svc-admin01/snipe-it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
develop
snipe-it/tests/Feature/Reporting/DeleteAcceptanceAuthorizationTest.php
T

96 lines
3.7 KiB
PHP
Raw Permalink Blame History

<?php
namespace Tests\Feature\Reporting;
use App\Models\Asset;
use App\Models\CheckoutAcceptance;
use App\Models\Company;
use App\Models\User;
use Tests\TestCase;
class DeleteAcceptanceAuthorizationTest extends TestCase
{
public function test_user_without_reports_view_cannot_delete_acceptance()
{
$acceptance = CheckoutAcceptance::factory()->pending()->create();
$this->actingAs(User::factory()->create())
->delete(route('reports/unaccepted_assets_delete', $acceptance->id))
->assertForbidden();
$this->assertNull($acceptance->fresh()->deleted_at);
}
public function test_reports_user_can_delete_acceptance_for_their_own_company()
{
$this->settings->enableMultipleFullCompanySupport();
[$companyA] = Company::factory()->count(2)->create();
$asset = Asset::factory()->create(['company_id' => $companyA->id]);
$reporter = User::factory()->canViewReports()->create(['company_id' => $companyA->id]);
$acceptance = CheckoutAcceptance::factory()->pending()->for($asset, 'checkoutable')->create();
$this->actingAs($reporter)
->delete(route('reports/unaccepted_assets_delete', $acceptance->id))
->assertRedirectToRoute('reports/unaccepted_assets')
->assertSessionHas('success');
$this->assertNotNull($acceptance->fresh()->deleted_at);
}
public function test_reports_user_cannot_delete_acceptance_belonging_to_another_company()
{
$this->settings->enableMultipleFullCompanySupport();
[$companyA, $companyB] = Company::factory()->count(2)->create();
$assetB = Asset::factory()->create(['company_id' => $companyB->id]);
$reporter = User::factory()->canViewReports()->create(['company_id' => $companyA->id]);
$acceptance = CheckoutAcceptance::factory()->pending()->for($assetB, 'checkoutable')->create();
$this->actingAs($reporter)
->delete(route('reports/unaccepted_assets_delete', $acceptance->id))
->assertRedirectToRoute('reports/unaccepted_assets')
->assertSessionHas('error');
$this->assertNull($acceptance->fresh()->deleted_at);
}
public function test_superuser_can_delete_acceptance_from_any_company()
{
$this->settings->enableMultipleFullCompanySupport();
[$companyA, $companyB] = Company::factory()->count(2)->create();
$assetB = Asset::factory()->create(['company_id' => $companyB->id]);
$superuser = User::factory()->superuser()->create(['company_id' => $companyA->id]);
$acceptance = CheckoutAcceptance::factory()->pending()->for($assetB, 'checkoutable')->create();
$this->actingAs($superuser)
->delete(route('reports/unaccepted_assets_delete', $acceptance->id))
->assertRedirectToRoute('reports/unaccepted_assets')
->assertSessionHas('success');
$this->assertNotNull($acceptance->fresh()->deleted_at);
}
public function test_company_scoping_not_enforced_when_fmcs_disabled()
{
$this->settings->disableMultipleFullCompanySupport();
[$companyA, $companyB] = Company::factory()->count(2)->create();
$assetB = Asset::factory()->create(['company_id' => $companyB->id]);
$reporter = User::factory()->canViewReports()->create(['company_id' => $companyA->id]);
$acceptance = CheckoutAcceptance::factory()->pending()->for($assetB, 'checkoutable')->create();
$this->actingAs($reporter)
->delete(route('reports/unaccepted_assets_delete', $acceptance->id))
->assertRedirectToRoute('reports/unaccepted_assets')
->assertSessionHas('success');
$this->assertNotNull($acceptance->fresh()->deleted_at);
}
}
Reference in New Issue View Git Blame Copy Permalink