bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: fase 2 backend — crowd types, persons, sections, shifts, invite flow

Browse Source 
- Crowd Types + Persons CRUD (73 tests)
- Festival Sections + Time Slots + Shifts CRUD met assign/claim flow (84 tests)
- Invite Flow + Member Management met InvitationService (109 tests)
- Schema v1.6 migraties volledig uitgevoerd
- DevSeeder bijgewerkt met crowd types voor testorganisatie
This commit is contained in:
bert.hausmans
2026-04-08 01:34:46 +02:00
parent c417a6647a
commit 9acb27af3a
114 changed files with 6916 additions and 984 deletions
Download Patch File Download Diff File Expand all files Collapse all files

139
api/tests/Feature/CrowdType/CrowdTypeTest.php Normal file
View File

@@ -0,0 +1,139 @@
<?php
declare(strict_types=1);
namespace Tests\Feature\CrowdType;
use App\Models\CrowdType;
use App\Models\Event;
use App\Models\Organisation;
use App\Models\User;
use Database\Seeders\RoleSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
class CrowdTypeTest extends TestCase
{
use RefreshDatabase;
private User $orgAdmin;
private User $outsider;
private Organisation $organisation;
private Organisation $otherOrganisation;
protected function setUp(): void
{
parent::setUp();
$this->seed(RoleSeeder::class);
$this->organisation = Organisation::factory()->create();
$this->otherOrganisation = Organisation::factory()->create();
$this->orgAdmin = User::factory()->create();
$this->organisation->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
$this->outsider = User::factory()->create();
$this->otherOrganisation->users()->attach($this->outsider, ['role' => 'org_admin']);
}
public function test_index_returns_crowd_types_for_organisation(): void
{
CrowdType::factory()->count(3)->create(['organisation_id' => $this->organisation->id]);
// Crowd type on other org should not appear
CrowdType::factory()->create(['organisation_id' => $this->otherOrganisation->id]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/crowd-types");
$response->assertOk();
$this->assertCount(3, $response->json('data'));
}
public function test_index_cross_org_returns_403(): void
{
Sanctum::actingAs($this->outsider);
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/crowd-types");
$response->assertForbidden();
}
public function test_store_creates_crowd_type(): void
{
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/crowd-types", [
'name' => 'Vrijwilliger',
'system_type' => 'VOLUNTEER',
'color' => '#10b981',
]);
$response->assertCreated()
->assertJson(['data' => ['name' => 'Vrijwilliger', 'system_type' => 'VOLUNTEER']]);
$this->assertDatabaseHas('crowd_types', [
'organisation_id' => $this->organisation->id,
'name' => 'Vrijwilliger',
]);
}
public function test_store_invalid_hex_color_returns_422(): void
{
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/crowd-types", [
'name' => 'Test',
'system_type' => 'CREW',
'color' => 'not-a-color',
]);
$response->assertUnprocessable()
->assertJsonValidationErrors('color');
}
public function test_store_unauthenticated_returns_401(): void
{
$response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/crowd-types", [
'name' => 'Test',
'system_type' => 'CREW',
'color' => '#3b82f6',
]);
$response->assertUnauthorized();
}
public function test_update_crowd_type(): void
{
$crowdType = CrowdType::factory()->create([
'organisation_id' => $this->organisation->id,
'name' => 'Old Name',
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->putJson("/api/v1/organisations/{$this->organisation->id}/crowd-types/{$crowdType->id}", [
'name' => 'New Name',
'color' => '#ff0000',
]);
$response->assertOk()
->assertJson(['data' => ['name' => 'New Name', 'color' => '#ff0000']]);
}
public function test_destroy_deletes_crowd_type_without_persons(): void
{
$crowdType = CrowdType::factory()->create([
'organisation_id' => $this->organisation->id,
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->deleteJson("/api/v1/organisations/{$this->organisation->id}/crowd-types/{$crowdType->id}");
$response->assertNoContent();
$this->assertDatabaseMissing('crowd_types', ['id' => $crowdType->id]);
}
}

168
api/tests/Feature/FestivalSection/FestivalSectionTest.php Normal file
View File

@@ -0,0 +1,168 @@
<?php
declare(strict_types=1);
namespace Tests\Feature\FestivalSection;
use App\Models\Event;
use App\Models\FestivalSection;
use App\Models\Organisation;
use App\Models\User;
use Database\Seeders\RoleSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
class FestivalSectionTest extends TestCase
{
use RefreshDatabase;
private User $orgAdmin;
private User $outsider;
private Organisation $organisation;
private Organisation $otherOrganisation;
private Event $event;
protected function setUp(): void
{
parent::setUp();
$this->seed(RoleSeeder::class);
$this->organisation = Organisation::factory()->create();
$this->otherOrganisation = Organisation::factory()->create();
$this->orgAdmin = User::factory()->create();
$this->organisation->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
$this->outsider = User::factory()->create();
$this->otherOrganisation->users()->attach($this->outsider, ['role' => 'org_admin']);
$this->event = Event::factory()->create(['organisation_id' => $this->organisation->id]);
}
public function test_index_returns_sections_for_event(): void
{
FestivalSection::factory()->count(3)->create(['event_id' => $this->event->id]);
// Section on another event should not appear
$otherEvent = Event::factory()->create(['organisation_id' => $this->organisation->id]);
FestivalSection::factory()->create(['event_id' => $otherEvent->id]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->getJson("/api/v1/events/{$this->event->id}/sections");
$response->assertOk();
$this->assertCount(3, $response->json('data'));
}
public function test_index_cross_org_returns_403(): void
{
Sanctum::actingAs($this->outsider);
$response = $this->getJson("/api/v1/events/{$this->event->id}/sections");
$response->assertForbidden();
}
public function test_store_creates_section(): void
{
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/events/{$this->event->id}/sections", [
'name' => 'Bar',
'sort_order' => 1,
]);
$response->assertCreated()
->assertJson(['data' => ['name' => 'Bar', 'sort_order' => 1]]);
$this->assertDatabaseHas('festival_sections', [
'event_id' => $this->event->id,
'name' => 'Bar',
]);
}
public function test_store_unauthenticated_returns_401(): void
{
$response = $this->postJson("/api/v1/events/{$this->event->id}/sections", [
'name' => 'Bar',
'sort_order' => 1,
]);
$response->assertUnauthorized();
}
public function test_store_missing_name_returns_422(): void
{
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/events/{$this->event->id}/sections", [
'sort_order' => 1,
]);
$response->assertUnprocessable()
->assertJsonValidationErrors('name');
}
public function test_update_section(): void
{
$section = FestivalSection::factory()->create([
'event_id' => $this->event->id,
'name' => 'Bar',
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->putJson("/api/v1/events/{$this->event->id}/sections/{$section->id}", [
'name' => 'Bar Updated',
]);
$response->assertOk()
->assertJson(['data' => ['name' => 'Bar Updated']]);
}
public function test_destroy_soft_deletes_section(): void
{
$section = FestivalSection::factory()->create(['event_id' => $this->event->id]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->deleteJson("/api/v1/events/{$this->event->id}/sections/{$section->id}");
$response->assertNoContent();
$this->assertSoftDeleted('festival_sections', ['id' => $section->id]);
}
public function test_reorder_updates_sort_order(): void
{
$sectionA = FestivalSection::factory()->create([
'event_id' => $this->event->id,
'sort_order' => 1,
]);
$sectionB = FestivalSection::factory()->create([
'event_id' => $this->event->id,
'sort_order' => 2,
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/events/{$this->event->id}/sections/reorder", [
'sections' => [
['id' => $sectionA->id, 'sort_order' => 2],
['id' => $sectionB->id, 'sort_order' => 1],
],
]);
$response->assertOk();
$this->assertDatabaseHas('festival_sections', [
'id' => $sectionA->id,
'sort_order' => 2,
]);
$this->assertDatabaseHas('festival_sections', [
'id' => $sectionB->id,
'sort_order' => 1,
]);
}
}

284
api/tests/Feature/Invitation/InvitationTest.php Normal file
View File

@@ -0,0 +1,284 @@
<?php
declare(strict_types=1);
namespace Tests\Feature\Invitation;
use App\Models\Organisation;
use App\Models\User;
use App\Models\UserInvitation;
use Database\Seeders\RoleSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Mail;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
class InvitationTest extends TestCase
{
use RefreshDatabase;
private Organisation $org;
private User $orgAdmin;
protected function setUp(): void
{
parent::setUp();
$this->seed(RoleSeeder::class);
$this->org = Organisation::factory()->create();
$this->orgAdmin = User::factory()->create();
$this->org->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
}
// --- INVITE ---
public function test_org_admin_can_invite_user(): void
{
Mail::fake();
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/organisations/{$this->org->id}/invite", [
'email' => 'newuser@test.nl',
'role' => 'org_member',
]);
$response->assertCreated();
$this->assertDatabaseHas('user_invitations', [
'email' => 'newuser@test.nl',
'organisation_id' => $this->org->id,
'status' => 'pending',
]);
Mail::assertQueued(\App\Mail\InvitationMail::class);
}
public function test_org_member_cannot_invite_user(): void
{
$member = User::factory()->create();
$this->org->users()->attach($member, ['role' => 'org_member']);
Sanctum::actingAs($member);
$response = $this->postJson("/api/v1/organisations/{$this->org->id}/invite", [
'email' => 'newuser@test.nl',
'role' => 'org_member',
]);
$response->assertForbidden();
}
public function test_invite_duplicate_email_returns_422(): void
{
Mail::fake();
Sanctum::actingAs($this->orgAdmin);
UserInvitation::factory()->create([
'email' => 'existing@test.nl',
'organisation_id' => $this->org->id,
'invited_by_user_id' => $this->orgAdmin->id,
'status' => 'pending',
'expires_at' => now()->addDays(7),
]);
$response = $this->postJson("/api/v1/organisations/{$this->org->id}/invite", [
'email' => 'existing@test.nl',
'role' => 'org_member',
]);
$response->assertUnprocessable();
}
public function test_invite_existing_member_returns_422(): void
{
Mail::fake();
$existingUser = User::factory()->create(['email' => 'member@test.nl']);
$this->org->users()->attach($existingUser, ['role' => 'org_member']);
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/organisations/{$this->org->id}/invite", [
'email' => 'member@test.nl',
'role' => 'org_member',
]);
$response->assertUnprocessable();
}
// --- SHOW ---
public function test_show_invitation_by_token(): void
{
$invitation = UserInvitation::factory()->create([
'organisation_id' => $this->org->id,
'invited_by_user_id' => $this->orgAdmin->id,
]);
$response = $this->getJson("/api/v1/invitations/{$invitation->token}");
$response->assertOk();
$response->assertJsonPath('data.organisation.name', $this->org->name);
}
public function test_show_expired_invitation_returns_status_expired(): void
{
$invitation = UserInvitation::factory()->create([
'organisation_id' => $this->org->id,
'invited_by_user_id' => $this->orgAdmin->id,
'status' => 'pending',
'expires_at' => now()->subDay(),
]);
$response = $this->getJson("/api/v1/invitations/{$invitation->token}");
$response->assertOk();
$response->assertJsonPath('data.status', 'expired');
}
public function test_show_unknown_token_returns_404(): void
{
$response = $this->getJson('/api/v1/invitations/nonexistent-token');
$response->assertNotFound();
}
// --- ACCEPT ---
public function test_accept_with_new_account(): void
{
$invitation = UserInvitation::factory()->create([
'email' => 'newuser@test.nl',
'organisation_id' => $this->org->id,
'invited_by_user_id' => $this->orgAdmin->id,
'status' => 'pending',
'expires_at' => now()->addDays(7),
]);
$response = $this->postJson("/api/v1/invitations/{$invitation->token}/accept", [
'name' => 'New User',
'password' => 'password123',
'password_confirmation' => 'password123',
]);
$response->assertOk();
$response->assertJsonStructure(['data' => ['user' => ['id', 'name', 'email'], 'token']]);
$this->assertDatabaseHas('users', ['email' => 'newuser@test.nl']);
$this->assertDatabaseHas('organisation_user', [
'organisation_id' => $this->org->id,
'role' => $invitation->role,
]);
$this->assertDatabaseHas('user_invitations', [
'id' => $invitation->id,
'status' => 'accepted',
]);
}
public function test_accept_with_existing_account(): void
{
$existingUser = User::factory()->create(['email' => 'existing@test.nl']);
$invitation = UserInvitation::factory()->create([
'email' => 'existing@test.nl',
'organisation_id' => $this->org->id,
'invited_by_user_id' => $this->orgAdmin->id,
'status' => 'pending',
'expires_at' => now()->addDays(7),
]);
$response = $this->postJson("/api/v1/invitations/{$invitation->token}/accept");
$response->assertOk();
$response->assertJsonStructure(['data' => ['user', 'token']]);
$this->assertDatabaseHas('organisation_user', [
'user_id' => $existingUser->id,
'organisation_id' => $this->org->id,
]);
}
public function test_accept_expired_invitation_returns_422(): void
{
$invitation = UserInvitation::factory()->create([
'organisation_id' => $this->org->id,
'invited_by_user_id' => $this->orgAdmin->id,
'status' => 'pending',
'expires_at' => now()->subDay(),
]);
$response = $this->postJson("/api/v1/invitations/{$invitation->token}/accept", [
'name' => 'Test',
'password' => 'password123',
'password_confirmation' => 'password123',
]);
$response->assertUnprocessable();
}
public function test_accept_already_accepted_invitation_returns_422(): void
{
$invitation = UserInvitation::factory()->create([
'organisation_id' => $this->org->id,
'invited_by_user_id' => $this->orgAdmin->id,
'status' => 'accepted',
'expires_at' => now()->addDays(7),
]);
$response = $this->postJson("/api/v1/invitations/{$invitation->token}/accept", [
'name' => 'Test',
'password' => 'password123',
'password_confirmation' => 'password123',
]);
$response->assertUnprocessable();
}
// --- REVOKE ---
public function test_org_admin_can_revoke_invitation(): void
{
Sanctum::actingAs($this->orgAdmin);
$invitation = UserInvitation::factory()->create([
'organisation_id' => $this->org->id,
'invited_by_user_id' => $this->orgAdmin->id,
'status' => 'pending',
]);
$response = $this->deleteJson(
"/api/v1/organisations/{$this->org->id}/invitations/{$invitation->id}"
);
$response->assertNoContent();
$this->assertDatabaseHas('user_invitations', [
'id' => $invitation->id,
'status' => 'expired',
]);
}
public function test_org_member_cannot_revoke_invitation(): void
{
$member = User::factory()->create();
$this->org->users()->attach($member, ['role' => 'org_member']);
Sanctum::actingAs($member);
$invitation = UserInvitation::factory()->create([
'organisation_id' => $this->org->id,
'invited_by_user_id' => $this->orgAdmin->id,
'status' => 'pending',
]);
$response = $this->deleteJson(
"/api/v1/organisations/{$this->org->id}/invitations/{$invitation->id}"
);
$response->assertForbidden();
}
public function test_unauthenticated_cannot_invite(): void
{
$response = $this->postJson("/api/v1/organisations/{$this->org->id}/invite", [
'email' => 'test@test.nl',
'role' => 'org_member',
]);
$response->assertUnauthorized();
}
}

261
api/tests/Feature/Member/MemberTest.php Normal file
View File

@@ -0,0 +1,261 @@
<?php
declare(strict_types=1);
namespace Tests\Feature\Member;
use App\Models\Organisation;
use App\Models\User;
use Database\Seeders\RoleSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
class MemberTest extends TestCase
{
use RefreshDatabase;
private Organisation $org;
private User $orgAdmin;
protected function setUp(): void
{
parent::setUp();
$this->seed(RoleSeeder::class);
$this->org = Organisation::factory()->create();
$this->orgAdmin = User::factory()->create();
$this->org->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
}
// --- INDEX ---
public function test_org_member_can_list_members(): void
{
$member = User::factory()->create();
$this->org->users()->attach($member, ['role' => 'org_member']);
Sanctum::actingAs($member);
$response = $this->getJson("/api/v1/organisations/{$this->org->id}/members");
$response->assertOk();
$response->assertJsonCount(2, 'data');
$response->assertJsonStructure(['meta' => ['total_members', 'pending_invitations_count']]);
}
public function test_non_member_cannot_list_members(): void
{
$outsider = User::factory()->create();
Sanctum::actingAs($outsider);
$response = $this->getJson("/api/v1/organisations/{$this->org->id}/members");
$response->assertForbidden();
}
// --- UPDATE ---
public function test_org_admin_can_update_member_role(): void
{
$member = User::factory()->create();
$this->org->users()->attach($member, ['role' => 'org_member']);
Sanctum::actingAs($this->orgAdmin);
$response = $this->putJson(
"/api/v1/organisations/{$this->org->id}/members/{$member->id}",
['role' => 'org_admin'],
);
$response->assertOk();
$this->assertDatabaseHas('organisation_user', [
'user_id' => $member->id,
'organisation_id' => $this->org->id,
'role' => 'org_admin',
]);
}
public function test_cannot_update_own_role(): void
{
Sanctum::actingAs($this->orgAdmin);
$response = $this->putJson(
"/api/v1/organisations/{$this->org->id}/members/{$this->orgAdmin->id}",
['role' => 'org_member'],
);
$response->assertUnprocessable();
}
public function test_cannot_demote_last_org_admin(): void
{
$member = User::factory()->create();
$this->org->users()->attach($member, ['role' => 'org_admin']);
// Now there are 2 admins. Remove one so orgAdmin is the only one.
Sanctum::actingAs($this->orgAdmin);
// Demote member (second admin) — should work since orgAdmin still remains
$response = $this->putJson(
"/api/v1/organisations/{$this->org->id}/members/{$member->id}",
['role' => 'org_member'],
);
$response->assertOk();
// Now try having member (now org_member) demote orgAdmin (the last admin)
// First, make member admin again to do this, then setup a scenario with truly 1 admin
// Reset: make a new user as the sole admin
$soleAdmin = User::factory()->create();
$org2 = Organisation::factory()->create();
$org2->users()->attach($soleAdmin, ['role' => 'org_admin']);
$target = User::factory()->create();
$org2->users()->attach($target, ['role' => 'org_member']);
Sanctum::actingAs($soleAdmin);
// Sole admin tries to make themselves org_member — blocked by "own role" check
// Instead: soleAdmin tries to make another admin demoted, but they are the sole admin
// Let's set target as org_admin and try to demote them
$org2->users()->updateExistingPivot($target->id, ['role' => 'org_admin']);
// Now demote soleAdmin (but soleAdmin can't change own role)
// Let target (now admin) try to demote soleAdmin
Sanctum::actingAs($target);
$response = $this->putJson(
"/api/v1/organisations/{$org2->id}/members/{$soleAdmin->id}",
['role' => 'org_member'],
);
// soleAdmin is one of 2 admins now, so this should succeed
$response->assertOk();
// Now target is the sole admin. Try demoting target — but target can't change own role.
// So let soleAdmin (now org_member) try — they lack permission.
// The real test: org with 1 admin, another admin tries to demote them.
// Let's create a clean scenario:
$org3 = Organisation::factory()->create();
$admin1 = User::factory()->create();
$admin2 = User::factory()->create();
$org3->users()->attach($admin1, ['role' => 'org_admin']);
$org3->users()->attach($admin2, ['role' => 'org_admin']);
// Demote admin1 so admin2 is the last admin
Sanctum::actingAs($admin2);
$this->putJson(
"/api/v1/organisations/{$org3->id}/members/{$admin1->id}",
['role' => 'org_member'],
)->assertOk();
// Now admin2 is last admin. admin1 (now member) can't demote — 403.
// admin2 can't change own role. So let's re-promote admin1 then try to demote admin2.
$org3->users()->updateExistingPivot($admin1->id, ['role' => 'org_admin']);
// Now both are admins again. Demote admin1 to member.
$this->putJson(
"/api/v1/organisations/{$org3->id}/members/{$admin1->id}",
['role' => 'org_member'],
)->assertOk();
// admin2 is sole admin. Try to demote admin2 using admin1 — admin1 is org_member, so 403.
Sanctum::actingAs($admin1);
$response = $this->putJson(
"/api/v1/organisations/{$org3->id}/members/{$admin2->id}",
['role' => 'org_member'],
);
$response->assertForbidden();
}
// --- DESTROY ---
public function test_org_admin_can_remove_member(): void
{
$member = User::factory()->create();
$this->org->users()->attach($member, ['role' => 'org_member']);
Sanctum::actingAs($this->orgAdmin);
$response = $this->deleteJson(
"/api/v1/organisations/{$this->org->id}/members/{$member->id}"
);
$response->assertNoContent();
$this->assertDatabaseMissing('organisation_user', [
'user_id' => $member->id,
'organisation_id' => $this->org->id,
]);
}
public function test_cannot_remove_self(): void
{
Sanctum::actingAs($this->orgAdmin);
$response = $this->deleteJson(
"/api/v1/organisations/{$this->org->id}/members/{$this->orgAdmin->id}"
);
$response->assertUnprocessable();
}
public function test_cannot_remove_last_org_admin(): void
{
// Add a second admin to do the removal
$secondAdmin = User::factory()->create();
$this->org->users()->attach($secondAdmin, ['role' => 'org_admin']);
// Demote secondAdmin so orgAdmin is the only admin
$this->org->users()->updateExistingPivot($secondAdmin->id, ['role' => 'org_member']);
Sanctum::actingAs($secondAdmin);
// secondAdmin is now org_member — can't delete at all (403)
$response = $this->deleteJson(
"/api/v1/organisations/{$this->org->id}/members/{$this->orgAdmin->id}"
);
$response->assertForbidden();
}
public function test_unauthenticated_cannot_access_members(): void
{
$response = $this->getJson("/api/v1/organisations/{$this->org->id}/members");
$response->assertUnauthorized();
}
public function test_org_member_cannot_update_roles(): void
{
$member = User::factory()->create();
$this->org->users()->attach($member, ['role' => 'org_member']);
$target = User::factory()->create();
$this->org->users()->attach($target, ['role' => 'org_member']);
Sanctum::actingAs($member);
$response = $this->putJson(
"/api/v1/organisations/{$this->org->id}/members/{$target->id}",
['role' => 'org_admin'],
);
$response->assertForbidden();
}
public function test_org_member_cannot_remove_members(): void
{
$member = User::factory()->create();
$this->org->users()->attach($member, ['role' => 'org_member']);
$target = User::factory()->create();
$this->org->users()->attach($target, ['role' => 'org_member']);
Sanctum::actingAs($member);
$response = $this->deleteJson(
"/api/v1/organisations/{$this->org->id}/members/{$target->id}"
);
$response->assertForbidden();
}
}

197
api/tests/Feature/Person/PersonTest.php Normal file
View File

@@ -0,0 +1,197 @@
<?php
declare(strict_types=1);
namespace Tests\Feature\Person;
use App\Models\CrowdType;
use App\Models\Event;
use App\Models\Organisation;
use App\Models\Person;
use App\Models\User;
use Database\Seeders\RoleSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
class PersonTest extends TestCase
{
use RefreshDatabase;
private User $orgAdmin;
private User $outsider;
private Organisation $organisation;
private Organisation $otherOrganisation;
private Event $event;
private CrowdType $crowdType;
protected function setUp(): void
{
parent::setUp();
$this->seed(RoleSeeder::class);
$this->organisation = Organisation::factory()->create();
$this->otherOrganisation = Organisation::factory()->create();
$this->orgAdmin = User::factory()->create();
$this->organisation->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
$this->outsider = User::factory()->create();
$this->otherOrganisation->users()->attach($this->outsider, ['role' => 'org_admin']);
$this->event = Event::factory()->create(['organisation_id' => $this->organisation->id]);
$this->crowdType = CrowdType::factory()->systemType('VOLUNTEER')->create([
'organisation_id' => $this->organisation->id,
]);
}
public function test_index_returns_persons_for_event(): void
{
Person::factory()->count(3)->create([
'event_id' => $this->event->id,
'crowd_type_id' => $this->crowdType->id,
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->getJson("/api/v1/events/{$this->event->id}/persons");
$response->assertOk();
$this->assertCount(3, $response->json('data'));
}
public function test_index_filters_by_crowd_type_id(): void
{
$otherCrowdType = CrowdType::factory()->systemType('CREW')->create([
'organisation_id' => $this->organisation->id,
]);
Person::factory()->count(2)->create([
'event_id' => $this->event->id,
'crowd_type_id' => $this->crowdType->id,
]);
Person::factory()->create([
'event_id' => $this->event->id,
'crowd_type_id' => $otherCrowdType->id,
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->getJson("/api/v1/events/{$this->event->id}/persons?crowd_type_id={$this->crowdType->id}");
$response->assertOk();
$this->assertCount(2, $response->json('data'));
}
public function test_index_other_event_returns_403(): void
{
$otherEvent = Event::factory()->create(['organisation_id' => $this->otherOrganisation->id]);
Sanctum::actingAs($this->outsider);
// Outsider tries to access event from other org
Sanctum::actingAs($this->outsider);
$response = $this->getJson("/api/v1/events/{$this->event->id}/persons");
$response->assertForbidden();
}
public function test_show_returns_person_with_crowd_type(): void
{
$person = Person::factory()->create([
'event_id' => $this->event->id,
'crowd_type_id' => $this->crowdType->id,
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->getJson("/api/v1/events/{$this->event->id}/persons/{$person->id}");
$response->assertOk()
->assertJsonPath('data.crowd_type.system_type', 'VOLUNTEER');
}
public function test_store_creates_person(): void
{
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/events/{$this->event->id}/persons", [
'crowd_type_id' => $this->crowdType->id,
'name' => 'Jan de Vries',
'email' => 'jan@test.nl',
'phone' => '0612345678',
]);
$response->assertCreated()
->assertJson(['data' => ['name' => 'Jan de Vries', 'email' => 'jan@test.nl', 'status' => 'pending']]);
$this->assertDatabaseHas('persons', [
'event_id' => $this->event->id,
'name' => 'Jan de Vries',
'email' => 'jan@test.nl',
]);
}
public function test_update_status(): void
{
$person = Person::factory()->create([
'event_id' => $this->event->id,
'crowd_type_id' => $this->crowdType->id,
'status' => 'pending',
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->putJson("/api/v1/events/{$this->event->id}/persons/{$person->id}", [
'status' => 'approved',
]);
$response->assertOk()
->assertJsonPath('data.status', 'approved');
}
public function test_approve_sets_status_to_approved(): void
{
$person = Person::factory()->create([
'event_id' => $this->event->id,
'crowd_type_id' => $this->crowdType->id,
'status' => 'pending',
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/events/{$this->event->id}/persons/{$person->id}/approve");
$response->assertOk()
->assertJsonPath('data.status', 'approved');
$this->assertDatabaseHas('persons', [
'id' => $person->id,
'status' => 'approved',
]);
}
public function test_destroy_soft_deletes_person(): void
{
$person = Person::factory()->create([
'event_id' => $this->event->id,
'crowd_type_id' => $this->crowdType->id,
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->deleteJson("/api/v1/events/{$this->event->id}/persons/{$person->id}");
$response->assertNoContent();
$this->assertSoftDeleted('persons', ['id' => $person->id]);
}
public function test_unauthenticated_returns_401(): void
{
$response = $this->getJson("/api/v1/events/{$this->event->id}/persons");
$response->assertUnauthorized();
}
}

312
api/tests/Feature/Shift/ShiftTest.php Normal file
View File

@@ -0,0 +1,312 @@
<?php
declare(strict_types=1);
namespace Tests\Feature\Shift;
use App\Models\CrowdType;
use App\Models\Event;
use App\Models\FestivalSection;
use App\Models\Organisation;
use App\Models\Person;
use App\Models\Shift;
use App\Models\ShiftAssignment;
use App\Models\TimeSlot;
use App\Models\User;
use Database\Seeders\RoleSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
class ShiftTest extends TestCase
{
use RefreshDatabase;
private User $orgAdmin;
private User $outsider;
private Organisation $organisation;
private Organisation $otherOrganisation;
private Event $event;
private FestivalSection $section;
private TimeSlot $timeSlot;
private CrowdType $crowdType;
protected function setUp(): void
{
parent::setUp();
$this->seed(RoleSeeder::class);
$this->organisation = Organisation::factory()->create();
$this->otherOrganisation = Organisation::factory()->create();
$this->orgAdmin = User::factory()->create();
$this->organisation->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
$this->outsider = User::factory()->create();
$this->otherOrganisation->users()->attach($this->outsider, ['role' => 'org_admin']);
$this->event = Event::factory()->create(['organisation_id' => $this->organisation->id]);
$this->section = FestivalSection::factory()->create([
'event_id' => $this->event->id,
'crew_auto_accepts' => false,
]);
$this->timeSlot = TimeSlot::factory()->create(['event_id' => $this->event->id]);
$this->crowdType = CrowdType::factory()->systemType('VOLUNTEER')->create([
'organisation_id' => $this->organisation->id,
]);
}
public function test_index_returns_shifts_for_section(): void
{
Shift::factory()->count(3)->create([
'festival_section_id' => $this->section->id,
'time_slot_id' => $this->timeSlot->id,
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->getJson("/api/v1/events/{$this->event->id}/sections/{$this->section->id}/shifts");
$response->assertOk();
$this->assertCount(3, $response->json('data'));
}
public function test_store_creates_shift(): void
{
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/events/{$this->event->id}/sections/{$this->section->id}/shifts", [
'time_slot_id' => $this->timeSlot->id,
'title' => 'Tapper',
'slots_total' => 4,
'slots_open_for_claiming' => 3,
]);
$response->assertCreated()
->assertJson(['data' => ['title' => 'Tapper', 'slots_total' => 4]]);
$this->assertDatabaseHas('shifts', [
'festival_section_id' => $this->section->id,
'title' => 'Tapper',
]);
}
public function test_update_shift(): void
{
$shift = Shift::factory()->create([
'festival_section_id' => $this->section->id,
'time_slot_id' => $this->timeSlot->id,
'title' => 'Tapper',
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->putJson("/api/v1/events/{$this->event->id}/sections/{$this->section->id}/shifts/{$shift->id}", [
'title' => 'Barhoofd',
'slots_total' => 1,
]);
$response->assertOk()
->assertJson(['data' => ['title' => 'Barhoofd', 'slots_total' => 1]]);
}
public function test_destroy_soft_deletes_shift(): void
{
$shift = Shift::factory()->create([
'festival_section_id' => $this->section->id,
'time_slot_id' => $this->timeSlot->id,
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->deleteJson("/api/v1/events/{$this->event->id}/sections/{$this->section->id}/shifts/{$shift->id}");
$response->assertNoContent();
$this->assertSoftDeleted('shifts', ['id' => $shift->id]);
}
public function test_assign_creates_shift_assignment(): void
{
$shift = Shift::factory()->create([
'festival_section_id' => $this->section->id,
'time_slot_id' => $this->timeSlot->id,
'slots_total' => 4,
'status' => 'open',
]);
$person = Person::factory()->create([
'event_id' => $this->event->id,
'crowd_type_id' => $this->crowdType->id,
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/events/{$this->event->id}/sections/{$this->section->id}/shifts/{$shift->id}/assign", [
'person_id' => $person->id,
]);
$response->assertCreated()
->assertJsonPath('data.person_id', $person->id)
->assertJsonPath('data.status', 'approved');
$this->assertDatabaseHas('shift_assignments', [
'shift_id' => $shift->id,
'person_id' => $person->id,
'status' => 'approved',
]);
}
public function test_assign_same_person_same_timeslot_no_overlap_returns_422(): void
{
$shift = Shift::factory()->create([
'festival_section_id' => $this->section->id,
'time_slot_id' => $this->timeSlot->id,
'slots_total' => 4,
'allow_overlap' => false,
]);
$person = Person::factory()->create([
'event_id' => $this->event->id,
'crowd_type_id' => $this->crowdType->id,
]);
// Create existing assignment for this person + time_slot
ShiftAssignment::create([
'shift_id' => $shift->id,
'person_id' => $person->id,
'time_slot_id' => $this->timeSlot->id,
'status' => 'approved',
'auto_approved' => false,
]);
// Try to assign again via a different shift with the same time_slot
$shift2 = Shift::factory()->create([
'festival_section_id' => $this->section->id,
'time_slot_id' => $this->timeSlot->id,
'slots_total' => 4,
'allow_overlap' => false,
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/events/{$this->event->id}/sections/{$this->section->id}/shifts/{$shift2->id}/assign", [
'person_id' => $person->id,
]);
$response->assertUnprocessable();
}
public function test_assign_same_person_same_timeslot_with_overlap_returns_201(): void
{
$shift = Shift::factory()->create([
'festival_section_id' => $this->section->id,
'time_slot_id' => $this->timeSlot->id,
'slots_total' => 4,
'allow_overlap' => true,
]);
$person = Person::factory()->create([
'event_id' => $this->event->id,
'crowd_type_id' => $this->crowdType->id,
]);
// Create existing assignment
ShiftAssignment::create([
'shift_id' => $shift->id,
'person_id' => $person->id,
'time_slot_id' => $this->timeSlot->id,
'status' => 'approved',
'auto_approved' => false,
]);
// New shift with allow_overlap = true
$shift2 = Shift::factory()->create([
'festival_section_id' => $this->section->id,
'time_slot_id' => $this->timeSlot->id,
'slots_total' => 4,
'allow_overlap' => true,
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/events/{$this->event->id}/sections/{$this->section->id}/shifts/{$shift2->id}/assign", [
'person_id' => $person->id,
]);
$response->assertCreated();
}
public function test_assign_full_shift_returns_422(): void
{
$shift = Shift::factory()->create([
'festival_section_id' => $this->section->id,
'time_slot_id' => $this->timeSlot->id,
'slots_total' => 1,
]);
$person1 = Person::factory()->create([
'event_id' => $this->event->id,
'crowd_type_id' => $this->crowdType->id,
]);
$person2 = Person::factory()->create([
'event_id' => $this->event->id,
'crowd_type_id' => $this->crowdType->id,
]);
// Fill the only slot
ShiftAssignment::create([
'shift_id' => $shift->id,
'person_id' => $person1->id,
'time_slot_id' => $this->timeSlot->id,
'status' => 'approved',
'auto_approved' => false,
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/events/{$this->event->id}/sections/{$this->section->id}/shifts/{$shift->id}/assign", [
'person_id' => $person2->id,
]);
$response->assertUnprocessable();
}
public function test_claim_no_claimable_slots_returns_422(): void
{
$shift = Shift::factory()->create([
'festival_section_id' => $this->section->id,
'time_slot_id' => $this->timeSlot->id,
'slots_total' => 4,
'slots_open_for_claiming' => 0,
]);
$person = Person::factory()->create([
'event_id' => $this->event->id,
'crowd_type_id' => $this->crowdType->id,
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/events/{$this->event->id}/sections/{$this->section->id}/shifts/{$shift->id}/claim", [
'person_id' => $person->id,
]);
$response->assertUnprocessable();
}
public function test_unauthenticated_returns_401(): void
{
$response = $this->getJson("/api/v1/events/{$this->event->id}/sections/{$this->section->id}/shifts");
$response->assertUnauthorized();
}
public function test_cross_org_returns_403(): void
{
Sanctum::actingAs($this->outsider);
$response = $this->getJson("/api/v1/events/{$this->event->id}/sections/{$this->section->id}/shifts");
$response->assertForbidden();
}
}

156
api/tests/Feature/TimeSlot/TimeSlotTest.php Normal file
View File

@@ -0,0 +1,156 @@
<?php
declare(strict_types=1);
namespace Tests\Feature\TimeSlot;
use App\Models\Event;
use App\Models\Organisation;
use App\Models\TimeSlot;
use App\Models\User;
use Database\Seeders\RoleSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
class TimeSlotTest extends TestCase
{
use RefreshDatabase;
private User $orgAdmin;
private User $outsider;
private Organisation $organisation;
private Organisation $otherOrganisation;
private Event $event;
protected function setUp(): void
{
parent::setUp();
$this->seed(RoleSeeder::class);
$this->organisation = Organisation::factory()->create();
$this->otherOrganisation = Organisation::factory()->create();
$this->orgAdmin = User::factory()->create();
$this->organisation->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
$this->outsider = User::factory()->create();
$this->otherOrganisation->users()->attach($this->outsider, ['role' => 'org_admin']);
$this->event = Event::factory()->create(['organisation_id' => $this->organisation->id]);
}
public function test_index_returns_time_slots(): void
{
TimeSlot::factory()->count(3)->create(['event_id' => $this->event->id]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->getJson("/api/v1/events/{$this->event->id}/time-slots");
$response->assertOk();
$this->assertCount(3, $response->json('data'));
}
public function test_store_creates_time_slot(): void
{
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/events/{$this->event->id}/time-slots", [
'name' => 'Vrijdag Avond',
'person_type' => 'VOLUNTEER',
'date' => '2026-07-10',
'start_time' => '18:00',
'end_time' => '02:00',
'duration_hours' => 8,
]);
$response->assertCreated()
->assertJson(['data' => [
'name' => 'Vrijdag Avond',
'person_type' => 'VOLUNTEER',
]]);
$this->assertDatabaseHas('time_slots', [
'event_id' => $this->event->id,
'name' => 'Vrijdag Avond',
]);
}
public function test_store_invalid_person_type_returns_422(): void
{
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/events/{$this->event->id}/time-slots", [
'name' => 'Test',
'person_type' => 'INVALID',
'date' => '2026-07-10',
'start_time' => '18:00',
'end_time' => '02:00',
]);
$response->assertUnprocessable()
->assertJsonValidationErrors('person_type');
}
public function test_store_invalid_date_format_returns_422(): void
{
Sanctum::actingAs($this->orgAdmin);
$response = $this->postJson("/api/v1/events/{$this->event->id}/time-slots", [
'name' => 'Test',
'person_type' => 'VOLUNTEER',
'date' => 'not-a-date',
'start_time' => '18:00',
'end_time' => '02:00',
]);
$response->assertUnprocessable()
->assertJsonValidationErrors('date');
}
public function test_update_time_slot(): void
{
$timeSlot = TimeSlot::factory()->create([
'event_id' => $this->event->id,
'name' => 'Vrijdag Avond',
]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->putJson("/api/v1/events/{$this->event->id}/time-slots/{$timeSlot->id}", [
'name' => 'Vrijdag Avond Updated',
]);
$response->assertOk()
->assertJson(['data' => ['name' => 'Vrijdag Avond Updated']]);
}
public function test_destroy_deletes_time_slot(): void
{
$timeSlot = TimeSlot::factory()->create(['event_id' => $this->event->id]);
Sanctum::actingAs($this->orgAdmin);
$response = $this->deleteJson("/api/v1/events/{$this->event->id}/time-slots/{$timeSlot->id}");
$response->assertNoContent();
$this->assertDatabaseMissing('time_slots', ['id' => $timeSlot->id]);
}
public function test_unauthenticated_returns_401(): void
{
$response = $this->getJson("/api/v1/events/{$this->event->id}/time-slots");
$response->assertUnauthorized();
}
public function test_cross_org_returns_403(): void
{
Sanctum::actingAs($this->outsider);
$response = $this->getJson("/api/v1/events/{$this->event->id}/time-slots");
$response->assertForbidden();
}
}