Last active
April 26, 2017 14:41
-
-
Save danielmorgan/f28fbe7ef620ab325cfdf2570cd39acb to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| //... | |
| /** @test */ | |
| function user_cannot_view_all_clubs() | |
| { | |
| $this->actingAs($this->mockUser()); | |
| $response = $this->get('/admin/clubs'); | |
| $response->assertStatus(403); | |
| $response->assertSee('403 Unauthorized'); | |
| $response->assertSee('Only the Super Admin can view the Football Club directory.'); | |
| } | |
| /** @test */ | |
| function user_cannot_see_create_new_football_club_page() | |
| { | |
| $this->actingAs($this->mockUser()); | |
| $response = $this->get('/admin/clubs/create'); | |
| $response->assertStatus(403); | |
| $response->assertSee('403 Unauthorized'); | |
| $response->assertSee('Only the Super Admin can create Football Clubs.'); | |
| } | |
| /** @test */ | |
| function user_cannot_store_a_new_football_club() | |
| { | |
| $this->actingAs($this->mockUser()); | |
| $response = $this->post('/admin/clubs', ['name' => 'Unauthorized FC']); | |
| $response->assertStatus(403); | |
| $response->assertSee('403 Unauthorized'); | |
| $response->assertSee('Only the Super Admin can create Football Clubs.'); | |
| } | |
| /** @test */ | |
| function user_cannot_see_football_club_edit_page() | |
| { | |
| $this->actingAs($this->mockUser()); | |
| factory(FootballClub::class)->create([ | |
| 'id' => 1, | |
| 'name' => 'Test FC', | |
| ]); | |
| $response = $this->get('/admin/clubs/1'); | |
| $response->assertStatus(403); | |
| $response->assertSee('403 Unauthorized'); | |
| $response->assertSee('Only the Super Admin can edit Football Clubs.'); | |
| } | |
| /** @test */ | |
| function user_cannot_update_a_football_club() | |
| { | |
| $this->actingAs($this->mockUser()); | |
| factory(FootballClub::class)->create([ | |
| 'id' => 1, | |
| 'name' => 'Test FC', | |
| ]); | |
| $response = $this->put('/admin/clubs/1', ['name' => 'New Name']); | |
| $response->assertStatus(403); | |
| $response->assertSee('403 Unauthorized'); | |
| $response->assertSee('Only the Super Admin can edit Football Clubs.'); | |
| $this->assertDatabaseHas('football_clubs', ['name' => 'Test FC']); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| //... | |
| /** | |
| * @param $method | |
| * @param $uri | |
| * @param array $parameters | |
| * @test | |
| * @dataProvider requestsRequiringAuthorization | |
| */ | |
| function authorization_policy_prevents_non_super_admin_users_from_interacting_with_football_clubs($method, $uri, $parameters = []) | |
| { | |
| $this->actingAs($this->mockUser()); | |
| factory(FootballClub::class)->create(['name' => 'Unchanged FC']); | |
| /** @var TestResponse $response */ | |
| $response = $this->$method($uri, $parameters); | |
| $response->assertStatus(403); | |
| $response->assertSee('403 Unauthorized'); | |
| $this->assertDatabaseHas('football_clubs', ['name' => 'Unchanged FC']); | |
| $this->assertDatabaseMissing('football_clubs', ['name' => 'Unauthorized FC']); | |
| } | |
| function requestsRequiringAuthorization() | |
| { | |
| return [ | |
| ['get', '/admin/clubs', []], | |
| ['get', '/admin/clubs/create', []], | |
| ['get', '/admin/clubs/1', []], | |
| ['post', '/admin/clubs', [ | |
| 'name' => 'Unauthorized FC' | |
| ]], | |
| ['put', '/admin/clubs/1', [ | |
| 'name' => 'New Name' | |
| ]], | |
| ]; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment