Added negative tests

2026-03-12 17:52:00 +08:00 · 2026-03-11 18:50:41 +00:00
parent 7beabb3a9c
commit 17bbe7736a
2 changed files with 51 additions and 2 deletions
--- a/tests/Feature/Users/Api/UsersForSelectListTest.php
+++ b/tests/Feature/Users/Api/UsersForSelectListTest.php
@@ -44,7 +44,7 @@ class UsersForSelectListTest extends TestCase
    {
        User::factory()->create(['first_name' => 'Luke', 'last_name' => 'Skywalker', 'email' => 'luke@jedis.org']);

-        Passport::actingAs(User::factory()->create());
+        Passport::actingAs(User::factory()->create()->manageContactInfo());
        $response = $this->getJson(route('api.users.selectlist', ['search' => 'luke@jedis']))->assertOk();

        $results = collect($response->json('results'));
@@ -53,6 +53,18 @@ class UsersForSelectListTest extends TestCase
        $this->assertTrue($results->pluck('text')->contains(fn($text) => str_contains($text, 'Luke')));
    }

+    public function testUsersCannotBeSearchedByEmailWithoutPermission()
+    {
+        User::factory()->create(['first_name' => 'Luke', 'last_name' => 'Skywalker', 'email' => 'luke@jedis.org']);
+
+        Passport::actingAs(User::factory()->create());
+        $response = $this->getJson(route('api.users.selectlist', ['search' => 'luke@jedis']))->assertOk();
+
+        $results = collect($response->json('results'));
+
+        $this->assertEquals(0, $results->count());
+    }
+
    public function testUsersScopedToCompanyWhenMultipleFullCompanySupportEnabled()
    {
        $this->settings->enableMultipleFullCompanySupport();
--- a/tests/Feature/Users/Ui/CreateUserTest.php
+++ b/tests/Feature/Users/Ui/CreateUserTest.php
@@ -59,12 +59,49 @@ class CreateUserTest extends TestCase

    }

+    public function testCannotUpdateContactWithoutPermission()
+    {
+        Notification::fake();
+
+        $response = $this->actingAs(User::factory()->createUsers()->viewUsers()->create())
+            ->from(route('users.index'))
+            ->post(route('users.store'), [
+                'first_name' => 'Test First Name',
+                'last_name' => 'Test Last Name',
+                'username' => 'testuser',
+                'password' => 'testpassword1235!!',
+                'password_confirmation' => 'testpassword1235!!',
+                'activated' => '1',
+                'email' => 'foo@example.org',
+                'notes' => 'Test Note',
+            ])
+            ->assertSessionHasNoErrors()
+            ->assertStatus(302)
+            ->assertRedirect(route('users.index'));
+
+        $this->assertDatabaseHas('users', [
+            'first_name' => 'Test First Name',
+            'last_name' => 'Test Last Name',
+            'username' => 'testuser',
+            'activated' => '1',
+            'email' => null,
+            'notes' => 'Test Note',
+
+        ]);
+        Notification::assertNothingSent();
+        $this->followRedirects($response)->assertSee('Success');
+
+    }
+
    public function testCanCreateAndNotifyUser()
    {

        Notification::fake();
+        $admin = User::factory()->createUsers()->viewUsers()->manageContactInfo()->create();

-        $response = $this->actingAs(User::factory()->createUsers()->viewUsers()->manageContactInfo()->create())
+        // dd($admin);
+
+        $response = $this->actingAs($admin)
            ->from(route('users.index'))
            ->post(route('users.store'), [
                'first_name' => 'Test First Name',