diff --git a/database/factories/UserFactory.php b/database/factories/UserFactory.php index d8b1ac141c..2d9a54bc70 100644 --- a/database/factories/UserFactory.php +++ b/database/factories/UserFactory.php @@ -285,6 +285,11 @@ class UserFactory extends Factory return $this->appendPermission(['components.checkout' => '1']); } + public function viewCompanies() + { + return $this->appendPermission(['companies.view' => '1']); + } + public function createCompanies() { return $this->appendPermission(['companies.create' => '1']); diff --git a/tests/Feature/Categories/Api/IndexCategoriesTest.php b/tests/Feature/Categories/Api/IndexCategoriesTest.php index d27bfbb068..424ddf5b02 100644 --- a/tests/Feature/Categories/Api/IndexCategoriesTest.php +++ b/tests/Feature/Categories/Api/IndexCategoriesTest.php @@ -13,7 +13,7 @@ class IndexCategoriesTest extends TestCase public function testViewingCategoryIndexRequiresPermission() { $this->actingAsForApi(User::factory()->create()) - ->getJson(route('api.departments.index')) + ->getJson(route('api.categories.index')) ->assertForbidden(); } diff --git a/tests/Feature/Companies/Api/DeleteCompaniesTest.php b/tests/Feature/Companies/Api/DeleteCompaniesTest.php index 3dcdb4fd21..73d520f548 100644 --- a/tests/Feature/Companies/Api/DeleteCompaniesTest.php +++ b/tests/Feature/Companies/Api/DeleteCompaniesTest.php @@ -53,4 +53,26 @@ class DeleteCompaniesTest extends TestCase implements TestsPermissionsRequiremen $this->assertDatabaseMissing('companies', ['id' => $company->id]); } + + public function testAdheresToFullMultipleCompaniesSupportScoping() + { + + $this->settings->enableMultipleFullCompanySupport(); + + [$companyA, $companyB] = Company::factory()->count(2)->create(); + + $superUser = $companyA->users()->save(User::factory()->superuser()->make()); + $userInCompanyA = $companyA->users()->save(User::factory()->deleteCompanies()->create()); + + $this->actingAsForApi($userInCompanyA) + ->deleteJson(route('api.companies.destroy', $companyB)) + ->assertStatus(200) + ->assertStatusMessageIs('error'); + + $this->actingAsForApi($superUser) + ->deleteJson(route('api.companies.destroy', $companyB)) + ->assertStatus(200) + ->assertStatusMessageIs('success'); + + } } diff --git a/tests/Feature/Companies/Api/IndexCompaniesTest.php b/tests/Feature/Companies/Api/IndexCompaniesTest.php new file mode 100644 index 0000000000..3fa9b7f76d --- /dev/null +++ b/tests/Feature/Companies/Api/IndexCompaniesTest.php @@ -0,0 +1,76 @@ +actingAsForApi(User::factory()->create()) + ->getJson(route('api.companies.index')) + ->assertForbidden(); + } + + public function testCompanyIndexReturnsExpectedSearchResults() + { + Company::factory()->count(10)->create(); + Company::factory()->create(['name' => 'My Test Company']); + + $this->actingAsForApi(User::factory()->superuser()->create()) + ->getJson( + route('api.companies.index', [ + 'search' => 'My Test Company', + 'sort' => 'name', + 'order' => 'asc', + 'offset' => '0', + 'limit' => '20', + ])) + ->assertOk() + ->assertJsonStructure([ + 'total', + 'rows', + ]) + ->assertJson([ + 'total' => 1, + ]); + + } + + public function testAdheresToFullMultipleCompaniesSupportScoping() + { + + $this->settings->enableMultipleFullCompanySupport(); + + [$companyA, $companyB] = Company::factory()->count(2)->create(); + + $superUser = $companyA->users()->save(User::factory()->superuser()->make()); + $userInCompanyA = $companyA->users()->save(User::factory()->viewCompanies()->make()); + $userInCompanyB = $companyB->users()->save(User::factory()->viewCompanies()->make()); + + $this->actingAsForApi($userInCompanyA) + ->getJson(route('api.companies.index')) + ->assertOk() + ->assertResponseContainsInRows($companyA) + ->assertResponseDoesNotContainInRows($companyB); + + $this->actingAsForApi($userInCompanyB) + ->getJson(route('api.companies.index')) + ->assertOk() + ->assertResponseContainsInRows($companyB) + ->assertResponseDoesNotContainInRows($companyA); + + $this->actingAsForApi($superUser) + ->getJson(route('api.companies.index')) + ->assertOk() + ->assertResponseContainsInRows($companyA) + ->assertResponseContainsInRows($companyB); + } + + +} diff --git a/tests/Feature/Companies/Api/UpdateCompaniesTest.php b/tests/Feature/Companies/Api/UpdateCompaniesTest.php index 07a7e42117..d2e3484dbe 100644 --- a/tests/Feature/Companies/Api/UpdateCompaniesTest.php +++ b/tests/Feature/Companies/Api/UpdateCompaniesTest.php @@ -50,4 +50,52 @@ class UpdateCompaniesTest extends TestCase $this->assertEquals('A Changed Name', $company->name); $this->assertEquals('A Changed Note', $company->notes); } + + public function testAdheresToFullMultipleCompaniesSupportScoping() + { + + $this->settings->enableMultipleFullCompanySupport(); + + [$companyA, $companyB] = Company::factory()->count(2)->create(); + + $superUser = $companyA->users()->save(User::factory()->superuser()->make()); + $userInCompanyA = $companyA->users()->save(User::factory()->editCompanies()->create()); + $userInCompanyB = $companyB->users()->save(User::factory()->editCompanies()->create()); + + $this->actingAsForApi($userInCompanyA) + ->patchJson(route('api.companies.update', ['company' => $companyA->id]), [ + 'name' => 'A Changed Name', + 'notes' => 'A Changed Note', + ]) + ->assertStatus(200) + ->assertStatusMessageIs('success'); + + $this->actingAsForApi($userInCompanyB) + ->patchJson(route('api.companies.update', ['company' => $companyB]), [ + 'name' => 'Another Changed Name', + 'notes' => 'Another Changed Note', + ]) + ->assertStatus(200) + ->assertStatusMessageIs('success'); + + $this->actingAsForApi($userInCompanyA) + ->patchJson(route('api.companies.update', ['company' => $companyB->id]), [ + 'name' => 'Yet Another Changed Name', + 'notes' => 'Yet Another Changed Note', + ]) + ->assertJson([ + 'messages' => 'Company not found' + ]) + ->assertStatusMessageIs('error') + ->assertStatus(200); + + $this->actingAsForApi($superUser) + ->patchJson(route('api.companies.update', ['company' => $companyB->id]), [ + 'name' => 'One Final Changed Name', + 'notes' => 'One Final Changed Note', + ]) + ->assertStatus(200) + ->assertStatusMessageIs('success'); + + } }