api/tests/Feature/ProductionToolingAccessTest...

68 lines
2.0 KiB
PHP

<?php
use App\Enums\UserRole;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Gate;
uses(RefreshDatabase::class);
it('allows only administrators through production tooling gates', function (): void {
$admin = User::factory()->create([
'role' => UserRole::ADMIN,
]);
$moderator = User::factory()->create([
'role' => UserRole::MODERATOR,
]);
$user = User::factory()->create([
'role' => UserRole::USER,
]);
expect(Gate::forUser($admin)->allows('viewHorizon'))->toBeTrue()
->and(Gate::forUser($admin)->allows('viewApiDocs'))->toBeTrue()
->and(Gate::forUser($moderator)->allows('viewHorizon'))->toBeFalse()
->and(Gate::forUser($moderator)->allows('viewApiDocs'))->toBeFalse()
->and(Gate::forUser($user)->allows('viewHorizon'))->toBeFalse()
->and(Gate::forUser($user)->allows('viewApiDocs'))->toBeFalse()
->and(Gate::allows('viewHorizon'))->toBeFalse()
->and(Gate::allows('viewApiDocs'))->toBeFalse();
});
it('protects the horizon dashboard outside local environments', function (): void {
$admin = User::factory()->create([
'role' => UserRole::ADMIN,
]);
$moderator = User::factory()->create([
'role' => UserRole::MODERATOR,
]);
$this->get('/horizon')->assertForbidden();
$this->actingAs($moderator)
->get('/horizon')
->assertForbidden();
$this->actingAs($admin)
->get('/horizon')
->assertSuccessful();
});
it('protects the scramble documentation outside local environments', function (): void {
$admin = User::factory()->create([
'role' => UserRole::ADMIN,
]);
$user = User::factory()->create([
'role' => UserRole::USER,
]);
$this->get('/docs/api')->assertForbidden();
$this->actingAs($user)
->get('/docs/api')
->assertForbidden();
$this->actingAs($admin)
->get('/docs/api')
->assertSuccessful();
});