javier/investbrain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cdce46b6df26d0fb0dd552395f6ff78facf807df
investbrain/tests/Api/PortfoliosTest.php
T
hackerESQ cdce46b6df chore: add script type rule to pint
2025-01-28 17:33:54 -06:00

206 lines
6.2 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace Tests\Api;
use App\Models\Portfolio;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class PortfoliosTest extends TestCase
{
use RefreshDatabase;
protected User $user;
protected Portfolio $portfolio;
protected function setUp(): void
{
parent::setUp();
// make user
$this->user = User::factory()->create();
}
public function test_can_list_own_portfolios_with_pagination()
{
$this->actingAs($this->user);
Portfolio::factory(10)->create();
$this->actingAs($this->user)
->getJson(route('api.portfolio.index', ['page' => 1, 'itemsPerPage' => 5]))
->assertOk()
->assertJsonStructure([
'data' => [['id', 'title', 'owner', 'holdings', 'transactions']],
'meta' => ['current_page', 'last_page', 'total'],
'links' => ['first', 'last', 'prev', 'next'],
]);
}
public function test_cannot_list_others_portfolios()
{
// create portfolios with existing user
$this->actingAs($this->user);
Portfolio::factory(10)->create();
// Create a new user
$this->actingAs($user = User::factory()->create());
Portfolio::factory(1)->create();
$this->actingAs($user)
->getJson(route('api.portfolio.index', ['page' => 1, 'itemsPerPage' => 5]))
->assertOk()
->assertJsonCount(1, 'data');
}
public function test_cannot_access_portfolios_when_unauthenticated()
{
$this->getJson(route('api.portfolio.index'))->assertUnauthorized();
}
public function test_can_create_a_portfolio()
{
$data = Portfolio::factory()->make()->toArray();
$this->actingAs($this->user)
->postJson(route('api.portfolio.store'), $data)
->assertCreated()
->assertJsonStructure(['id', 'title', 'owner']);
$this->assertDatabaseHas('portfolios', ['title' => $data['title']]);
}
public function test_cannot_create_portfolio_without_required_fields()
{
$this->actingAs($this->user)
->postJson(route('api.portfolio.store'), [])
->assertUnprocessable()
->assertJsonValidationErrors(['title']);
}
public function test_can_show_a_portfolio()
{
$this->actingAs($this->user);
$portfolio = Portfolio::factory()->create();
$this->actingAs($this->user)
->getJson(route('api.portfolio.show', $portfolio))
->assertOk()
->assertJsonStructure(['id', 'title', 'owner']);
}
public function test_cannot_show_nonexistent_portfolio()
{
$this->actingAs($this->user)
->getJson(route('api.portfolio.show', ['portfolio' => 999]))
->assertNotFound();
}
public function test_can_update_a_portfolio()
{
$updatedData = ['title' => 'Updated Portfolio Title'];
$this->actingAs($this->user);
$portfolio = Portfolio::factory()->create();
$this->actingAs($this->user)
->putJson(route('api.portfolio.update', $portfolio), $updatedData)
->assertOk()
->assertJson($updatedData);
$this->assertDatabaseHas('portfolios', $updatedData);
}
public function test_shared_user_can_update_portfolio()
{
// create portfolio
$this->actingAs($this->user);
$portfolio = Portfolio::factory()->create();
// share it
$otherUser = User::factory()->create();
$portfolio->share($otherUser->email, true);
// shared user tries to update it
$this->actingAs($otherUser)
->putJson(route('api.portfolio.update', $portfolio), ['title' => 'A brand new updated title'])
->assertOk()
->assertJsonFragment([
'title' => 'A brand new updated title',
]);
}
public function test_removed_user_cannot_update_portfolio()
{
// create portfolio
$this->actingAs($this->user);
$portfolio = Portfolio::factory()->create();
// share it
$otherUser = User::factory()->create();
$portfolio->share($otherUser->email, true);
// unshare it
$otherUser = User::factory()->create();
$portfolio->unShare($otherUser->id);
// shared user tries to update it
$this->actingAs($otherUser)
->putJson(route('api.portfolio.update', $portfolio), ['Title' => 'A brand new updated title'])
->assertForbidden();
}
public function test_read_only_user_cannot_update_portfolio()
{
// create portfolio
$this->actingAs($this->user);
$portfolio = Portfolio::factory()->create();
// share it
$otherUser = User::factory()->create();
$portfolio->share($otherUser->email, false);
// shared user tries to update it
$this->actingAs($otherUser)
->putJson(route('api.portfolio.update', $portfolio), ['Title' => 'A brand new updated title'])
->assertForbidden();
}
public function test_cannot_update_portfolio_without_permission()
{
$this->actingAs($this->user);
$portfolio = Portfolio::factory()->create();
$otherUser = User::factory()->create();
$this->actingAs($otherUser)
->putJson(route('api.portfolio.update', $portfolio), ['title' => 'New Title'])
->assertForbidden();
}
public function test_can_delete_a_portfolio()
{
$this->actingAs($this->user);
$portfolio = Portfolio::factory()->create();
$this->actingAs($this->user)
->deleteJson(route('api.portfolio.destroy', $portfolio))
->assertNoContent();
$this->assertDatabaseMissing('portfolios', ['id' => $portfolio->id]);
}
public function test_cannot_delete_portfolio_without_permission()
{
$this->actingAs($this->user);
$portfolio = Portfolio::factory()->create();
$otherUser = User::factory()->create();
$this->actingAs($otherUser)
->deleteJson(route('api.portfolio.destroy', $portfolio))
->assertForbidden();
}
}
Reference in New Issue View Git Blame Copy Permalink