prepareDatabase([ 'users' => [ $this->adminUser(), ], 'groups' => [ $this->adminGroup(), $this->guestGroup(), ], 'group_permission' => [], 'group_user' => [ ['user_id' => 1, 'group_id' => 1], ], 'access_tokens' => [ ['token' => 'admintoken', 'user_id' => 1], ], ]); } /** * @test */ public function disallows_index_for_guest() { $response = $this->send( $this->request('GET', '/api/users') ); $this->assertEquals(403, $response->getStatusCode()); } /** * @test */ public function shows_index_for_guest_when_they_have_permission() { Permission::unguarded(function () { Permission::create([ 'permission' => 'viewUserList', 'group_id' => 2, ]); }); $response = $this->send( $this->request('GET', '/api/users') ); $this->assertEquals(200, $response->getStatusCode()); } /** * @test */ public function shows_index_for_admin() { $response = $this->send( $this->request('GET', '/api/users') ->withHeader('Authorization', 'Token admintoken') ); $this->assertEquals(200, $response->getStatusCode()); } }