forked from ProcessMaker/processmaker
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathProfileTest.php
More file actions
92 lines (76 loc) · 3 KB
/
ProfileTest.php
File metadata and controls
92 lines (76 loc) · 3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
<?php
namespace Tests\Feature;
use Illuminate\Support\Facades\Artisan;
use ProcessMaker\Models\Group;
use ProcessMaker\Models\GroupMember;
use ProcessMaker\Models\Permission;
use ProcessMaker\Models\User;
use Tests\Feature\Shared\RequestHelper;
use Tests\TestCase;
class ProfileTest extends TestCase
{
use RequestHelper;
/**
* Test to make sure the controller and route work with the view
*/
public function testEditRoute(): void
{
Artisan::call('db:seed', ['class' => 'PermissionSeeder']);
$user = User::factory()->create(['is_administrator' => false]);
// Set the URL & permission to test.
$url = route('profile.edit');
$permission = 'edit-personal-profile';
// User has no permissions, so this should return 403.
$response = $this->actingAs($user)->get($url);
$response->assertStatus(403);
// Attach the permission to our user.
$user->permissions()->attach(Permission::byName($permission)->id);
$user->is_administrator = true;
$user->save();
$user->refresh();
// Our user now has permissions, so this should return 200.
$this->assertTrue($user->hasPermission('edit-personal-profile'));
$response = $this->actingAs($user)->get($url);
$response->assertStatus(200);
$response->assertViewIs('profile.edit');
}
/**
* Test to make sure the controller and route work with the view
*/
public function testShowRoute(): void
{
$user_id = User::factory()->create()->id;
// get the URL
$response = $this->webCall('GET', '/profile/' . $user_id);
$response->assertStatus(200);
// check the correct view is called
$response->assertViewIs('profile.show');
}
public function testEditProfileGroupPermission(): void
{
Artisan::call('db:seed', ['class' => 'PermissionSeeder']);
$user = User::factory()->create(['is_administrator' => false]);
$group = Group::factory()->create(['name' => 'Test Permissions']);
// Assign our user to the group.
GroupMember::factory()->create([
'group_id' => $group->id,
'member_type' => User::class,
'member_id' => $user->id,
]);
// Set the URL & permission to test.
$url = route('profile.edit');
$permission = 'edit-personal-profile';
// Our group has no permissions, so this should return 403.
$response = $this->actingAs($user, 'web')->get($url);
$response->assertStatus(403);
// Attach the permission to our group.
$group->permissions()->sync([Permission::byName($permission)->id]);
$user->is_administrator = true;
$user->save();
$user->refresh();
// Our group now has permission, so this should return 200.
$this->assertTrue($user->hasPermission('edit-personal-profile'));
$response = $this->actingAs($user, 'web')->call('GET', $url);
$response->assertStatus(200);
}
}