From 55456a57d62ff6500e48de73ba43e0e2bcbcc056 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Sat, 18 Feb 2023 13:51:18 +0000 Subject: [PATCH] Added tests for not-yet-built role API endpoints --- app/Auth/Permissions/RolePermission.php | 2 + .../Controllers/Api/UserApiController.php | 4 +- tests/Api/RolesApiTest.php | 227 ++++++++++++++++++ tests/Api/UsersApiTest.php | 6 +- 4 files changed, 234 insertions(+), 5 deletions(-) create mode 100644 tests/Api/RolesApiTest.php diff --git a/app/Auth/Permissions/RolePermission.php b/app/Auth/Permissions/RolePermission.php index f34de917c..467c43ce2 100644 --- a/app/Auth/Permissions/RolePermission.php +++ b/app/Auth/Permissions/RolePermission.php @@ -8,6 +8,8 @@ use Illuminate\Database\Eloquent\Relations\BelongsToMany; /** * @property int $id + * @property string $name + * @property string $display_name */ class RolePermission extends Model { diff --git a/app/Http/Controllers/Api/UserApiController.php b/app/Http/Controllers/Api/UserApiController.php index 64e9d732d..da6ca4321 100644 --- a/app/Http/Controllers/Api/UserApiController.php +++ b/app/Http/Controllers/Api/UserApiController.php @@ -13,9 +13,9 @@ use Illuminate\Validation\Rules\Unique; class UserApiController extends ApiController { - protected $userRepo; + protected UserRepo $userRepo; - protected $fieldsToExpose = [ + protected array $fieldsToExpose = [ 'email', 'created_at', 'updated_at', 'last_activity_at', 'external_auth_id', ]; diff --git a/tests/Api/RolesApiTest.php b/tests/Api/RolesApiTest.php new file mode 100644 index 000000000..38026a40a --- /dev/null +++ b/tests/Api/RolesApiTest.php @@ -0,0 +1,227 @@ +actingAsApiEditor(); + foreach ($this->endpointMap as [$method, $uri]) { + $resp = $this->json($method, $uri); + $resp->assertStatus(403); + $resp->assertJson($this->permissionErrorResponse()); + } + } + + public function test_index_endpoint_returns_expected_role_and_count() + { + $this->actingAsApiAdmin(); + /** @var Role $firstRole */ + $firstRole = Role::query()->orderBy('id', 'asc')->first(); + + $resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id'); + $resp->assertJson(['data' => [ + [ + 'id' => $firstRole->id, + 'display_name' => $firstRole->display_name, + 'description' => $firstRole->description, + 'mfa_enforced' => $firstRole->mfa_enforced, + 'permissions_count' => $firstRole->permissions()->count(), + 'users_count' => $firstRole->users()->count(), + 'created_at' => $firstRole->created_at->toJSON(), + 'updated_at' => $firstRole->updated_at->toJSON(), + ], + ]]); + + $resp->assertJson(['total' => Role::query()->count()]); + } + + public function test_create_endpoint() + { + $this->actingAsApiAdmin(); + /** @var Role $role */ + $role = Role::query()->first(); + + $resp = $this->postJson($this->baseEndpoint, [ + 'display_name' => 'My awesome role', + 'description' => 'My great role description', + 'mfa_enforced' => true, + 'permissions' => [ + 'content-export', + 'users-manage', + 'page-view-own', + 'page-view-all', + ] + ]); + + $resp->assertStatus(200); + $resp->assertJson([ + 'display_name' => 'My awesome role', + 'description' => 'My great role description', + 'mfa_enforced' => true, + 'permissions' => [ + 'content-export', + 'users-manage', + 'page-view-own', + 'page-view-all', + ] + ]); + + $this->assertDatabaseHas('roles', [ + 'display_name' => 'My awesome role', + 'description' => 'My great role description', + 'mfa_enforced' => true, + ]); + + /** @var Role $role */ + $role = Role::query()->where('display_name', '=', 'My awesome role')->first(); + $this->assertActivityExists(ActivityType::ROLE_CREATE, null, $role->logDescriptor()); + $this->assertEquals(4, $role->permissions()->count()); + } + + public function test_create_name_and_description_validation() + { + $this->actingAsApiAdmin(); + /** @var User $existingUser */ + $existingUser = User::query()->first(); + + $resp = $this->postJson($this->baseEndpoint, [ + 'description' => 'My new role', + ]); + $resp->assertStatus(422); + $resp->assertJson($this->validationResponse(['display_name' => ['The display_name field is required.']])); + + $resp = $this->postJson($this->baseEndpoint, [ + 'name' => 'My great role with a too long desc', + 'description' => str_repeat('My great desc', 20), + ]); + $resp->assertStatus(422); + $resp->assertJson($this->validationResponse(['description' => ['The description may not be greater than 180 characters.']])); + } + + public function test_read_endpoint() + { + $this->actingAsApiAdmin(); + $role = $this->users->editor()->roles()->first(); + $resp = $this->getJson($this->baseEndpoint . "/{$role->id}"); + + $resp->assertStatus(200); + $resp->assertJson([ + 'display_name' => $role->display_name, + 'description' => $role->description, + 'mfa_enforced' => $role->mfa_enforced, + 'permissions' => $role->permissions()->pluck('name')->toArray(), + 'users' => $role->users()->get()->map(function (User $user) { + return [ + 'id' => $user->id, + 'name' => $user->name, + 'slug' => $user->slug, + ]; + })->toArray(), + ]); + } + + public function test_update_endpoint() + { + $this->actingAsApiAdmin(); + $role = $this->users->editor()->roles()->first(); + $resp = $this->putJson($this->baseEndpoint . "/{$role->id}", [ + 'display_name' => 'My updated role', + 'description' => 'My great role description', + 'mfa_enforced' => true, + 'permissions' => [ + 'content-export', + 'users-manage', + 'page-view-own', + 'page-view-all', + ] + ]); + + $resp->assertStatus(200); + $resp->assertJson([ + 'id' => $role->id, + 'display_name' => 'My updated role', + 'description' => 'My great role description', + 'mfa_enforced' => true, + 'permissions' => [ + 'content-export', + 'users-manage', + 'page-view-own', + 'page-view-all', + ] + ]); + + $role->refresh(); + $this->assertEquals(4, $role->permissions()->count()); + } + + public function test_update_endpoint_does_not_remove_info_if_not_provided() + { + $this->actingAsApiAdmin(); + $role = $this->users->editor()->roles()->first(); + $resp = $this->putJson($this->baseEndpoint . "/{$role->id}", []); + $permissionCount = $role->permissions()->count(); + + $resp->assertStatus(200); + $this->assertDatabaseHas('users', [ + 'id' => $role->id, + 'display_name' => $role->display_name, + 'description' => $role->description, + ]); + + $role->refresh(); + $this->assertEquals($permissionCount, $role->permissions()->count()); + } + + public function test_delete_endpoint() + { + $this->actingAsApiAdmin(); + $role = $this->users->editor()->roles()->first(); + + $resp = $this->deleteJson($this->baseEndpoint . "/{$role->id}"); + + $resp->assertStatus(204); + $this->assertActivityExists(ActivityType::ROLE_DELETE, null, $role->logDescriptor()); + } + + public function test_delete_endpoint_fails_deleting_system_role() + { + $this->actingAsApiAdmin(); + $adminRole = Role::getSystemRole('admin'); + + $resp = $this->deleteJson($this->baseEndpoint . "/{$adminRole->id}"); + + $resp->assertStatus(500); + $resp->assertJson($this->errorResponse('This role is a system role and cannot be deleted', 500)); + } + + public function test_delete_endpoint_fails_deleting_default_registration_role() + { + $this->actingAsApiAdmin(); + $role = $this->users->attachNewRole($this->users->editor()); + $this->setSettings(['registration-role' => $role->id]); + + $resp = $this->deleteJson($this->baseEndpoint . "/{$role->id}"); + + $resp->assertStatus(500); + $resp->assertJson($this->errorResponse('This role cannot be deleted while set as the default registration role', 500)); + } +} diff --git a/tests/Api/UsersApiTest.php b/tests/Api/UsersApiTest.php index c89f9e6e3..fadd2610c 100644 --- a/tests/Api/UsersApiTest.php +++ b/tests/Api/UsersApiTest.php @@ -15,9 +15,9 @@ class UsersApiTest extends TestCase { use TestsApi; - protected $baseEndpoint = '/api/users'; + protected string $baseEndpoint = '/api/users'; - protected $endpointMap = [ + protected array $endpointMap = [ ['get', '/api/users'], ['post', '/api/users'], ['get', '/api/users/1'], @@ -47,7 +47,7 @@ class UsersApiTest extends TestCase } } - public function test_index_endpoint_returns_expected_shelf() + public function test_index_endpoint_returns_expected_user() { $this->actingAsApiAdmin(); /** @var User $firstUser */