12-05-2026 Frontend dev

2026-05-12 18:32:33 +02:00 · 2026-05-12 18:32:33 +02:00 · 5b8bdf4182
commit 5b8bdf4182
parent 405df0a122
779 changed files with 480564 additions and 6241 deletions
--- a/tests/Feature/Api/V1/PressReleaseApiTest.php
+++ b/tests/Feature/Api/V1/PressReleaseApiTest.php
@ -0,0 +1,81 @@
+<?php
+
+use App\Models\Category;
+use App\Models\Company;
+use App\Models\PressRelease;
+use App\Models\User;
+use Laravel\Sanctum\Sanctum;
+use Tests\TestCase;
+
+test('api user can create list update and delete own press releases', function () {
+    /** @var TestCase $this */
+    $user = User::factory()->create();
+    $company = Company::factory()->presseecho()->create();
+    $category = Category::factory()->withTranslations()->create();
+    $user->companies()->attach($company->id, ['role' => 'owner']);
+
+    Sanctum::actingAs($user, ['press-releases:read', 'press-releases:write']);
+
+    $createResponse = $this->postJson('/api/v1/press-releases', [
+        'company_id' => $company->id,
+        'category_id' => $category->id,
+        'language' => 'de',
+        'title' => 'Neue API Pressemitteilung',
+        'text' => 'Inhalt der Pressemitteilung',
+        'status' => 'draft',
+    ]);
+
+    $createResponse
+        ->assertCreated()
+        ->assertJsonPath('data.title', 'Neue API Pressemitteilung')
+        ->assertJsonPath('data.portal', 'presseecho');
+
+    $pressReleaseId = PressRelease::withoutGlobalScopes()
+        ->where('title', 'Neue API Pressemitteilung')
+        ->value('id');
+
+    $this->getJson('/api/v1/press-releases')
+        ->assertOk()
+        ->assertJsonPath('data.0.id', $pressReleaseId);
+
+    $this->patchJson("/api/v1/press-releases/{$pressReleaseId}", [
+        'title' => 'Aktualisierte API Pressemitteilung',
+    ])
+        ->assertOk()
+        ->assertJsonPath('data.title', 'Aktualisierte API Pressemitteilung');
+
+    $this->deleteJson("/api/v1/press-releases/{$pressReleaseId}")
+        ->assertNoContent();
+
+    expect(PressRelease::withoutGlobalScopes()->withTrashed()->find($pressReleaseId)?->trashed())->toBeTrue();
+});
+
+test('api write ability is required to create press releases', function () {
+    /** @var TestCase $this */
+    $user = User::factory()->create();
+    $company = Company::factory()->presseecho()->create();
+    $category = Category::factory()->withTranslations()->create();
+    $user->companies()->attach($company->id, ['role' => 'owner']);
+
+    Sanctum::actingAs($user, ['press-releases:read']);
+
+    $this->postJson('/api/v1/press-releases', [
+        'company_id' => $company->id,
+        'category_id' => $category->id,
+        'language' => 'de',
+        'title' => 'Nicht erlaubt',
+        'text' => 'Inhalt',
+    ])->assertForbidden();
+});
+
+test('api user cannot access another users press release', function () {
+    /** @var TestCase $this */
+    $owner = User::factory()->create();
+    $otherUser = User::factory()->create();
+    $pressRelease = PressRelease::factory()->create(['user_id' => $owner->id]);
+
+    Sanctum::actingAs($otherUser, ['press-releases:read']);
+
+    $this->getJson("/api/v1/press-releases/{$pressRelease->id}")
+        ->assertForbidden();
+});