framework/tests/integration/api/discussions/ShowTest.php

<?php

/*
 * This file is part of Flarum.
 *
 * For detailed copyright and license information, please view the
 * LICENSE file that was distributed with this source code.
 */

namespace Flarum\Tests\integration\api\discussions;

use Carbon\Carbon;
use Flarum\Event\ScopeModelVisibility;
use Flarum\Tests\integration\RetrievesAuthorizedUsers;
use Flarum\Tests\integration\TestCase;
use Illuminate\Contracts\Events\Dispatcher;
use Illuminate\Support\Arr;

class ShowTest extends TestCase
{
    use RetrievesAuthorizedUsers;

    protected function setUp(): void
    {
        parent::setUp();

        $this->prepareDatabase([
            'discussions' => [
                ['id' => 1, 'title' => 'Empty discussion', 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'first_post_id' => null, 'comment_count' => 0, 'is_private' => 0],
                ['id' => 2, 'title' => 'Discussion with post', 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'first_post_id' => 1, 'comment_count' => 1, 'is_private' => 0],
                ['id' => 3, 'title' => 'Private discussion', 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'first_post_id' => null, 'comment_count' => 0, 'is_private' => 1],
                ['id' => 4, 'title' => 'Discussion with hidden post', 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'first_post_id' => 2, 'comment_count' => 1, 'is_private' => 0],
            ],
            'posts' => [
                ['id' => 1, 'discussion_id' => 2, 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'type' => 'comment', 'content' => '<t><p>a normal reply - too-obscure</p></t>'],
                ['id' => 2, 'discussion_id' => 4, 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'type' => 'comment', 'content' => '<t><p>a hidden reply - too-obscure</p></t>', 'hidden_at' => Carbon::now()->toDateTimeString()],
            ],
            'users' => [
                $this->normalUser(),
            ],
            'groups' => [
                $this->guestGroup(),
                $this->memberGroup(),
            ],
            'group_user' => [
                ['user_id' => 2, 'group_id' => 3],
            ],
            'group_permission' => [
                ['permission' => 'viewDiscussions', 'group_id' => 2],
                ['permission' => 'viewDiscussions', 'group_id' => 3],
            ]
        ]);
    }

    /**
     * @test
     */
    public function author_can_see_discussion()
    {
        $response = $this->send(
            $this->request('GET', '/api/discussions/1', [
                'authenticatedAs' => 2,
            ])
        );

        $this->assertEquals(200, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function guest_cannot_see_empty_discussion()
    {
        $response = $this->send(
            $this->request('GET', '/api/discussions/1')
        );

        $this->assertEquals(404, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function guest_cannot_see_hidden_posts()
    {
        $response = $this->send(
            $this->request('GET', '/api/discussions/4')
        );

        $json = json_decode($response->getBody()->getContents(), true);

        $this->assertNull(Arr::get($json, 'data.relationships.posts'));
    }

    /**
     * @test
     */
    public function author_can_see_hidden_posts()
    {
        $response = $this->send(
            $this->request('GET', '/api/discussions/4', [
                'authenticatedAs' => 2,
            ])
        );

        $json = json_decode($response->getBody()->getContents(), true);

        $this->assertEquals(2, Arr::get($json, 'data.relationships.posts.data.0.id'));
    }

    /**
     * @test
     */
    public function when_allowed_guests_can_see_hidden_posts()
    {
        /** @var Dispatcher $events */
        $events = $this->app()->getContainer()->make(Dispatcher::class);

        $events->listen(ScopeModelVisibility::class, function (ScopeModelVisibility $event) {
            if ($event->ability === 'hidePosts') {
                $event->query->whereRaw('1=1');
            }
        });

        $response = $this->send(
            $this->request('GET', '/api/discussions/4')
        );

        $json = json_decode($response->getBody()->getContents(), true);

        $this->assertEquals(2, Arr::get($json, 'data.relationships.posts.data.0.id'));
    }

    /**
     * @test
     */
    public function guest_can_see_discussion()
    {
        $response = $this->send(
            $this->request('GET', '/api/discussions/2')
        );

        $this->assertEquals(200, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function guests_cannot_see_private_discussion()
    {
        $response = $this->send(
            $this->request('GET', '/api/discussions/3')
        );

        $this->assertEquals(404, $response->getStatusCode());
    }
}
additional tests for api controllers (#1433) * added CreatePostControllerTest * added DeleteDiscussionControllerTest * added ListDiscussionControllerTest * added TokenControllerTest * minor improvement to policy, no need for Carbon object there, added ShowDiscussionControllerTest * added showDiscussionControllerTest but cant make Guests view the discussion created by a user * viewing for guests tested, we might need factories 2018-05-16 15:25:48 +08:00			`<?php`

			`/*`
			`* This file is part of Flarum.`
			`*`
Apply fixes from StyleCI [ci skip] [skip ci] 2019-11-28 08:16:50 +08:00			`* For detailed copyright and license information, please view the`
			`* LICENSE file that was distributed with this source code.`
additional tests for api controllers (#1433) * added CreatePostControllerTest * added DeleteDiscussionControllerTest * added ListDiscussionControllerTest * added TokenControllerTest * minor improvement to policy, no need for Carbon object there, added ShowDiscussionControllerTest * added showDiscussionControllerTest but cant make Guests view the discussion created by a user * viewing for guests tested, we might need factories 2018-05-16 15:25:48 +08:00			`*/`

Convert last two controller tests to request tests 2020-03-27 20:39:38 +08:00			`namespace Flarum\Tests\integration\api\discussions;`
additional tests for api controllers (#1433) * added CreatePostControllerTest * added DeleteDiscussionControllerTest * added ListDiscussionControllerTest * added TokenControllerTest * minor improvement to policy, no need for Carbon object there, added ShowDiscussionControllerTest * added showDiscussionControllerTest but cant make Guests view the discussion created by a user * viewing for guests tested, we might need factories 2018-05-16 15:25:48 +08:00
Make integration tests independent This creates a dedicated test suite for integration tests. All of them can be run independently, and there is no order dependency - previously, all integration tests needed the installer test to run first, and they would fail if installation failed. Now, the developer will have to set up a Flarum database to be used by these tests. A setup script to make this simple will be added in the next commit. Small tradeoff: the installer is NOT tested in our test suite anymore, only implicitly through the setup script. If we decide that this is a problem, we can still set up separate, dedicated installer tests which should probably test the web installer. 2019-01-31 04:15:27 +08:00			`use Carbon\Carbon;`
fixes #1827 - set default statement to block access - added tests to confirm all scenarios work as intended 2019-07-29 19:22:10 +08:00			`use Flarum\Event\ScopeModelVisibility;`
Convert last two controller tests to request tests 2020-03-27 20:39:38 +08:00			`use Flarum\Tests\integration\RetrievesAuthorizedUsers;`
			`use Flarum\Tests\integration\TestCase;`
fixes #1827 - set default statement to block access - added tests to confirm all scenarios work as intended 2019-07-29 19:22:10 +08:00			`use Illuminate\Contracts\Events\Dispatcher;`
			`use Illuminate\Support\Arr;`
additional tests for api controllers (#1433) * added CreatePostControllerTest * added DeleteDiscussionControllerTest * added ListDiscussionControllerTest * added TokenControllerTest * minor improvement to policy, no need for Carbon object there, added ShowDiscussionControllerTest * added showDiscussionControllerTest but cant make Guests view the discussion created by a user * viewing for guests tested, we might need factories 2018-05-16 15:25:48 +08:00
Convert last two controller tests to request tests 2020-03-27 20:39:38 +08:00			`class ShowTest extends TestCase`
additional tests for api controllers (#1433) * added CreatePostControllerTest * added DeleteDiscussionControllerTest * added ListDiscussionControllerTest * added TokenControllerTest * minor improvement to policy, no need for Carbon object there, added ShowDiscussionControllerTest * added showDiscussionControllerTest but cant make Guests view the discussion created by a user * viewing for guests tested, we might need factories 2018-05-16 15:25:48 +08:00			`{`
Convert last two controller tests to request tests 2020-03-27 20:39:38 +08:00			`use RetrievesAuthorizedUsers;`
additional tests for api controllers (#1433) * added CreatePostControllerTest * added DeleteDiscussionControllerTest * added ListDiscussionControllerTest * added TokenControllerTest * minor improvement to policy, no need for Carbon object there, added ShowDiscussionControllerTest * added showDiscussionControllerTest but cant make Guests view the discussion created by a user * viewing for guests tested, we might need factories 2018-05-16 15:25:48 +08:00
Make tests compatible with PHPUnit 8 2020-03-28 08:26:26 +08:00			`protected function setUp(): void`
additional tests for api controllers (#1433) * added CreatePostControllerTest * added DeleteDiscussionControllerTest * added ListDiscussionControllerTest * added TokenControllerTest * minor improvement to policy, no need for Carbon object there, added ShowDiscussionControllerTest * added showDiscussionControllerTest but cant make Guests view the discussion created by a user * viewing for guests tested, we might need factories 2018-05-16 15:25:48 +08:00			`{`
Make integration tests independent This creates a dedicated test suite for integration tests. All of them can be run independently, and there is no order dependency - previously, all integration tests needed the installer test to run first, and they would fail if installation failed. Now, the developer will have to set up a Flarum database to be used by these tests. A setup script to make this simple will be added in the next commit. Small tradeoff: the installer is NOT tested in our test suite anymore, only implicitly through the setup script. If we decide that this is a problem, we can still set up separate, dedicated installer tests which should probably test the web installer. 2019-01-31 04:15:27 +08:00			`parent::setUp();`

			`$this->prepareDatabase([`
			`'discussions' => [`
			`['id' => 1, 'title' => 'Empty discussion', 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'first_post_id' => null, 'comment_count' => 0, 'is_private' => 0],`
			`['id' => 2, 'title' => 'Discussion with post', 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'first_post_id' => 1, 'comment_count' => 1, 'is_private' => 0],`
			`['id' => 3, 'title' => 'Private discussion', 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'first_post_id' => null, 'comment_count' => 0, 'is_private' => 1],`
fixes #1827 - set default statement to block access - added tests to confirm all scenarios work as intended 2019-07-29 19:22:10 +08:00			`['id' => 4, 'title' => 'Discussion with hidden post', 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'first_post_id' => 2, 'comment_count' => 1, 'is_private' => 0],`
Make integration tests independent This creates a dedicated test suite for integration tests. All of them can be run independently, and there is no order dependency - previously, all integration tests needed the installer test to run first, and they would fail if installation failed. Now, the developer will have to set up a Flarum database to be used by these tests. A setup script to make this simple will be added in the next commit. Small tradeoff: the installer is NOT tested in our test suite anymore, only implicitly through the setup script. If we decide that this is a problem, we can still set up separate, dedicated installer tests which should probably test the web installer. 2019-01-31 04:15:27 +08:00			`],`
			`'posts' => [`
			`['id' => 1, 'discussion_id' => 2, 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'type' => 'comment', 'content' => '<t><p>a normal reply - too-obscure</p></t>'],`
fixes #1827 - set default statement to block access - added tests to confirm all scenarios work as intended 2019-07-29 19:22:10 +08:00			`['id' => 2, 'discussion_id' => 4, 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'type' => 'comment', 'content' => '<t><p>a hidden reply - too-obscure</p></t>', 'hidden_at' => Carbon::now()->toDateTimeString()],`
Make integration tests independent This creates a dedicated test suite for integration tests. All of them can be run independently, and there is no order dependency - previously, all integration tests needed the installer test to run first, and they would fail if installation failed. Now, the developer will have to set up a Flarum database to be used by these tests. A setup script to make this simple will be added in the next commit. Small tradeoff: the installer is NOT tested in our test suite anymore, only implicitly through the setup script. If we decide that this is a problem, we can still set up separate, dedicated installer tests which should probably test the web installer. 2019-01-31 04:15:27 +08:00			`],`
			`'users' => [`
			`$this->normalUser(),`
			`],`
			`'groups' => [`
			`$this->guestGroup(),`
			`$this->memberGroup(),`
			`],`
			`'group_user' => [`
			`['user_id' => 2, 'group_id' => 3],`
			`],`
			`'group_permission' => [`
			`['permission' => 'viewDiscussions', 'group_id' => 2],`
			`['permission' => 'viewDiscussions', 'group_id' => 3],`
			`]`
			`]);`
additional tests for api controllers (#1433) * added CreatePostControllerTest * added DeleteDiscussionControllerTest * added ListDiscussionControllerTest * added TokenControllerTest * minor improvement to policy, no need for Carbon object there, added ShowDiscussionControllerTest * added showDiscussionControllerTest but cant make Guests view the discussion created by a user * viewing for guests tested, we might need factories 2018-05-16 15:25:48 +08:00			`}`

			`/**`
			`* @test`
			`*/`
			`public function author_can_see_discussion()`
			`{`
Convert last two controller tests to request tests 2020-03-27 20:39:38 +08:00			`$response = $this->send(`
			`$this->request('GET', '/api/discussions/1', [`
			`'authenticatedAs' => 2,`
			`])`
			`);`
additional tests for api controllers (#1433) * added CreatePostControllerTest * added DeleteDiscussionControllerTest * added ListDiscussionControllerTest * added TokenControllerTest * minor improvement to policy, no need for Carbon object there, added ShowDiscussionControllerTest * added showDiscussionControllerTest but cant make Guests view the discussion created by a user * viewing for guests tested, we might need factories 2018-05-16 15:25:48 +08:00
			`$this->assertEquals(200, $response->getStatusCode());`
			`}`

			`/**`
			`* @test`
			`*/`
			`public function guest_cannot_see_empty_discussion()`
			`{`
Convert last two controller tests to request tests 2020-03-27 20:39:38 +08:00			`$response = $this->send(`
			`$this->request('GET', '/api/discussions/1')`
			`);`
additional tests for api controllers (#1433) * added CreatePostControllerTest * added DeleteDiscussionControllerTest * added ListDiscussionControllerTest * added TokenControllerTest * minor improvement to policy, no need for Carbon object there, added ShowDiscussionControllerTest * added showDiscussionControllerTest but cant make Guests view the discussion created by a user * viewing for guests tested, we might need factories 2018-05-16 15:25:48 +08:00
API Client: Use new error handling mechanism 2019-08-10 05:57:33 +08:00			`$this->assertEquals(404, $response->getStatusCode());`
additional tests for api controllers (#1433) * added CreatePostControllerTest * added DeleteDiscussionControllerTest * added ListDiscussionControllerTest * added TokenControllerTest * minor improvement to policy, no need for Carbon object there, added ShowDiscussionControllerTest * added showDiscussionControllerTest but cant make Guests view the discussion created by a user * viewing for guests tested, we might need factories 2018-05-16 15:25:48 +08:00			`}`

fixes #1827 - set default statement to block access - added tests to confirm all scenarios work as intended 2019-07-29 19:22:10 +08:00			`/**`
			`* @test`
			`*/`
			`public function guest_cannot_see_hidden_posts()`
			`{`
Convert last two controller tests to request tests 2020-03-27 20:39:38 +08:00			`$response = $this->send(`
			`$this->request('GET', '/api/discussions/4')`
			`);`
fixes #1827 - set default statement to block access - added tests to confirm all scenarios work as intended 2019-07-29 19:22:10 +08:00
			`$json = json_decode($response->getBody()->getContents(), true);`

			`$this->assertNull(Arr::get($json, 'data.relationships.posts'));`
			`}`

			`/**`
			`* @test`
			`*/`
			`public function author_can_see_hidden_posts()`
			`{`
Convert last two controller tests to request tests 2020-03-27 20:39:38 +08:00			`$response = $this->send(`
			`$this->request('GET', '/api/discussions/4', [`
			`'authenticatedAs' => 2,`
			`])`
			`);`
fixes #1827 - set default statement to block access - added tests to confirm all scenarios work as intended 2019-07-29 19:22:10 +08:00
			`$json = json_decode($response->getBody()->getContents(), true);`

			`$this->assertEquals(2, Arr::get($json, 'data.relationships.posts.data.0.id'));`
			`}`

			`/**`
			`* @test`
			`*/`
			`public function when_allowed_guests_can_see_hidden_posts()`
			`{`
			`/** @var Dispatcher $events */`
Stop using app() helper in tests 2020-05-23 07:55:58 +08:00			`$events = $this->app()->getContainer()->make(Dispatcher::class);`
fixes #1827 - set default statement to block access - added tests to confirm all scenarios work as intended 2019-07-29 19:22:10 +08:00
			`$events->listen(ScopeModelVisibility::class, function (ScopeModelVisibility $event) {`
incorrect ability used, drop prefix discussion. 2019-11-21 20:14:35 +08:00			`if ($event->ability === 'hidePosts') {`
test only on the hidePosts policy ability 2019-11-21 18:47:01 +08:00			`$event->query->whereRaw('1=1');`
			`}`
fixes #1827 - set default statement to block access - added tests to confirm all scenarios work as intended 2019-07-29 19:22:10 +08:00			`});`

Convert last two controller tests to request tests 2020-03-27 20:39:38 +08:00			`$response = $this->send(`
			`$this->request('GET', '/api/discussions/4')`
			`);`
fixes #1827 - set default statement to block access - added tests to confirm all scenarios work as intended 2019-07-29 19:22:10 +08:00
			`$json = json_decode($response->getBody()->getContents(), true);`

			`$this->assertEquals(2, Arr::get($json, 'data.relationships.posts.data.0.id'));`
			`}`

additional tests for api controllers (#1433) * added CreatePostControllerTest * added DeleteDiscussionControllerTest * added ListDiscussionControllerTest * added TokenControllerTest * minor improvement to policy, no need for Carbon object there, added ShowDiscussionControllerTest * added showDiscussionControllerTest but cant make Guests view the discussion created by a user * viewing for guests tested, we might need factories 2018-05-16 15:25:48 +08:00			`/**`
			`* @test`
			`*/`
			`public function guest_can_see_discussion()`
			`{`
Convert last two controller tests to request tests 2020-03-27 20:39:38 +08:00			`$response = $this->send(`
			`$this->request('GET', '/api/discussions/2')`
			`);`
additional tests for api controllers (#1433) * added CreatePostControllerTest * added DeleteDiscussionControllerTest * added ListDiscussionControllerTest * added TokenControllerTest * minor improvement to policy, no need for Carbon object there, added ShowDiscussionControllerTest * added showDiscussionControllerTest but cant make Guests view the discussion created by a user * viewing for guests tested, we might need factories 2018-05-16 15:25:48 +08:00
			`$this->assertEquals(200, $response->getStatusCode());`
			`}`

			`/**`
			`* @test`
			`*/`
			`public function guests_cannot_see_private_discussion()`
			`{`
Convert last two controller tests to request tests 2020-03-27 20:39:38 +08:00			`$response = $this->send(`
			`$this->request('GET', '/api/discussions/3')`
			`);`
PHPUnit: Get rid of deprecated annotation Refs #1795. 2019-07-30 06:09:10 +08:00
API Client: Use new error handling mechanism 2019-08-10 05:57:33 +08:00			`$this->assertEquals(404, $response->getStatusCode());`
additional tests for api controllers (#1433) * added CreatePostControllerTest * added DeleteDiscussionControllerTest * added ListDiscussionControllerTest * added TokenControllerTest * minor improvement to policy, no need for Carbon object there, added ShowDiscussionControllerTest * added showDiscussionControllerTest but cant make Guests view the discussion created by a user * viewing for guests tested, we might need factories 2018-05-16 15:25:48 +08:00			`}`
			`}`