WIP: Sicherheitsnetz vor Phase-1-R\u00fcckbau
Enth\u00e4lt gemischt: Laravel-10-Upgrade + Phase 1 (Contacts-Modul, Duplicats-Commands, Soft-Delete+Merge-Fields) + Phase 2 Code-Umstellungen (inquiry_id, $table='contacts'/'inquiries') + Offers-Modul (Migrationen, Models, offer_id in Booking, offer-Disk in filesystems.php). Phase 2 + Offers werden im folgenden Commit nach dev/backups/phase2-offers-2026-04-17/ verschoben, damit der Workspace auf Phase-1-only (= Test-System-Stand) reduziert ist und direkt auf Live deploybar wird. Tarball-Backup zus\u00e4tzlich unter: ../backups-safety/workspace-pre-phase1-rollback-2026-04-17.tar.gz Made-with: Cursor
This commit is contained in:
Phase-1-Rollback-Agent
parent
389d5d1820
commit
e3dc1afd8e
165 changed files with 21914 additions and 3516 deletions
53
tests/Feature/BookingControllerTest.php
Normal file
53
tests/Feature/BookingControllerTest.php
Normal file
|
|
@ -0,0 +1,53 @@
|
|||
<?php
|
||||
|
||||
namespace Tests\Feature;
|
||||
|
||||
use App\User;
|
||||
use Tests\TestCase;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
|
||||
class BookingControllerTest extends TestCase
|
||||
{
|
||||
use RefreshDatabase;
|
||||
|
||||
public function testGuestIsRedirectedFromBookingIndex(): void
|
||||
{
|
||||
$response = $this->get('/booking');
|
||||
|
||||
$response->assertRedirect('/login');
|
||||
}
|
||||
|
||||
public function testGuestIsRedirectedFromBookingDetail(): void
|
||||
{
|
||||
$response = $this->get('/booking/1');
|
||||
|
||||
$response->assertRedirect('/login');
|
||||
}
|
||||
|
||||
public function testNonAdminUserCannotAccessBookingIndex(): void
|
||||
{
|
||||
$user = User::factory()->create(['admin' => 0]);
|
||||
|
||||
// Middleware 'admin' redirects non-admins to /home
|
||||
$response = $this->actingAs($user)
|
||||
->withoutMiddleware(\App\Http\Middleware\MiddleGoogle2FA::class)
|
||||
->get('/booking');
|
||||
|
||||
$response->assertRedirect('/home');
|
||||
}
|
||||
|
||||
public function testAdminUserCanAccessBookingIndexAfterAuthentication(): void
|
||||
{
|
||||
$user = User::factory()->admin()->create();
|
||||
|
||||
$response = $this->actingAs($user)
|
||||
->withoutMiddleware([
|
||||
\App\Http\Middleware\MiddleGoogle2FA::class,
|
||||
])
|
||||
->get('/booking');
|
||||
|
||||
// Either 200 (page loads) or a redirect due to missing 2FA – in any
|
||||
// case the admin middleware itself must not block the request.
|
||||
$response->assertStatus(200);
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue