Mirrors the frontend catch-up in 570f17e: a substantial amount of
finished-but-never-committed backend work had accumulated locally.
- New CustomField module: admin-managed field definitions per client,
reorderable, typed values stored per client (backing the frontend's
ClientCustomFieldCard + settings/fields page)
- History entries switch from a hardcoded type enum to a dynamic,
admin-managed HistoryType module (reorderable, backing
settings/history-types)
- New Import module: CSV client import (backing settings/import)
- Clients table gains soft deletes (deleted_at)
- Supporting factories, seeders, policies, and feature tests for all
of the above
All 63 backend tests pass locally before this commit.
99 lines
3 KiB
PHP
99 lines
3 KiB
PHP
<?php
|
|
|
|
use App\Models\User;
|
|
use App\Modules\Client\Models\Client;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
it('staff can list clients', function () {
|
|
$user = User::factory()->create(['role' => 'staff']);
|
|
Client::factory(3)->create();
|
|
|
|
$response = $this->actingAs($user)->getJson('/api/clients');
|
|
|
|
$response->assertStatus(200)
|
|
->assertJsonCount(3, 'data');
|
|
});
|
|
|
|
it('staff can create a client', function () {
|
|
$user = User::factory()->create(['role' => 'staff']);
|
|
|
|
$response = $this->actingAs($user)->postJson('/api/clients', [
|
|
'client_number' => 'K001',
|
|
'name' => 'Müller GmbH',
|
|
]);
|
|
|
|
$response->assertStatus(201)
|
|
->assertJsonPath('data.client_number', 'K001')
|
|
->assertJsonPath('data.name', 'Müller GmbH');
|
|
|
|
$this->assertDatabaseHas('clients', ['client_number' => 'K001']);
|
|
});
|
|
|
|
it('rejects duplicate client_number', function () {
|
|
$user = User::factory()->create(['role' => 'staff']);
|
|
Client::factory()->create(['client_number' => 'K001']);
|
|
|
|
$response = $this->actingAs($user)->postJson('/api/clients', [
|
|
'client_number' => 'K001',
|
|
'name' => 'Other GmbH',
|
|
]);
|
|
|
|
$response->assertStatus(422);
|
|
});
|
|
|
|
it('staff can update a client', function () {
|
|
$user = User::factory()->create(['role' => 'staff']);
|
|
$client = Client::factory()->create();
|
|
|
|
$response = $this->actingAs($user)->putJson("/api/clients/{$client->id}", [
|
|
'name' => 'Updated Name',
|
|
]);
|
|
|
|
$response->assertStatus(200)
|
|
->assertJsonPath('data.name', 'Updated Name');
|
|
});
|
|
|
|
it('returns 404 for nonexistent client', function () {
|
|
$user = User::factory()->create(['role' => 'staff']);
|
|
|
|
$this->actingAs($user)->getJson('/api/clients/9999')
|
|
->assertStatus(404);
|
|
});
|
|
|
|
it('unauthenticated request returns 401', function () {
|
|
$this->getJson('/api/clients')->assertStatus(401);
|
|
});
|
|
|
|
it('admin can soft delete a client', function () {
|
|
$admin = User::factory()->create(['role' => 'admin']);
|
|
$client = Client::factory()->create();
|
|
|
|
$response = $this->actingAs($admin)->deleteJson("/api/clients/{$client->id}");
|
|
|
|
$response->assertStatus(204);
|
|
// Row is retained, only soft-deleted (deleted_at set)
|
|
$this->assertSoftDeleted('clients', ['id' => $client->id]);
|
|
$this->assertDatabaseHas('clients', ['id' => $client->id]);
|
|
});
|
|
|
|
it('staff cannot delete a client', function () {
|
|
$staff = User::factory()->create(['role' => 'staff']);
|
|
$client = Client::factory()->create();
|
|
|
|
$this->actingAs($staff)->deleteJson("/api/clients/{$client->id}")
|
|
->assertStatus(403);
|
|
|
|
$this->assertNotSoftDeleted('clients', ['id' => $client->id]);
|
|
});
|
|
|
|
it('soft deleted clients are excluded from listings', function () {
|
|
$admin = User::factory()->create(['role' => 'admin']);
|
|
Client::factory(2)->create();
|
|
Client::factory()->create()->delete();
|
|
|
|
$this->actingAs($admin)->getJson('/api/clients')
|
|
->assertStatus(200)
|
|
->assertJsonCount(2, 'data');
|
|
});
|