2026-06-23 10:10:28 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
use App\Models\User;
|
|
|
|
|
use App\Modules\Client\Models\Client;
|
|
|
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
|
|
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
|
|
|
|
|
|
it('staff can list clients', function () {
|
|
|
|
|
$user = User::factory()->create(['role' => 'staff']);
|
|
|
|
|
Client::factory(3)->create();
|
|
|
|
|
|
|
|
|
|
$response = $this->actingAs($user)->getJson('/api/clients');
|
|
|
|
|
|
|
|
|
|
$response->assertStatus(200)
|
|
|
|
|
->assertJsonCount(3, 'data');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('staff can create a client', function () {
|
|
|
|
|
$user = User::factory()->create(['role' => 'staff']);
|
|
|
|
|
|
|
|
|
|
$response = $this->actingAs($user)->postJson('/api/clients', [
|
|
|
|
|
'client_number' => 'K001',
|
|
|
|
|
'name' => 'Müller GmbH',
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$response->assertStatus(201)
|
|
|
|
|
->assertJsonPath('data.client_number', 'K001')
|
|
|
|
|
->assertJsonPath('data.name', 'Müller GmbH');
|
|
|
|
|
|
|
|
|
|
$this->assertDatabaseHas('clients', ['client_number' => 'K001']);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('rejects duplicate client_number', function () {
|
|
|
|
|
$user = User::factory()->create(['role' => 'staff']);
|
|
|
|
|
Client::factory()->create(['client_number' => 'K001']);
|
|
|
|
|
|
|
|
|
|
$response = $this->actingAs($user)->postJson('/api/clients', [
|
|
|
|
|
'client_number' => 'K001',
|
|
|
|
|
'name' => 'Other GmbH',
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$response->assertStatus(422);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('staff can update a client', function () {
|
|
|
|
|
$user = User::factory()->create(['role' => 'staff']);
|
|
|
|
|
$client = Client::factory()->create();
|
|
|
|
|
|
|
|
|
|
$response = $this->actingAs($user)->putJson("/api/clients/{$client->id}", [
|
|
|
|
|
'name' => 'Updated Name',
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$response->assertStatus(200)
|
|
|
|
|
->assertJsonPath('data.name', 'Updated Name');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('returns 404 for nonexistent client', function () {
|
|
|
|
|
$user = User::factory()->create(['role' => 'staff']);
|
|
|
|
|
|
|
|
|
|
$this->actingAs($user)->getJson('/api/clients/9999')
|
|
|
|
|
->assertStatus(404);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('unauthenticated request returns 401', function () {
|
|
|
|
|
$this->getJson('/api/clients')->assertStatus(401);
|
|
|
|
|
});
|
2026-07-18 09:34:18 +00:00
|
|
|
|
|
|
|
|
it('admin can soft delete a client', function () {
|
|
|
|
|
$admin = User::factory()->create(['role' => 'admin']);
|
|
|
|
|
$client = Client::factory()->create();
|
|
|
|
|
|
|
|
|
|
$response = $this->actingAs($admin)->deleteJson("/api/clients/{$client->id}");
|
|
|
|
|
|
|
|
|
|
$response->assertStatus(204);
|
|
|
|
|
// Row is retained, only soft-deleted (deleted_at set)
|
|
|
|
|
$this->assertSoftDeleted('clients', ['id' => $client->id]);
|
|
|
|
|
$this->assertDatabaseHas('clients', ['id' => $client->id]);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('staff cannot delete a client', function () {
|
|
|
|
|
$staff = User::factory()->create(['role' => 'staff']);
|
|
|
|
|
$client = Client::factory()->create();
|
|
|
|
|
|
|
|
|
|
$this->actingAs($staff)->deleteJson("/api/clients/{$client->id}")
|
|
|
|
|
->assertStatus(403);
|
|
|
|
|
|
|
|
|
|
$this->assertNotSoftDeleted('clients', ['id' => $client->id]);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('soft deleted clients are excluded from listings', function () {
|
|
|
|
|
$admin = User::factory()->create(['role' => 'admin']);
|
|
|
|
|
Client::factory(2)->create();
|
|
|
|
|
Client::factory()->create()->delete();
|
|
|
|
|
|
|
|
|
|
$this->actingAs($admin)->getJson('/api/clients')
|
|
|
|
|
->assertStatus(200)
|
|
|
|
|
->assertJsonCount(2, 'data');
|
|
|
|
|
});
|