From 85ce47f5bbfb54713e9d203e91d732b97cac1aab Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 27 Jun 2024 14:21:27 +0100 Subject: [PATCH] Updated tests Signed-off-by: snipe --- tests/Feature/Users/Api/UpdateUserTest.php | 45 +++++++++++++++++----- 1 file changed, 36 insertions(+), 9 deletions(-) diff --git a/tests/Feature/Users/Api/UpdateUserTest.php b/tests/Feature/Users/Api/UpdateUserTest.php index 020bb9a07..1c66bbdda 100644 --- a/tests/Feature/Users/Api/UpdateUserTest.php +++ b/tests/Feature/Users/Api/UpdateUserTest.php @@ -153,47 +153,74 @@ class UpdateUserTest extends TestCase // Admin for Company A should allow updating user from Company A $this->actingAsForApi($adminA) ->patchJson(route('api.users.update', $scoped_user_in_companyA)) - ->assertStatus(200); + ->assertOk() + ->assertStatus(200) + ->assertStatusMessageIs('success') + ->json(); // Admin for Company A should get denied updating user from Company B $this->actingAsForApi($adminA) ->patchJson(route('api.users.update', $scoped_user_in_companyB)) - ->assertStatus(403); + ->assertOk() + ->assertStatus(200) + ->assertStatusMessageIs('error') + ->json(); // Admin for Company A should get denied updating user without a company $this->actingAsForApi($adminA) ->patchJson(route('api.users.update', $scoped_user_in_no_company)) - ->assertStatus(403); + ->assertOk() + ->assertStatus(200) + ->assertStatusMessageIs('error') + ->json(); // Admin for Company B should allow updating user from Company B $this->actingAsForApi($adminB) ->patchJson(route('api.users.update', $scoped_user_in_companyB)) - ->assertStatus(200); + ->assertOk() + ->assertStatus(200) + ->assertStatusMessageIs('success') + ->json(); // Admin for Company B should get denied updating user from Company A $this->actingAsForApi($adminB) ->patchJson(route('api.users.update', $scoped_user_in_companyA)) - ->assertStatus(403); + ->assertOk() + ->assertStatus(200) + ->assertStatusMessageIs('error') + ->json(); // Admin for Company B should get denied updating user without a company $this->actingAsForApi($adminB) ->patchJson(route('api.users.update', $scoped_user_in_no_company)) - ->assertStatus(403); + ->assertOk() + ->assertStatus(200) + ->assertStatusMessageIs('error') + ->json(); // Admin without a company should allow updating user without a company $this->actingAsForApi($adminNoCompany) ->patchJson(route('api.users.update', $scoped_user_in_no_company)) - ->assertStatus(200); + ->assertOk() + ->assertStatus(200) + ->assertStatusMessageIs('success') + ->json(); // Admin without a company should get denied updating user from Company A $this->actingAsForApi($adminNoCompany) ->patchJson(route('api.users.update', $scoped_user_in_companyA)) - ->assertStatus(403); + ->assertOk() + ->assertStatus(200) + ->assertStatusMessageIs('error') + ->json(); // Admin without a company should get denied updating user from Company B $this->actingAsForApi($adminNoCompany) ->patchJson(route('api.users.update', $scoped_user_in_companyB)) - ->assertStatus(403); + ->assertOk() + ->assertStatus(200) + ->assertStatusMessageIs('error') + ->json(); } public function testUserGroupsAreOnlyUpdatedIfAuthenticatedUserIsSuperUser()