mivita/tests/Feature/PaymentDashboard/PaymentDashboardAccessTest.php

<?php

use App\Http\Controllers\Admin\PaymentDashboardController;
use App\Http\Middleware\Admin;
use App\Models\PaymentIncident;
use App\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;

uses(RefreshDatabase::class);

function makeAdminUser(): User
{
    return User::forceCreate([
        'email' => 'admin-'.uniqid().'@test.com',
        'password' => Hash::make('secret'),
        'admin' => 2,
        'lang' => 'de',
    ]);
}

function makeRegularUser(): User
{
    return User::forceCreate([
        'email' => 'user-'.uniqid().'@test.com',
        'password' => Hash::make('secret'),
        'admin' => 0,
        'lang' => 'de',
    ]);
}

function makeVipUser(): User
{
    return User::forceCreate([
        'email' => 'vip-'.uniqid().'@test.com',
        'password' => Hash::make('secret'),
        'admin' => 1,
        'lang' => 'de',
    ]);
}

// ─── Admin Middleware Tests ───────────────────────────────────────────────────

it('Admin-Middleware lässt Admins (admin >= 2) durch', function () {
    $admin = makeAdminUser();
    Auth::setUser($admin);

    $request = Request::create('/admin/payment-dashboard');

    $middleware = new Admin;
    $passed = false;
    $middleware->handle($request, function () use (&$passed) {
        $passed = true;
    });

    expect($passed)->toBeTrue();
});

it('Admin-Middleware blockiert normale Benutzer (admin = 0)', function () {
    $user = makeRegularUser();
    $request = Request::create('/admin/payment-dashboard');
    $request->setUserResolver(fn () => $user);

    $middleware = new Admin;
    $response = $middleware->handle($request, fn () => null);

    expect($response)->not->toBeNull();
    expect($response->getStatusCode())->toBe(302);
});

it('Admin-Middleware blockiert VIP-Benutzer (admin = 1)', function () {
    $vip = makeVipUser();
    $request = Request::create('/admin/payment-dashboard');
    $request->setUserResolver(fn () => $vip);

    $middleware = new Admin;
    $response = $middleware->handle($request, fn () => null);

    expect($response)->not->toBeNull();
    expect($response->getStatusCode())->toBe(302);
});

// ─── Controller Auth Tests ────────────────────────────────────────────────────

it('Entwickler-Ansicht gibt View zurück für Admins', function () {
    $admin = makeAdminUser();
    $this->actingAs($admin);

    $controller = new PaymentDashboardController;
    $response = $controller->index();

    expect($response->getName())->toBe('admin.payment-dashboard.index');
});

it('GF-Ansicht gibt View zurück für Super-Admins (admin >= 3)', function () {
    $superAdmin = User::forceCreate([
        'email' => 'superadmin-'.uniqid().'@test.com',
        'password' => Hash::make('secret'),
        'admin' => 3,
        'lang' => 'de',
    ]);
    $this->actingAs($superAdmin);

    $controller = new PaymentDashboardController;
    $response = $controller->management();

    expect($response->getName())->toBe('admin.payment-dashboard.management');
});

it('GF-Ansicht liefert 403 für normale Admins (admin = 2)', function () {
    $admin = makeAdminUser();
    $this->actingAs($admin);

    $controller = new PaymentDashboardController;

    expect(fn () => $controller->management())->toThrow(\Symfony\Component\HttpKernel\Exception\HttpException::class);
});

it('Incident-Detail gibt korrekten View zurück', function () {
    $admin = makeAdminUser();
    $this->actingAs($admin);

    $incident = PaymentIncident::create([
        'title' => 'Test Incident Detail',
        'provider' => 'payone',
        'type' => 'payment_failure',
        'severity' => 'high',
        'detected_at' => now(),
    ]);

    $controller = new PaymentDashboardController;
    $response = $controller->show($incident);

    expect($response->getName())->toBe('admin.payment-dashboard.show');
    expect($response->getData()['incident']->id)->toBe($incident->id);
});

it('Log-Ansicht gibt View zurück', function () {
    $admin = makeAdminUser();
    $this->actingAs($admin);

    $controller = new PaymentDashboardController;
    $response = $controller->logs();

    expect($response->getName())->toBe('admin.payment-dashboard.logs');
});

it('Transaktions-Ansicht gibt View zurück', function () {
    $admin = makeAdminUser();
    $this->actingAs($admin);

    $controller = new PaymentDashboardController;
    $response = $controller->transactions();

    expect($response->getName())->toBe('admin.payment-dashboard.transactions');
});

it('Abbruch-Analyse gibt View zurück', function () {
    $admin = makeAdminUser();
    $this->actingAs($admin);

    $controller = new PaymentDashboardController;
    $response = $controller->abandoned();

    expect($response->getName())->toBe('admin.payment-dashboard.abandoned');
});

it('Abbruch-Analyse enthält die 3 erwarteten Datensätze', function () {
    $admin = makeAdminUser();
    $this->actingAs($admin);

    $controller = new PaymentDashboardController;
    $response = $controller->abandoned();

    $data = $response->getData();
    expect($data)->toHaveKey('ordersWithoutPayment');
    expect($data)->toHaveKey('cancelledPayments');
    expect($data)->toHaveKey('pendingPayments');
    expect($data)->toHaveKey('abandonedStats');
    expect($data['abandonedStats'])->toHaveKeys(['no_payment', 'cancelled', 'no_callback']);
});