framework/tests/integration/api/users/ListTest.php

<?php

/*
 * This file is part of Flarum.
 *
 * For detailed copyright and license information, please view the
 * LICENSE file that was distributed with this source code.
 */

namespace Flarum\Tests\integration\api\users;

use Flarum\Group\Permission;
use Flarum\Tests\integration\RetrievesAuthorizedUsers;
use Flarum\Tests\integration\TestCase;

class ListTest extends TestCase
{
    use RetrievesAuthorizedUsers;

    public function setUp()
    {
        parent::setUp();

        $this->prepareDatabase([
            'users' => [
                $this->adminUser(),
            ],
            'groups' => [
                $this->adminGroup(),
                $this->guestGroup(),
            ],
            'group_permission' => [],
            'group_user' => [
                ['user_id' => 1, 'group_id' => 1],
            ],
            'access_tokens' => [
                ['token' => 'admintoken', 'user_id' => 1],
            ],
        ]);
    }

    /**
     * @test
     */
    public function disallows_index_for_guest()
    {
        $response = $this->send(
            $this->request('GET', '/api/users')
        );

        $this->assertEquals(403, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function shows_index_for_guest_when_they_have_permission()
    {
        Permission::unguarded(function () {
            Permission::create([
                'permission' => 'viewUserList',
                'group_id' => 2,
            ]);
        });

        $response = $this->send(
            $this->request('GET', '/api/users')
        );

        $this->assertEquals(200, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function shows_index_for_admin()
    {
        $response = $this->send(
            $this->request('GET', '/api/users')
                ->withHeader('Authorization', 'Token admintoken')
        );

        $this->assertEquals(200, $response->getStatusCode());
    }
}
Increasing test coverage (#1711) * added a few more tests, renamed singular to plural to match controller * increase error reporting * removed debugging and wait for tests 2019-01-02 04:02:18 +08:00			`<?php`

			`/*`
			`* This file is part of Flarum.`
			`*`
Apply fixes from StyleCI [ci skip] [skip ci] 2020-02-05 05:11:08 +08:00			`* For detailed copyright and license information, please view the`
			`* LICENSE file that was distributed with this source code.`
Increasing test coverage (#1711) * added a few more tests, renamed singular to plural to match controller * increase error reporting * removed debugging and wait for tests 2019-01-02 04:02:18 +08:00			`*/`

Convert more controller tests to feature tests 2019-09-14 19:09:56 +08:00			`namespace Flarum\Tests\integration\api\users;`
Increasing test coverage (#1711) * added a few more tests, renamed singular to plural to match controller * increase error reporting * removed debugging and wait for tests 2019-01-02 04:02:18 +08:00
Add a test for viewUserList guest permission This test would have failed without commit ea84fc4. Next, I will revert that commit and most of my PR #1854, so we need this test to ensure the API continues to behave as desired. 2019-09-15 03:23:30 +08:00			`use Flarum\Group\Permission;`
Convert more controller tests to feature tests 2019-09-14 19:09:56 +08:00			`use Flarum\Tests\integration\RetrievesAuthorizedUsers;`
			`use Flarum\Tests\integration\TestCase;`
Increasing test coverage (#1711) * added a few more tests, renamed singular to plural to match controller * increase error reporting * removed debugging and wait for tests 2019-01-02 04:02:18 +08:00
Convert more controller tests to feature tests 2019-09-14 19:09:56 +08:00			`class ListTest extends TestCase`
Increasing test coverage (#1711) * added a few more tests, renamed singular to plural to match controller * increase error reporting * removed debugging and wait for tests 2019-01-02 04:02:18 +08:00			`{`
Convert more controller tests to feature tests 2019-09-14 19:09:56 +08:00			`use RetrievesAuthorizedUsers;`
Increasing test coverage (#1711) * added a few more tests, renamed singular to plural to match controller * increase error reporting * removed debugging and wait for tests 2019-01-02 04:02:18 +08:00
Make integration tests independent This creates a dedicated test suite for integration tests. All of them can be run independently, and there is no order dependency - previously, all integration tests needed the installer test to run first, and they would fail if installation failed. Now, the developer will have to set up a Flarum database to be used by these tests. A setup script to make this simple will be added in the next commit. Small tradeoff: the installer is NOT tested in our test suite anymore, only implicitly through the setup script. If we decide that this is a problem, we can still set up separate, dedicated installer tests which should probably test the web installer. 2019-01-31 04:15:27 +08:00			`public function setUp()`
			`{`
			`parent::setUp();`

			`$this->prepareDatabase([`
			`'users' => [`
			`$this->adminUser(),`
			`],`
			`'groups' => [`
			`$this->adminGroup(),`
Add a test for viewUserList guest permission This test would have failed without commit ea84fc4. Next, I will revert that commit and most of my PR #1854, so we need this test to ensure the API continues to behave as desired. 2019-09-15 03:23:30 +08:00			`$this->guestGroup(),`
Make integration tests independent This creates a dedicated test suite for integration tests. All of them can be run independently, and there is no order dependency - previously, all integration tests needed the installer test to run first, and they would fail if installation failed. Now, the developer will have to set up a Flarum database to be used by these tests. A setup script to make this simple will be added in the next commit. Small tradeoff: the installer is NOT tested in our test suite anymore, only implicitly through the setup script. If we decide that this is a problem, we can still set up separate, dedicated installer tests which should probably test the web installer. 2019-01-31 04:15:27 +08:00			`],`
Add a test for viewUserList guest permission This test would have failed without commit ea84fc4. Next, I will revert that commit and most of my PR #1854, so we need this test to ensure the API continues to behave as desired. 2019-09-15 03:23:30 +08:00			`'group_permission' => [],`
Make integration tests independent This creates a dedicated test suite for integration tests. All of them can be run independently, and there is no order dependency - previously, all integration tests needed the installer test to run first, and they would fail if installation failed. Now, the developer will have to set up a Flarum database to be used by these tests. A setup script to make this simple will be added in the next commit. Small tradeoff: the installer is NOT tested in our test suite anymore, only implicitly through the setup script. If we decide that this is a problem, we can still set up separate, dedicated installer tests which should probably test the web installer. 2019-01-31 04:15:27 +08:00			`'group_user' => [`
			`['user_id' => 1, 'group_id' => 1],`
			`],`
Convert more controller tests to feature tests 2019-09-14 19:09:56 +08:00			`'access_tokens' => [`
			`['token' => 'admintoken', 'user_id' => 1],`
			`],`
Make integration tests independent This creates a dedicated test suite for integration tests. All of them can be run independently, and there is no order dependency - previously, all integration tests needed the installer test to run first, and they would fail if installation failed. Now, the developer will have to set up a Flarum database to be used by these tests. A setup script to make this simple will be added in the next commit. Small tradeoff: the installer is NOT tested in our test suite anymore, only implicitly through the setup script. If we decide that this is a problem, we can still set up separate, dedicated installer tests which should probably test the web installer. 2019-01-31 04:15:27 +08:00			`]);`
			`}`

Increasing test coverage (#1711) * added a few more tests, renamed singular to plural to match controller * increase error reporting * removed debugging and wait for tests 2019-01-02 04:02:18 +08:00			`/**`
			`* @test`
			`*/`
			`public function disallows_index_for_guest()`
			`{`
Convert more controller tests to feature tests 2019-09-14 19:09:56 +08:00			`$response = $this->send(`
			`$this->request('GET', '/api/users')`
			`);`
PHPUnit: Get rid of deprecated annotation Refs #1795. 2019-07-30 06:09:10 +08:00
Restore beta.9 behavior of assertCan() In flarum/core#1854, I changed the implementation of `assertCan()` to be more aware of the user's log-in status. I came across this when unifying our API's response status code when actors are not authenticated or not authorized to do something. @luceos rightfully had to tweak this again in ea84fc4, because the behavior changed for one of the few API endpoints that checked for a permission that even guests can have. It turns out having this complex behavior in `assertCan()` is quite misleading, because the name suggests a simple permission check and nothing more. Where we actually want to differ between HTTP 401 and 403, we can do this using two method calls, and enforce it with our tests. If this turns out to be problematic or extremely common, we can revisit this and introduce a method with a different, better name in the future. This commit restores the method's behavior in the last release, so we also avoid another breaking change for extensions. 2019-09-15 02:33:23 +08:00			`$this->assertEquals(403, $response->getStatusCode());`
Increasing test coverage (#1711) * added a few more tests, renamed singular to plural to match controller * increase error reporting * removed debugging and wait for tests 2019-01-02 04:02:18 +08:00			`}`

Add a test for viewUserList guest permission This test would have failed without commit ea84fc4. Next, I will revert that commit and most of my PR #1854, so we need this test to ensure the API continues to behave as desired. 2019-09-15 03:23:30 +08:00			`/**`
			`* @test`
			`*/`
			`public function shows_index_for_guest_when_they_have_permission()`
			`{`
			`Permission::unguarded(function () {`
			`Permission::create([`
			`'permission' => 'viewUserList',`
			`'group_id' => 2,`
			`]);`
			`});`

			`$response = $this->send(`
			`$this->request('GET', '/api/users')`
			`);`

			`$this->assertEquals(200, $response->getStatusCode());`
			`}`

Increasing test coverage (#1711) * added a few more tests, renamed singular to plural to match controller * increase error reporting * removed debugging and wait for tests 2019-01-02 04:02:18 +08:00			`/**`
			`* @test`
			`*/`
			`public function shows_index_for_admin()`
			`{`
Convert more controller tests to feature tests 2019-09-14 19:09:56 +08:00			`$response = $this->send(`
			`$this->request('GET', '/api/users')`
			`->withHeader('Authorization', 'Token admintoken')`
			`);`
Increasing test coverage (#1711) * added a few more tests, renamed singular to plural to match controller * increase error reporting * removed debugging and wait for tests 2019-01-02 04:02:18 +08:00
			`$this->assertEquals(200, $response->getStatusCode());`
			`}`
			`}`