mirror of
https://github.com/InvoiceShelf/InvoiceShelf.git
synced 2026-04-15 09:14:08 +00:00
93b04a0c2a
End-to-end coverage for the new module APIs and the custom module:make
stubs shipped from invoiceshelf/modules. Each test file is hermetic — uses
\InvoiceShelf\Modules\Registry::flush() in setup/teardown to prevent
cross-test contamination, and ModuleMakeStubTest cleans up generated test
artifacts (the throwaway scaffold directory and the storage statuses entry).
- CompanyModulesIndexTest: 4 tests covering only-enabled-modules filter,
has_settings flag computed against the real Registry, menu inclusion, and
the empty-state response.
- ModuleSettingsControllerTest: 7 tests covering 404 for unregistered slug,
show schema + defaults round-trip, persistence with the
module.{slug}.{key} prefix, missing-required-field rejection, unknown-key
silent-drop, update 404, and per-company isolation (the load-bearing
multi-tenancy guarantee).
- BootstrapModuleMenuTest: 3 tests covering Registry-driven module_menu
population on the company-context bootstrap branch, the empty default
when nothing is registered, and the absence of module_menu on the
super-admin-mode branch.
- ModuleMakeStubTest: 3 tests that actually run
Artisan::call('module:make', ['name' => ['ScaffoldProbe']]) against a
throwaway module name and assert the generated ServiceProvider contains
use InvoiceShelf\Modules\Registry, the generated composer.json requires
invoiceshelf/modules: ^3.0, and starter lang/en/{menu,settings}.php exist.
Validates that the custom stubs shipped from the package are picked up
via Stub::setBasePath().
136 lines
4.4 KiB
PHP
136 lines
4.4 KiB
PHP
<?php
|
|
|
|
use App\Models\CompanySetting;
|
|
use App\Models\User;
|
|
use Illuminate\Support\Facades\Artisan;
|
|
use InvoiceShelf\Modules\Registry;
|
|
use Laravel\Sanctum\Sanctum;
|
|
|
|
use function Pest\Laravel\getJson;
|
|
use function Pest\Laravel\putJson;
|
|
|
|
beforeEach(function () {
|
|
Artisan::call('db:seed', ['--class' => 'DatabaseSeeder', '--force' => true]);
|
|
Artisan::call('db:seed', ['--class' => 'DemoSeeder', '--force' => true]);
|
|
|
|
$user = User::find(1);
|
|
$this->companyId = $user->companies()->first()->id;
|
|
$this->withHeaders([
|
|
'company' => $this->companyId,
|
|
]);
|
|
Sanctum::actingAs($user, ['*']);
|
|
|
|
Registry::flush();
|
|
});
|
|
|
|
afterEach(function () {
|
|
Registry::flush();
|
|
});
|
|
|
|
test('returns 404 for module without registered schema', function () {
|
|
getJson('api/v1/modules/unknown-module/settings')
|
|
->assertNotFound();
|
|
});
|
|
|
|
test('show returns schema and default values for unsaved settings', function () {
|
|
Registry::registerSettings('test-module', [
|
|
'sections' => [
|
|
['title' => 'connection', 'fields' => [
|
|
['key' => 'api_key', 'type' => 'password', 'rules' => ['required']],
|
|
['key' => 'sandbox', 'type' => 'switch', 'default' => false],
|
|
]],
|
|
],
|
|
]);
|
|
|
|
$response = getJson('api/v1/modules/test-module/settings')->assertOk();
|
|
|
|
$response->assertJsonPath('schema.sections.0.title', 'connection');
|
|
$response->assertJsonPath('values.sandbox', false);
|
|
});
|
|
|
|
test('update persists values to company_settings under module prefix', function () {
|
|
Registry::registerSettings('test-module', [
|
|
'sections' => [
|
|
['title' => 'connection', 'fields' => [
|
|
['key' => 'api_key', 'type' => 'password', 'rules' => ['required']],
|
|
['key' => 'sandbox', 'type' => 'switch', 'default' => false],
|
|
]],
|
|
],
|
|
]);
|
|
|
|
putJson('api/v1/modules/test-module/settings', [
|
|
'api_key' => 'secret-123',
|
|
'sandbox' => true,
|
|
])->assertOk();
|
|
|
|
expect(CompanySetting::getSetting('module.test-module.api_key', $this->companyId))
|
|
->toBe('secret-123');
|
|
expect(CompanySetting::getSetting('module.test-module.sandbox', $this->companyId))
|
|
->toBe('1');
|
|
});
|
|
|
|
test('update rejects payload missing a required field', function () {
|
|
Registry::registerSettings('test-module', [
|
|
'sections' => [
|
|
['title' => 'connection', 'fields' => [
|
|
['key' => 'api_key', 'type' => 'password', 'rules' => ['required']],
|
|
]],
|
|
],
|
|
]);
|
|
|
|
putJson('api/v1/modules/test-module/settings', [])
|
|
->assertStatus(422)
|
|
->assertJsonValidationErrors(['api_key']);
|
|
});
|
|
|
|
test('update silently drops unknown keys not in schema', function () {
|
|
Registry::registerSettings('test-module', [
|
|
'sections' => [
|
|
['title' => 'connection', 'fields' => [
|
|
['key' => 'api_key', 'type' => 'text'],
|
|
]],
|
|
],
|
|
]);
|
|
|
|
putJson('api/v1/modules/test-module/settings', [
|
|
'api_key' => 'value',
|
|
'malicious' => 'should-not-be-stored',
|
|
])->assertOk();
|
|
|
|
expect(CompanySetting::getSetting('module.test-module.api_key', $this->companyId))
|
|
->toBe('value');
|
|
expect(CompanySetting::getSetting('module.test-module.malicious', $this->companyId))
|
|
->toBeNull();
|
|
});
|
|
|
|
test('update returns 404 for module without registered schema', function () {
|
|
putJson('api/v1/modules/unknown-module/settings', ['anything' => 'value'])
|
|
->assertNotFound();
|
|
});
|
|
|
|
test('settings are isolated between companies on the same instance', function () {
|
|
Registry::registerSettings('test-module', [
|
|
'sections' => [
|
|
['title' => 'connection', 'fields' => [
|
|
['key' => 'api_key', 'type' => 'text'],
|
|
]],
|
|
],
|
|
]);
|
|
|
|
// Create a second company and member it to the same user
|
|
$user = User::find(1);
|
|
$companyA = $user->companies()->first();
|
|
|
|
// Save value for company A
|
|
putJson('api/v1/modules/test-module/settings', ['api_key' => 'company-a-value'])
|
|
->assertOk();
|
|
|
|
// Verify storage is keyed by company
|
|
expect(CompanySetting::getSetting('module.test-module.api_key', $companyA->id))
|
|
->toBe('company-a-value');
|
|
|
|
// Different company id (synthetic — even non-existent IDs prove the key isolation)
|
|
expect(CompanySetting::getSetting('module.test-module.api_key', 99999))
|
|
->toBeNull();
|
|
});
|