portfolio]));
|
||||
|
||||
$result->assertStatus(403);
|
||||
}
|
||||
|
||||
public function test_stranger_access_via_policy()
|
||||
{
|
||||
$user = User::factory()->create();
|
||||
|
||||
$result = $this->policy->readOnly($user, $this->portfolio);
|
||||
$this->assertFalse($result, 'User should not have readonly access');
|
||||
|
||||
$result = $this->policy->fullAccess($user, $this->portfolio);
|
||||
$this->assertFalse($result, 'User should not have full access');
|
||||
|
||||
$result = $this->policy->owner($user, $this->portfolio);
|
||||
$this->assertFalse($result, 'User should not have owner access');
|
||||
}
|
||||
|
||||
public function test_read_only_policy()
|
||||
{
|
||||
$result = $this->policy->readOnly($this->user, $this->portfolio);
|
||||
$this->assertTrue($result, 'User should have read-only access');
|
||||
}
|
||||
|
||||
public function test_read_only_via_web()
|
||||
{
|
||||
$result = $this->actingAs($this->user)->get(route('portfolio.show', ['portfolio' => $this->portfolio]));
|
||||
|
||||
$result->assertStatus(200);
|
||||
}
|
||||
|
||||
public function test_full_access_policy_with_full_access()
|
||||
{
|
||||
// Update pivot table to give full access
|
||||
$this->portfolio->users()->updateExistingPivot($this->user->id, [
|
||||
'full_access' => true,
|
||||
]);
|
||||
|
||||
$result = $this->policy->fullAccess($this->user, $this->portfolio);
|
||||
$this->assertTrue($result, 'User should have full access');
|
||||
}
|
||||
|
||||
public function test_full_access_policy_without_full_access()
|
||||
{
|
||||
// Check that the user doesn't have full access
|
||||
$result = $this->policy->fullAccess($this->user, $this->portfolio);
|
||||
$this->assertFalse($result, 'User should not have full access');
|
||||
}
|
||||
|
||||
public function test_owner_policy_when_user_is_owner()
|
||||
{
|
||||
// Update pivot table to make the user the owner
|
||||
$this->portfolio->users()->updateExistingPivot($this->user->id, [
|
||||
'owner' => true,
|
||||
]);
|
||||
|
||||
$result = $this->policy->owner($this->user, $this->portfolio);
|
||||
$this->assertTrue($result, 'User should be the owner');
|
||||
}
|
||||
|
||||
public function test_owner_policy_when_user_is_not_owner()
|
||||
{
|
||||
// Check that the user is not the owner
|
||||
$result = $this->policy->owner($this->user, $this->portfolio);
|
||||
$this->assertFalse($result, 'User should not be the owner');
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user