(add authorization and validation tests)

2026-01-26 11:14:06 +00:00 · 2017-08-22 09:43:54 -04:00
parent 189ff2750c
commit 049499366f
2 changed files with 79 additions and 0 deletions
--- a/app/Http/Controllers/Backstage/ConcertMessagesController.php
+++ b/app/Http/Controllers/Backstage/ConcertMessagesController.php
@@ -19,6 +19,11 @@ class ConcertMessagesController extends Controller
    {
        $concert = Auth::user()->concerts()->findOrFail($id);

+        $this->validate(request(), [
+            'subject' => ['required'],
+            'message' => ['required'],
+        ]);
+
        $message = $concert->attendeeMessages()->create(request(['subject', 'message']));

        return redirect()->route('backstage.concert-messages.new', $concert)
--- a/tests/Feature/Backstage/MessageAttendeesTest.php
+++ b/tests/Feature/Backstage/MessageAttendeesTest.php
@@ -75,4 +75,78 @@ class MessageAttendeesTest extends TestCase
        $this->assertEquals('My subject', $message->subject);
        $this->assertEquals('My message', $message->message);
    }
+
+    /** @test */
+    function a_promoter_cannot_send_a_new_message_for_other_concerts()
+    {
+        $user = factory(User::class)->create();
+        $otherUser = factory(User::class)->create();
+        $concert = ConcertFactory::createPublished([
+            'user_id' => $otherUser->id,
+        ]);
+
+        $response = $this->actingAs($user)->post("/backstage/concerts/{$concert->id}/messages", [
+            'subject' => 'My subject',
+            'message' => 'My message',
+        ]);
+
+        $response->assertStatus(404);
+        $this->assertEquals(0, AttendeeMessage::count());
+    }
+
+    /** @test */
+    function a_guest_cannot_send_a_new_message_for_any_concerts()
+    {
+        $concert = ConcertFactory::createPublished();
+
+        $response = $this->post("/backstage/concerts/{$concert->id}/messages", [
+            'subject' => 'My subject',
+            'message' => 'My message',
+        ]);
+
+        $response->assertRedirect('/login');
+        $this->assertEquals(0, AttendeeMessage::count());
+    }
+
+    /** @test */
+    function subject_is_required()
+    {
+        $user = factory(User::class)->create();
+        $concert = ConcertFactory::createPublished([
+            'user_id' => $user->id,
+        ]);
+
+        $response = $this->from("/backstage/concerts/{$concert->id}/messages/new")
+            ->actingAs($user)
+            ->post("/backstage/concerts/{$concert->id}/messages", [
+                'subject' => '',
+                'message' => 'My message',
+            ]);
+
+        $response->assertRedirect("/backstage/concerts/{$concert->id}/messages/new");
+
+        $response->assertSessionHasErrors('subject');
+        $this->assertEquals(0, AttendeeMessage::count());
+    }
+
+    /** @test */
+    function message_is_required()
+    {
+        $user = factory(User::class)->create();
+        $concert = ConcertFactory::createPublished([
+            'user_id' => $user->id,
+        ]);
+
+        $response = $this->from("/backstage/concerts/{$concert->id}/messages/new")
+            ->actingAs($user)
+            ->post("/backstage/concerts/{$concert->id}/messages", [
+                'subject' => 'My subject',
+                'message' => '',
+            ]);
+
+        $response->assertRedirect("/backstage/concerts/{$concert->id}/messages/new");
+
+        $response->assertSessionHasErrors('message');
+        $this->assertEquals(0, AttendeeMessage::count());
+    }
 }