gbanyan/usher-manage-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
83ce1f7fc88a6cb1b184ae4952529231ca71639b
usher-manage-stack/tests/Feature/AuthorizationTest.php

246 lines
8.4 KiB
PHP
Raw Blame History

<?php
namespace Tests\Feature;
use App\Models\Member;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class AuthorizationTest extends TestCase
{
use RefreshDatabase;
protected function setUp(): void
{
parent::setUp();
$this->artisan('db:seed', ['--class' => 'RoleSeeder']);
$this->artisan('db:seed', ['--class' => 'PaymentVerificationRolesSeeder']);
}
public function test_admin_middleware_allows_admin_role(): void
{
$admin = User::factory()->create();
$admin->assignRole('admin');
$response = $this->actingAs($admin)->get(route('admin.dashboard'));
$response->assertStatus(200);
}
public function test_admin_middleware_allows_is_admin_flag(): void
{
$admin = User::factory()->create(['is_admin' => true]);
$response = $this->actingAs($admin)->get(route('admin.dashboard'));
$response->assertStatus(200);
}
public function test_admin_middleware_blocks_non_admin_users(): void
{
$user = User::factory()->create(['is_admin' => false]);
$response = $this->actingAs($user)->get(route('admin.dashboard'));
$response->assertStatus(403);
}
public function test_paid_membership_middleware_allows_active_members(): void
{
$user = User::factory()->create();
$member = Member::factory()->create([
'user_id' => $user->id,
'membership_status' => Member::STATUS_ACTIVE,
'membership_started_at' => now()->subMonth(),
'membership_expires_at' => now()->addYear(),
]);
// Would need a route protected by CheckPaidMembership middleware
// For now we test the model method
$this->assertTrue($member->hasPaidMembership());
}
public function test_paid_membership_middleware_blocks_pending_members(): void
{
$user = User::factory()->create();
$member = Member::factory()->create([
'user_id' => $user->id,
'membership_status' => Member::STATUS_PENDING,
]);
$this->assertFalse($member->hasPaidMembership());
}
public function test_paid_membership_middleware_blocks_expired_members(): void
{
$user = User::factory()->create();
$member = Member::factory()->create([
'user_id' => $user->id,
'membership_status' => Member::STATUS_ACTIVE,
'membership_started_at' => now()->subYear()->subMonth(),
'membership_expires_at' => now()->subMonth(),
]);
$this->assertFalse($member->hasPaidMembership());
}
public function test_cashier_permission_enforced(): void
{
$cashier = User::factory()->create(['is_admin' => true]);
$cashier->givePermissionTo('verify_payments_cashier');
$this->assertTrue($cashier->can('verify_payments_cashier'));
$this->assertFalse($cashier->can('verify_payments_accountant'));
$this->assertFalse($cashier->can('verify_payments_chair'));
}
public function test_accountant_permission_enforced(): void
{
$accountant = User::factory()->create(['is_admin' => true]);
$accountant->givePermissionTo('verify_payments_accountant');
$this->assertTrue($accountant->can('verify_payments_accountant'));
$this->assertFalse($accountant->can('verify_payments_cashier'));
$this->assertFalse($accountant->can('verify_payments_chair'));
}
public function test_chair_permission_enforced(): void
{
$chair = User::factory()->create(['is_admin' => true]);
$chair->givePermissionTo('verify_payments_chair');
$this->assertTrue($chair->can('verify_payments_chair'));
$this->assertFalse($chair->can('verify_payments_cashier'));
$this->assertFalse($chair->can('verify_payments_accountant'));
}
public function test_membership_manager_permission_enforced(): void
{
$manager = User::factory()->create(['is_admin' => true]);
$manager->givePermissionTo('activate_memberships');
$this->assertTrue($manager->can('activate_memberships'));
}
public function test_unauthorized_users_get_403(): void
{
$user = User::factory()->create();
$response = $this->actingAs($user)->get(route('admin.members.index'));
$response->assertStatus(403);
}
public function test_role_assignment_works(): void
{
$user = User::factory()->create(['is_admin' => true]);
$user->assignRole('payment_cashier');
$this->assertTrue($user->hasRole('payment_cashier'));
$this->assertTrue($user->can('verify_payments_cashier'));
$this->assertTrue($user->can('view_payment_verifications'));
}
public function test_permission_inheritance_works(): void
{
$user = User::factory()->create(['is_admin' => true]);
$user->assignRole('payment_cashier');
// payment_cashier role should have these permissions
$this->assertTrue($user->can('verify_payments_cashier'));
$this->assertTrue($user->can('view_payment_verifications'));
}
public function test_admin_role_has_all_permissions(): void
{
$admin = User::factory()->create();
$admin->assignRole('admin');
$this->assertTrue($admin->can('verify_payments_cashier'));
$this->assertTrue($admin->can('verify_payments_accountant'));
$this->assertTrue($admin->can('verify_payments_chair'));
$this->assertTrue($admin->can('activate_memberships'));
$this->assertTrue($admin->can('view_payment_verifications'));
}
public function test_members_cannot_access_admin_routes(): void
{
$user = User::factory()->create();
Member::factory()->create(['user_id' => $user->id]);
$response = $this->actingAs($user)->get(route('admin.members.index'));
$response->assertStatus(403);
}
public function test_suspended_members_cannot_access_paid_resources(): void
{
$user = User::factory()->create();
$member = Member::factory()->create([
'user_id' => $user->id,
'membership_status' => Member::STATUS_SUSPENDED,
]);
$this->assertFalse($member->hasPaidMembership());
}
public function test_guest_users_redirected_to_login(): void
{
$response = $this->get(route('admin.dashboard'));
$response->assertRedirect(route('login'));
}
public function test_guest_users_cannot_access_member_routes(): void
{
$response = $this->get(route('member.dashboard'));
$response->assertRedirect(route('login'));
}
public function test_payment_cashier_role_has_correct_permissions(): void
{
$user = User::factory()->create(['is_admin' => true]);
$user->assignRole('payment_cashier');
$this->assertTrue($user->hasRole('payment_cashier'));
$this->assertTrue($user->can('verify_payments_cashier'));
$this->assertTrue($user->can('view_payment_verifications'));
$this->assertFalse($user->can('verify_payments_accountant'));
}
public function test_payment_accountant_role_has_correct_permissions(): void
{
$user = User::factory()->create(['is_admin' => true]);
$user->assignRole('payment_accountant');
$this->assertTrue($user->hasRole('payment_accountant'));
$this->assertTrue($user->can('verify_payments_accountant'));
$this->assertTrue($user->can('view_payment_verifications'));
$this->assertFalse($user->can('verify_payments_cashier'));
}
public function test_payment_chair_role_has_correct_permissions(): void
{
$user = User::factory()->create(['is_admin' => true]);
$user->assignRole('payment_chair');
$this->assertTrue($user->hasRole('payment_chair'));
$this->assertTrue($user->can('verify_payments_chair'));
$this->assertTrue($user->can('view_payment_verifications'));
$this->assertFalse($user->can('activate_memberships'));
}
public function test_membership_manager_role_has_correct_permissions(): void
{
$user = User::factory()->create(['is_admin' => true]);
$user->assignRole('membership_manager');
$this->assertTrue($user->hasRole('membership_manager'));
$this->assertTrue($user->can('activate_memberships'));
$this->assertTrue($user->can('view_payment_verifications'));
$this->assertFalse($user->can('verify_payments_cashier'));
}
}
Reference in New Issue View Git Blame Copy Permalink