81 lines
2.8 KiB
PHP
81 lines
2.8 KiB
PHP
<?php
|
|
|
|
use App\Models\Category;
|
|
use App\Models\Company;
|
|
use App\Models\PressRelease;
|
|
use App\Models\User;
|
|
use Laravel\Sanctum\Sanctum;
|
|
use Tests\TestCase;
|
|
|
|
test('api user can create list update and delete own press releases', function () {
|
|
/** @var TestCase $this */
|
|
$user = User::factory()->create();
|
|
$company = Company::factory()->presseecho()->create();
|
|
$category = Category::factory()->withTranslations()->create();
|
|
$user->companies()->attach($company->id, ['role' => 'owner']);
|
|
|
|
Sanctum::actingAs($user, ['press-releases:read', 'press-releases:write']);
|
|
|
|
$createResponse = $this->postJson('/api/v1/press-releases', [
|
|
'company_id' => $company->id,
|
|
'category_id' => $category->id,
|
|
'language' => 'de',
|
|
'title' => 'Neue API Pressemitteilung',
|
|
'text' => 'Inhalt der Pressemitteilung',
|
|
'status' => 'draft',
|
|
]);
|
|
|
|
$createResponse
|
|
->assertCreated()
|
|
->assertJsonPath('data.title', 'Neue API Pressemitteilung')
|
|
->assertJsonPath('data.portal', 'presseecho');
|
|
|
|
$pressReleaseId = PressRelease::withoutGlobalScopes()
|
|
->where('title', 'Neue API Pressemitteilung')
|
|
->value('id');
|
|
|
|
$this->getJson('/api/v1/press-releases')
|
|
->assertOk()
|
|
->assertJsonPath('data.0.id', $pressReleaseId);
|
|
|
|
$this->patchJson("/api/v1/press-releases/{$pressReleaseId}", [
|
|
'title' => 'Aktualisierte API Pressemitteilung',
|
|
])
|
|
->assertOk()
|
|
->assertJsonPath('data.title', 'Aktualisierte API Pressemitteilung');
|
|
|
|
$this->deleteJson("/api/v1/press-releases/{$pressReleaseId}")
|
|
->assertNoContent();
|
|
|
|
expect(PressRelease::withoutGlobalScopes()->withTrashed()->find($pressReleaseId)?->trashed())->toBeTrue();
|
|
});
|
|
|
|
test('api write ability is required to create press releases', function () {
|
|
/** @var TestCase $this */
|
|
$user = User::factory()->create();
|
|
$company = Company::factory()->presseecho()->create();
|
|
$category = Category::factory()->withTranslations()->create();
|
|
$user->companies()->attach($company->id, ['role' => 'owner']);
|
|
|
|
Sanctum::actingAs($user, ['press-releases:read']);
|
|
|
|
$this->postJson('/api/v1/press-releases', [
|
|
'company_id' => $company->id,
|
|
'category_id' => $category->id,
|
|
'language' => 'de',
|
|
'title' => 'Nicht erlaubt',
|
|
'text' => 'Inhalt',
|
|
])->assertForbidden();
|
|
});
|
|
|
|
test('api user cannot access another users press release', function () {
|
|
/** @var TestCase $this */
|
|
$owner = User::factory()->create();
|
|
$otherUser = User::factory()->create();
|
|
$pressRelease = PressRelease::factory()->create(['user_id' => $owner->id]);
|
|
|
|
Sanctum::actingAs($otherUser, ['press-releases:read']);
|
|
|
|
$this->getJson("/api/v1/press-releases/{$pressRelease->id}")
|
|
->assertForbidden();
|
|
});
|