'DatabaseSeeder', '--force' => true]); Artisan::call('db:seed', ['--class' => 'DemoSeeder', '--force' => true]); $user = User::where('role', 'super admin')->first(); $this->withHeaders([ 'company' => $user->companies()->first()->id, ]); Sanctum::actingAs( $user, ['*'] ); }); getJson('/api/v1/users')->assertOk(); test('store user using a form request', function () { $this->assertActionUsesFormRequest( UsersController::class, 'store', UserRequest::class ); }); // test('store user', function () { // $data = [ // 'name' => fake()->name, // 'email' => fake()->unique()->safeEmail, // 'phone' => fake()->phoneNumber, // 'password' => fake()->password // ]; // postJson('/api/v1/users', $data)->assertOk(); // $this->assertDatabaseHas('users', [ // 'name' => $data['name'], // 'email' => $data['email'], // 'phone' => $data['phone'], // ]); // }); test('get user belonging to the current company', function () { $companyId = User::where('role', 'super admin')->first()->companies()->first()->id; $user = User::factory()->create(); $user->companies()->attach($companyId); getJson("/api/v1/users/{$user->id}")->assertOk(); }); test('cannot view a user belonging to another company', function () { $user = User::factory()->create(); $user->companies()->attach(Company::factory()->create()->id); getJson("/api/v1/users/{$user->id}")->assertForbidden(); }); test('cannot update a user belonging to another company', function () { $companyId = User::where('role', 'super admin')->first()->companies()->first()->id; $user = User::factory()->create(); $user->companies()->attach(Company::factory()->create()->id); putJson("/api/v1/users/{$user->id}", [ 'name' => 'Hacked', 'email' => 'pwned@attacker.test', 'companies' => [['id' => $companyId, 'role' => 'super admin']], ])->assertForbidden(); $this->assertDatabaseMissing('users', ['email' => 'pwned@attacker.test']); }); test('update user using a form request', function () { $this->assertActionUsesFormRequest( UsersController::class, 'update', UserRequest::class ); }); // test('update user', function () { // $user = User::factory()->create(); // $data = [ // 'name' => fake()->name, // 'email' => fake()->unique()->safeEmail, // 'phone' => fake()->phoneNumber, // 'password' => fake()->password // ]; // putJson("/api/v1/users/{$user->id}", $data)->assertOk(); // $this->assertDatabaseHas('users', [ // 'name' => $data['name'], // 'email' => $data['email'], // 'phone' => $data['phone'], // ]); // }); test('deletes a user belonging to the current company', function () { $companyId = User::where('role', 'super admin')->first()->companies()->first()->id; $user = User::factory()->create(); $user->companies()->attach($companyId); postJson('/api/v1/users/delete', ['users' => [$user->id]])->assertOk(); $this->assertDatabaseMissing('users', ['id' => $user->id]); }); test('cannot bulk delete a user belonging to another company', function () { $user = User::factory()->create(); $user->companies()->attach(Company::factory()->create()->id); postJson('/api/v1/users/delete', ['users' => [$user->id]])->assertOk(); $this->assertDatabaseHas('users', ['id' => $user->id]); });