Updated tests
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
parent
55c98cc27a
commit
85ce47f5bb
1 changed files with 36 additions and 9 deletions
|
@ -153,47 +153,74 @@ class UpdateUserTest extends TestCase
|
||||||
// Admin for Company A should allow updating user from Company A
|
// Admin for Company A should allow updating user from Company A
|
||||||
$this->actingAsForApi($adminA)
|
$this->actingAsForApi($adminA)
|
||||||
->patchJson(route('api.users.update', $scoped_user_in_companyA))
|
->patchJson(route('api.users.update', $scoped_user_in_companyA))
|
||||||
->assertStatus(200);
|
->assertOk()
|
||||||
|
->assertStatus(200)
|
||||||
|
->assertStatusMessageIs('success')
|
||||||
|
->json();
|
||||||
|
|
||||||
// Admin for Company A should get denied updating user from Company B
|
// Admin for Company A should get denied updating user from Company B
|
||||||
$this->actingAsForApi($adminA)
|
$this->actingAsForApi($adminA)
|
||||||
->patchJson(route('api.users.update', $scoped_user_in_companyB))
|
->patchJson(route('api.users.update', $scoped_user_in_companyB))
|
||||||
->assertStatus(403);
|
->assertOk()
|
||||||
|
->assertStatus(200)
|
||||||
|
->assertStatusMessageIs('error')
|
||||||
|
->json();
|
||||||
|
|
||||||
// Admin for Company A should get denied updating user without a company
|
// Admin for Company A should get denied updating user without a company
|
||||||
$this->actingAsForApi($adminA)
|
$this->actingAsForApi($adminA)
|
||||||
->patchJson(route('api.users.update', $scoped_user_in_no_company))
|
->patchJson(route('api.users.update', $scoped_user_in_no_company))
|
||||||
->assertStatus(403);
|
->assertOk()
|
||||||
|
->assertStatus(200)
|
||||||
|
->assertStatusMessageIs('error')
|
||||||
|
->json();
|
||||||
|
|
||||||
// Admin for Company B should allow updating user from Company B
|
// Admin for Company B should allow updating user from Company B
|
||||||
$this->actingAsForApi($adminB)
|
$this->actingAsForApi($adminB)
|
||||||
->patchJson(route('api.users.update', $scoped_user_in_companyB))
|
->patchJson(route('api.users.update', $scoped_user_in_companyB))
|
||||||
->assertStatus(200);
|
->assertOk()
|
||||||
|
->assertStatus(200)
|
||||||
|
->assertStatusMessageIs('success')
|
||||||
|
->json();
|
||||||
|
|
||||||
// Admin for Company B should get denied updating user from Company A
|
// Admin for Company B should get denied updating user from Company A
|
||||||
$this->actingAsForApi($adminB)
|
$this->actingAsForApi($adminB)
|
||||||
->patchJson(route('api.users.update', $scoped_user_in_companyA))
|
->patchJson(route('api.users.update', $scoped_user_in_companyA))
|
||||||
->assertStatus(403);
|
->assertOk()
|
||||||
|
->assertStatus(200)
|
||||||
|
->assertStatusMessageIs('error')
|
||||||
|
->json();
|
||||||
|
|
||||||
// Admin for Company B should get denied updating user without a company
|
// Admin for Company B should get denied updating user without a company
|
||||||
$this->actingAsForApi($adminB)
|
$this->actingAsForApi($adminB)
|
||||||
->patchJson(route('api.users.update', $scoped_user_in_no_company))
|
->patchJson(route('api.users.update', $scoped_user_in_no_company))
|
||||||
->assertStatus(403);
|
->assertOk()
|
||||||
|
->assertStatus(200)
|
||||||
|
->assertStatusMessageIs('error')
|
||||||
|
->json();
|
||||||
|
|
||||||
// Admin without a company should allow updating user without a company
|
// Admin without a company should allow updating user without a company
|
||||||
$this->actingAsForApi($adminNoCompany)
|
$this->actingAsForApi($adminNoCompany)
|
||||||
->patchJson(route('api.users.update', $scoped_user_in_no_company))
|
->patchJson(route('api.users.update', $scoped_user_in_no_company))
|
||||||
->assertStatus(200);
|
->assertOk()
|
||||||
|
->assertStatus(200)
|
||||||
|
->assertStatusMessageIs('success')
|
||||||
|
->json();
|
||||||
|
|
||||||
// Admin without a company should get denied updating user from Company A
|
// Admin without a company should get denied updating user from Company A
|
||||||
$this->actingAsForApi($adminNoCompany)
|
$this->actingAsForApi($adminNoCompany)
|
||||||
->patchJson(route('api.users.update', $scoped_user_in_companyA))
|
->patchJson(route('api.users.update', $scoped_user_in_companyA))
|
||||||
->assertStatus(403);
|
->assertOk()
|
||||||
|
->assertStatus(200)
|
||||||
|
->assertStatusMessageIs('error')
|
||||||
|
->json();
|
||||||
|
|
||||||
// Admin without a company should get denied updating user from Company B
|
// Admin without a company should get denied updating user from Company B
|
||||||
$this->actingAsForApi($adminNoCompany)
|
$this->actingAsForApi($adminNoCompany)
|
||||||
->patchJson(route('api.users.update', $scoped_user_in_companyB))
|
->patchJson(route('api.users.update', $scoped_user_in_companyB))
|
||||||
->assertStatus(403);
|
->assertOk()
|
||||||
|
->assertStatus(200)
|
||||||
|
->assertStatusMessageIs('error')
|
||||||
|
->json();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testUserGroupsAreOnlyUpdatedIfAuthenticatedUserIsSuperUser()
|
public function testUserGroupsAreOnlyUpdatedIfAuthenticatedUserIsSuperUser()
|
||||||
|
|
Loading…
Add table
Reference in a new issue