artisan('db:seed', ['--class' => 'RoleSeeder']); $this->artisan('db:seed', ['--class' => 'PaymentVerificationRolesSeeder']); } public function test_admin_middleware_allows_admin_role(): void { $admin = User::factory()->create(); $admin->assignRole('admin'); $response = $this->actingAs($admin)->get(route('admin.dashboard')); $response->assertStatus(200); } public function test_admin_middleware_allows_is_admin_flag(): void { $admin = User::factory()->create(['is_admin' => true]); $response = $this->actingAs($admin)->get(route('admin.dashboard')); $response->assertStatus(200); } public function test_admin_middleware_blocks_non_admin_users(): void { $user = User::factory()->create(['is_admin' => false]); $response = $this->actingAs($user)->get(route('admin.dashboard')); $response->assertStatus(403); } public function test_paid_membership_middleware_allows_active_members(): void { $user = User::factory()->create(); $member = Member::factory()->create([ 'user_id' => $user->id, 'membership_status' => Member::STATUS_ACTIVE, 'membership_started_at' => now()->subMonth(), 'membership_expires_at' => now()->addYear(), ]); // Would need a route protected by CheckPaidMembership middleware // For now we test the model method $this->assertTrue($member->hasPaidMembership()); } public function test_paid_membership_middleware_blocks_pending_members(): void { $user = User::factory()->create(); $member = Member::factory()->create([ 'user_id' => $user->id, 'membership_status' => Member::STATUS_PENDING, ]); $this->assertFalse($member->hasPaidMembership()); } public function test_paid_membership_middleware_blocks_expired_members(): void { $user = User::factory()->create(); $member = Member::factory()->create([ 'user_id' => $user->id, 'membership_status' => Member::STATUS_ACTIVE, 'membership_started_at' => now()->subYear()->subMonth(), 'membership_expires_at' => now()->subMonth(), ]); $this->assertFalse($member->hasPaidMembership()); } public function test_cashier_permission_enforced(): void { $cashier = User::factory()->create(['is_admin' => true]); $cashier->givePermissionTo('verify_payments_cashier'); $this->assertTrue($cashier->can('verify_payments_cashier')); $this->assertFalse($cashier->can('verify_payments_accountant')); $this->assertFalse($cashier->can('verify_payments_chair')); } public function test_accountant_permission_enforced(): void { $accountant = User::factory()->create(['is_admin' => true]); $accountant->givePermissionTo('verify_payments_accountant'); $this->assertTrue($accountant->can('verify_payments_accountant')); $this->assertFalse($accountant->can('verify_payments_cashier')); $this->assertFalse($accountant->can('verify_payments_chair')); } public function test_chair_permission_enforced(): void { $chair = User::factory()->create(['is_admin' => true]); $chair->givePermissionTo('verify_payments_chair'); $this->assertTrue($chair->can('verify_payments_chair')); $this->assertFalse($cashier->can('verify_payments_cashier')); $this->assertFalse($accountant->can('verify_payments_accountant')); } public function test_membership_manager_permission_enforced(): void { $manager = User::factory()->create(['is_admin' => true]); $manager->givePermissionTo('activate_memberships'); $this->assertTrue($manager->can('activate_memberships')); } public function test_unauthorized_users_get_403(): void { $user = User::factory()->create(); $response = $this->actingAs($user)->get(route('admin.members.index')); $response->assertStatus(403); } public function test_role_assignment_works(): void { $user = User::factory()->create(['is_admin' => true]); $user->assignRole('payment_cashier'); $this->assertTrue($user->hasRole('payment_cashier')); $this->assertTrue($user->can('verify_payments_cashier')); $this->assertTrue($user->can('view_payment_verifications')); } public function test_permission_inheritance_works(): void { $user = User::factory()->create(['is_admin' => true]); $user->assignRole('payment_cashier'); // payment_cashier role should have these permissions $this->assertTrue($user->can('verify_payments_cashier')); $this->assertTrue($user->can('view_payment_verifications')); } public function test_admin_role_has_all_permissions(): void { $admin = User::factory()->create(); $admin->assignRole('admin'); $this->assertTrue($admin->can('verify_payments_cashier')); $this->assertTrue($admin->can('verify_payments_accountant')); $this->assertTrue($admin->can('verify_payments_chair')); $this->assertTrue($admin->can('activate_memberships')); $this->assertTrue($admin->can('view_payment_verifications')); } public function test_members_cannot_access_admin_routes(): void { $user = User::factory()->create(); Member::factory()->create(['user_id' => $user->id]); $response = $this->actingAs($user)->get(route('admin.members.index')); $response->assertStatus(403); } public function test_suspended_members_cannot_access_paid_resources(): void { $user = User::factory()->create(); $member = Member::factory()->create([ 'user_id' => $user->id, 'membership_status' => Member::STATUS_SUSPENDED, ]); $this->assertFalse($member->hasPaidMembership()); } public function test_guest_users_redirected_to_login(): void { $response = $this->get(route('admin.dashboard')); $response->assertRedirect(route('login')); } public function test_guest_users_cannot_access_member_routes(): void { $response = $this->get(route('member.dashboard')); $response->assertRedirect(route('login')); } public function test_payment_cashier_role_has_correct_permissions(): void { $user = User::factory()->create(['is_admin' => true]); $user->assignRole('payment_cashier'); $this->assertTrue($user->hasRole('payment_cashier')); $this->assertTrue($user->can('verify_payments_cashier')); $this->assertTrue($user->can('view_payment_verifications')); $this->assertFalse($user->can('verify_payments_accountant')); } public function test_payment_accountant_role_has_correct_permissions(): void { $user = User::factory()->create(['is_admin' => true]); $user->assignRole('payment_accountant'); $this->assertTrue($user->hasRole('payment_accountant')); $this->assertTrue($user->can('verify_payments_accountant')); $this->assertTrue($user->can('view_payment_verifications')); $this->assertFalse($user->can('verify_payments_cashier')); } public function test_payment_chair_role_has_correct_permissions(): void { $user = User::factory()->create(['is_admin' => true]); $user->assignRole('payment_chair'); $this->assertTrue($user->hasRole('payment_chair')); $this->assertTrue($user->can('verify_payments_chair')); $this->assertTrue($user->can('view_payment_verifications')); $this->assertFalse($user->can('activate_memberships')); } public function test_membership_manager_role_has_correct_permissions(): void { $user = User::factory()->create(['is_admin' => true]); $user->assignRole('membership_manager'); $this->assertTrue($user->hasRole('membership_manager')); $this->assertTrue($user->can('activate_memberships')); $this->assertTrue($user->can('view_payment_verifications')); $this->assertFalse($user->can('verify_payments_cashier')); } }