hackerESQ
113 lines
3.3 KiB
PHP
113 lines
3.3 KiB
PHP
<?php
|
|
|
|
namespace Tests;
|
|
|
|
use Tests\TestCase;
|
|
use App\Models\User;
|
|
use App\Models\Portfolio;
|
|
use App\Policies\PortfolioPolicy;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
class PortfolioPolicyTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
protected $policy;
|
|
protected $user;
|
|
protected $portfolio;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
|
|
$this->policy = new PortfolioPolicy();
|
|
|
|
$this->user = User::factory()->create();
|
|
|
|
Auth::login($this->user);
|
|
$this->portfolio = Portfolio::factory()->create();
|
|
|
|
// Attach the users to the portfolio
|
|
$this->portfolio->users()->syncWithoutDetaching([
|
|
$this->user->id => [
|
|
'full_access' => false,
|
|
'owner' => false,
|
|
]
|
|
]);
|
|
}
|
|
|
|
public function test_stranger_access_viaweb()
|
|
{
|
|
$user = User::factory()->create();
|
|
|
|
$result = $this->actingAs($user)->get(route('portfolio.show', ['portfolio' => $this->portfolio]));
|
|
|
|
$result->assertStatus(403);
|
|
}
|
|
|
|
public function test_stranger_access_via_policy()
|
|
{
|
|
$user = User::factory()->create();
|
|
|
|
$result = $this->policy->readOnly($user, $this->portfolio);
|
|
$this->assertFalse($result, 'User should not have readonly access');
|
|
|
|
$result = $this->policy->fullAccess($user, $this->portfolio);
|
|
$this->assertFalse($result, 'User should not have full access');
|
|
|
|
$result = $this->policy->owner($user, $this->portfolio);
|
|
$this->assertFalse($result, 'User should not have owner access');
|
|
}
|
|
|
|
public function test_read_only_policy()
|
|
{
|
|
$result = $this->policy->readOnly($this->user, $this->portfolio);
|
|
$this->assertTrue($result, 'User should have read-only access');
|
|
}
|
|
|
|
public function test_read_only_via_web()
|
|
{
|
|
$result = $this->actingAs($this->user)->get(route('portfolio.show', ['portfolio' => $this->portfolio]));
|
|
|
|
$result->assertStatus(200);
|
|
}
|
|
|
|
public function test_full_access_policy_with_full_access()
|
|
{
|
|
// Update pivot table to give full access
|
|
$this->portfolio->users()->updateExistingPivot($this->user->id, [
|
|
'full_access' => true,
|
|
]);
|
|
|
|
$result = $this->policy->fullAccess($this->user, $this->portfolio);
|
|
$this->assertTrue($result, 'User should have full access');
|
|
}
|
|
|
|
public function test_full_access_policy_without_full_access()
|
|
{
|
|
// Check that the user doesn't have full access
|
|
$result = $this->policy->fullAccess($this->user, $this->portfolio);
|
|
$this->assertFalse($result, 'User should not have full access');
|
|
}
|
|
|
|
public function test_owner_policy_when_user_is_owner()
|
|
{
|
|
// Update pivot table to make the user the owner
|
|
$this->portfolio->users()->updateExistingPivot($this->user->id, [
|
|
'owner' => true,
|
|
]);
|
|
|
|
$result = $this->policy->owner($this->user, $this->portfolio);
|
|
$this->assertTrue($result, 'User should be the owner');
|
|
}
|
|
|
|
public function test_owner_policy_when_user_is_not_owner()
|
|
{
|
|
// Check that the user is not the owner
|
|
$result = $this->policy->owner($this->user, $this->portfolio);
|
|
$this->assertFalse($result, 'User should not be the owner');
|
|
}
|
|
|
|
}
|