diff --git a/app/Http/Requests/User/BulkUserRequest.php b/app/Http/Requests/User/BulkUserRequest.php index afea05c1da28..c07032f4f2e6 100644 --- a/app/Http/Requests/User/BulkUserRequest.php +++ b/app/Http/Requests/User/BulkUserRequest.php @@ -24,8 +24,7 @@ class BulkUserRequest extends Request * @return bool */ public function authorize() : bool - {nlog($this->all()); - nlog($this->ids); + { if($this->action == 'delete' && in_array(auth()->user()->hashed_id, $this->ids)) return false; diff --git a/tests/Feature/UserTest.php b/tests/Feature/UserTest.php index f11ab71df916..5d49460132b6 100644 --- a/tests/Feature/UserTest.php +++ b/tests/Feature/UserTest.php @@ -11,19 +11,21 @@ namespace Tests\Feature; -use App\Factory\CompanyUserFactory; -use App\Http\Middleware\PasswordProtection; -use App\Models\Company; -use App\Models\CompanyToken; -use App\Models\CompanyUser; -use App\Models\User; -use Illuminate\Database\Eloquent\Model; -use Illuminate\Foundation\Testing\DatabaseTransactions; -use Illuminate\Routing\Middleware\ThrottleRequests; -use Illuminate\Support\Facades\Session; -use Illuminate\Validation\ValidationException; -use Tests\MockAccountData; use Tests\TestCase; +use App\Models\User; +use App\Models\Account; +use App\Models\Company; +use Tests\MockAccountData; +use App\Models\CompanyUser; +use App\Models\CompanyToken; +use App\DataMapper\CompanySettings; +use App\Factory\CompanyUserFactory; +use Illuminate\Database\Eloquent\Model; +use Illuminate\Support\Facades\Session; +use App\Http\Middleware\PasswordProtection; +use Illuminate\Validation\ValidationException; +use Illuminate\Routing\Middleware\ThrottleRequests; +use Illuminate\Foundation\Testing\DatabaseTransactions; /** * @test @@ -58,23 +60,60 @@ class UserTest extends TestCase public function testUserAttemptingtToDeleteThemselves() { - $data = [ - 'action' => 'delete', - 'ids' => [$this->user->hashed_id], - ]; - nlog($data); + + $account = Account::factory()->create([ + 'hosted_client_count' => 1000, + 'hosted_company_count' => 1000, + ]); + + $account->num_users = 3; + $account->save(); + + $user = User::factory()->create([ + 'account_id' => $this->account->id, + 'confirmation_code' => 'xyz123', + 'email' => $this->faker->unique()->safeEmail(), + ]); + + $settings = CompanySettings::defaults(); + $settings->client_online_payment_notification = false; + $settings->client_manual_payment_notification = false; + + $company = Company::factory()->create([ + 'account_id' => $account->id, + 'settings' => $settings, + ]); + + + $cu = CompanyUserFactory::create($user->id, $company->id, $account->id); + $cu->is_owner = true; + $cu->is_admin = true; + $cu->is_locked = false; + $cu->save(); + + $token = \Illuminate\Support\Str::random(64); + + $company_token = new CompanyToken(); + $company_token->user_id = $user->id; + $company_token->company_id = $company->id; + $company_token->account_id = $account->id; + $company_token->name = 'test token'; + $company_token->token = $token; + $company_token->is_system = true; + + $data = [ + 'ids' => [$user->hashed_id], + ]; $response = $this->withHeaders([ 'X-API-SECRET' => config('ninja.api_secret'), - 'X-API-TOKEN' => $this->token, - // 'X-API-PASSWORD' => 'ALongAndBriliantPassword', - ])->postJson('/api/v1/users/bulk', $data) - ->assertStatus(200); + 'X-API-TOKEN' => $token, + 'X-API-PASSWORD' => 'ALongAndBriliantPassword', + ])->postJson('/api/v1/users/bulk?action=dete', $data) + ->assertStatus(403); - // nlog($response->json()); - // $response->assertStatus(403); } public function testDisconnectUserOauthMailer()