create(['role' => 'staff']); Client::factory(3)->create(); $response = $this->actingAs($user)->getJson('/api/clients'); $response->assertStatus(200) ->assertJsonCount(3, 'data'); }); it('staff can create a client', function () { $user = User::factory()->create(['role' => 'staff']); $response = $this->actingAs($user)->postJson('/api/clients', [ 'client_number' => 'K001', 'name' => 'Müller GmbH', ]); $response->assertStatus(201) ->assertJsonPath('data.client_number', 'K001') ->assertJsonPath('data.name', 'Müller GmbH'); $this->assertDatabaseHas('clients', ['client_number' => 'K001']); }); it('rejects duplicate client_number', function () { $user = User::factory()->create(['role' => 'staff']); Client::factory()->create(['client_number' => 'K001']); $response = $this->actingAs($user)->postJson('/api/clients', [ 'client_number' => 'K001', 'name' => 'Other GmbH', ]); $response->assertStatus(422); }); it('staff can update a client', function () { $user = User::factory()->create(['role' => 'staff']); $client = Client::factory()->create(); $response = $this->actingAs($user)->putJson("/api/clients/{$client->id}", [ 'name' => 'Updated Name', ]); $response->assertStatus(200) ->assertJsonPath('data.name', 'Updated Name'); }); it('returns 404 for nonexistent client', function () { $user = User::factory()->create(['role' => 'staff']); $this->actingAs($user)->getJson('/api/clients/9999') ->assertStatus(404); }); it('unauthenticated request returns 401', function () { $this->getJson('/api/clients')->assertStatus(401); });