diff --git a/tests/Feature/Locations/Api/DeleteLocationsTest.php b/tests/Feature/Locations/Api/DeleteLocationsTest.php index c023b4b3ad1d..796b9a1977fb 100644 --- a/tests/Feature/Locations/Api/DeleteLocationsTest.php +++ b/tests/Feature/Locations/Api/DeleteLocationsTest.php @@ -5,10 +5,22 @@ use App\Models\Asset; use App\Models\Location; use App\Models\User; +use Tests\Concerns\TestsPermissionsRequirement; use Tests\TestCase; -class DeleteLocationsTest extends TestCase +class DeleteLocationsTest extends TestCase implements TestsPermissionsRequirement { + public function testRequiresPermission() + { + $location = Location::factory()->create(); + + $this->actingAsForApi(User::factory()->create()) + ->deleteJson(route('api.locations.destroy', $location)) + ->assertForbidden(); + + $this->assertNotSoftDeleted($location); + } + public function testErrorReturnedViaApiIfLocationDoesNotExist() { $this->actingAsForApi(User::factory()->superuser()->create()) diff --git a/tests/Feature/Users/Api/DeleteUsersTest.php b/tests/Feature/Users/Api/DeleteUsersTest.php index d62e4028d448..1014634d4f5f 100644 --- a/tests/Feature/Users/Api/DeleteUsersTest.php +++ b/tests/Feature/Users/Api/DeleteUsersTest.php @@ -6,10 +6,23 @@ use App\Models\LicenseSeat; use App\Models\Location; use App\Models\User; +use Tests\Concerns\TestsMultipleFullCompanySupport; +use Tests\Concerns\TestsPermissionsRequirement; use Tests\TestCase; -class DeleteUsersTest extends TestCase +class DeleteUsersTest extends TestCase implements TestsMultipleFullCompanySupport, TestsPermissionsRequirement { + public function testRequiresPermission() + { + $user = User::factory()->create(); + + $this->actingAsForApi(User::factory()->create()) + ->deleteJson(route('api.users.destroy', $user)) + ->assertForbidden(); + + $this->assertNotSoftDeleted($user); + } + public function testErrorReturnedViaApiIfUserDoesNotExist() { $this->actingAsForApi(User::factory()->deleteUsers()->create()) @@ -75,25 +88,19 @@ public function testDisallowUserDeletionViaApiIfStillHasLicenses() ->json(); } - public function testDeniedPermissionsForDeletingUserViaApi() - { - $this->actingAsForApi(User::factory()->create()) - ->deleteJson(route('api.users.destroy', User::factory()->create())) - ->assertStatus(403) - ->json(); - } - - public function testSuccessPermissionsForDeletingUserViaApi() + public function testUsersCannotDeleteThemselves() { - $this->actingAsForApi(User::factory()->deleteUsers()->create()) - ->deleteJson(route('api.users.destroy', User::factory()->create())) + $user = User::factory()->deleteUsers()->create(); + $this->actingAsForApi($user) + ->deleteJson(route('api.users.destroy', $user)) ->assertOk() ->assertStatus(200) - ->assertStatusMessageIs('success') + ->assertStatusMessageIs('error') ->json(); + } - public function testPermissionsForDeletingIfNotInSameCompanyAndNotSuperadmin() + public function testAdheresToMultipleFullCompanySupportScoping() { $this->settings->enableMultipleFullCompanySupport(); @@ -132,18 +139,17 @@ public function testPermissionsForDeletingIfNotInSameCompanyAndNotSuperadmin() $userFromA->refresh(); $this->assertNotNull($userFromA->deleted_at); - } - public function testUsersCannotDeleteThemselves() + public function testCanDeleteUser() { - $user = User::factory()->deleteUsers()->create(); - $this->actingAsForApi($user) + $user = User::factory()->create(); + + $this->actingAsForApi(User::factory()->deleteUsers()->create()) ->deleteJson(route('api.users.destroy', $user)) ->assertOk() - ->assertStatus(200) - ->assertStatusMessageIs('error') - ->json(); + ->assertStatusMessageIs('success'); + $this->assertSoftDeleted($user); } }