From 049499366f62352e78a826776b1fb7a52294bac0 Mon Sep 17 00:00:00 2001
From: Adam Wathan <adam.wathan@gmail.com>
Date: Tue, 22 Aug 2017 09:43:54 -0400
Subject: [PATCH] (add authorization and validation tests)

---
 .../Backstage/ConcertMessagesController.php   |  5 ++
 .../Backstage/MessageAttendeesTest.php        | 74 +++++++++++++++++++
 2 files changed, 79 insertions(+)

diff --git a/app/Http/Controllers/Backstage/ConcertMessagesController.php b/app/Http/Controllers/Backstage/ConcertMessagesController.php
index b99c266..86532f2 100644
--- a/app/Http/Controllers/Backstage/ConcertMessagesController.php
+++ b/app/Http/Controllers/Backstage/ConcertMessagesController.php
@@ -19,6 +19,11 @@ class ConcertMessagesController extends Controller
     {
         $concert = Auth::user()->concerts()->findOrFail($id);
 
+        $this->validate(request(), [
+            'subject' => ['required'],
+            'message' => ['required'],
+        ]);
+
         $message = $concert->attendeeMessages()->create(request(['subject', 'message']));
 
         return redirect()->route('backstage.concert-messages.new', $concert)
diff --git a/tests/Feature/Backstage/MessageAttendeesTest.php b/tests/Feature/Backstage/MessageAttendeesTest.php
index ef35756..362f329 100644
--- a/tests/Feature/Backstage/MessageAttendeesTest.php
+++ b/tests/Feature/Backstage/MessageAttendeesTest.php
@@ -75,4 +75,78 @@ class MessageAttendeesTest extends TestCase
         $this->assertEquals('My subject', $message->subject);
         $this->assertEquals('My message', $message->message);
     }
+
+    /** @test */
+    function a_promoter_cannot_send_a_new_message_for_other_concerts()
+    {
+        $user = factory(User::class)->create();
+        $otherUser = factory(User::class)->create();
+        $concert = ConcertFactory::createPublished([
+            'user_id' => $otherUser->id,
+        ]);
+
+        $response = $this->actingAs($user)->post("/backstage/concerts/{$concert->id}/messages", [
+            'subject' => 'My subject',
+            'message' => 'My message',
+        ]);
+
+        $response->assertStatus(404);
+        $this->assertEquals(0, AttendeeMessage::count());
+    }
+
+    /** @test */
+    function a_guest_cannot_send_a_new_message_for_any_concerts()
+    {
+        $concert = ConcertFactory::createPublished();
+
+        $response = $this->post("/backstage/concerts/{$concert->id}/messages", [
+            'subject' => 'My subject',
+            'message' => 'My message',
+        ]);
+
+        $response->assertRedirect('/login');
+        $this->assertEquals(0, AttendeeMessage::count());
+    }
+
+    /** @test */
+    function subject_is_required()
+    {
+        $user = factory(User::class)->create();
+        $concert = ConcertFactory::createPublished([
+            'user_id' => $user->id,
+        ]);
+
+        $response = $this->from("/backstage/concerts/{$concert->id}/messages/new")
+            ->actingAs($user)
+            ->post("/backstage/concerts/{$concert->id}/messages", [
+                'subject' => '',
+                'message' => 'My message',
+            ]);
+
+        $response->assertRedirect("/backstage/concerts/{$concert->id}/messages/new");
+
+        $response->assertSessionHasErrors('subject');
+        $this->assertEquals(0, AttendeeMessage::count());
+    }
+
+    /** @test */
+    function message_is_required()
+    {
+        $user = factory(User::class)->create();
+        $concert = ConcertFactory::createPublished([
+            'user_id' => $user->id,
+        ]);
+
+        $response = $this->from("/backstage/concerts/{$concert->id}/messages/new")
+            ->actingAs($user)
+            ->post("/backstage/concerts/{$concert->id}/messages", [
+                'subject' => 'My subject',
+                'message' => '',
+            ]);
+
+        $response->assertRedirect("/backstage/concerts/{$concert->id}/messages/new");
+
+        $response->assertSessionHasErrors('message');
+        $this->assertEquals(0, AttendeeMessage::count());
+    }
 }