Added test cases on authorization

Check if the user can update their own hook orders. Check that a user cannot update another users hook orders
itsjeffro · May 9, 2021 · a56cc1f · a56cc1f
1 parent e8c119d
commit a56cc1f
Showing 1 changed file with 78 additions and 2 deletions.
diff --git a/tests/Feature/ProjectActionsTest.php b/tests/Feature/ProjectActionsTest.php
@@ -4,14 +4,15 @@
 
 use Deploy\Models\Action;
 use Deploy\Models\Project;
+use Deploy\Models\User;
 use Deploy\Tests\TestCase;
 
 class ProjectActionsTest extends TestCase
 {
     /**
      * @group actions
      */
-    public function test_user_can_view_project_actions()
+    public function test_user_can_view_actions()
     {
         $project = factory(Project::class)->create();
 
@@ -44,7 +45,23 @@ public function test_user_can_view_project_actions()
     /**
      * @group actions
      */
-    public function test_user_can_view_one_of_project_actions()
+    public function test_user_cannot_view_another_users_actions()
+    {
+        $anotherProject = factory(Project::class)->create();
+        $user = factory(User::class)->create();
+
+        $response = $this->actingAs($user)
+            ->json('GET', route('project-actions.index', [
+                'project' => $anotherProject->id,
+            ]));
+
+        $response->assertStatus(403);
+    }
+
+    /**
+     * @group actions
+     */
+    public function test_user_can_view_action()
     {
         $action = Action::firstOrFail();
         $project = factory(Project::class)->create();
@@ -63,4 +80,63 @@ public function test_user_can_view_one_of_project_actions()
                 'after_hooks' => [],
             ]);
     }
+
+    /**
+     * @group actions
+     */
+    public function test_user_cannot_view_another_users_action()
+    {
+        $action = Action::firstOrFail();
+        $anotherProject = factory(Project::class)->create();
+        $user = factory(User::class)->create();
+
+        $response = $this->actingAs($user)
+            ->json('GET', route('project-actions.show', [
+                'project' => $anotherProject->id,
+                'action' => $action->id,
+            ]));
+
+        $response->assertStatus(403);
+    }
+
+    /**
+     * @group actions
+     */
+    public function test_user_can_reorder_action_hooks()
+    {
+        $action = Action::firstOrFail();
+        $project = factory(Project::class)->create();
+
+        $response = $this->actingAs($project->user)
+            ->json('PUT', route('project-actions.update-hook-order', [
+                'project' => $project->id,
+                'action' => $action->id,
+            ]), [
+                'hooks' => [
+                    //
+                ],
+            ]);
+
+        $response->assertStatus(204);
+    }
+
+    /**
+     * @group actions
+     */
+    public function test_user_cannot_reorder_another_users_action_hooks()
+    {
+        $action = Action::firstOrFail();
+        $project = factory(Project::class)->create();
+        $user = factory(User::class)->create();
+
+        $response = $this->actingAs($user)
+            ->json('PUT', route('project-actions.update-hook-order', [
+                'project' => $project->id,
+                'action' => $action->id,
+            ]), [
+                'hooks' => [],
+            ]);
+
+        $response->assertStatus(403);
+    }
 }