Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Tests for locked user

Browse Source
This commit is contained in:
David Bomba 2023-01-21 10:08:56 +11:00
parent a55cee5a68
commit d97f80ecd0
1 changed files with 40 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
tests/Feature/BaseApiTest.php
View File

@ -465,6 +465,7 @@ class BaseApiTest extends TestCase
'X-API-SECRET' => config('ninja.api_secret'), 'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->owner_token, 'X-API-TOKEN' => $this->owner_token,
])->get("/api/v1/{$route}/") ])->get("/api/v1/{$route}/")
->assertStatus(200)
->assertJson(fn (AssertableJson $json) => ->assertJson(fn (AssertableJson $json) =>
$json->has('meta') $json->has('meta')
->has('data',1) ->has('data',1)
@ -473,12 +474,49 @@ class BaseApiTest extends TestCase
$response = $this->withHeaders([ $response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'), 'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->low_token, 'X-API-TOKEN' => $this->owner_token,
])->get('/api/v1/companies/'.$this->company->hashed_id) ])->get('/api/v1/companies/'.$this->company->hashed_id)
->assertStatus(401); ->assertStatus(200);
} }
public function testAdminLockedRoutes()
{
$this->owner_cu = CompanyUser::where('user_id', $this->owner_cu->user_id)->where('company_id', $this->owner_cu->company_id)->first();
$this->owner_cu->is_owner = false;
$this->owner_cu->is_admin = true;
$this->owner_cu->is_locked = true;
$this->owner_cu->permissions = '[]';
$this->owner_cu->save();
$response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->owner_token,
])->get('/api/v1/users/');
$response->assertStatus(403);
/*does not test the number of records however*/
collect($this->list_routes)->filter(function ($route){
return !in_array($route, ['users','designs','payment_terms']);
})->each(function($route){
nlog($route);
$response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->owner_token,
])->get("/api/v1/{$route}/")
->assertStatus(403);
});
$response = $this->withHeaders([
'X-API-SECRET' => config('ninja.api_secret'),
'X-API-TOKEN' => $this->owner_token,
])->get('/api/v1/companies/'.$this->company->hashed_id)
->assertStatus(403);
}
/** /**
* Tests user facing routes respond with the correct status and/or data set * Tests user facing routes respond with the correct status and/or data set