auth tests

tests/Feature/Auth/AuthControllerTest.php

@@ -0,0 +1,128 @@
+<?php
+
+namespace Tests\Feature\Auth;
+
+use App\Models\Role;
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class AuthControllerTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected $seed = true;
+
+    // ==================== Login Form ====================
+
+    public function test_login_page_is_accessible_to_guest(): void
+    {
+        $response = $this->get('/login');
+
+        $response->assertStatus(200);
+    }
+
+    public function test_authenticated_user_is_redirected_from_login_page(): void
+    {
+        $user = User::factory()->create(['role' => Role::MANAGER]);
+
+        $response = $this->actingAs($user)->get('/login');
+
+        $response->assertRedirect('/home');
+    }
+
+    // ==================== Login ====================
+
+    public function test_user_can_login_with_correct_credentials(): void
+    {
+        $user = User::factory()->create([
+            'role' => Role::MANAGER,
+            'password' => bcrypt('secret123'),
+        ]);
+
+        $response = $this->post('/login', [
+            'email' => $user->email,
+            'password' => 'secret123',
+        ]);
+
+        $response->assertRedirect('/order');
+        $this->assertAuthenticatedAs($user);
+    }
+
+    public function test_login_fails_with_wrong_password(): void
+    {
+        $user = User::factory()->create([
+            'password' => bcrypt('correct-password'),
+        ]);
+
+        $response = $this->post('/login', [
+            'email' => $user->email,
+            'password' => 'wrong-password',
+        ]);
+
+        $response->assertSessionHasErrors();
+        $this->assertGuest();
+    }
+
+    public function test_login_fails_with_nonexistent_email(): void
+    {
+        $response = $this->post('/login', [
+            'email' => 'nonexistent@example.com',
+            'password' => 'password',
+        ]);
+
+        $response->assertSessionHasErrors();
+        $this->assertGuest();
+    }
+
+    public function test_login_requires_email(): void
+    {
+        $response = $this->post('/login', [
+            'password' => 'password',
+        ]);
+
+        $response->assertSessionHasErrors('email');
+        $this->assertGuest();
+    }
+
+    public function test_login_requires_password(): void
+    {
+        $user = User::factory()->create();
+
+        $response = $this->post('/login', [
+            'email' => $user->email,
+        ]);
+
+        $response->assertSessionHasErrors('password');
+        $this->assertGuest();
+    }
+
+    // ==================== Logout ====================
+
+    public function test_authenticated_user_can_logout(): void
+    {
+        $user = User::factory()->create(['role' => Role::MANAGER]);
+
+        $response = $this->actingAs($user)->post('/logout');
+
+        $response->assertRedirect('/');
+        $this->assertGuest();
+    }
+
+    public function test_guest_cannot_access_protected_route(): void
+    {
+        $response = $this->get('/order');
+
+        $response->assertRedirect('/login');
+    }
+
+    public function test_guest_redirected_to_login_from_any_auth_route(): void
+    {
+        $routes = ['/order', '/reclamations', '/schedule'];
+
+        foreach ($routes as $route) {
+            $response = $this->get($route);
+            $response->assertRedirect('/login');
+        }
+    }
+}

tests/Feature/AuthorizationTest.php

@@ -0,0 +1,168 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\Models\Order;
+use App\Models\Role;
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class AuthorizationTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected $seed = true;
+
+    private User $adminUser;
+    private User $managerUser;
+    private User $brigadierUser;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->adminUser = User::factory()->create(['role' => Role::ADMIN]);
+        $this->managerUser = User::factory()->create(['role' => Role::MANAGER]);
+        $this->brigadierUser = User::factory()->create(['role' => Role::BRIGADIER]);
+    }
+
+    // ==================== Admin-only routes ====================
+
+    public function test_only_admin_can_access_admin_areas(): void
+    {
+        // Guest
+        $this->get(route('admin.area.index'))->assertRedirect(route('login'));
+
+        // Brigadier
+        $this->actingAs($this->brigadierUser)
+            ->get(route('admin.area.index'))
+            ->assertStatus(403);
+
+        // Manager
+        $this->actingAs($this->managerUser)
+            ->get(route('admin.area.index'))
+            ->assertStatus(403);
+
+        // Admin
+        $this->actingAs($this->adminUser)
+            ->get(route('admin.area.index'))
+            ->assertStatus(200);
+    }
+
+    public function test_only_admin_can_access_admin_districts(): void
+    {
+        $this->get(route('admin.district.index'))->assertRedirect(route('login'));
+
+        $this->actingAs($this->brigadierUser)
+            ->get(route('admin.district.index'))
+            ->assertStatus(403);
+
+        $this->actingAs($this->managerUser)
+            ->get(route('admin.district.index'))
+            ->assertStatus(403);
+
+        $this->actingAs($this->adminUser)
+            ->get(route('admin.district.index'))
+            ->assertStatus(200);
+    }
+
+    public function test_only_admin_can_access_user_management(): void
+    {
+        $this->get(route('user.index'))->assertRedirect(route('login'));
+
+        $this->actingAs($this->brigadierUser)
+            ->get(route('user.index'))
+            ->assertStatus(403);
+
+        $this->actingAs($this->managerUser)
+            ->get(route('user.index'))
+            ->assertStatus(403);
+
+        $this->actingAs($this->adminUser)
+            ->get(route('user.index'))
+            ->assertStatus(200);
+    }
+
+    // ==================== Manager cannot delete users ====================
+
+    public function test_manager_cannot_delete_user(): void
+    {
+        $targetUser = User::factory()->create(['role' => Role::BRIGADIER]);
+
+        $this->actingAs($this->managerUser)
+            ->delete(route('user.destroy', $targetUser))
+            ->assertStatus(403);
+    }
+
+    public function test_admin_can_delete_user(): void
+    {
+        $targetUser = User::factory()->create(['role' => Role::BRIGADIER]);
+
+        $this->actingAs($this->adminUser)
+            ->delete(route('user.destroy', $targetUser))
+            ->assertRedirect();
+
+        $this->assertSoftDeleted('users', ['id' => $targetUser->id]);
+    }
+
+    // ==================== Brigadier access restrictions ====================
+
+    public function test_brigadier_can_access_orders_index(): void
+    {
+        $this->actingAs($this->brigadierUser)
+            ->get(route('order.index'))
+            ->assertStatus(200);
+    }
+
+    public function test_brigadier_cannot_access_admin_panel(): void
+    {
+        $this->actingAs($this->brigadierUser)
+            ->get(route('admin.area.index'))
+            ->assertStatus(403);
+
+        $this->actingAs($this->brigadierUser)
+            ->get(route('admin.district.index'))
+            ->assertStatus(403);
+    }
+
+    public function test_brigadier_cannot_access_user_management(): void
+    {
+        $this->actingAs($this->brigadierUser)
+            ->get(route('user.index'))
+            ->assertStatus(403);
+    }
+
+    // ==================== Manager access ====================
+
+    public function test_manager_can_access_orders(): void
+    {
+        $this->actingAs($this->managerUser)
+            ->get(route('order.index'))
+            ->assertStatus(200);
+    }
+
+    public function test_manager_can_access_reclamations(): void
+    {
+        $this->actingAs($this->managerUser)
+            ->get(route('reclamations.index'))
+            ->assertStatus(200);
+    }
+
+    // ==================== Guest redirects ====================
+
+    public function test_guest_redirected_from_order(): void
+    {
+        $this->get(route('order.index'))->assertRedirect(route('login'));
+    }
+
+    public function test_guest_redirected_from_reclamations(): void
+    {
+        $this->get(route('reclamations.index'))->assertRedirect(route('login'));
+    }
+
+    public function test_guest_redirected_from_schedule(): void
+    {
+        $this->get(route('schedule.index'))->assertRedirect(route('login'));
+    }
+}