e41220879
/
TIF_Nganjuk_E41220879
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
TIF_Nganjuk_E41220879/tests/Feature/UserManagementTest.php

330 lines
12 KiB
PHP
Raw Permalink Blame History

<?php
namespace Tests\Feature;
use App\Models\User;
use Tests\DatabaseTestCase;
class UserManagementTest extends DatabaseTestCase
{
private User $superadmin;
private User $dokter;
private User $apoteker;
protected function setUp(): void
{
parent::setUp();
$this->superadmin = User::factory()->create(['role' => 'superadmin']);
$this->dokter = User::factory()->create(['role' => 'dokter', 'name' => 'Dr. Budi']);
$this->apoteker = User::factory()->create(['role' => 'apoteker', 'name' => 'Apt. Siti']);
}
// ─────────────────────────────────────────
// Akses: hanya superadmin
// ─────────────────────────────────────────
public function test_superadmin_can_access_index(): void
{
$this->actingAs($this->superadmin);
$response = $this->get(route('user-management.index'));
$response->assertStatus(200);
}
public function test_dokter_cannot_access_index(): void
{
$this->actingAs($this->dokter);
$response = $this->get(route('user-management.index'));
$response->assertStatus(403);
}
public function test_apoteker_cannot_access_index(): void
{
$this->actingAs($this->apoteker);
$response = $this->get(route('user-management.index'));
$response->assertStatus(403);
}
public function test_guest_is_redirected_to_login(): void
{
$response = $this->get(route('user-management.index'));
$response->assertRedirect(route('login'));
}
// ─────────────────────────────────────────
// index — filter & search
// ─────────────────────────────────────────
public function test_index_does_not_show_superadmin_users(): void
{
$this->actingAs($this->superadmin);
$response = $this->get(route('user-management.index'));
$response->assertDontSee($this->superadmin->email);
$response->assertSee('Dr. Budi');
}
public function test_index_search_by_name(): void
{
$this->actingAs($this->superadmin);
$response = $this->get(route('user-management.index', ['search' => 'Budi']));
$response->assertSee('Dr. Budi');
$response->assertDontSee('Apt. Siti');
}
public function test_index_filter_by_role(): void
{
$this->actingAs($this->superadmin);
$response = $this->get(route('user-management.index', ['role' => 'dokter']));
$response->assertSee('Dr. Budi');
$response->assertDontSee('Apt. Siti');
}
// ─────────────────────────────────────────
// create & store
// ─────────────────────────────────────────
public function test_superadmin_can_access_create_page(): void
{
$this->actingAs($this->superadmin);
$response = $this->get(route('user-management.create'));
$response->assertStatus(200);
}
public function test_store_creates_new_dokter(): void
{
$this->actingAs($this->superadmin);
$response = $this->post(route('user-management.store'), [
'name' => 'Dr. Andi',
'email' => 'andi@example.com',
'role' => 'dokter',
'password' => 'password123',
'password_confirmation' => 'password123',
]);
$response->assertRedirect(route('user-management.index'));
$response->assertSessionHas('success');
$this->assertDatabaseHas('users', [
'email' => 'andi@example.com',
'role' => 'dokter',
]);
}
public function test_store_creates_new_apoteker(): void
{
$this->actingAs($this->superadmin);
$response = $this->post(route('user-management.store'), [
'name' => 'Apt. Rina',
'email' => 'rina@example.com',
'role' => 'apoteker',
'password' => 'password123',
'password_confirmation' => 'password123',
]);
$response->assertRedirect(route('user-management.index'));
$this->assertDatabaseHas('users', [
'email' => 'rina@example.com',
'role' => 'apoteker',
]);
}
public function test_store_fails_without_required_fields(): void
{
$this->actingAs($this->superadmin);
$response = $this->post(route('user-management.store'), []);
$response->assertSessionHasErrors(['name', 'email', 'role', 'password']);
}
public function test_store_fails_with_duplicate_email(): void
{
$this->actingAs($this->superadmin);
$response = $this->post(route('user-management.store'), [
'name' => 'Duplicate',
'email' => $this->dokter->email,
'role' => 'dokter',
'password' => 'password123',
'password_confirmation' => 'password123',
]);
$response->assertSessionHasErrors('email');
}
public function test_store_cannot_create_superadmin_role(): void
{
$this->actingAs($this->superadmin);
$response = $this->post(route('user-management.store'), [
'name' => 'Fake Admin',
'email' => 'fake@example.com',
'role' => 'superadmin',
'password' => 'password123',
'password_confirmation' => 'password123',
]);
$response->assertSessionHasErrors('role');
$this->assertDatabaseMissing('users', ['email' => 'fake@example.com']);
}
// ─────────────────────────────────────────
// edit & update
// ─────────────────────────────────────────
public function test_superadmin_can_access_edit_page(): void
{
$this->actingAs($this->superadmin);
$response = $this->get(route('user-management.edit', $this->dokter));
$response->assertStatus(200);
}
public function test_edit_superadmin_user_returns_403(): void
{
$this->actingAs($this->superadmin);
$otherAdmin = User::factory()->create(['role' => 'superadmin']);
$response = $this->get(route('user-management.edit', $otherAdmin));
$response->assertStatus(403);
}
public function test_update_changes_user_data(): void
{
$this->actingAs($this->superadmin);
$response = $this->put(route('user-management.update', $this->dokter), [
'name' => 'Dr. Budi Updated',
'email' => $this->dokter->email,
'role' => 'dokter',
]);
$response->assertRedirect(route('user-management.index'));
$response->assertSessionHas('success');
$this->assertEquals('Dr. Budi Updated', $this->dokter->fresh()->name);
}
public function test_update_can_change_role(): void
{
$this->actingAs($this->superadmin);
$response = $this->put(route('user-management.update', $this->dokter), [
'name' => $this->dokter->name,
'email' => $this->dokter->email,
'role' => 'apoteker',
]);
$response->assertRedirect(route('user-management.index'));
$this->assertEquals('apoteker', $this->dokter->fresh()->role);
}
public function test_update_without_password_keeps_old_password(): void
{
$this->actingAs($this->superadmin);
$oldPassword = $this->dokter->password;
$this->put(route('user-management.update', $this->dokter), [
'name' => $this->dokter->name,
'email' => $this->dokter->email,
'role' => 'dokter',
]);
$this->assertEquals($oldPassword, $this->dokter->fresh()->password);
}
public function test_update_with_new_password_changes_password(): void
{
$this->actingAs($this->superadmin);
$oldPassword = $this->dokter->password;
$this->put(route('user-management.update', $this->dokter), [
'name' => $this->dokter->name,
'email' => $this->dokter->email,
'role' => 'dokter',
'password' => 'newpassword123',
'password_confirmation' => 'newpassword123',
]);
$this->assertNotEquals($oldPassword, $this->dokter->fresh()->password);
}
public function test_update_superadmin_user_returns_403(): void
{
$this->actingAs($this->superadmin);
$otherAdmin = User::factory()->create(['role' => 'superadmin']);
$response = $this->put(route('user-management.update', $otherAdmin), [
'name' => 'Hacked',
'email' => $otherAdmin->email,
'role' => 'dokter',
]);
$response->assertStatus(403);
}
// ─────────────────────────────────────────
// destroy
// ─────────────────────────────────────────
public function test_destroy_deletes_user(): void
{
$this->actingAs($this->superadmin);
$userId = $this->dokter->id;
$response = $this->delete(route('user-management.destroy', $this->dokter));
$response->assertRedirect(route('user-management.index'));
$response->assertSessionHas('success');
$this->assertDatabaseMissing('users', ['id' => $userId]);
}
public function test_destroy_cannot_delete_superadmin(): void
{
$this->actingAs($this->superadmin);
$otherAdmin = User::factory()->create(['role' => 'superadmin']);
$response = $this->delete(route('user-management.destroy', $otherAdmin));
$response->assertStatus(403);
$this->assertDatabaseHas('users', ['id' => $otherAdmin->id]);
}
public function test_destroy_cannot_delete_self(): void
{
$this->actingAs($this->superadmin);
$response = $this->delete(route('user-management.destroy', $this->superadmin));
$response->assertRedirect(route('user-management.index'));
$response->assertSessionHas('error');
$this->assertDatabaseHas('users', ['id' => $this->superadmin->id]);
}
// ─────────────────────────────────────────
// Non-superadmin cannot store/update/destroy
// ─────────────────────────────────────────
public function test_dokter_cannot_store_user(): void
{
$this->actingAs($this->dokter);
$response = $this->post(route('user-management.store'), [
'name' => 'Unauthorized',
'email' => 'unauth@example.com',
'role' => 'dokter',
'password' => 'password123',
'password_confirmation' => 'password123',
]);
$response->assertStatus(403);
$this->assertDatabaseMissing('users', ['email' => 'unauth@example.com']);
}
public function test_apoteker_cannot_delete_user(): void
{
$this->actingAs($this->apoteker);
$response = $this->delete(route('user-management.destroy', $this->dokter));
$response->assertStatus(403);
$this->assertDatabaseHas('users', ['id' => $this->dokter->id]);
}
}
Reference in New Issue View Git Blame Copy Permalink