From 70e1c8f16bb62dedea27113af14027656651637a Mon Sep 17 00:00:00 2001 From: Adam Wathan Date: Thu, 29 Jun 2017 14:59:51 -0400 Subject: [PATCH] 116 - Restricting Updates to Unpublished Concerts --- .../Backstage/ConcertsController.php | 6 + routes/web.php | 2 +- tests/Feature/Backstage/AddConcertTest.php | 6 - tests/Feature/Backstage/EditConcertTest.php | 152 ++++++++++++++++++ tests/TestCase.php | 6 + 5 files changed, 165 insertions(+), 7 deletions(-) diff --git a/app/Http/Controllers/Backstage/ConcertsController.php b/app/Http/Controllers/Backstage/ConcertsController.php index 7be10bc..6e724e3 100644 --- a/app/Http/Controllers/Backstage/ConcertsController.php +++ b/app/Http/Controllers/Backstage/ConcertsController.php @@ -69,8 +69,14 @@ class ConcertsController extends Controller public function update($id) { + $this->validate(request(), [ + 'title' => ['required'], + ]); + $concert = Auth::user()->concerts()->findOrFail($id); + abort_if($concert->isPublished(), 403); + $concert->update([ 'title' => request('title'), 'subtitle' => request('subtitle'), diff --git a/routes/web.php b/routes/web.php index 9e0dbd6..afe496b 100644 --- a/routes/web.php +++ b/routes/web.php @@ -24,6 +24,6 @@ Route::group(['middleware' => 'auth', 'prefix' => 'backstage', 'namespace' => 'B Route::get('/concerts/new', 'ConcertsController@create')->name('backstage.concerts.new'); Route::post('/concerts', 'ConcertsController@store'); Route::get('/concerts/{id}/edit', 'ConcertsController@edit')->name('backstage.concerts.edit'); + Route::patch('/concerts/{id}', 'ConcertsController@update')->name('backstage.concerts.update'); }); -Route::patch('/backstage/concerts/{id}', 'Backstage\ConcertsController@update')->name('backstage.concerts.update'); diff --git a/tests/Feature/Backstage/AddConcertTest.php b/tests/Feature/Backstage/AddConcertTest.php index 1255e92..addaaf3 100644 --- a/tests/Feature/Backstage/AddConcertTest.php +++ b/tests/Feature/Backstage/AddConcertTest.php @@ -30,12 +30,6 @@ class AddConcertTest extends TestCase ], $overrides); } - private function from($url) - { - session()->setPreviousUrl(url($url)); - return $this; - } - /** @test */ function promoters_can_view_the_add_concert_form() { diff --git a/tests/Feature/Backstage/EditConcertTest.php b/tests/Feature/Backstage/EditConcertTest.php index 7b242bd..0a90665 100644 --- a/tests/Feature/Backstage/EditConcertTest.php +++ b/tests/Feature/Backstage/EditConcertTest.php @@ -12,6 +12,23 @@ class EditConcertTest extends TestCase { use DatabaseMigrations; + private function validParams($overrides = []) + { + return array_merge([ + 'title' => 'New title', + 'subtitle' => 'New subtitle', + 'additional_information' => 'New additional information', + 'date' => '2018-12-12', + 'time' => '8:00pm', + 'venue' => 'New venue', + 'venue_address' => 'New address', + 'city' => 'New city', + 'state' => 'New state', + 'zip' => '99999', + 'ticket_price' => '72.50', + ], $overrides); + } + /** @test */ function promoters_can_view_the_edit_form_for_their_own_unpublished_concerts() { @@ -180,4 +197,139 @@ class EditConcertTest extends TestCase $this->assertEquals(2000, $concert->ticket_price); }); } + + /** @test */ + function promoters_cannot_edit_published_concerts() + { + $user = factory(User::class)->create(); + $concert = factory(Concert::class)->states('published')->create([ + 'user_id' => $user->id, + 'title' => 'Old title', + 'subtitle' => 'Old subtitle', + 'additional_information' => 'Old additional information', + 'date' => Carbon::parse('2017-01-01 5:00pm'), + 'venue' => 'Old venue', + 'venue_address' => 'Old address', + 'city' => 'Old city', + 'state' => 'Old state', + 'zip' => '00000', + 'ticket_price' => 2000, + ]); + $this->assertTrue($concert->isPublished()); + + $response = $this->actingAs($user)->patch("/backstage/concerts/{$concert->id}", [ + 'title' => 'New title', + 'subtitle' => 'New subtitle', + 'additional_information' => 'New additional information', + 'date' => '2018-12-12', + 'time' => '8:00pm', + 'venue' => 'New venue', + 'venue_address' => 'New address', + 'city' => 'New city', + 'state' => 'New state', + 'zip' => '99999', + 'ticket_price' => '72.50', + ]); + + $response->assertStatus(403); + tap($concert->fresh(), function ($concert) { + $this->assertEquals('Old title', $concert->title); + $this->assertEquals('Old subtitle', $concert->subtitle); + $this->assertEquals('Old additional information', $concert->additional_information); + $this->assertEquals(Carbon::parse('2017-01-01 5:00pm'), $concert->date); + $this->assertEquals('Old venue', $concert->venue); + $this->assertEquals('Old address', $concert->venue_address); + $this->assertEquals('Old city', $concert->city); + $this->assertEquals('Old state', $concert->state); + $this->assertEquals('00000', $concert->zip); + $this->assertEquals(2000, $concert->ticket_price); + }); + } + + /** @test */ + function guests_cannot_edit_concerts() + { + $user = factory(User::class)->create(); + $concert = factory(Concert::class)->create([ + 'user_id' => $user->id, + 'title' => 'Old title', + 'subtitle' => 'Old subtitle', + 'additional_information' => 'Old additional information', + 'date' => Carbon::parse('2017-01-01 5:00pm'), + 'venue' => 'Old venue', + 'venue_address' => 'Old address', + 'city' => 'Old city', + 'state' => 'Old state', + 'zip' => '00000', + 'ticket_price' => 2000, + ]); + $this->assertFalse($concert->isPublished()); + + $response = $this->patch("/backstage/concerts/{$concert->id}", [ + 'title' => 'New title', + 'subtitle' => 'New subtitle', + 'additional_information' => 'New additional information', + 'date' => '2018-12-12', + 'time' => '8:00pm', + 'venue' => 'New venue', + 'venue_address' => 'New address', + 'city' => 'New city', + 'state' => 'New state', + 'zip' => '99999', + 'ticket_price' => '72.50', + ]); + + $response->assertRedirect('/login'); + tap($concert->fresh(), function ($concert) { + $this->assertEquals('Old title', $concert->title); + $this->assertEquals('Old subtitle', $concert->subtitle); + $this->assertEquals('Old additional information', $concert->additional_information); + $this->assertEquals(Carbon::parse('2017-01-01 5:00pm'), $concert->date); + $this->assertEquals('Old venue', $concert->venue); + $this->assertEquals('Old address', $concert->venue_address); + $this->assertEquals('Old city', $concert->city); + $this->assertEquals('Old state', $concert->state); + $this->assertEquals('00000', $concert->zip); + $this->assertEquals(2000, $concert->ticket_price); + }); + } + + /** @test */ + function title_is_required() + { + $user = factory(User::class)->create(); + $concert = factory(Concert::class)->create([ + 'user_id' => $user->id, + 'title' => 'Old title', + 'subtitle' => 'Old subtitle', + 'additional_information' => 'Old additional information', + 'date' => Carbon::parse('2017-01-01 5:00pm'), + 'venue' => 'Old venue', + 'venue_address' => 'Old address', + 'city' => 'Old city', + 'state' => 'Old state', + 'zip' => '00000', + 'ticket_price' => 2000, + ]); + $this->assertFalse($concert->isPublished()); + + $response = $this->actingAs($user)->from("/backstage/concerts/{$concert->id}/edit")->patch("/backstage/concerts/{$concert->id}", $this->validParams([ + 'title' => '', + ])); + + $response->assertRedirect("/backstage/concerts/{$concert->id}/edit"); + $response->assertSessionHasErrors('title'); + tap($concert->fresh(), function ($concert) { + $this->assertEquals('Old title', $concert->title); + $this->assertEquals('Old subtitle', $concert->subtitle); + $this->assertEquals('Old additional information', $concert->additional_information); + $this->assertEquals(Carbon::parse('2017-01-01 5:00pm'), $concert->date); + $this->assertEquals('Old venue', $concert->venue); + $this->assertEquals('Old address', $concert->venue_address); + $this->assertEquals('Old city', $concert->city); + $this->assertEquals('Old state', $concert->state); + $this->assertEquals('00000', $concert->zip); + $this->assertEquals(2000, $concert->ticket_price); + }); + } } diff --git a/tests/TestCase.php b/tests/TestCase.php index 76387b6..e45b1c8 100644 --- a/tests/TestCase.php +++ b/tests/TestCase.php @@ -37,4 +37,10 @@ abstract class TestCase extends \Illuminate\Foundation\Testing\TestCase } }); } + + protected function from($url) + { + session()->setPreviousUrl(url($url)); + return $this; + } }