bert.hausmans
7932e53daf
Move all authenticated organiser-facing event sub-resource routes from
/events/{event}/... to /organisations/{organisation}/events/{event}/...
to enforce multi-tenancy at the routing layer.
Changes:
- Routes: restructured api.php to nest all event sub-resources under
the existing organisation prefix group
- Controllers: added Organisation parameter and VerifiesOrganisationEvent
trait to all 12 affected controllers (sections, time-slots, shifts,
persons, crowd-lists, locations, shift-assignments, registration-fields,
availabilities, field-values, section-preferences, stats)
- Tests: updated all 20 feature test files with new route paths
- Frontend: updated 8 API composables and 20 Vue components/pages
- API.md: updated documentation to reflect new route structure
Portal routes, public routes (volunteer-register), and invitation routes
remain unchanged as they operate without organisation context.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
203 lines
6.3 KiB
PHP
203 lines
6.3 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Tests\Feature\RegistrationFieldTemplate;
|
|
|
|
use App\Models\Event;
|
|
use App\Models\Organisation;
|
|
use App\Models\RegistrationFieldTemplate;
|
|
use App\Models\RegistrationFormField;
|
|
use App\Models\User;
|
|
use App\Services\RegistrationFieldTemplateService;
|
|
use Database\Seeders\RoleSeeder;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Laravel\Sanctum\Sanctum;
|
|
use Tests\TestCase;
|
|
|
|
class RegistrationFieldTemplateTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
private User $orgAdmin;
|
|
private User $outsider;
|
|
private Organisation $organisation;
|
|
private Organisation $otherOrganisation;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
$this->seed(RoleSeeder::class);
|
|
|
|
$this->organisation = Organisation::factory()->create();
|
|
$this->otherOrganisation = Organisation::factory()->create();
|
|
|
|
$this->orgAdmin = User::factory()->create();
|
|
$this->organisation->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
|
|
|
|
$this->outsider = User::factory()->create();
|
|
$this->otherOrganisation->users()->attach($this->outsider, ['role' => 'org_admin']);
|
|
}
|
|
|
|
public function test_index_returns_all_templates(): void
|
|
{
|
|
RegistrationFieldTemplate::factory()->count(3)->create([
|
|
'organisation_id' => $this->organisation->id,
|
|
]);
|
|
RegistrationFieldTemplate::factory()->inactive()->create([
|
|
'organisation_id' => $this->organisation->id,
|
|
]);
|
|
|
|
Sanctum::actingAs($this->orgAdmin);
|
|
|
|
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/registration-field-templates");
|
|
|
|
$response->assertOk();
|
|
$this->assertCount(4, $response->json('data'));
|
|
}
|
|
|
|
public function test_store_creates_template(): void
|
|
{
|
|
Sanctum::actingAs($this->orgAdmin);
|
|
|
|
$response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/registration-field-templates", [
|
|
'label' => 'Allergieën',
|
|
'field_type' => 'text',
|
|
]);
|
|
|
|
$response->assertCreated();
|
|
|
|
$this->assertDatabaseHas('registration_field_templates', [
|
|
'organisation_id' => $this->organisation->id,
|
|
'label' => 'Allergieën',
|
|
'slug' => 'allergieen',
|
|
]);
|
|
}
|
|
|
|
public function test_store_select_requires_options(): void
|
|
{
|
|
Sanctum::actingAs($this->orgAdmin);
|
|
|
|
$response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/registration-field-templates", [
|
|
'label' => 'Voorkeur',
|
|
'field_type' => 'select',
|
|
]);
|
|
|
|
$response->assertUnprocessable()
|
|
->assertJsonValidationErrors('options');
|
|
}
|
|
|
|
public function test_update_template(): void
|
|
{
|
|
$template = RegistrationFieldTemplate::factory()->create([
|
|
'organisation_id' => $this->organisation->id,
|
|
'label' => 'Oude label',
|
|
'slug' => 'oude-label',
|
|
]);
|
|
|
|
Sanctum::actingAs($this->orgAdmin);
|
|
|
|
$response = $this->putJson("/api/v1/organisations/{$this->organisation->id}/registration-field-templates/{$template->id}", [
|
|
'label' => 'Nieuwe label',
|
|
]);
|
|
|
|
$response->assertOk();
|
|
|
|
$this->assertDatabaseHas('registration_field_templates', [
|
|
'id' => $template->id,
|
|
'label' => 'Nieuwe label',
|
|
'slug' => 'nieuwe-label',
|
|
]);
|
|
}
|
|
|
|
public function test_destroy_org_template_deletes(): void
|
|
{
|
|
$template = RegistrationFieldTemplate::factory()->create([
|
|
'organisation_id' => $this->organisation->id,
|
|
'is_system' => false,
|
|
]);
|
|
|
|
Sanctum::actingAs($this->orgAdmin);
|
|
|
|
$response = $this->deleteJson("/api/v1/organisations/{$this->organisation->id}/registration-field-templates/{$template->id}");
|
|
|
|
$response->assertNoContent();
|
|
$this->assertDatabaseMissing('registration_field_templates', [
|
|
'id' => $template->id,
|
|
]);
|
|
}
|
|
|
|
public function test_destroy_system_template_deactivates(): void
|
|
{
|
|
$template = RegistrationFieldTemplate::factory()->system()->create([
|
|
'organisation_id' => $this->organisation->id,
|
|
]);
|
|
|
|
Sanctum::actingAs($this->orgAdmin);
|
|
|
|
$response = $this->deleteJson("/api/v1/organisations/{$this->organisation->id}/registration-field-templates/{$template->id}");
|
|
|
|
$response->assertNoContent();
|
|
$this->assertDatabaseHas('registration_field_templates', [
|
|
'id' => $template->id,
|
|
'is_active' => false,
|
|
]);
|
|
}
|
|
|
|
public function test_system_templates_seeded_on_org_creation(): void
|
|
{
|
|
RegistrationFieldTemplateService::seedSystemTemplates($this->organisation);
|
|
|
|
$count = RegistrationFieldTemplate::where('organisation_id', $this->organisation->id)
|
|
->where('is_system', true)
|
|
->count();
|
|
|
|
$this->assertEquals(11, $count);
|
|
}
|
|
|
|
public function test_create_field_from_template(): void
|
|
{
|
|
$template = RegistrationFieldTemplate::factory()->create([
|
|
'organisation_id' => $this->organisation->id,
|
|
'label' => 'Shirtmaat',
|
|
'slug' => 'shirtmaat',
|
|
'field_type' => 'select',
|
|
'options' => ['XS', 'S', 'M', 'L', 'XL'],
|
|
]);
|
|
|
|
$event = Event::factory()->create([
|
|
'organisation_id' => $this->organisation->id,
|
|
]);
|
|
|
|
Sanctum::actingAs($this->orgAdmin);
|
|
|
|
$response = $this->postJson("/api/v1/organisations/{$this->organisation->id}/events/{$event->id}/registration-fields/from-template", [
|
|
'template_id' => $template->id,
|
|
]);
|
|
|
|
$response->assertCreated();
|
|
|
|
$this->assertDatabaseHas('registration_form_fields', [
|
|
'event_id' => $event->id,
|
|
'label' => 'Shirtmaat',
|
|
'field_type' => 'select',
|
|
]);
|
|
}
|
|
|
|
public function test_cross_org_returns_403(): void
|
|
{
|
|
Sanctum::actingAs($this->outsider);
|
|
|
|
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/registration-field-templates");
|
|
|
|
$response->assertForbidden();
|
|
}
|
|
|
|
public function test_unauthenticated_returns_401(): void
|
|
{
|
|
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/registration-field-templates");
|
|
|
|
$response->assertUnauthorized();
|
|
}
|
|
}
|