bert.hausmans/band-management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1cb7674d52f3a255a3d1d6cf6cd166802b980af6
band-management/api/tests/Feature/Organisation/OrganisationTest.php
bert.hausmans 1cb7674d52 refactor: align codebase with EventCrew domain and trim legacy band stack 
- Update API: events, users, policies, routes, resources, migrations
- Remove deprecated models/resources (customers, setlists, invitations, etc.)
- Refresh admin app and docs; remove apps/band

Made-with: Cursor
2026-03-29 23:19:06 +02:00

159 lines
4.2 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace Tests\Feature\Organisation;
use App\Models\Organisation;
use App\Models\User;
use Database\Seeders\RoleSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
class OrganisationTest extends TestCase
{
use RefreshDatabase;
protected function setUp(): void
{
parent::setUp();
$this->seed(RoleSeeder::class);
}
// --- INDEX ---
public function test_super_admin_can_list_all_organisations(): void
{
$admin = User::factory()->create();
$admin->assignRole('super_admin');
Organisation::factory()->count(3)->create();
Sanctum::actingAs($admin);
$response = $this->getJson('/api/v1/organisations');
$response->assertOk();
$this->assertCount(3, $response->json('data'));
}
public function test_org_member_sees_only_own_organisations(): void
{
$user = User::factory()->create();
$ownOrg = Organisation::factory()->create();
$otherOrg = Organisation::factory()->create();
$ownOrg->users()->attach($user, ['role' => 'org_member']);
Sanctum::actingAs($user);
$response = $this->getJson('/api/v1/organisations');
$response->assertOk();
$this->assertCount(1, $response->json('data'));
$this->assertEquals($ownOrg->id, $response->json('data.0.id'));
}
public function test_unauthenticated_user_cannot_list_organisations(): void
{
$response = $this->getJson('/api/v1/organisations');
$response->assertUnauthorized();
}
// --- SHOW ---
public function test_org_member_can_view_own_organisation(): void
{
$user = User::factory()->create();
$org = Organisation::factory()->create();
$org->users()->attach($user, ['role' => 'org_member']);
Sanctum::actingAs($user);
$response = $this->getJson("/api/v1/organisations/{$org->id}");
$response->assertOk()
->assertJson(['data' => ['id' => $org->id]]);
}
public function test_user_cannot_view_other_organisation(): void
{
$user = User::factory()->create();
$org = Organisation::factory()->create();
Sanctum::actingAs($user);
$response = $this->getJson("/api/v1/organisations/{$org->id}");
$response->assertForbidden();
}
// --- STORE ---
public function test_super_admin_can_create_organisation(): void
{
$admin = User::factory()->create();
$admin->assignRole('super_admin');
Sanctum::actingAs($admin);
$response = $this->postJson('/api/v1/organisations', [
'name' => 'Test Org',
'slug' => 'test-org',
]);
$response->assertCreated()
->assertJson(['data' => ['name' => 'Test Org', 'slug' => 'test-org']]);
$this->assertDatabaseHas('organisations', ['slug' => 'test-org']);
}
public function test_non_admin_cannot_create_organisation(): void
{
$user = User::factory()->create();
Sanctum::actingAs($user);
$response = $this->postJson('/api/v1/organisations', [
'name' => 'Test Org',
'slug' => 'test-org',
]);
$response->assertForbidden();
}
// --- UPDATE ---
public function test_org_admin_can_update_organisation(): void
{
$user = User::factory()->create();
$org = Organisation::factory()->create();
$org->users()->attach($user, ['role' => 'org_admin']);
Sanctum::actingAs($user);
$response = $this->putJson("/api/v1/organisations/{$org->id}", [
'name' => 'Updated Name',
]);
$response->assertOk()
->assertJson(['data' => ['name' => 'Updated Name']]);
}
public function test_org_member_cannot_update_organisation(): void
{
$user = User::factory()->create();
$org = Organisation::factory()->create();
$org->users()->attach($user, ['role' => 'org_member']);
Sanctum::actingAs($user);
$response = $this->putJson("/api/v1/organisations/{$org->id}", [
'name' => 'Hacked Name',
]);
$response->assertForbidden();
}
}
Reference in New Issue View Git Blame Copy Permalink