From fda220b7c638e54bb1d62fb9a98b65dd5e277e0b Mon Sep 17 00:00:00 2001 From: yungifez Date: Mon, 11 Apr 2022 23:24:06 +0100 Subject: [PATCH 1/2] Wrote more tests for users --- tests/Feature/SchoolTest.php | 85 ++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) diff --git a/tests/Feature/SchoolTest.php b/tests/Feature/SchoolTest.php index e6938cd6..15a263a1 100644 --- a/tests/Feature/SchoolTest.php +++ b/tests/Feature/SchoolTest.php @@ -142,4 +142,89 @@ public function test_school_settings_redirects_to_edit_school() $response = $this->get('/dashboard/schools/settings'); $response->assertRedirect(url("/dashboard/schools/$user->school_id/edit")); } + + public function test_unauthorized_user_cannot_update_school() + { + $user = User::factory()->create(); + $this->actingAs($user); + $school = School::where('name','Test school')->first(); + $response = $this->patch("/dashboard/schools/$school->id"); + + $response->assertForbidden(); + } + + public function test_authorized_user_can_update_School() + { + $user = User::factory()->create(); + $user->givePermissionTo([ + 'update school' + ]); + $this->actingAs($user); + $school = School::where('name','Test school')->first(); + $user->school_id = $school->id; + $user->save(); + $response = $this->patch("/dashboard/schools/$school->id",['name'=>'Test school 2','address' => 'something street', 'initials' => 'TS2']); + + $this->assertEquals('Test school 2',$school->fresh()->name); + } + + public function test_that_unauthorized_user_cannot_delete_school() + { + $user = User::factory()->create(); + $this->actingAs($user); + $school = School::where('name','Test school 2')->first(); + $response = $this->delete("/dashboard/schools/$school->id"); + + $response->assertForbidden(); + } + + public function test_that_unauthorized_user_cannot_delete_School_if_it_is_their_current_school() + { + $user = User::factory()->create(); + $user->givePermissionTo([ + 'delete school' + ]); + $this->actingAs($user); + $school = School::where('name','Test school 2')->first(); + $user->school_id = $school->id; + $user->save(); + $response = $this->delete("/dashboard/schools/$school->id"); + + $this->assertNotNull($school->fresh()); + } + + public function test_user_cannot_delete_school_with_users_in_it() + { + $user = User::factory()->create(); + $user->givePermissionTo([ + 'delete school' + ]); + $this->actingAs($user); + + $school = School::where('name','Test school 2')->first(); + //user id must always not equal to school id + $user->school_id = $school->id++; + $user->save(); + $response = $this->delete("/dashboard/schools/$school->id"); + + $this->assertNotNull($school->fresh()); + } + + public function test_user_can_delete_School_with_no_users() + { + //get school and users + $school = School::where('name','Test school 2')->first(); + $userIds = $school->users->pluck('id'); + //delete all users + User::destroy($userIds); + $user = User::factory()->create(); + $user->givePermissionTo([ + 'delete school' + ]); + $this->actingAs($user); + //user id must always not equal to school id + $response = $this->delete("/dashboard/schools/$school->id"); + + $this->assertNull($school->fresh()); + } } From e07e5db409ce30b60f245933beaadc8081ee4a5c Mon Sep 17 00:00:00 2001 From: yungifez Date: Wed, 13 Apr 2022 09:52:49 +0100 Subject: [PATCH 2/2] =?UTF-8?q?Minor=20changes=20=F0=9F=98=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - wrote and modified some tests ✅ - changed route /dashboard/schools/set school to /dashboard/schools/set-school --- routes/web.php | 2 +- tests/Feature/ClassGroupTest.php | 158 +++++++++++++++++++++++++++++++ tests/Feature/SchoolTest.php | 43 ++++----- 3 files changed, 176 insertions(+), 27 deletions(-) create mode 100644 tests/Feature/ClassGroupTest.php diff --git a/routes/web.php b/routes/web.php index de97906e..d0031f7d 100644 --- a/routes/web.php +++ b/routes/web.php @@ -24,7 +24,7 @@ Route::get('schools/settings', ['App\Http\Controllers\SchoolController', 'settings'])->name('schools.settings')->middleware('App\Http\Middleware\EnsureSuperAdminHasSchoolId'); //School routes Route::resource('schools', SchoolController::class); - Route::post('schools/set school', ['App\Http\Controllers\SchoolController', 'setSchool'])->name('schools.setSchool'); + Route::post('schools/set-school', ['App\Http\Controllers\SchoolController', 'setSchool'])->name('schools.setSchool'); //super admin must be have school id set Route::middleware(['App\Http\Middleware\EnsureSuperAdminHasSchoolId'])->group(function () { diff --git a/tests/Feature/ClassGroupTest.php b/tests/Feature/ClassGroupTest.php new file mode 100644 index 00000000..e51b3d35 --- /dev/null +++ b/tests/Feature/ClassGroupTest.php @@ -0,0 +1,158 @@ +create(); + $user->givePermissionTo( + ['read class group'] + ); + $this->actingAs($user); + $response = $this->get('/dashboard/class-groups'); + + $response->assertOk(); + } + + public function test_view_class_groups_cannot_be_rendered_to_unauthorized_user() + { + $user = User::factory()->create(); + + $this->actingAs($user); + $response = $this->get('/dashboard/class-groups'); + + $response->assertForbidden(); + } + + public function test_create_class_groups_can_be_rendered_to_authorized_user() + { + $user = User::factory()->create(); + $user->givePermissionTo( + ['create class group'] + ); + $this->actingAs($user); + $response = $this->get('/dashboard/class-groups/create'); + + $response->assertOk(); + } + + public function test_create_class_groups_can_not_be_rendered_to_unauthorized_user() + { + $user = User::factory()->create(); + $this->actingAs($user); + $response = $this->get('/dashboard/class-groups/create'); + + $response->assertForbidden(); + } + + public function test_authorized_user_can_create_class_group() + { + $user = User::factory()->create(); + $user->givePermissionTo( + ['create class group'] + ); + $this->actingAs($user); + $response = $this->post('/dashboard/class-groups', ['name' => 'Test class group', 'school_id' => '1']); + $classGroup = \App\Models\ClassGroup::where('name','Test class group')->get(); + + $this->assertEquals(1, $classGroup->count()); + } + + public function test_unauthorized_user_can_not_create_class_group() + { + $user = User::factory()->create(); + $this->actingAs($user); + $response = $this->post('/dashboard/class-groups', ['name' => 'Test class group', 'school_id' => '1']); + $classGroup = \App\Models\ClassGroup::where('name','Test class group')->get(); + + $response->assertForbidden(); + } + + public function test_edit_class_groups_can_be_rendered_to_authorized_user() + { + $user = User::factory()->create(); + $user->givePermissionTo( + ['update class group'] + ); + $this->actingAs($user); + $response = $this->get('/dashboard/class-groups/1/edit'); + + $response->assertOk(); + } + + public function test_edit_class_groups_can_not_be_rendered_to_unauthorized_user() + { + $user = User::factory()->create(); + + $this->actingAs($user); + $response = $this->get('/dashboard/class-groups/1/edit'); + + $response->assertForbidden(); + } + + public function test_authorized_user_can_edit_class_group() + { + $user = User::factory()->create(); + $user->givePermissionTo( + ['update class group'] + ); + $this->actingAs($user); + $response = $this->put('/dashboard/class-groups/1', ['name' => 'Test class group', 'school_id' => '1']); + //get class group with updatesd name + $classGroup = \App\Models\ClassGroup::where('name','Test class group')->get(); + + //check if model exists + $this->assertEquals(1, $classGroup->count()); + } + + public function test_unauthorized_user_can_not_edit_class_group() + { + $user = User::factory()->create(); + $this->actingAs($user); + $response = $this->put('/dashboard/class-groups/1', ['name' => 'Test class group would fail', 'school_id' => '1']); + + $response->assertForbidden(); + } + + public function test_authorized_user_can_delete_class_group() + { + $user = User::factory()->create(); + $user->givePermissionTo( + ['delete class group'] + ); + $this->actingAs($user); + $classGroup = ClassGroup::factory()->create(); + $response = $this->delete("/dashboard/class-groups/$classGroup->id"); + $this->assertEquals(0,$classGroup->fresh()); + } + + public function test_unauthorized_user_can_not_delete_class_group() + { + $user = User::factory()->create(); + $this->actingAs($user); + $response = $this->delete('/dashboard/class-groups/1'); + $classGroup = \App\Models\ClassGroup::where('id','1')->get(); + + $response->assertForbidden(); + } + + public function test_user_can_view_class_group() + { + $user = User::factory()->create(); + $user->givePermissionTo( + ['read class group'] + ); + $this->actingAs($user); + $response = $this->get('/dashboard/class-groups/1'); + + $response->assertOk(); + } +} diff --git a/tests/Feature/SchoolTest.php b/tests/Feature/SchoolTest.php index 15a263a1..595081f6 100644 --- a/tests/Feature/SchoolTest.php +++ b/tests/Feature/SchoolTest.php @@ -27,7 +27,7 @@ public function test_view_schools_can_be_rendered_to_authorized_user() $response->assertStatus(200); } - public function test_view_schools_rendered_to_unauthorized_user() + public function test_view_schools_cannot_be_rendered_to_unauthorized_user() { $user = User::factory()->create(); @@ -58,11 +58,8 @@ public function test_user_can_create_school() $this->actingAs($user); $response = $this->post('/dashboard/schools', ['name' => 'Test school', 'address' => 'Test address', 'initials' => 'DS']); $school = School::where('name','Test school')->get(); - if ($school == null) { - return false; - } - - $response->assertRedirect(); + + $this->assertEquals(1, $school->count()); } public function test_unauthorized_user_can_not_create_school() @@ -79,7 +76,7 @@ public function test_show_school_can_be_rendered_to_super_admin() $user = User::factory()->create(); $user->assignRole('super-admin'); $this->actingAs($user); - $school = School::where('name','Test school')->first(); + $school = School::factory()->create(); $response = $this->get("/dashboard/schools/$school->id"); $response->assertStatus(200); @@ -92,7 +89,7 @@ public function test_show_school_can_be_rendered_to_authorized_user_in_same_scho ['read school'] ); $this->actingAs($user); - $school = School::where('name','Test school')->first(); + $school = School::factory()->create(); $user->school_id = $school->id; $user->save(); $response = $this->get("/dashboard/schools/$school->id"); @@ -100,22 +97,6 @@ public function test_show_school_can_be_rendered_to_authorized_user_in_same_scho $response->assertStatus(200); } - public function test_school_is_not_rendered_to_authorized_user_in_different_school() - { - $user = User::factory()->create(); - $user->givePermissionTo( - ['read school'] - ); - $this->actingAs($user); - $school = School::where('name','Test school')->first(); - //assign user a different school from the fetched school every time - $user->school_id = $school->id++; - $user->save(); - $response = $this->get("/dashboard/schools/$school->id"); - - $response->assertNotFound(); - } - public function test_edit_school_can_be_rendered_to_authorized_user() { $user = User::factory()->create(); @@ -201,7 +182,7 @@ public function test_user_cannot_delete_school_with_users_in_it() ]); $this->actingAs($user); - $school = School::where('name','Test school 2')->first(); + $school = School::find(1); //user id must always not equal to school id $user->school_id = $school->id++; $user->save(); @@ -213,7 +194,7 @@ public function test_user_cannot_delete_school_with_users_in_it() public function test_user_can_delete_School_with_no_users() { //get school and users - $school = School::where('name','Test school 2')->first(); + $school = School::factory()->create();; $userIds = $school->users->pluck('id'); //delete all users User::destroy($userIds); @@ -227,4 +208,14 @@ public function test_user_can_delete_School_with_no_users() $this->assertNull($school->fresh()); } + + public function test_super_admin_can_set_school() + { + $user = User::where('email','super@admin.com')->first(); + $this->actingAs($user); + $school = School::factory()->create(); + $response = $this->post("/dashboard/schools/set-school",['school_id' => $school->id]); + + $this->assertEquals($school->id,$user->fresh()->school_id); + } }