create(); $user = User::factory()->for($tenant)->create(); $package = Package::factory()->create(); /** @var CheckoutSessionService $sessions */ $sessions = app(CheckoutSessionService::class); $session = $sessions->createOrResume($user, $package, [ 'tenant' => $tenant, ]); $sessions->markCompleted($session, now()); $this->actingAs($user); $response = $this->getJson(route('checkout.session.status', $session)); $response->assertOk() ->assertJsonPath('status', CheckoutSession::STATUS_COMPLETED); } public function test_user_cannot_fetch_other_users_checkout_session_status(): void { $tenant = Tenant::factory()->create(); $owner = User::factory()->for($tenant)->create(); $otherUser = User::factory()->create(); $package = Package::factory()->create(); /** @var CheckoutSessionService $sessions */ $sessions = app(CheckoutSessionService::class); $session = $sessions->createOrResume($owner, $package, [ 'tenant' => $tenant, ]); $this->actingAs($otherUser); $response = $this->getJson(route('checkout.session.status', $session)); $response->assertForbidden(); } }