framework/tests/integration/api/users/ListTest.php
Franz Liedke 18593e0d7d
Add a test for viewUserList guest permission
This test would have failed without commit ea84fc4. Next, I will revert
that commit and most of my PR #1854, so we need this test to ensure the
API continues to behave as desired.
2019-09-14 21:30:09 +02:00

88 lines
2.0 KiB
PHP

<?php
/*
* This file is part of Flarum.
*
* (c) Toby Zerner <toby.zerner@gmail.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Flarum\Tests\integration\api\users;
use Flarum\Group\Permission;
use Flarum\Tests\integration\RetrievesAuthorizedUsers;
use Flarum\Tests\integration\TestCase;
class ListTest extends TestCase
{
use RetrievesAuthorizedUsers;
public function setUp()
{
parent::setUp();
$this->prepareDatabase([
'users' => [
$this->adminUser(),
],
'groups' => [
$this->adminGroup(),
$this->guestGroup(),
],
'group_permission' => [],
'group_user' => [
['user_id' => 1, 'group_id' => 1],
],
'access_tokens' => [
['token' => 'admintoken', 'user_id' => 1],
],
]);
}
/**
* @test
*/
public function disallows_index_for_guest()
{
$response = $this->send(
$this->request('GET', '/api/users')
);
$this->assertEquals(401, $response->getStatusCode());
}
/**
* @test
*/
public function shows_index_for_guest_when_they_have_permission()
{
Permission::unguarded(function () {
Permission::create([
'permission' => 'viewUserList',
'group_id' => 2,
]);
});
$response = $this->send(
$this->request('GET', '/api/users')
);
$this->assertEquals(200, $response->getStatusCode());
}
/**
* @test
*/
public function shows_index_for_admin()
{
$response = $this->send(
$this->request('GET', '/api/users')
->withHeader('Authorization', 'Token admintoken')
);
$this->assertEquals(200, $response->getStatusCode());
}
}