nothingworksinc/ticketbeast
1
0
Fork 0
mirror of https://github.com/nothingworksinc/ticketbeast.git synced 2026-02-21 19:55:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

(add authorization tests for publishing concerts)

Browse Source
This commit is contained in:
Adam Wathan
2017-07-10 14:37:01 -04:00
parent 85a81dc0ea
commit d4c1a32dc6
3 changed files with 53 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/Backstage/PublishedConcertsController.php
View File

@@ -6,18 +6,20 @@ use App\Concert;
use Carbon\Carbon; use Carbon\Carbon;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Auth;
class PublishedConcertsController extends Controller class PublishedConcertsController extends Controller
{ {
public function store() public function store()
{ {
$concert = Concert::find(request('concert_id')); $concert = Auth::user()->concerts()->findOrFail(request('concert_id'));
if ($concert->isPublished()) { if ($concert->isPublished()) {
abort(422); abort(422);
} }
$concert->publish(); $concert->publish();
return redirect()->route('backstage.concerts.index'); return redirect()->route('backstage.concerts.index');
} }
} }

2
routes/web.php
View File

@@ -25,6 +25,6 @@ Route::group(['middleware' => 'auth', 'prefix' => 'backstage', 'namespace' => 'B
Route::post('/concerts', 'ConcertsController@store'); Route::post('/concerts', 'ConcertsController@store');
Route::get('/concerts/{id}/edit', 'ConcertsController@edit')->name('backstage.concerts.edit'); Route::get('/concerts/{id}/edit', 'ConcertsController@edit')->name('backstage.concerts.edit');
Route::patch('/concerts/{id}', 'ConcertsController@update')->name('backstage.concerts.update'); Route::patch('/concerts/{id}', 'ConcertsController@update')->name('backstage.concerts.update');
Route::post('/published-concerts', 'PublishedConcertsController@store');
}); });
Route::post('/backstage/published-concerts', 'Backstage\PublishedConcertsController@store');

49
tests/Feature/Backstage/PublishConcertTest.php
View File

@@ -48,4 +48,53 @@ class PublishConcertTest extends TestCase
$response->assertStatus(422); $response->assertStatus(422);
$this->assertEquals(3, $concert->fresh()->ticketsRemaining()); $this->assertEquals(3, $concert->fresh()->ticketsRemaining());
} }
/** @test */
function a_promoter_cannot_publish_other_concerts()
{
$user = factory(User::class)->create();
$otherUser = factory(User::class)->create();
$concert = factory(Concert::class)->states('unpublished')->create([
'user_id' => $otherUser->id,
'ticket_quantity' => 3,
]);
$response = $this->actingAs($user)->post('/backstage/published-concerts', [
'concert_id' => $concert->id,
]);
$response->assertStatus(404);
$concert = $concert->fresh();
$this->assertFalse($concert->isPublished());
$this->assertEquals(0, $concert->ticketsRemaining());
}
/** @test */
function a_guest_cannot_publish_concerts()
{
$concert = factory(Concert::class)->states('unpublished')->create([
'ticket_quantity' => 3,
]);
$response = $this->post('/backstage/published-concerts', [
'concert_id' => $concert->id,
]);
$response->assertRedirect('/login');
$concert = $concert->fresh();
$this->assertFalse($concert->isPublished());
$this->assertEquals(0, $concert->ticketsRemaining());
}
/** @test */
function concerts_that_do_not_exist_cannot_be_published()
{
$user = factory(User::class)->create();
$response = $this->actingAs($user)->post('/backstage/published-concerts', [
'concert_id' => 999,
]);
$response->assertStatus(404);
}
} }