diff --git a/tests/Feature/Users/DeleteUserTest.php b/tests/Feature/Users/DeleteUserTest.php new file mode 100644 index 000000000..818f554c4 --- /dev/null +++ b/tests/Feature/Users/DeleteUserTest.php @@ -0,0 +1,97 @@ +settings->enableMultipleFullCompanySupport(); + //$this->withoutExceptionHandling(); + + [$companyA, $companyB] = Company::factory()->count(2)->create(); + + $superuser = User::factory()->superuser()->create(); + $user = User::factory()->for($companyB)->create(); + + $this->actingAs(User::factory()->viewUsers()->for($companyA)->create()) + ->get(route('users.print', ['userId' => $user->id])) + ->assertStatus(403); + + $this->actingAs(User::factory()->viewUsers()->for($companyB)->create()) + ->get(route('users.print', ['userId' => $user->id])) + ->assertStatus(200); + + $this->actingAs($superuser) + ->get(route('users.print', ['userId' => $user->id])) + ->assertOk() + ->assertStatus(200); + } + + public function testUserWithoutCompanyPermissionsCannotSendInventory() + { + Notification::fake(); + + $this->settings->enableMultipleFullCompanySupport(); + + [$companyA, $companyB] = Company::factory()->count(2)->create(); + + $superuser = User::factory()->superuser()->create(); + $user = User::factory()->for($companyB)->create(); + + $this->actingAs(User::factory()->viewUsers()->for($companyA)->create()) + ->post(route('users.email', ['userId' => $user->id])) + ->assertStatus(403); + + $this->actingAs(User::factory()->viewUsers()->for($companyB)->create()) + ->post(route('users.email', ['userId' => $user->id])) + ->assertStatus(302); + + $this->actingAs($superuser) + ->post(route('users.email', ['userId' => $user->id])) + ->assertStatus(302); + + Notification::assertSentTo( + [$user], CurrentInventory::class + ); + } + + public function testUserWithoutCompanyPermissionsCannotDeleteUser() + { + + $this->settings->enableMultipleFullCompanySupport(); + + [$companyA, $companyB] = Company::factory()->count(2)->create(); + + $superuser = User::factory()->superuser()->create(); + $userFromA = User::factory()->for($companyA)->create(); + $userFromB = User::factory()->for($companyB)->create(); + + $this->followingRedirects()->actingAs(User::factory()->deleteUsers()->for($companyA)->create()) + ->delete(route('users.destroy', ['user' => $userFromB->id])) + ->assertStatus(403); + + $this->actingAs(User::factory()->deleteUsers()->for($companyA)->create()) + ->delete(route('users.destroy', ['user' => $userFromA->id])) + ->assertStatus(302) + ->assertRedirect(route('users.index')); + + $this->actingAs($superuser) + ->post(route('users.email', ['userId' => $userFromA->id])) + ->assertStatus(302); + + $this->actingAs($superuser) + ->post(route('users.email', ['userId' => $userFromB->id])) + ->assertStatus(302); + + } + + +} diff --git a/tests/Feature/Users/ViewUserTest.php b/tests/Feature/Users/ViewUserTest.php index 522eff842..a1d2fc3b9 100644 --- a/tests/Feature/Users/ViewUserTest.php +++ b/tests/Feature/Users/ViewUserTest.php @@ -55,6 +55,7 @@ class ViewUserTest extends TestCase public function testUserWithoutCompanyPermissionsCannotSendInventory() { + Notification::fake(); $this->settings->enableMultipleFullCompanySupport(); @@ -81,26 +82,4 @@ class ViewUserTest extends TestCase ); } - public function testUserWithoutCompanyPermissionsCannotDeleteUser() - { - - $this->settings->enableMultipleFullCompanySupport(); - - [$companyA, $companyB] = Company::factory()->count(2)->create(); - - $superuser = User::factory()->superuser()->create(); - $userFromA = User::factory()->for($companyA)->create(); - $userFromB = User::factory()->for($companyB)->create(); - - $this->followingRedirects()->actingAs(User::factory()->deleteUsers()->for($companyA)->create()) - ->delete(route('users.destroy', ['user' => $userFromB->id])) - ->assertStatus(403); - - $this->actingAs(User::factory()->deleteUsers()->for($companyA)->create()) - ->delete(route('users.destroy', ['user' => $userFromA->id])) - ->assertStatus(302) - ->assertRedirect(route('users.index')); - - } - }