bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d99f9567c3be8509129c19e7b3e4e8dbd863e827
crewli/api/tests/Feature/Api/V1/Admin/AdminUserControllerTest.php
bert.hausmans ddf26dad33 feat: platform admin backend — controllers, services, routes, tests 
Add cross-organisation admin API endpoints behind role:super_admin middleware:
- AdminOrganisationController: CRUD with search, filter, billing_status management
- AdminUserController: user management with role assignment across orgs
- AdminStatsController: platform-wide aggregate statistics
- AdminActivityLogController: filterable activity log viewer
- AdminImpersonationController + ImpersonationService: user impersonation with
  token-based session management and activity logging
- BillingStatus enum, form requests, API resources, 23 feature tests

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 23:33:16 +02:00

152 lines
5.1 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace Tests\Feature\Api\V1\Admin;
use App\Models\Organisation;
use App\Models\User;
use Database\Seeders\RoleSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;
class AdminUserControllerTest extends TestCase
{
use RefreshDatabase;
private User $superAdmin;
private User $regularUser;
private Organisation $organisation;
protected function setUp(): void
{
parent::setUp();
$this->seed(RoleSeeder::class);
$this->superAdmin = User::factory()->create();
$this->superAdmin->assignRole('super_admin');
$this->organisation = Organisation::factory()->create();
$this->regularUser = User::factory()->create();
$this->organisation->users()->attach($this->regularUser, ['role' => 'org_admin']);
}
// ─── Index ───────────────────────────────────────────────
public function test_index_returns_all_users_with_organisations(): void
{
Sanctum::actingAs($this->superAdmin);
$response = $this->getJson('/api/v1/admin/users');
$response->assertOk();
$response->assertJsonStructure([
'data' => [['id', 'first_name', 'last_name', 'full_name', 'email', 'is_super_admin', 'organisations']],
]);
// superAdmin + regularUser = 2
$this->assertCount(2, $response->json('data'));
}
public function test_index_denied_for_non_super_admin(): void
{
Sanctum::actingAs($this->regularUser);
$response = $this->getJson('/api/v1/admin/users');
$response->assertForbidden();
}
public function test_search_by_email(): void
{
$user = User::factory()->create(['email' => 'searchable@crewli.test']);
Sanctum::actingAs($this->superAdmin);
$response = $this->getJson('/api/v1/admin/users?search=searchable@crewli');
$response->assertOk();
$this->assertCount(1, $response->json('data'));
$response->assertJsonPath('data.0.email', 'searchable@crewli.test');
}
public function test_filter_by_organisation_id(): void
{
$otherOrg = Organisation::factory()->create();
$otherUser = User::factory()->create();
$otherOrg->users()->attach($otherUser, ['role' => 'org_member']);
Sanctum::actingAs($this->superAdmin);
$response = $this->getJson("/api/v1/admin/users?organisation_id={$this->organisation->id}");
$response->assertOk();
$this->assertCount(1, $response->json('data'));
$response->assertJsonPath('data.0.id', $this->regularUser->id);
}
// ─── Show ────────────────────────────────────────────────
public function test_show_returns_user_with_org_memberships(): void
{
Sanctum::actingAs($this->superAdmin);
$response = $this->getJson("/api/v1/admin/users/{$this->regularUser->id}");
$response->assertOk();
$response->assertJsonPath('data.id', $this->regularUser->id);
$response->assertJsonPath('data.organisations.0.id', $this->organisation->id);
$response->assertJsonPath('data.organisations.0.role', 'org_admin');
}
// ─── Update ──────────────────────────────────────────────
public function test_update_changes_name_and_email(): void
{
Sanctum::actingAs($this->superAdmin);
$response = $this->putJson("/api/v1/admin/users/{$this->regularUser->id}", [
'first_name' => 'Updated',
'last_name' => 'Name',
'email' => 'updated@crewli.test',
]);
$response->assertOk();
$response->assertJsonPath('data.first_name', 'Updated');
$response->assertJsonPath('data.email', 'updated@crewli.test');
}
public function test_update_can_assign_super_admin_role(): void
{
Sanctum::actingAs($this->superAdmin);
$response = $this->putJson("/api/v1/admin/users/{$this->regularUser->id}", [
'roles' => ['super_admin'],
]);
$response->assertOk();
$this->assertTrue($this->regularUser->fresh()->hasRole('super_admin'));
}
// ─── Destroy ─────────────────────────────────────────────
public function test_destroy_soft_deletes_and_revokes_tokens(): void
{
$this->regularUser->createToken('test-token');
$this->assertDatabaseHas('personal_access_tokens', [
'tokenable_id' => $this->regularUser->id,
]);
Sanctum::actingAs($this->superAdmin);
$response = $this->deleteJson("/api/v1/admin/users/{$this->regularUser->id}");
$response->assertNoContent();
$this->assertSoftDeleted('users', ['id' => $this->regularUser->id]);
$this->assertDatabaseMissing('personal_access_tokens', [
'tokenable_id' => $this->regularUser->id,
]);
}
}
Reference in New Issue View Git Blame Copy Permalink