From d97f80ecd07d2d75ff40bdfae8b4e4620afc84bb Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Sat, 21 Jan 2023 10:08:56 +1100
Subject: [PATCH] Tests for locked user

---
 tests/Feature/BaseApiTest.php | 42 +++++++++++++++++++++++++++++++++--
 1 file changed, 40 insertions(+), 2 deletions(-)

diff --git a/tests/Feature/BaseApiTest.php b/tests/Feature/BaseApiTest.php
index 8ea082ed735e..40e3c2e1edbc 100644
--- a/tests/Feature/BaseApiTest.php
+++ b/tests/Feature/BaseApiTest.php
@@ -465,6 +465,7 @@ class BaseApiTest extends TestCase
                 'X-API-SECRET' => config('ninja.api_secret'),
                 'X-API-TOKEN' => $this->owner_token,
             ])->get("/api/v1/{$route}/")
+              ->assertStatus(200)
               ->assertJson(fn (AssertableJson $json) =>
                 $json->has('meta')
                  ->has('data',1)
@@ -473,12 +474,49 @@ class BaseApiTest extends TestCase
 
        $response = $this->withHeaders([
                 'X-API-SECRET' => config('ninja.api_secret'),
-                'X-API-TOKEN' => $this->low_token,
+                'X-API-TOKEN' => $this->owner_token,
             ])->get('/api/v1/companies/'.$this->company->hashed_id)
-              ->assertStatus(401);
+              ->assertStatus(200);
 
     }
 
+    public function testAdminLockedRoutes()
+    {
+        $this->owner_cu = CompanyUser::where('user_id', $this->owner_cu->user_id)->where('company_id', $this->owner_cu->company_id)->first();
+        $this->owner_cu->is_owner = false;
+        $this->owner_cu->is_admin = true;
+        $this->owner_cu->is_locked = true;
+        $this->owner_cu->permissions = '[]';
+        $this->owner_cu->save();        
+
+        $response = $this->withHeaders([
+            'X-API-SECRET' => config('ninja.api_secret'),
+            'X-API-TOKEN' => $this->owner_token,
+        ])->get('/api/v1/users/');
+
+          $response->assertStatus(403);
+
+        /*does not test the number of records however*/
+        collect($this->list_routes)->filter(function ($route){
+            return !in_array($route, ['users','designs','payment_terms']);
+        })->each(function($route){
+            nlog($route);
+            $response = $this->withHeaders([
+                'X-API-SECRET' => config('ninja.api_secret'),
+                'X-API-TOKEN' => $this->owner_token,
+            ])->get("/api/v1/{$route}/")
+              ->assertStatus(403);
+        });
+
+       $response = $this->withHeaders([
+                'X-API-SECRET' => config('ninja.api_secret'),
+                'X-API-TOKEN' => $this->owner_token,
+            ])->get('/api/v1/companies/'.$this->company->hashed_id)
+              ->assertStatus(403);
+
+    }
+
+
 
     /**
      * Tests user facing routes respond with the correct status and/or data set