lunax/snipe_it
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity Actions

Updated tests

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2024-06-27 14:21:27 +01:00
parent 55c98cc27a
commit 85ce47f5bb
1 changed files with 36 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
tests/Feature/Users/Api/UpdateUserTest.php
View file

@ -153,47 +153,74 @@ class UpdateUserTest extends TestCase
// Admin for Company A should allow updating user from Company A // Admin for Company A should allow updating user from Company A
$this->actingAsForApi($adminA) $this->actingAsForApi($adminA)
->patchJson(route('api.users.update', $scoped_user_in_companyA)) ->patchJson(route('api.users.update', $scoped_user_in_companyA))
->assertStatus(200); ->assertOk()
->assertStatus(200)
->assertStatusMessageIs('success')
->json();
// Admin for Company A should get denied updating user from Company B // Admin for Company A should get denied updating user from Company B
$this->actingAsForApi($adminA) $this->actingAsForApi($adminA)
->patchJson(route('api.users.update', $scoped_user_in_companyB)) ->patchJson(route('api.users.update', $scoped_user_in_companyB))
->assertStatus(403); ->assertOk()
->assertStatus(200)
->assertStatusMessageIs('error')
->json();
// Admin for Company A should get denied updating user without a company // Admin for Company A should get denied updating user without a company
$this->actingAsForApi($adminA) $this->actingAsForApi($adminA)
->patchJson(route('api.users.update', $scoped_user_in_no_company)) ->patchJson(route('api.users.update', $scoped_user_in_no_company))
->assertStatus(403); ->assertOk()
->assertStatus(200)
->assertStatusMessageIs('error')
->json();
// Admin for Company B should allow updating user from Company B // Admin for Company B should allow updating user from Company B
$this->actingAsForApi($adminB) $this->actingAsForApi($adminB)
->patchJson(route('api.users.update', $scoped_user_in_companyB)) ->patchJson(route('api.users.update', $scoped_user_in_companyB))
->assertStatus(200); ->assertOk()
->assertStatus(200)
->assertStatusMessageIs('success')
->json();
// Admin for Company B should get denied updating user from Company A // Admin for Company B should get denied updating user from Company A
$this->actingAsForApi($adminB) $this->actingAsForApi($adminB)
->patchJson(route('api.users.update', $scoped_user_in_companyA)) ->patchJson(route('api.users.update', $scoped_user_in_companyA))
->assertStatus(403); ->assertOk()
->assertStatus(200)
->assertStatusMessageIs('error')
->json();
// Admin for Company B should get denied updating user without a company // Admin for Company B should get denied updating user without a company
$this->actingAsForApi($adminB) $this->actingAsForApi($adminB)
->patchJson(route('api.users.update', $scoped_user_in_no_company)) ->patchJson(route('api.users.update', $scoped_user_in_no_company))
->assertStatus(403); ->assertOk()
->assertStatus(200)
->assertStatusMessageIs('error')
->json();
// Admin without a company should allow updating user without a company // Admin without a company should allow updating user without a company
$this->actingAsForApi($adminNoCompany) $this->actingAsForApi($adminNoCompany)
->patchJson(route('api.users.update', $scoped_user_in_no_company)) ->patchJson(route('api.users.update', $scoped_user_in_no_company))
->assertStatus(200); ->assertOk()
->assertStatus(200)
->assertStatusMessageIs('success')
->json();
// Admin without a company should get denied updating user from Company A // Admin without a company should get denied updating user from Company A
$this->actingAsForApi($adminNoCompany) $this->actingAsForApi($adminNoCompany)
->patchJson(route('api.users.update', $scoped_user_in_companyA)) ->patchJson(route('api.users.update', $scoped_user_in_companyA))
->assertStatus(403); ->assertOk()
->assertStatus(200)
->assertStatusMessageIs('error')
->json();
// Admin without a company should get denied updating user from Company B // Admin without a company should get denied updating user from Company B
$this->actingAsForApi($adminNoCompany) $this->actingAsForApi($adminNoCompany)
->patchJson(route('api.users.update', $scoped_user_in_companyB)) ->patchJson(route('api.users.update', $scoped_user_in_companyB))
->assertStatus(403); ->assertOk()
->assertStatus(200)
->assertStatusMessageIs('error')
->json();
} }
public function testUserGroupsAreOnlyUpdatedIfAuthenticatedUserIsSuperUser() public function testUserGroupsAreOnlyUpdatedIfAuthenticatedUserIsSuperUser()