48 lines
1.7 KiB
PHP
48 lines
1.7 KiB
PHP
<?php
|
|
|
|
|
|
|
|
declare(strict_types=1);
|
|
|
|
|
|
|
|
namespace Tests\Integration;
|
|
|
|
|
|
|
|
use Tests\Support\ApiTestCase;
|
|
|
|
use Tests\Support\DatabaseFixture;
|
|
|
|
|
|
|
|
final class UsersTest extends ApiTestCase
|
|
|
|
{
|
|
|
|
public function testRequiresAuth(): void
|
|
|
|
{
|
|
|
|
$res = $this->api('GET', 'users');
|
|
|
|
$this->assertLegacyAuthError($res, 401, 'Missing Bearer token');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testCoachForbidden(): void
|
|
|
|
{
|
|
|
|
$this->loginAs(DatabaseFixture::COACH1_USERNAME);
|
|
|
|
$res = $this->api('GET', 'users');
|
|
|
|
$this->assertLegacyAuthError($res, 403, 'Insufficient permissions');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testAdminSeesAllUsers(): void
|
|
|
|
{
|
|
|
|
$this->loginAs(DatabaseFixture::ADMIN_USERNAME);
|
|
|
|
$res = $this->api('GET', 'users');
|
|
|
|
$this->assertOk($res);
|
|
|
|
$usernames = array_column($res['body']['data']['users'], 'username');
|
|
|
|
$this->assertContains(DatabaseFixture::COACH1_USERNAME, $usernames);
|
|
|
|
$this->assertContains(DatabaseFixture::COACH2_USERNAME, $usernames);
|
|
|
|
$this->assertContains(DatabaseFixture::SUPERVISOR1_USERNAME, $usernames);
|
|
|
|
$this->assertNotEmpty($res['body']['data']['supervisors']);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testSupervisorSeesOnlyTheirCoaches(): void
|
|
|
|
{
|
|
|
|
$this->loginAs(DatabaseFixture::SUPERVISOR1_USERNAME);
|
|
|
|
$res = $this->api('GET', 'users');
|
|
|
|
$this->assertOk($res);
|
|
|
|
$usernames = array_column($res['body']['data']['users'], 'username');
|
|
|
|
$this->assertContains(DatabaseFixture::COACH1_USERNAME, $usernames);
|
|
|
|
$this->assertNotContains(DatabaseFixture::COACH2_USERNAME, $usernames);
|
|
|
|
$this->assertSame([], $res['body']['data']['supervisors']);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|