bert.hausmans
1cb7674d52
- Update API: events, users, policies, routes, resources, migrations - Remove deprecated models/resources (customers, setlists, invitations, etc.) - Refresh admin app and docs; remove apps/band Made-with: Cursor
186 lines
5.3 KiB
PHP
186 lines
5.3 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Tests\Feature\Event;
|
|
|
|
use App\Models\Event;
|
|
use App\Models\Organisation;
|
|
use App\Models\User;
|
|
use Database\Seeders\RoleSeeder;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Laravel\Sanctum\Sanctum;
|
|
use Tests\TestCase;
|
|
|
|
class EventTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
private User $admin;
|
|
private User $orgAdmin;
|
|
private User $outsider;
|
|
private Organisation $organisation;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
$this->seed(RoleSeeder::class);
|
|
|
|
$this->admin = User::factory()->create();
|
|
$this->admin->assignRole('super_admin');
|
|
|
|
$this->organisation = Organisation::factory()->create();
|
|
|
|
$this->orgAdmin = User::factory()->create();
|
|
$this->organisation->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
|
|
|
|
$this->outsider = User::factory()->create();
|
|
}
|
|
|
|
// --- INDEX ---
|
|
|
|
public function test_org_admin_can_list_events(): void
|
|
{
|
|
Event::factory()->count(3)->create(['organisation_id' => $this->organisation->id]);
|
|
|
|
Sanctum::actingAs($this->orgAdmin);
|
|
|
|
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/events");
|
|
|
|
$response->assertOk();
|
|
$this->assertCount(3, $response->json('data'));
|
|
}
|
|
|
|
public function test_outsider_cannot_list_events(): void
|
|
{
|
|
Sanctum::actingAs($this->outsider);
|
|
|
|
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/events");
|
|
|
|
$response->assertForbidden();
|
|
}
|
|
|
|
public function test_unauthenticated_user_cannot_list_events(): void
|
|
{
|
|
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/events");
|
|
|
|
$response->assertUnauthorized();
|
|
}
|
|
|
|
// --- SHOW ---
|
|
|
|
public function test_org_admin_can_view_event(): void
|
|
{
|
|
$event = Event::factory()->create(['organisation_id' => $this->organisation->id]);
|
|
|
|
Sanctum::actingAs($this->orgAdmin);
|
|
|
|
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/events/{$event->id}");
|
|
|
|
$response->assertOk()
|
|
->assertJson(['data' => ['id' => $event->id]]);
|
|
}
|
|
|
|
public function test_outsider_cannot_view_event(): void
|
|
{
|
|
$event = Event::factory()->create(['organisation_id' => $this->organisation->id]);
|
|
|
|
Sanctum::actingAs($this->outsider);
|
|
|
|
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/events/{$event->id}");
|
|
|
|
$response->assertForbidden();
|
|
}
|
|
|
|
// --- STORE ---
|
|
|
|
public function test_org_admin_can_create_event(): void
|
|
{
|
|
Sanctum::actingAs($this->orgAdmin);
|
|
|
|
$response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/events", [
|
|
'name' => 'Summer Festival 2026',
|
|
'slug' => 'summer-festival-2026',
|
|
'start_date' => '2026-07-01',
|
|
'end_date' => '2026-07-03',
|
|
]);
|
|
|
|
$response->assertCreated()
|
|
->assertJson(['data' => ['name' => 'Summer Festival 2026']]);
|
|
|
|
$this->assertDatabaseHas('events', [
|
|
'organisation_id' => $this->organisation->id,
|
|
'slug' => 'summer-festival-2026',
|
|
]);
|
|
}
|
|
|
|
public function test_outsider_cannot_create_event(): void
|
|
{
|
|
Sanctum::actingAs($this->outsider);
|
|
|
|
$response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/events", [
|
|
'name' => 'Hacked Event',
|
|
'slug' => 'hacked-event',
|
|
'start_date' => '2026-07-01',
|
|
'end_date' => '2026-07-03',
|
|
]);
|
|
|
|
$response->assertForbidden();
|
|
}
|
|
|
|
public function test_unauthenticated_user_cannot_create_event(): void
|
|
{
|
|
$response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/events", [
|
|
'name' => 'Anon Event',
|
|
'slug' => 'anon-event',
|
|
'start_date' => '2026-07-01',
|
|
'end_date' => '2026-07-03',
|
|
]);
|
|
|
|
$response->assertUnauthorized();
|
|
}
|
|
|
|
// --- UPDATE ---
|
|
|
|
public function test_org_admin_can_update_event(): void
|
|
{
|
|
$event = Event::factory()->create(['organisation_id' => $this->organisation->id]);
|
|
|
|
Sanctum::actingAs($this->orgAdmin);
|
|
|
|
$response = $this->putJson("/api/v1/organisations/{$this->organisation->id}/events/{$event->id}", [
|
|
'name' => 'Updated Festival',
|
|
]);
|
|
|
|
$response->assertOk()
|
|
->assertJson(['data' => ['name' => 'Updated Festival']]);
|
|
}
|
|
|
|
public function test_outsider_cannot_update_event(): void
|
|
{
|
|
$event = Event::factory()->create(['organisation_id' => $this->organisation->id]);
|
|
|
|
Sanctum::actingAs($this->outsider);
|
|
|
|
$response = $this->putJson("/api/v1/organisations/{$this->organisation->id}/events/{$event->id}", [
|
|
'name' => 'Hacked',
|
|
]);
|
|
|
|
$response->assertForbidden();
|
|
}
|
|
|
|
// --- CROSS-ORG ---
|
|
|
|
public function test_event_from_other_org_returns_404(): void
|
|
{
|
|
$otherOrg = Organisation::factory()->create();
|
|
$event = Event::factory()->create(['organisation_id' => $otherOrg->id]);
|
|
|
|
Sanctum::actingAs($this->admin);
|
|
|
|
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/events/{$event->id}");
|
|
|
|
$response->assertNotFound();
|
|
}
|
|
}
|