actingAsApiEditor(); foreach ($this->endpointMap as [$method, $uri]) { $resp = $this->json($method, $uri); $resp->assertStatus(403); $resp->assertJson($this->permissionErrorResponse()); } } public function test_index_endpoint_returns_expected_role_and_count() { $this->actingAsApiAdmin(); /** @var Role $firstRole */ $firstRole = Role::query()->orderBy('id', 'asc')->first(); $resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id'); $resp->assertJson(['data' => [ [ 'id' => $firstRole->id, 'display_name' => $firstRole->display_name, 'description' => $firstRole->description, 'mfa_enforced' => $firstRole->mfa_enforced, 'external_auth_id' => $firstRole->external_auth_id, 'permissions_count' => $firstRole->permissions()->count(), 'users_count' => $firstRole->users()->count(), 'created_at' => $firstRole->created_at->toJSON(), 'updated_at' => $firstRole->updated_at->toJSON(), ], ]]); $resp->assertJson(['total' => Role::query()->count()]); } public function test_create_endpoint() { $this->actingAsApiAdmin(); /** @var Role $role */ $role = Role::query()->first(); $resp = $this->postJson($this->baseEndpoint, [ 'display_name' => 'My awesome role', 'description' => 'My great role description', 'mfa_enforced' => true, 'external_auth_id' => 'auth_id', 'permissions' => [ 'content-export', 'page-view-all', 'page-view-own', 'users-manage', ] ]); $resp->assertStatus(200); $resp->assertJson([ 'display_name' => 'My awesome role', 'description' => 'My great role description', 'mfa_enforced' => true, 'external_auth_id' => 'auth_id', 'permissions' => [ 'content-export', 'page-view-all', 'page-view-own', 'users-manage', ] ]); $this->assertDatabaseHas('roles', [ 'display_name' => 'My awesome role', 'description' => 'My great role description', 'mfa_enforced' => true, 'external_auth_id' => 'auth_id', ]); /** @var Role $role */ $role = Role::query()->where('display_name', '=', 'My awesome role')->first(); $this->assertActivityExists(ActivityType::ROLE_CREATE, null, $role->logDescriptor()); $this->assertEquals(4, $role->permissions()->count()); } public function test_create_name_and_description_validation() { $this->actingAsApiAdmin(); /** @var User $existingUser */ $existingUser = User::query()->first(); $resp = $this->postJson($this->baseEndpoint, [ 'description' => 'My new role', ]); $resp->assertStatus(422); $resp->assertJson($this->validationResponse(['display_name' => ['The display name field is required.']])); $resp = $this->postJson($this->baseEndpoint, [ 'name' => 'My great role with a too long desc', 'description' => str_repeat('My great desc', 20), ]); $resp->assertStatus(422); $resp->assertJson($this->validationResponse(['description' => ['The description may not be greater than 180 characters.']])); } public function test_read_endpoint() { $this->actingAsApiAdmin(); $role = $this->users->editor()->roles()->first(); $resp = $this->getJson($this->baseEndpoint . "/{$role->id}"); $resp->assertStatus(200); $resp->assertJson([ 'display_name' => $role->display_name, 'description' => $role->description, 'mfa_enforced' => $role->mfa_enforced, 'external_auth_id' => $role->external_auth_id, 'permissions' => $role->permissions()->orderBy('name', 'asc')->pluck('name')->toArray(), 'users' => $role->users()->get()->map(function (User $user) { return [ 'id' => $user->id, 'name' => $user->name, 'slug' => $user->slug, ]; })->toArray(), ]); } public function test_update_endpoint() { $this->actingAsApiAdmin(); $role = $this->users->editor()->roles()->first(); $resp = $this->putJson($this->baseEndpoint . "/{$role->id}", [ 'display_name' => 'My updated role', 'description' => 'My great role description', 'mfa_enforced' => true, 'external_auth_id' => 'updated_auth_id', 'permissions' => [ 'content-export', 'page-view-all', 'page-view-own', 'users-manage', ] ]); $resp->assertStatus(200); $resp->assertJson([ 'id' => $role->id, 'display_name' => 'My updated role', 'description' => 'My great role description', 'mfa_enforced' => true, 'external_auth_id' => 'updated_auth_id', 'permissions' => [ 'content-export', 'page-view-all', 'page-view-own', 'users-manage', ] ]); $role->refresh(); $this->assertEquals(4, $role->permissions()->count()); $this->assertActivityExists(ActivityType::ROLE_UPDATE); } public function test_update_endpoint_does_not_remove_info_if_not_provided() { $this->actingAsApiAdmin(); $role = $this->users->editor()->roles()->first(); $resp = $this->putJson($this->baseEndpoint . "/{$role->id}", []); $permissionCount = $role->permissions()->count(); $resp->assertStatus(200); $this->assertDatabaseHas('roles', [ 'id' => $role->id, 'display_name' => $role->display_name, 'description' => $role->description, 'external_auth_id' => $role->external_auth_id, ]); $role->refresh(); $this->assertEquals($permissionCount, $role->permissions()->count()); } public function test_delete_endpoint() { $this->actingAsApiAdmin(); $role = $this->users->editor()->roles()->first(); $resp = $this->deleteJson($this->baseEndpoint . "/{$role->id}"); $resp->assertStatus(204); $this->assertActivityExists(ActivityType::ROLE_DELETE, null, $role->logDescriptor()); } public function test_delete_endpoint_fails_deleting_system_role() { $this->actingAsApiAdmin(); $adminRole = Role::getSystemRole('admin'); $resp = $this->deleteJson($this->baseEndpoint . "/{$adminRole->id}"); $resp->assertStatus(500); $resp->assertJson($this->errorResponse('This role is a system role and cannot be deleted', 500)); } public function test_delete_endpoint_fails_deleting_default_registration_role() { $this->actingAsApiAdmin(); $role = $this->users->attachNewRole($this->users->editor()); $this->setSettings(['registration-role' => $role->id]); $resp = $this->deleteJson($this->baseEndpoint . "/{$role->id}"); $resp->assertStatus(500); $resp->assertJson($this->errorResponse('This role cannot be deleted while set as the default registration role', 500)); } }