88 lines
2.8 KiB
PHP
88 lines
2.8 KiB
PHP
<?php
|
|
|
|
namespace Tests\Feature;
|
|
|
|
use App\Models\Event;
|
|
use App\Models\Photo;
|
|
use App\Models\PhotoLike;
|
|
use App\Models\PhotoShareLink;
|
|
use App\Services\EventJoinTokenService;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Facades\Storage;
|
|
use Tests\TestCase;
|
|
|
|
class EventGuestPhotoDeleteTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
public function test_guest_can_delete_own_photo(): void
|
|
{
|
|
$disk = config('filesystems.default', 'local');
|
|
Storage::fake($disk);
|
|
|
|
$event = Event::factory()->create([
|
|
'status' => 'published',
|
|
]);
|
|
|
|
$token = app(EventJoinTokenService::class)
|
|
->createToken($event, ['label' => 'guest'])
|
|
->plain_token;
|
|
|
|
$photo = Photo::factory()->for($event)->create([
|
|
'status' => 'approved',
|
|
'guest_name' => 'device-123',
|
|
'created_by_device_id' => 'device-123',
|
|
'file_path' => "events/{$event->id}/photos/test.jpg",
|
|
'thumbnail_path' => "events/{$event->id}/photos/thumbs/test_thumb.jpg",
|
|
]);
|
|
|
|
Storage::disk($disk)->put($photo->file_path, 'file');
|
|
Storage::disk($disk)->put($photo->thumbnail_path, 'thumb');
|
|
|
|
PhotoShareLink::factory()->create([
|
|
'photo_id' => $photo->id,
|
|
]);
|
|
|
|
PhotoLike::create([
|
|
'photo_id' => $photo->id,
|
|
'guest_name' => 'device-123',
|
|
'ip_address' => 'device',
|
|
]);
|
|
|
|
$response = $this->withHeaders(['X-Device-Id' => 'device-123'])
|
|
->deleteJson("/api/v1/events/{$token}/photos/{$photo->id}");
|
|
|
|
$response->assertOk();
|
|
$response->assertJsonFragment(['photo_id' => $photo->id]);
|
|
|
|
$this->assertDatabaseMissing('photos', ['id' => $photo->id]);
|
|
$this->assertDatabaseMissing('photo_share_links', ['photo_id' => $photo->id]);
|
|
$this->assertDatabaseMissing('photo_likes', ['photo_id' => $photo->id]);
|
|
Storage::disk($disk)->assertMissing($photo->file_path);
|
|
Storage::disk($disk)->assertMissing($photo->thumbnail_path);
|
|
}
|
|
|
|
public function test_guest_cannot_delete_someone_elses_photo(): void
|
|
{
|
|
$event = Event::factory()->create([
|
|
'status' => 'published',
|
|
]);
|
|
|
|
$token = app(EventJoinTokenService::class)
|
|
->createToken($event, ['label' => 'guest'])
|
|
->plain_token;
|
|
|
|
$photo = Photo::factory()->for($event)->create([
|
|
'status' => 'approved',
|
|
'guest_name' => 'device-123',
|
|
'created_by_device_id' => 'device-123',
|
|
]);
|
|
|
|
$this->withHeaders(['X-Device-Id' => 'device-999'])
|
|
->deleteJson("/api/v1/events/{$token}/photos/{$photo->id}")
|
|
->assertForbidden();
|
|
|
|
$this->assertDatabaseHas('photos', ['id' => $photo->id]);
|
|
}
|
|
}
|