| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134 |
- <?php
- namespace Tests\Feature;
- use App\Models\Permission;
- use App\Models\Role;
- use App\Models\User;
- use Database\Seeders\RbacSeeder;
- use Illuminate\Foundation\Testing\RefreshDatabase;
- use Tests\TestCase;
- class AdminRoleControllerTest extends TestCase
- {
- use RefreshDatabase;
- private User $adminUser;
- protected function setUp(): void
- {
- parent::setUp();
- $this->adminUser = User::factory()->create(['role' => Role::ADMIN]);
- $this->seed(RbacSeeder::class);
- $this->adminUser->refresh();
- }
- public function test_admin_can_open_roles_index(): void
- {
- $this->actingAs($this->adminUser)
- ->get(route('admin.roles.index'))
- ->assertOk()
- ->assertSee('Роли и права');
- }
- public function test_admin_role_update_keeps_all_permissions_allowed(): void
- {
- $adminRole = Role::query()->where('slug', Role::ADMIN)->firstOrFail();
- $permission = Permission::query()->where('slug', 'catalog.delete')->firstOrFail();
- $this->actingAs($this->adminUser)
- ->put(route('admin.roles.update', $adminRole), [
- 'slug' => Role::ADMIN,
- 'name' => 'Админ',
- 'is_active' => '0',
- 'permission_effects' => [
- $permission->id => 'deny',
- ],
- ])
- ->assertRedirect(route('admin.roles.edit', $adminRole));
- $this->assertDatabaseHas('roles', [
- 'id' => $adminRole->id,
- 'is_active' => true,
- ]);
- $this->assertDatabaseHas('role_permissions', [
- 'role_id' => $adminRole->id,
- 'permission_id' => $permission->id,
- 'effect' => 'allow',
- ]);
- }
- public function test_role_cannot_be_deleted_while_any_user_references_it(): void
- {
- $role = Role::query()->where('slug', Role::MANAGER)->firstOrFail();
- User::factory()->create([
- 'role' => Role::MANAGER,
- 'role_id' => $role->id,
- 'deleted_at' => now(),
- ]);
- $this->actingAs($this->adminUser)
- ->delete(route('admin.roles.destroy', $role))
- ->assertRedirect(route('admin.roles.edit', $role));
- $this->assertDatabaseHas('roles', ['id' => $role->id]);
- }
- public function test_role_can_be_created_from_user_effective_permissions(): void
- {
- $managerRole = Role::query()->where('slug', Role::MANAGER)->firstOrFail();
- $user = User::factory()->create([
- 'role' => Role::MANAGER,
- 'role_id' => $managerRole->id,
- ]);
- $permission = Permission::query()->where('slug', 'catalog.view')->firstOrFail();
- $user->permissions()->syncWithoutDetaching([
- $permission->id => ['effect' => 'deny'],
- ]);
- $this->actingAs($this->adminUser)
- ->post(route('admin.roles.store-from-user', $user), [
- 'name' => 'Тестовая роль',
- 'slug' => 'test_custom_role',
- ])
- ->assertRedirect();
- $role = Role::query()->where('slug', 'test_custom_role')->firstOrFail();
- $this->assertDatabaseHas('role_permissions', [
- 'role_id' => $role->id,
- 'permission_id' => $permission->id,
- 'effect' => 'deny',
- ]);
- }
- public function test_user_permission_override_can_deny_role_permission(): void
- {
- $managerRole = Role::query()->where('slug', Role::MANAGER)->firstOrFail();
- $user = User::factory()->create([
- 'role' => Role::MANAGER,
- 'role_id' => $managerRole->id,
- ]);
- $permission = Permission::query()->where('slug', 'catalog.view')->firstOrFail();
- $this->actingAs($this->adminUser)
- ->post(route('user.store'), [
- 'id' => $user->id,
- 'email' => $user->email,
- 'name' => $user->name,
- 'role_id' => $managerRole->id,
- 'permission_effects' => [
- $permission->id => 'deny',
- ],
- ])
- ->assertRedirect(route('user.index'));
- $this->assertDatabaseHas('user_permissions', [
- 'user_id' => $user->id,
- 'permission_id' => $permission->id,
- 'effect' => 'deny',
- ]);
- $this->assertFalse($user->refresh()->hasPermission('catalog.view'));
- }
- }
|
