feat: delete subscribers from page subscriber list

Adds DELETE route, form request authorization, admin UI with confirm, Dutch strings, and feature tests. Made-with: Cursor
2026-04-04 01:29:32 +02:00
parent 3c9b1d9810
commit ed85e5c537
6 changed files with 205 additions and 2 deletions
--- a/tests/Feature/DestroySubscriberTest.php
+++ b/tests/Feature/DestroySubscriberTest.php
@@ -0,0 +1,131 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tests\Feature;
+
+use App\Models\PreregistrationPage;
+use App\Models\Subscriber;
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Str;
+use Tests\TestCase;
+
+class DestroySubscriberTest extends TestCase
+{
+    use RefreshDatabase;
+
+    public function test_page_owner_can_delete_subscriber_on_that_page(): void
+    {
+        $user = User::factory()->create(['role' => 'user']);
+        $page = PreregistrationPage::query()->create([
+            'slug' => (string) Str::uuid(),
+            'user_id' => $user->id,
+            'title' => 'Fest',
+            'heading' => 'Fest',
+            'intro_text' => null,
+            'thank_you_message' => null,
+            'expired_message' => null,
+            'ticketshop_url' => null,
+            'start_date' => now()->subDay(),
+            'end_date' => now()->addMonth(),
+            'phone_enabled' => false,
+            'background_image' => null,
+            'logo_image' => null,
+            'is_active' => true,
+        ]);
+        $subscriber = Subscriber::query()->create([
+            'preregistration_page_id' => $page->id,
+            'first_name' => 'Ada',
+            'last_name' => 'Lovelace',
+            'email' => 'ada@example.com',
+        ]);
+
+        $response = $this->actingAs($user)->delete(route('admin.pages.subscribers.destroy', [$page, $subscriber]));
+
+        $response->assertRedirect(route('admin.pages.subscribers.index', $page));
+        $response->assertSessionHas('status');
+        $this->assertDatabaseMissing('subscribers', ['id' => $subscriber->id]);
+    }
+
+    public function test_other_user_cannot_delete_subscriber(): void
+    {
+        $owner = User::factory()->create(['role' => 'user']);
+        $intruder = User::factory()->create(['role' => 'user']);
+        $page = PreregistrationPage::query()->create([
+            'slug' => (string) Str::uuid(),
+            'user_id' => $owner->id,
+            'title' => 'Fest',
+            'heading' => 'Fest',
+            'intro_text' => null,
+            'thank_you_message' => null,
+            'expired_message' => null,
+            'ticketshop_url' => null,
+            'start_date' => now()->subDay(),
+            'end_date' => now()->addMonth(),
+            'phone_enabled' => false,
+            'background_image' => null,
+            'logo_image' => null,
+            'is_active' => true,
+        ]);
+        $subscriber = Subscriber::query()->create([
+            'preregistration_page_id' => $page->id,
+            'first_name' => 'A',
+            'last_name' => 'B',
+            'email' => 'x@example.com',
+        ]);
+
+        $response = $this->actingAs($intruder)->delete(route('admin.pages.subscribers.destroy', [$page, $subscriber]));
+
+        $response->assertForbidden();
+        $this->assertDatabaseHas('subscribers', ['id' => $subscriber->id]);
+    }
+
+    public function test_cannot_delete_subscriber_using_wrong_page_in_url(): void
+    {
+        $user = User::factory()->create(['role' => 'user']);
+        $pageA = PreregistrationPage::query()->create([
+            'slug' => (string) Str::uuid(),
+            'user_id' => $user->id,
+            'title' => 'A',
+            'heading' => 'A',
+            'intro_text' => null,
+            'thank_you_message' => null,
+            'expired_message' => null,
+            'ticketshop_url' => null,
+            'start_date' => now()->subDay(),
+            'end_date' => now()->addMonth(),
+            'phone_enabled' => false,
+            'background_image' => null,
+            'logo_image' => null,
+            'is_active' => true,
+        ]);
+        $pageB = PreregistrationPage::query()->create([
+            'slug' => (string) Str::uuid(),
+            'user_id' => $user->id,
+            'title' => 'B',
+            'heading' => 'B',
+            'intro_text' => null,
+            'thank_you_message' => null,
+            'expired_message' => null,
+            'ticketshop_url' => null,
+            'start_date' => now()->subDay(),
+            'end_date' => now()->addMonth(),
+            'phone_enabled' => false,
+            'background_image' => null,
+            'logo_image' => null,
+            'is_active' => true,
+        ]);
+        $subscriber = Subscriber::query()->create([
+            'preregistration_page_id' => $pageB->id,
+            'first_name' => 'A',
+            'last_name' => 'B',
+            'email' => 'y@example.com',
+        ]);
+
+        $response = $this->actingAs($user)->delete(route('admin.pages.subscribers.destroy', [$pageA, $subscriber]));
+
+        $response->assertForbidden();
+        $this->assertDatabaseHas('subscribers', ['id' => $subscriber->id]);
+    }
+}