Expand support API integration tests and add load script

2026-01-28 21:49:16 +01:00
parent c94fbe4ab8
commit 6e4656946c
2 changed files with 143 additions and 0 deletions
--- a/tests/Feature/Support/SupportApiTest.php
+++ b/tests/Feature/Support/SupportApiTest.php
@@ -3,12 +3,14 @@
 namespace Tests\Feature\Support;

 use App\Models\BlogCategory;
+use App\Models\EventType;
 use App\Models\Photo;
 use App\Models\SuperAdminActionLog;
 use App\Models\Tenant;
 use App\Models\User;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Support\Facades\Bus;
+use Illuminate\Support\Facades\Hash;
 use Laravel\Sanctum\Sanctum;
 use Tests\TestCase;

@@ -39,6 +41,100 @@ class SupportApiTest extends TestCase
            ->assertJsonStructure(['data', 'meta']);
    }

+    public function test_support_token_endpoint_issues_bearer_token_and_allows_api_access(): void
+    {
+        $user = User::factory()->create([
+            'role' => 'super_admin',
+            'password' => Hash::make('secret-password'),
+        ]);
+
+        Tenant::factory()->create();
+
+        $response = $this->postJson('/api/v1/support/auth/token', [
+            'login' => $user->email,
+            'password' => 'secret-password',
+        ]);
+
+        $response->assertOk()
+            ->assertJsonStructure(['token', 'token_type', 'abilities', 'user']);
+
+        $token = $response->json('token');
+
+        $this->assertIsString($token);
+
+        $this->withHeader('Authorization', 'Bearer '.$token)
+            ->getJson('/api/v1/support/tenants')
+            ->assertOk()
+            ->assertJsonStructure(['data', 'meta']);
+    }
+
+    public function test_support_requests_require_support_admin_ability(): void
+    {
+        $user = User::factory()->create([
+            'role' => 'super_admin',
+        ]);
+
+        $token = $user->createToken('support-api', ['support:read'])->plainTextToken;
+
+        $response = $this->withHeader('Authorization', 'Bearer '.$token)
+            ->getJson('/api/v1/support/tenants');
+
+        $response->assertStatus(403)
+            ->assertJsonPath('error.code', 'support_forbidden');
+    }
+
+    public function test_support_write_requires_write_ability(): void
+    {
+        $user = User::factory()->create([
+            'role' => 'super_admin',
+        ]);
+
+        $tenant = Tenant::factory()->create();
+
+        $token = $user->createToken('support-api', ['support-admin', 'support:read'])->plainTextToken;
+
+        $response = $this->withHeader('Authorization', 'Bearer '.$token)
+            ->patchJson('/api/v1/support/tenants/'.$tenant->id, [
+                'data' => [
+                    'slug' => 'not-allowed',
+                ],
+            ]);
+
+        $response->assertStatus(403)
+            ->assertJsonPath('error.code', 'forbidden');
+    }
+
+    public function test_support_read_only_resource_rejects_deletes(): void
+    {
+        $user = User::factory()->create([
+            'role' => 'super_admin',
+        ]);
+
+        $eventType = EventType::factory()->create();
+
+        $token = $user->createToken('support-api', ['support-admin', 'support:write'])->plainTextToken;
+
+        $response = $this->withHeader('Authorization', 'Bearer '.$token)
+            ->deleteJson('/api/v1/support/event-types/'.$eventType->id);
+
+        $response->assertStatus(403)
+            ->assertJsonPath('error.code', 'support_mutation_not_allowed');
+    }
+
+    public function test_expired_support_token_is_rejected(): void
+    {
+        $user = User::factory()->create([
+            'role' => 'super_admin',
+        ]);
+
+        $token = $user->createToken('support-api', ['support-admin', 'support:read'], now()->subMinute())->plainTextToken;
+
+        $response = $this->withHeader('Authorization', 'Bearer '.$token)
+            ->getJson('/api/v1/support/tenants');
+
+        $response->assertStatus(401);
+    }
+
    public function test_support_resource_update_rejects_invalid_fields(): void
    {
        $user = User::factory()->create([