getJson('/api/v1/categories?api_key=legacy-key') ->assertStatus(410) ->assertJsonPath('message', 'Legacy API keys are no longer supported.'); }); test('api user can read only own companies', function () { /** @var TestCase $this */ $user = User::factory()->create(); $ownCompany = Company::factory()->presseecho()->create(['name' => 'Eigene Firma']); $otherCompany = Company::factory()->businessportal24()->create(['name' => 'Fremde Firma']); $user->companies()->attach($ownCompany->id, ['role' => 'owner']); Sanctum::actingAs($user, ['companies:read']); $this->getJson('/api/v1/companies') ->assertOk() ->assertSee('Eigene Firma') ->assertDontSee('Fremde Firma'); $this->getJson("/api/v1/companies/{$otherCompany->id}") ->assertForbidden(); }); test('api user can list categories with press release read ability', function () { /** @var TestCase $this */ $user = User::factory()->create(); Category::factory()->withTranslations()->create(); Sanctum::actingAs($user, ['press-releases:read']); $this->getJson('/api/v1/categories') ->assertOk() ->assertJsonCount(1, 'data') ->assertJsonStructure([ 'data' => [ '*' => ['id', 'portal', 'translations'], ], ]); }); test('api user can subscribe an email to newsletter', function () { /** @var TestCase $this */ $user = User::factory()->create(); Sanctum::actingAs($user, ['newsletter:subscribe']); $this->postJson('/api/v1/newsletter/subscribe', [ 'portal' => 'presseecho', 'email' => 'newsletter@example.com', 'first_name' => 'Max', 'last_name' => 'Muster', ]) ->assertCreated() ->assertJsonPath('data.email', 'newsletter@example.com') ->assertJsonPath('data.is_confirmed', false); expect(NewsletterSubscription::withoutGlobalScopes() ->where('email', 'newsletter@example.com') ->where('portal', 'presseecho') ->exists())->toBeTrue(); });