bert.hausmans
ddf26dad33
Add cross-organisation admin API endpoints behind role:super_admin middleware: - AdminOrganisationController: CRUD with search, filter, billing_status management - AdminUserController: user management with role assignment across orgs - AdminStatsController: platform-wide aggregate statistics - AdminActivityLogController: filterable activity log viewer - AdminImpersonationController + ImpersonationService: user impersonation with token-based session management and activity logging - BillingStatus enum, form requests, API resources, 23 feature tests Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
150 lines
5.0 KiB
PHP
150 lines
5.0 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Tests\Feature\Api\V1\Admin;
|
|
|
|
use App\Models\Event;
|
|
use App\Models\Organisation;
|
|
use App\Models\Person;
|
|
use App\Models\User;
|
|
use Database\Seeders\RoleSeeder;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Laravel\Sanctum\Sanctum;
|
|
use Tests\TestCase;
|
|
|
|
class AdminOrganisationControllerTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
private User $superAdmin;
|
|
private User $orgAdmin;
|
|
private Organisation $organisation;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
$this->seed(RoleSeeder::class);
|
|
|
|
$this->superAdmin = User::factory()->create();
|
|
$this->superAdmin->assignRole('super_admin');
|
|
|
|
$this->orgAdmin = User::factory()->create();
|
|
|
|
$this->organisation = Organisation::factory()->create(['billing_status' => 'active']);
|
|
$this->organisation->users()->attach($this->orgAdmin, ['role' => 'org_admin']);
|
|
}
|
|
|
|
// ─── Index ───────────────────────────────────────────────
|
|
|
|
public function test_index_returns_all_organisations_for_super_admin(): void
|
|
{
|
|
Organisation::factory()->count(3)->create();
|
|
|
|
Sanctum::actingAs($this->superAdmin);
|
|
|
|
$response = $this->getJson('/api/v1/admin/organisations');
|
|
|
|
$response->assertOk();
|
|
$response->assertJsonStructure([
|
|
'data' => [['id', 'name', 'slug', 'billing_status', 'events_count', 'users_count']],
|
|
]);
|
|
// 1 from setUp + 3 created = 4
|
|
$this->assertCount(4, $response->json('data'));
|
|
}
|
|
|
|
public function test_index_denied_for_org_admin(): void
|
|
{
|
|
Sanctum::actingAs($this->orgAdmin);
|
|
|
|
$response = $this->getJson('/api/v1/admin/organisations');
|
|
|
|
$response->assertForbidden();
|
|
}
|
|
|
|
public function test_index_denied_for_unauthenticated(): void
|
|
{
|
|
$response = $this->getJson('/api/v1/admin/organisations');
|
|
|
|
$response->assertUnauthorized();
|
|
}
|
|
|
|
public function test_search_by_name(): void
|
|
{
|
|
Organisation::factory()->create(['name' => 'Festival Corp']);
|
|
Organisation::factory()->create(['name' => 'Music Events BV']);
|
|
|
|
Sanctum::actingAs($this->superAdmin);
|
|
|
|
$response = $this->getJson('/api/v1/admin/organisations?search=Festival');
|
|
|
|
$response->assertOk();
|
|
$this->assertCount(1, $response->json('data'));
|
|
$response->assertJsonPath('data.0.name', 'Festival Corp');
|
|
}
|
|
|
|
public function test_filter_by_billing_status(): void
|
|
{
|
|
Organisation::factory()->create(['billing_status' => 'trial']);
|
|
Organisation::factory()->create(['billing_status' => 'suspended']);
|
|
|
|
Sanctum::actingAs($this->superAdmin);
|
|
|
|
$response = $this->getJson('/api/v1/admin/organisations?billing_status=trial');
|
|
|
|
$response->assertOk();
|
|
foreach ($response->json('data') as $org) {
|
|
$this->assertEquals('trial', $org['billing_status']);
|
|
}
|
|
}
|
|
|
|
// ─── Show ────────────────────────────────────────────────
|
|
|
|
public function test_show_returns_organisation_with_counts(): void
|
|
{
|
|
$event = Event::factory()->create(['organisation_id' => $this->organisation->id]);
|
|
|
|
Sanctum::actingAs($this->superAdmin);
|
|
|
|
$response = $this->getJson("/api/v1/admin/organisations/{$this->organisation->id}");
|
|
|
|
$response->assertOk();
|
|
$response->assertJsonPath('data.id', $this->organisation->id);
|
|
$response->assertJsonPath('data.events_count', 1);
|
|
$response->assertJsonPath('data.users_count', 1);
|
|
$response->assertJsonStructure([
|
|
'data' => ['id', 'name', 'slug', 'billing_status', 'billing_status_label', 'events_count', 'users_count', 'total_persons'],
|
|
]);
|
|
}
|
|
|
|
// ─── Update ──────────────────────────────────────────────
|
|
|
|
public function test_update_changes_billing_status(): void
|
|
{
|
|
Sanctum::actingAs($this->superAdmin);
|
|
|
|
$response = $this->putJson("/api/v1/admin/organisations/{$this->organisation->id}", [
|
|
'billing_status' => 'suspended',
|
|
]);
|
|
|
|
$response->assertOk();
|
|
$response->assertJsonPath('data.billing_status', 'suspended');
|
|
$this->assertDatabaseHas('organisations', [
|
|
'id' => $this->organisation->id,
|
|
'billing_status' => 'suspended',
|
|
]);
|
|
}
|
|
|
|
// ─── Destroy ─────────────────────────────────────────────
|
|
|
|
public function test_destroy_soft_deletes(): void
|
|
{
|
|
Sanctum::actingAs($this->superAdmin);
|
|
|
|
$response = $this->deleteJson("/api/v1/admin/organisations/{$this->organisation->id}");
|
|
|
|
$response->assertNoContent();
|
|
$this->assertSoftDeleted('organisations', ['id' => $this->organisation->id]);
|
|
}
|
|
}
|