8bd31cf54f
- Menambahkan pengecekan lebih rinci ketika pengguna mencoba mengakses, membuat, mengubah, atau menghapus role berdasarkan perizinan spesifik (usermanagement.read, usermanagement.create, dll.). - Menghapus komentar kode yang tidak digunakan pada metode middleware. - Menggunakan class Exception secara konsisten untuk penanganan error dan pengembalian pesan error di seluruh metode. - Memperbaiki komentar dan dokumentasi kode agar lebih relevan dengan implementasi saat ini. - Menyederhanakan dan mengoptimasi pengaturan sorting pada data roles, termasuk sorting case-insensitive. - Menyesuaikan kunci perizinan dari 'roles.*' menjadi 'usermanagement.*' untuk kesesuaian dengan grup perizinan. test(roles): menambah RolesControllerTest dengan cakupan pengujian mendalam - Membuat pengujian lengkap untuk semua metode di RolesController, termasuk pengujian izin akses, proses penyimpanan, penghapusan, dan pemulihan role. - Menambahkan pengujian untuk fitur datatables: pencarian, penyortiran, dan pengambilan data yang benar. - Menguji validasi perizinan granular untuk membuat, mengedit, menghapus, dan memulihkan role. - Memastikan respon API sesuai ekspektasi saat pengguna tidak memiliki izin yang dibutuhkan. - Memastikan penghapusan lunak dan mekanisme pemulihan role berfungsi seperti yang diharapkan.
468 lines
15 KiB
PHP
468 lines
15 KiB
PHP
<?php
|
|
|
|
namespace Modules\Usermanagement\Tests\Feature;
|
|
|
|
use Tests\TestCase;
|
|
use Modules\Usermanagement\Models\Position;
|
|
use Modules\Usermanagement\Models\User;
|
|
use Modules\Usermanagement\Models\Role;
|
|
use Modules\Usermanagement\Models\Permission;
|
|
use Modules\Usermanagement\Models\PermissionGroup;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use PHPUnit\Framework\Attributes\Test;
|
|
|
|
class RolesControllerTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
protected $user;
|
|
protected $adminRole;
|
|
protected $position;
|
|
protected $testRole;
|
|
protected $permissionGroup;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
|
|
// Create permission group first
|
|
$this->permissionGroup = PermissionGroup::create([
|
|
'name' => 'usermanagement',
|
|
'slug' => 'usermanagement'
|
|
]);
|
|
|
|
// Create permissions with permission_group_id
|
|
Permission::create([
|
|
'name' => 'usermanagement.create',
|
|
'guard_name' => 'web',
|
|
'permission_group_id' => $this->permissionGroup->id
|
|
]);
|
|
Permission::create([
|
|
'name' => 'usermanagement.read',
|
|
'guard_name' => 'web',
|
|
'permission_group_id' => $this->permissionGroup->id
|
|
]);
|
|
Permission::create([
|
|
'name' => 'usermanagement.update',
|
|
'guard_name' => 'web',
|
|
'permission_group_id' => $this->permissionGroup->id
|
|
]);
|
|
Permission::create([
|
|
'name' => 'usermanagement.delete',
|
|
'guard_name' => 'web',
|
|
'permission_group_id' => $this->permissionGroup->id
|
|
]);
|
|
Permission::create([
|
|
'name' => 'usermanagement.export',
|
|
'guard_name' => 'web',
|
|
'permission_group_id' => $this->permissionGroup->id
|
|
]);
|
|
Permission::create([
|
|
'name' => 'usermanagement.restore',
|
|
'guard_name' => 'web',
|
|
'permission_group_id' => $this->permissionGroup->id
|
|
]);
|
|
|
|
// Create admin role with all permissions
|
|
$this->adminRole = Role::create(['name' => 'admin', 'guard_name' => 'web']);
|
|
$this->adminRole->givePermissionTo(Permission::all());
|
|
|
|
// Create a user with admin role
|
|
$this->user = User::factory()->create();
|
|
$this->user->assignRole($this->adminRole);
|
|
|
|
// Create a position for testing
|
|
$this->position = Position::create([
|
|
'code' => 'TEST',
|
|
'name' => 'Test Position',
|
|
'level' => 1
|
|
]);
|
|
|
|
// Create a test role for testing
|
|
$this->testRole = Role::create([
|
|
'name' => 'test-role',
|
|
'guard_name' => 'web',
|
|
'position_id' => $this->position->id
|
|
]);
|
|
$this->testRole->givePermissionTo('usermanagement.read');
|
|
}
|
|
|
|
#[Test]
|
|
public function user_with_permission_can_view_roles_index()
|
|
{
|
|
$response = $this->actingAs($this->user)
|
|
->get(route('users.roles.index'));
|
|
|
|
$response->assertStatus(200);
|
|
}
|
|
|
|
#[Test]
|
|
public function user_without_permission_cannot_view_roles_index()
|
|
{
|
|
// Create a role without permissions
|
|
$role = Role::create(['name' => 'viewer', 'guard_name' => 'web']);
|
|
|
|
// Create a user with the viewer role
|
|
$user = User::factory()->create();
|
|
$user->assignRole($role);
|
|
|
|
$response = $this->actingAs($user)
|
|
->get(route('users.roles.index'));
|
|
|
|
$response->assertStatus(403);
|
|
}
|
|
|
|
#[Test]
|
|
public function user_with_permission_can_create_role()
|
|
{
|
|
$response = $this->actingAs($this->user)
|
|
->get(route('users.roles.create'));
|
|
|
|
$response->assertStatus(200);
|
|
}
|
|
|
|
#[Test]
|
|
public function user_without_permission_cannot_create_role()
|
|
{
|
|
// Create a role with only read permission
|
|
$role = Role::create(['name' => 'reader', 'guard_name' => 'web']);
|
|
$role->givePermissionTo('usermanagement.read');
|
|
|
|
// Create a user with the reader role
|
|
$user = User::factory()->create();
|
|
$user->assignRole($role);
|
|
|
|
$response = $this->actingAs($user)
|
|
->get(route('users.roles.create'));
|
|
|
|
$response->assertStatus(403);
|
|
}
|
|
|
|
#[Test]
|
|
public function user_with_permission_can_store_role()
|
|
{
|
|
$permissions = Permission::where('name', 'usermanagement.read')->pluck('id')->toArray();
|
|
|
|
$roleData = [
|
|
'name' => 'New Role',
|
|
'guard_name' => 'web',
|
|
'position_id' => $this->position->id,
|
|
'permissions' => $permissions
|
|
];
|
|
|
|
$response = $this->actingAs($this->user)
|
|
->post(route('users.roles.store'), $roleData);
|
|
|
|
$response->assertRedirect(route('users.roles.index'));
|
|
$this->assertDatabaseHas('roles', [
|
|
'name' => 'New Role',
|
|
'position_id' => $this->position->id
|
|
]);
|
|
|
|
// Check if permission was assigned
|
|
$newRole = Role::where('name', 'New Role')->first();
|
|
$this->assertTrue($newRole->hasPermissionTo('usermanagement.read'));
|
|
}
|
|
|
|
#[Test]
|
|
public function user_without_permission_cannot_store_role()
|
|
{
|
|
// Create a role with only read permission
|
|
$role = Role::create(['name' => 'reader', 'guard_name' => 'web']);
|
|
$role->givePermissionTo('usermanagement.read');
|
|
|
|
// Create a user with the reader role
|
|
$user = User::factory()->create();
|
|
$user->assignRole($role);
|
|
|
|
$permissions = Permission::where('name', 'usermanagement.read')->pluck('id')->toArray();
|
|
|
|
$roleData = [
|
|
'name' => 'New Role',
|
|
'guard_name' => 'web',
|
|
'position_id' => $this->position->id,
|
|
'permissions' => $permissions
|
|
];
|
|
|
|
$response = $this->actingAs($user)
|
|
->post(route('users.roles.store'), $roleData);
|
|
|
|
$response->assertStatus(403);
|
|
$this->assertDatabaseMissing('roles', ['name' => 'New Role']);
|
|
}
|
|
|
|
#[Test]
|
|
public function user_with_permission_can_edit_role()
|
|
{
|
|
$response = $this->actingAs($this->user)
|
|
->get(route('users.roles.edit', $this->testRole->id));
|
|
|
|
$response->assertStatus(200);
|
|
}
|
|
|
|
#[Test]
|
|
public function user_without_permission_cannot_edit_role()
|
|
{
|
|
// Create a role with only read permission
|
|
$role = Role::create(['name' => 'reader', 'guard_name' => 'web']);
|
|
$role->givePermissionTo('usermanagement.read');
|
|
|
|
// Create a user with the reader role
|
|
$user = User::factory()->create();
|
|
$user->assignRole($role);
|
|
|
|
$response = $this->actingAs($user)
|
|
->get(route('users.roles.edit', $this->testRole->id));
|
|
|
|
$response->assertStatus(403);
|
|
}
|
|
|
|
#[Test]
|
|
public function user_with_permission_can_update_role()
|
|
{
|
|
$permissions = Permission::whereIn('name', ['usermanagement.read', 'usermanagement.update'])->pluck('id')->toArray();
|
|
|
|
$updatedData = [
|
|
'name' => 'Updated Role',
|
|
'guard_name' => 'web',
|
|
'position_id' => $this->position->id,
|
|
'permissions' => $permissions
|
|
];
|
|
|
|
$response = $this->actingAs($this->user)
|
|
->put(route('users.roles.update', $this->testRole->id), $updatedData);
|
|
|
|
$response->assertRedirect(route('users.roles.index'));
|
|
$this->assertDatabaseHas('roles', [
|
|
'id' => $this->testRole->id,
|
|
'name' => 'Updated Role',
|
|
'position_id' => $this->position->id
|
|
]);
|
|
|
|
// Check if permissions were updated
|
|
$updatedRole = Role::find($this->testRole->id);
|
|
$this->assertTrue($updatedRole->hasPermissionTo('usermanagement.read'));
|
|
$this->assertTrue($updatedRole->hasPermissionTo('usermanagement.update'));
|
|
}
|
|
|
|
#[Test]
|
|
public function user_without_permission_cannot_update_role()
|
|
{
|
|
// Create a role with only read permission
|
|
$role = Role::create(['name' => 'reader', 'guard_name' => 'web']);
|
|
$role->givePermissionTo('usermanagement.read');
|
|
|
|
// Create a user with the reader role
|
|
$user = User::factory()->create();
|
|
$user->assignRole($role);
|
|
|
|
$permissions = Permission::whereIn('name', ['usermanagement.read', 'usermanagement.update'])->pluck('id')->toArray();
|
|
|
|
$updatedData = [
|
|
'name' => 'Updated Role',
|
|
'guard_name' => 'web',
|
|
'position_id' => $this->position->id,
|
|
'permissions' => $permissions
|
|
];
|
|
|
|
$response = $this->actingAs($user)
|
|
->put(route('users.roles.update', $this->testRole->id), $updatedData);
|
|
|
|
$response->assertStatus(403);
|
|
$this->assertDatabaseMissing('roles', [
|
|
'id' => $this->testRole->id,
|
|
'name' => 'Updated Role'
|
|
]);
|
|
}
|
|
|
|
#[Test]
|
|
public function user_with_permission_can_delete_role()
|
|
{
|
|
$response = $this->actingAs($this->user)
|
|
->delete(route('users.roles.destroy', $this->testRole->id));
|
|
|
|
// The destroy method returns JSON response
|
|
$response->assertJson([
|
|
'message' => 'Role deleted successfully.',
|
|
'success' => true
|
|
]);
|
|
|
|
$this->assertSoftDeleted($this->testRole);
|
|
}
|
|
|
|
#[Test]
|
|
public function user_without_permission_cannot_delete_role()
|
|
{
|
|
// Create a role with only read permission
|
|
$role = Role::create(['name' => 'reader', 'guard_name' => 'web']);
|
|
$role->givePermissionTo('usermanagement.read');
|
|
|
|
// Create a user with the reader role
|
|
$user = User::factory()->create();
|
|
$user->assignRole($role);
|
|
|
|
$response = $this->actingAs($user)
|
|
->delete(route('users.roles.destroy', $this->testRole->id));
|
|
|
|
$response->assertStatus(403);
|
|
$this->assertDatabaseHas('roles', [
|
|
'id' => $this->testRole->id,
|
|
'deleted_at' => null
|
|
]);
|
|
}
|
|
|
|
#[Test]
|
|
public function user_with_permission_can_restore_role()
|
|
{
|
|
// First soft delete the role
|
|
$this->testRole->delete();
|
|
$this->assertSoftDeleted($this->testRole);
|
|
|
|
$response = $this->actingAs($this->user)
|
|
->get(route('users.roles.restore', $this->testRole->id));
|
|
|
|
$response->assertRedirect(route('users.roles.index'));
|
|
$this->assertDatabaseHas('roles', [
|
|
'id' => $this->testRole->id,
|
|
'deleted_at' => null
|
|
]);
|
|
}
|
|
|
|
#[Test]
|
|
public function user_without_permission_cannot_restore_role()
|
|
{
|
|
// Create a role with only read permission
|
|
$role = Role::create(['name' => 'reader', 'guard_name' => 'web']);
|
|
$role->givePermissionTo('usermanagement.read');
|
|
|
|
// Create a user with the reader role
|
|
$user = User::factory()->create();
|
|
$user->assignRole($role);
|
|
|
|
// First soft delete the role
|
|
$this->testRole->delete();
|
|
$this->assertSoftDeleted($this->testRole);
|
|
|
|
$response = $this->actingAs($user)
|
|
->get(route('users.roles.restore', $this->testRole->id));
|
|
|
|
$response->assertStatus(403);
|
|
$this->assertSoftDeleted($this->testRole);
|
|
}
|
|
|
|
#[Test]
|
|
public function user_with_permission_can_access_datatables_data()
|
|
{
|
|
$response = $this->actingAs($this->user)
|
|
->get(route('users.roles.datatables'));
|
|
|
|
$response->assertStatus(200);
|
|
$response->assertJsonStructure([
|
|
'draw',
|
|
'recordsTotal',
|
|
'recordsFiltered',
|
|
'pageCount',
|
|
'page',
|
|
'totalCount',
|
|
'data'
|
|
]);
|
|
}
|
|
|
|
#[Test]
|
|
public function user_without_permission_cannot_access_datatables_data()
|
|
{
|
|
// Create a role without permissions
|
|
$role = Role::create(['name' => 'viewer', 'guard_name' => 'web']);
|
|
|
|
// Create a user with the viewer role
|
|
$user = User::factory()->create();
|
|
$user->assignRole($role);
|
|
|
|
$response = $this->actingAs($user)
|
|
->get(route('users.roles.datatables'));
|
|
|
|
$response->assertStatus(403);
|
|
}
|
|
|
|
#[Test]
|
|
public function user_with_permission_can_export_roles()
|
|
{
|
|
$response = $this->actingAs($this->user)
|
|
->get(route('users.roles.export'));
|
|
|
|
$response->assertStatus(200);
|
|
$response->assertHeader('content-type', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet');
|
|
}
|
|
|
|
#[Test]
|
|
public function datatables_search_filters_roles_correctly()
|
|
{
|
|
// Create additional roles for testing search
|
|
Role::create([
|
|
'name' => 'searchable-role',
|
|
'guard_name' => 'web',
|
|
'position_id' => $this->position->id
|
|
]);
|
|
|
|
$response = $this->actingAs($this->user)
|
|
->get(route('users.roles.datatables', ['search' => 'searchable']));
|
|
|
|
$response->assertStatus(200);
|
|
$responseData = json_decode($response->getContent(), true);
|
|
|
|
// Check that the search returned the correct role
|
|
$this->assertGreaterThan(0, $responseData['recordsFiltered']);
|
|
$foundSearchableRole = false;
|
|
foreach ($responseData['data'] as $role) {
|
|
if ($role['name'] === 'searchable-role') {
|
|
$foundSearchableRole = true;
|
|
break;
|
|
}
|
|
}
|
|
$this->assertTrue($foundSearchableRole);
|
|
}
|
|
|
|
#[Test]
|
|
public function datatables_sorting_works_correctly()
|
|
{
|
|
// Create additional roles for testing sorting
|
|
Role::create([
|
|
'name' => 'A-role', // Should come first in ascending order
|
|
'guard_name' => 'web',
|
|
'position_id' => $this->position->id
|
|
]);
|
|
|
|
Role::create([
|
|
'name' => 'Z-role', // Should come last in ascending order
|
|
'guard_name' => 'web',
|
|
'position_id' => $this->position->id
|
|
]);
|
|
|
|
// Test ascending order
|
|
$response = $this->actingAs($this->user)
|
|
->get(route('users.roles.datatables', [
|
|
'sortField' => 'name',
|
|
'sortOrder' => 'asc'
|
|
]));
|
|
|
|
$response->assertStatus(200);
|
|
$responseData = json_decode($response->getContent(), true);
|
|
|
|
// Check that the first role is 'A-role'
|
|
$this->assertEquals('A-role', $responseData['data'][0]['name']);
|
|
|
|
// Test descending order
|
|
$response = $this->actingAs($this->user)
|
|
->get(route('users.roles.datatables', [
|
|
'sortField' => 'name',
|
|
'sortOrder' => 'desc'
|
|
]));
|
|
|
|
$response->assertStatus(200);
|
|
$responseData = json_decode($response->getContent(), true);
|
|
|
|
// Check that the first role is 'Z-role'
|
|
$this->assertEquals('Z-role', $responseData['data'][0]['name']);
|
|
}
|
|
}
|