gbanyan/usher-manage-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
usher-manage-stack/tests/Feature/AuthorizationTest.php
Gbanyan 642b879dd4 Add membership fee system with disability discount and fix document permissions 
Features:
- Implement two fee types: entrance fee and annual fee (both NT$1,000)
- Add 50% discount for disability certificate holders
- Add disability certificate upload in member profile
- Integrate disability verification into cashier approval workflow
- Add membership fee settings in system admin

Document permissions:
- Fix hard-coded role logic in Document model
- Use permission-based authorization instead of role checks

Additional features:
- Add announcements, general ledger, and trial balance modules
- Add income management and accounting entries
- Add comprehensive test suite with factories
- Update UI translations to Traditional Chinese

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-01 09:56:01 +08:00

236 lines
7.9 KiB
PHP
Raw Permalink Blame History

<?php
namespace Tests\Feature;
use App\Models\Member;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class AuthorizationTest extends TestCase
{
use RefreshDatabase;
protected function setUp(): void
{
parent::setUp();
$this->artisan('db:seed', ['--class' => 'FinancialWorkflowPermissionsSeeder', '--force' => true]);
}
public function test_admin_middleware_allows_admin_role(): void
{
$admin = User::factory()->create();
$admin->assignRole('admin');
$response = $this->actingAs($admin)->get(route('admin.dashboard'));
$response->assertStatus(200);
}
public function test_admin_middleware_blocks_non_admin_users(): void
{
$user = User::factory()->create();
$response = $this->actingAs($user)->get(route('admin.dashboard'));
$response->assertStatus(403);
}
public function test_paid_membership_middleware_allows_active_members(): void
{
$user = User::factory()->create();
$member = Member::factory()->create([
'user_id' => $user->id,
'membership_status' => Member::STATUS_ACTIVE,
'membership_started_at' => now()->subMonth(),
'membership_expires_at' => now()->addYear(),
]);
// Would need a route protected by CheckPaidMembership middleware
// For now we test the model method
$this->assertTrue($member->hasPaidMembership());
}
public function test_paid_membership_middleware_blocks_pending_members(): void
{
$user = User::factory()->create();
$member = Member::factory()->create([
'user_id' => $user->id,
'membership_status' => Member::STATUS_PENDING,
]);
$this->assertFalse($member->hasPaidMembership());
}
public function test_paid_membership_middleware_blocks_expired_members(): void
{
$user = User::factory()->create();
$member = Member::factory()->create([
'user_id' => $user->id,
'membership_status' => Member::STATUS_ACTIVE,
'membership_started_at' => now()->subYear()->subMonth(),
'membership_expires_at' => now()->subMonth(),
]);
$this->assertFalse($member->hasPaidMembership());
}
public function test_cashier_permission_enforced(): void
{
$cashier = User::factory()->create();
$cashier->givePermissionTo('verify_payments_cashier');
$this->assertTrue($cashier->can('verify_payments_cashier'));
$this->assertFalse($cashier->can('verify_payments_accountant'));
$this->assertFalse($cashier->can('verify_payments_chair'));
}
public function test_accountant_permission_enforced(): void
{
$accountant = User::factory()->create();
$accountant->givePermissionTo('verify_payments_accountant');
$this->assertTrue($accountant->can('verify_payments_accountant'));
$this->assertFalse($accountant->can('verify_payments_cashier'));
$this->assertFalse($accountant->can('verify_payments_chair'));
}
public function test_chair_permission_enforced(): void
{
$chair = User::factory()->create();
$chair->givePermissionTo('verify_payments_chair');
$this->assertTrue($chair->can('verify_payments_chair'));
$this->assertFalse($chair->can('verify_payments_cashier'));
$this->assertFalse($chair->can('verify_payments_accountant'));
}
public function test_membership_manager_permission_enforced(): void
{
$manager = User::factory()->create();
$manager->givePermissionTo('activate_memberships');
$this->assertTrue($manager->can('activate_memberships'));
}
public function test_unauthorized_users_get_403(): void
{
$user = User::factory()->create();
$response = $this->actingAs($user)->get(route('admin.members.index'));
$response->assertStatus(403);
}
public function test_role_assignment_works(): void
{
$user = User::factory()->create();
$user->assignRole('finance_cashier');
$this->assertTrue($user->hasRole('finance_cashier'));
$this->assertTrue($user->can('verify_payments_cashier'));
$this->assertTrue($user->can('view_payment_verifications'));
}
public function test_permission_inheritance_works(): void
{
$user = User::factory()->create();
$user->assignRole('finance_cashier');
// finance_cashier role should have these permissions
$this->assertTrue($user->can('verify_payments_cashier'));
$this->assertTrue($user->can('view_payment_verifications'));
}
public function test_admin_role_has_all_permissions(): void
{
$admin = User::factory()->create();
$admin->assignRole('admin');
$this->assertTrue($admin->can('verify_payments_cashier'));
$this->assertTrue($admin->can('verify_payments_accountant'));
$this->assertTrue($admin->can('verify_payments_chair'));
$this->assertTrue($admin->can('activate_memberships'));
$this->assertTrue($admin->can('view_payment_verifications'));
}
public function test_members_cannot_access_admin_routes(): void
{
$user = User::factory()->create();
Member::factory()->create(['user_id' => $user->id]);
$response = $this->actingAs($user)->get(route('admin.members.index'));
$response->assertStatus(403);
}
public function test_suspended_members_cannot_access_paid_resources(): void
{
$user = User::factory()->create();
$member = Member::factory()->create([
'user_id' => $user->id,
'membership_status' => Member::STATUS_SUSPENDED,
]);
$this->assertFalse($member->hasPaidMembership());
}
public function test_guest_users_redirected_to_login(): void
{
$response = $this->get(route('admin.dashboard'));
$response->assertRedirect(route('login'));
}
public function test_guest_users_cannot_access_member_routes(): void
{
$response = $this->get(route('member.dashboard'));
$response->assertRedirect(route('login'));
}
public function test_finance_cashier_role_has_correct_permissions(): void
{
$user = User::factory()->create();
$user->assignRole('finance_cashier');
$this->assertTrue($user->hasRole('finance_cashier'));
$this->assertTrue($user->can('verify_payments_cashier'));
$this->assertTrue($user->can('view_payment_verifications'));
$this->assertFalse($user->can('verify_payments_accountant'));
}
public function test_finance_accountant_role_has_correct_permissions(): void
{
$user = User::factory()->create();
$user->assignRole('finance_accountant');
$this->assertTrue($user->hasRole('finance_accountant'));
$this->assertTrue($user->can('verify_payments_accountant'));
$this->assertTrue($user->can('view_payment_verifications'));
$this->assertFalse($user->can('verify_payments_cashier'));
}
public function test_finance_chair_role_has_correct_permissions(): void
{
$user = User::factory()->create();
$user->assignRole('finance_chair');
$this->assertTrue($user->hasRole('finance_chair'));
$this->assertTrue($user->can('verify_payments_chair'));
$this->assertTrue($user->can('view_payment_verifications'));
$this->assertFalse($user->can('activate_memberships'));
}
public function test_membership_manager_role_has_correct_permissions(): void
{
$user = User::factory()->create();
$user->assignRole('membership_manager');
$this->assertTrue($user->hasRole('membership_manager'));
$this->assertTrue($user->can('activate_memberships'));
$this->assertTrue($user->can('view_payment_verifications'));
$this->assertFalse($user->can('verify_payments_cashier'));
}
}
Reference in New Issue View Git Blame Copy Permalink