From ab16af1ca93c543c88ec11a40747c365205b9787 Mon Sep 17 00:00:00 2001 From: Ewelina Lasowy <56546832+EwelinaLasowy@users.noreply.github.com> Date: Wed, 30 Mar 2022 09:54:29 +0200 Subject: [PATCH] - Permissions tests (#97) * - added some test * - cr fix * - cr fix * - cr fix * - cr fix --- tests/Feature/MonthlyUsageTest.php | 32 +++++ tests/Feature/VacationCalendarTest.php | 32 +++++ tests/Feature/VacationRequestTest.php | 180 ++++++++++++++++++++++++- 3 files changed, 238 insertions(+), 6 deletions(-) create mode 100644 tests/Feature/MonthlyUsageTest.php create mode 100644 tests/Feature/VacationCalendarTest.php diff --git a/tests/Feature/MonthlyUsageTest.php b/tests/Feature/MonthlyUsageTest.php new file mode 100644 index 0000000..cface61 --- /dev/null +++ b/tests/Feature/MonthlyUsageTest.php @@ -0,0 +1,32 @@ +admin()->createQuietly(); + + $this->actingAs($admin) + ->get("/monthly-usage") + ->assertOk(); + } + + public function testEmployeeCannotSeeVacationsMonthlyUsage(): void + { + $user = User::factory()->createQuietly(); + + $this->actingAs($user) + ->get("/monthly-usage") + ->assertForbidden(); + } +} diff --git a/tests/Feature/VacationCalendarTest.php b/tests/Feature/VacationCalendarTest.php new file mode 100644 index 0000000..54d7959 --- /dev/null +++ b/tests/Feature/VacationCalendarTest.php @@ -0,0 +1,32 @@ +administrativeApprover()->createQuietly(); + + $this->actingAs($administrativeApprover) + ->get("/timesheet/january") + ->assertOk(); + } + + public function testEmployeeCannotDownloadTimesheet(): void + { + $user = User::factory()->createQuietly(); + + $this->actingAs($user) + ->get("/timesheet/january") + ->assertForbidden(); + } +} diff --git a/tests/Feature/VacationRequestTest.php b/tests/Feature/VacationRequestTest.php index 07bf8a5..0335f95 100644 --- a/tests/Feature/VacationRequestTest.php +++ b/tests/Feature/VacationRequestTest.php @@ -13,6 +13,7 @@ use Tests\FeatureTestCase; use Toby\Domain\Enums\VacationType; use Toby\Domain\PolishHolidaysRetriever; use Toby\Domain\States\VacationRequest\Approved; +use Toby\Domain\States\VacationRequest\Cancelled; use Toby\Domain\States\VacationRequest\Rejected; use Toby\Domain\States\VacationRequest\WaitingForAdministrative; use Toby\Domain\States\VacationRequest\WaitingForTechnical; @@ -79,7 +80,7 @@ class VacationRequestTest extends FeatureTestCase "to" => Carbon::create($currentYearPeriod->year, 2, 11)->toDateString(), "comment" => "Comment for the vacation request.", ]) - ->assertSessionHasNoErrors(); + ->assertRedirect(); $this->assertDatabaseHas("vacation_requests", [ "user_id" => $user->id, @@ -114,7 +115,7 @@ class VacationRequestTest extends FeatureTestCase "to" => Carbon::create($currentYearPeriod->year, 2, 11)->toDateString(), "comment" => "Comment for the vacation request.", ]) - ->assertSessionHasNoErrors(); + ->assertRedirect(); $this->assertDatabaseHas("vacation_requests", [ "user_id" => $user->id, @@ -151,7 +152,7 @@ class VacationRequestTest extends FeatureTestCase "comment" => "Comment for the vacation request.", "flowSkipped" => true, ]) - ->assertSessionHasNoErrors(); + ->assertRedirect(); $this->assertDatabaseHas("vacation_requests", [ "user_id" => $user->id, @@ -181,7 +182,7 @@ class VacationRequestTest extends FeatureTestCase $this->actingAs($technicalApprover) ->post("/vacation-requests/{$vacationRequest->id}/accept-as-technical") - ->assertSessionHasNoErrors(); + ->assertRedirect(); $vacationRequest->refresh(); @@ -204,7 +205,7 @@ class VacationRequestTest extends FeatureTestCase $this->actingAs($administrativeApprover) ->post("/vacation-requests/{$vacationRequest->id}/accept-as-administrative") - ->assertSessionHasNoErrors(); + ->assertRedirect(); $vacationRequest->refresh(); @@ -235,7 +236,7 @@ class VacationRequestTest extends FeatureTestCase $this->actingAs($technicalApprover) ->post("/vacation-requests/{$vacationRequest->id}/reject") - ->assertSessionHasNoErrors(); + ->assertRedirect(); $vacationRequest->refresh(); @@ -430,4 +431,171 @@ class VacationRequestTest extends FeatureTestCase "vacationRequest" => __("The vacation request cannot be created at the turn of the year."), ]); } + + public function testEmployeeCanSeeOnlyHisVacationRequests(): void + { + $user = User::factory()->createQuietly(); + + $this->actingAs($user) + ->get("/vacation-requests") + ->assertRedirect("/vacation-requests/me"); + } + + public function testEmployeeCannotCreateVacationRequestForAnotherEmployee(): void + { + $user = User::factory()->createQuietly(); + $anotherUser = User::factory()->createQuietly(); + + $currentYearPeriod = YearPeriod::current(); + + $this->actingAs($user) + ->post("/vacation-requests", [ + "user" => $anotherUser->id, + "type" => VacationType::Vacation->value, + "from" => Carbon::create($currentYearPeriod->year, 2, 7)->toDateString(), + "to" => Carbon::create($currentYearPeriod->year, 2, 11)->toDateString(), + "comment" => "Comment for the vacation request.", + ]) + ->assertForbidden(); + } + + public function testEmployeeCanCancelVacationRequestWithWaitingForAdministrativeStatus(): void + { + $user = User::factory()->createQuietly(); + $currentYearPeriod = YearPeriod::current(); + + VacationLimit::factory([ + "days" => 20, + ]) + ->for($user) + ->for($currentYearPeriod) + ->create(); + + /** @var VacationRequest $vacationRequest */ + $vacationRequest = VacationRequest::factory([ + "state" => WaitingForAdministrative::class, + "type" => VacationType::Vacation, + ]) + ->for($user) + ->for($currentYearPeriod) + ->create(); + + $this->actingAs($user) + ->post("/vacation-requests/{$vacationRequest->id}/cancel") + ->assertRedirect(); + + $vacationRequest->refresh(); + + $this->assertTrue($vacationRequest->state->equals(Cancelled::class)); + } + + public function testEmployeeCannotCancelVacationRequestWithApprovedStatus(): void + { + $user = User::factory()->createQuietly(); + $currentYearPeriod = YearPeriod::current(); + + VacationLimit::factory([ + "days" => 20, + ]) + ->for($user) + ->for($currentYearPeriod) + ->create(); + + /** @var VacationRequest $vacationRequest */ + $vacationRequest = VacationRequest::factory([ + "state" => Approved::class, + "type" => VacationType::Vacation, + ]) + ->for($user) + ->for($currentYearPeriod) + ->create(); + + $this->actingAs($user) + ->post("/vacation-requests/{$vacationRequest->id}/cancel") + ->assertForbidden(); + } + + public function testAdministrativeApproverCanCancelVacationRequestWithApprovedStatus(): void + { + $user = User::factory()->createQuietly(); + $administrativeApprover = User::factory()->administrativeApprover()->createQuietly(); + $currentYearPeriod = YearPeriod::current(); + + VacationLimit::factory([ + "days" => 20, + ]) + ->for($user) + ->for($currentYearPeriod) + ->create(); + + /** @var VacationRequest $vacationRequest */ + $vacationRequest = VacationRequest::factory([ + "state" => Approved::class, + "type" => VacationType::Vacation, + ]) + ->for($user) + ->for($currentYearPeriod) + ->create(); + + $this->actingAs($administrativeApprover) + ->post("/vacation-requests/{$vacationRequest->id}/cancel") + ->assertRedirect(); + + $vacationRequest->refresh(); + + $this->assertTrue($vacationRequest->state->equals(Cancelled::class)); + } + + public function testEmployeeCanDownloadHisVacationRequestAsPdf(): void + { + $user = User::factory()->createQuietly(); + $currentYearPeriod = YearPeriod::current(); + + VacationLimit::factory([ + "days" => 20, + ]) + ->for($user) + ->for($currentYearPeriod) + ->create(); + + /** @var VacationRequest $vacationRequest */ + $vacationRequest = VacationRequest::factory([ + "state" => WaitingForTechnical::class, + "type" => VacationType::Vacation, + ]) + ->for($user) + ->for($currentYearPeriod) + ->create(); + + $this->actingAs($user) + ->get("/vacation-requests/{$vacationRequest->id}/download") + ->assertSuccessful(); + } + + public function testEmployeeCannotDownloadAnotherEmployeesVacationRequestAsPdf(): void + { + $user = User::factory()->createQuietly(); + $anotherUser = User::factory()->createQuietly(); + $currentYearPeriod = YearPeriod::current(); + + VacationLimit::factory([ + "days" => 20, + ]) + ->for($anotherUser) + ->for($currentYearPeriod) + ->create(); + + /** @var VacationRequest $vacationRequest */ + $vacationRequest = VacationRequest::factory([ + "state" => WaitingForTechnical::class, + "type" => VacationType::Vacation, + ]) + ->for($anotherUser) + ->for($currentYearPeriod) + ->create(); + + $this->actingAs($user) + ->get("/vacation-requests/{$vacationRequest->id}/download") + ->assertForbidden(); + } }