lunax/snipe_it
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity Actions

Updated tests

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2024-06-27 14:21:27 +01:00
parent 55c98cc27a
commit 85ce47f5bb
1 changed files with 36 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
tests/Feature/Users/Api/UpdateUserTest.php
View file

@ -153,47 +153,74 @@ class UpdateUserTest extends TestCase
// Admin for Company A should allow updating user from Company A
$this->actingAsForApi($adminA)
->patchJson(route('api.users.update', $scoped_user_in_companyA))
->assertStatus(200);
->assertOk()
->assertStatus(200)
->assertStatusMessageIs('success')
->json();
// Admin for Company A should get denied updating user from Company B
$this->actingAsForApi($adminA)
->patchJson(route('api.users.update', $scoped_user_in_companyB))
->assertStatus(403);
->assertOk()
->assertStatus(200)
->assertStatusMessageIs('error')
->json();
// Admin for Company A should get denied updating user without a company
$this->actingAsForApi($adminA)
->patchJson(route('api.users.update', $scoped_user_in_no_company))
->assertStatus(403);
->assertOk()
->assertStatus(200)
->assertStatusMessageIs('error')
->json();
// Admin for Company B should allow updating user from Company B
$this->actingAsForApi($adminB)
->patchJson(route('api.users.update', $scoped_user_in_companyB))
->assertStatus(200);
->assertOk()
->assertStatus(200)
->assertStatusMessageIs('success')
->json();
// Admin for Company B should get denied updating user from Company A
$this->actingAsForApi($adminB)
->patchJson(route('api.users.update', $scoped_user_in_companyA))
->assertStatus(403);
->assertOk()
->assertStatus(200)
->assertStatusMessageIs('error')
->json();
// Admin for Company B should get denied updating user without a company
$this->actingAsForApi($adminB)
->patchJson(route('api.users.update', $scoped_user_in_no_company))
->assertStatus(403);
->assertOk()
->assertStatus(200)
->assertStatusMessageIs('error')
->json();
// Admin without a company should allow updating user without a company
$this->actingAsForApi($adminNoCompany)
->patchJson(route('api.users.update', $scoped_user_in_no_company))
->assertStatus(200);
->assertOk()
->assertStatus(200)
->assertStatusMessageIs('success')
->json();
// Admin without a company should get denied updating user from Company A
$this->actingAsForApi($adminNoCompany)
->patchJson(route('api.users.update', $scoped_user_in_companyA))
->assertStatus(403);
->assertOk()
->assertStatus(200)
->assertStatusMessageIs('error')
->json();
// Admin without a company should get denied updating user from Company B
$this->actingAsForApi($adminNoCompany)
->patchJson(route('api.users.update', $scoped_user_in_companyB))
->assertStatus(403);
->assertOk()
->assertStatus(200)
->assertStatusMessageIs('error')
->json();
}
public function testUserGroupsAreOnlyUpdatedIfAuthenticatedUserIsSuperUser()