mirror of
https://github.com/solidtime-io/solidtime.git
synced 2026-06-15 13:32:43 +01:00
Compare commits
6 Commits
f826474f88
...
b3785f0aa6
| Author | SHA1 | Date | |
|---|---|---|---|
|
b3785f0aa6 | ||
|
|
8e47f07f09 | ||
|
|
da611086e8 | ||
|
|
a220d0e592 | ||
|
|
0e2c4431a0 | ||
|
|
2f4c079f9f |
@@ -54,15 +54,9 @@ class OrganizationController extends Controller
|
||||
'currencies' => array_map(function (Currency $currency): string {
|
||||
return $currency->getName();
|
||||
}, ISOCurrencyProvider::getInstance()->getAvailableCurrencies()),
|
||||
'availableRoles' => [],
|
||||
'availablePermissions' => [],
|
||||
'defaultPermissions' => [],
|
||||
'permissions' => [
|
||||
'canAddTeamMembers' => true,
|
||||
'canDeleteTeam' => true,
|
||||
'canRemoveTeamMembers' => true,
|
||||
'canUpdateTeam' => true,
|
||||
'canUpdateTeamMembers' => true,
|
||||
'canDeleteTeam' => $this->hasPermission($organization, 'organizations:delete'),
|
||||
'canUpdateTeam' => $this->hasPermission($organization, 'organizations:update'),
|
||||
],
|
||||
]);
|
||||
}
|
||||
|
||||
@@ -62,6 +62,7 @@ class UserService
|
||||
$intervalFormat,
|
||||
$timeFormat,
|
||||
);
|
||||
$this->switchCurrentOrganization($user, $organization);
|
||||
}
|
||||
|
||||
return $user;
|
||||
|
||||
@@ -132,7 +132,8 @@
|
||||
"pestphp/pest-plugin": true,
|
||||
"php-http/discovery": true,
|
||||
"wikimedia/composer-merge-plugin": true
|
||||
}
|
||||
},
|
||||
"process-timeout": 900
|
||||
},
|
||||
"minimum-stability": "stable",
|
||||
"prefer-stable": true
|
||||
|
||||
@@ -36,8 +36,20 @@ async function createTimeEntry(page, duration: string) {
|
||||
test('test that organization name can be updated', async ({ page }) => {
|
||||
await goToOrganizationSettings(page);
|
||||
await page.getByLabel('Organization Name').fill('NEW ORG NAME');
|
||||
await page.getByLabel('Organization Name').press('Enter');
|
||||
await page.getByLabel('Organization Name').press('Meta+r');
|
||||
await Promise.all([
|
||||
page.waitForResponse(
|
||||
(response) =>
|
||||
response.url().includes('/api/v1/organizations/') &&
|
||||
response.request().method() === 'PUT' &&
|
||||
response.status() === 200
|
||||
),
|
||||
page
|
||||
.locator('form')
|
||||
.filter({ hasText: 'Organization Name' })
|
||||
.getByRole('button', { name: 'Save' })
|
||||
.click(),
|
||||
]);
|
||||
await page.reload();
|
||||
await expect(page.locator('[data-testid="organization_switcher"]:visible')).toContainText(
|
||||
'NEW ORG NAME'
|
||||
);
|
||||
@@ -369,6 +381,124 @@ test('test that format settings persist after page reload', async ({ page }) =>
|
||||
await expect(page.getByLabel('Date Format')).toContainText('DD/MM/YYYY');
|
||||
});
|
||||
|
||||
// =============================================
|
||||
// Create, Delete & Switch
|
||||
// =============================================
|
||||
|
||||
test.describe('Organization Create, Delete & Switch', () => {
|
||||
async function createOrganization(page, name: string) {
|
||||
await page.goto(PLAYWRIGHT_BASE_URL + '/teams/create');
|
||||
await page.getByLabel('Organization Name').fill(name);
|
||||
await Promise.all([
|
||||
page.waitForResponse(
|
||||
(response) =>
|
||||
response.url().includes('/api/v1/organizations') &&
|
||||
response.request().method() === 'POST' &&
|
||||
response.status() === 201
|
||||
),
|
||||
page.getByRole('button', { name: 'Create' }).click(),
|
||||
]);
|
||||
// The backend switches the current organization to the new one and the
|
||||
// frontend reloads into its dashboard.
|
||||
await expect(page.getByTestId('dashboard_view')).toBeVisible({ timeout: 10000 });
|
||||
}
|
||||
|
||||
test('can create a new organization and switches to it automatically', async ({ page }) => {
|
||||
const newOrgName = 'CreateOrg' + Math.floor(Math.random() * 100000);
|
||||
await createOrganization(page, newOrgName);
|
||||
|
||||
await expect(page.locator('[data-testid="organization_switcher"]:visible')).toContainText(
|
||||
newOrgName
|
||||
);
|
||||
});
|
||||
|
||||
test('does not create an organization when the name is empty', async ({ page }) => {
|
||||
await page.goto(PLAYWRIGHT_BASE_URL + '/teams/create');
|
||||
|
||||
// The form posts to the API, which rejects the empty name with a 422.
|
||||
await Promise.all([
|
||||
page.waitForResponse(
|
||||
(response) =>
|
||||
response.url().includes('/api/v1/organizations') &&
|
||||
response.request().method() === 'POST' &&
|
||||
response.status() === 422
|
||||
),
|
||||
page.getByRole('button', { name: 'Create' }).click(),
|
||||
]);
|
||||
|
||||
// Validation failed, so we stay on the create form and never reach a
|
||||
// dashboard. ('/teams/create' redirects to '/organizations/create', so
|
||||
// assert on the form rather than the URL.)
|
||||
await expect(page.getByText('Organization Details')).toBeVisible();
|
||||
await expect(page.getByRole('alert')).toContainText('The name field is required.');
|
||||
await expect(page.getByLabel('Organization Name')).toHaveAttribute('aria-invalid', 'true');
|
||||
await expect(page.getByTestId('dashboard_view')).toHaveCount(0);
|
||||
});
|
||||
|
||||
test('can delete an organization', async ({ page }) => {
|
||||
// Create a throwaway organization so the primary one is never deleted.
|
||||
const orgName = 'DeleteOrg' + Math.floor(Math.random() * 100000);
|
||||
await createOrganization(page, orgName);
|
||||
|
||||
// Open the (now current) throwaway organization's settings.
|
||||
await goToOrganizationSettings(page);
|
||||
|
||||
// Open the confirmation modal, then confirm inside the dialog.
|
||||
await page.getByRole('button', { name: 'Delete Organization' }).click();
|
||||
await Promise.all([
|
||||
page.waitForResponse(
|
||||
(response) =>
|
||||
response.url().includes('/api/v1/organizations') &&
|
||||
response.request().method() === 'DELETE' &&
|
||||
response.status() === 204
|
||||
),
|
||||
page.getByRole('dialog').getByRole('button', { name: 'Delete Organization' }).click(),
|
||||
]);
|
||||
|
||||
// We are redirected to the dashboard of a different organization.
|
||||
await expect(page.getByTestId('dashboard_view')).toBeVisible({ timeout: 10000 });
|
||||
await expect(
|
||||
page.locator('[data-testid="organization_switcher"]:visible')
|
||||
).not.toContainText(orgName);
|
||||
});
|
||||
|
||||
test('can switch the current organization via the organization switcher', async ({ page }) => {
|
||||
await page.goto(PLAYWRIGHT_BASE_URL + '/dashboard');
|
||||
const orgSwitcher = page.locator('[data-testid="organization_switcher"]:visible');
|
||||
await expect(orgSwitcher).toBeVisible();
|
||||
const previousOrgNameLines = (await orgSwitcher.innerText())
|
||||
.split('\n')
|
||||
.map((line) => line.trim())
|
||||
.filter(Boolean);
|
||||
const previousOrgName = previousOrgNameLines[previousOrgNameLines.length - 1];
|
||||
|
||||
// Ensure there are at least two organizations to switch between.
|
||||
const orgName = 'SwitchOrg' + Math.floor(Math.random() * 100000);
|
||||
await createOrganization(page, orgName);
|
||||
|
||||
await expect(orgSwitcher).toContainText(orgName);
|
||||
|
||||
// Open the switcher and pick a different organization.
|
||||
await orgSwitcher.click();
|
||||
await expect(page.getByText('Switch Organizations')).toBeVisible();
|
||||
const otherOrgButton = page.getByRole('menuitem', { name: previousOrgName });
|
||||
await expect(otherOrgButton).toBeVisible();
|
||||
|
||||
await Promise.all([
|
||||
page.waitForResponse(
|
||||
(response) =>
|
||||
response.url().includes('/users/me/current-organization') &&
|
||||
response.request().method() === 'PUT' &&
|
||||
response.status() === 200
|
||||
),
|
||||
otherOrgButton.click(),
|
||||
]);
|
||||
|
||||
await expect(orgSwitcher).not.toContainText(orgName, { timeout: 10000 });
|
||||
await expect(orgSwitcher).toContainText(previousOrgName, { timeout: 10000 });
|
||||
});
|
||||
});
|
||||
|
||||
// =============================================
|
||||
// Admin Permission Tests
|
||||
// =============================================
|
||||
@@ -396,6 +526,9 @@ test.describe('Admin Organization Settings Access', () => {
|
||||
// Save buttons should be visible (admin can update)
|
||||
await expect(admin.page.getByRole('button', { name: 'Save' }).first()).toBeVisible();
|
||||
|
||||
// The Organization Name input is editable (admin can update)
|
||||
await expect(admin.page.getByLabel('Organization Name')).toBeEnabled();
|
||||
|
||||
// Delete organization should NOT be visible (owner only)
|
||||
await expect(
|
||||
admin.page.getByRole('heading', { name: 'Delete Organization' })
|
||||
@@ -416,6 +549,10 @@ test.describe('Employee Organization Settings Restrictions', () => {
|
||||
employee.page.getByRole('heading', { name: 'Organization Name', level: 3 })
|
||||
).toBeVisible({ timeout: 10000 });
|
||||
|
||||
// The name and currency inputs are rendered but disabled (employee cannot update)
|
||||
await expect(employee.page.getByLabel('Organization Name')).toBeDisabled();
|
||||
await expect(employee.page.getByLabel('Currency')).toBeDisabled();
|
||||
|
||||
// Editable settings sections should NOT be visible
|
||||
await expect(
|
||||
employee.page.getByRole('heading', { name: 'Billable Rate', level: 3 })
|
||||
@@ -429,5 +566,10 @@ test.describe('Employee Organization Settings Restrictions', () => {
|
||||
|
||||
// Save button should not be visible (employee cannot update)
|
||||
await expect(employee.page.getByRole('button', { name: 'Save' })).not.toBeVisible();
|
||||
|
||||
// Delete organization should NOT be visible (owner only)
|
||||
await expect(
|
||||
employee.page.getByRole('heading', { name: 'Delete Organization' })
|
||||
).not.toBeVisible();
|
||||
});
|
||||
});
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
<script setup lang="ts">
|
||||
import { computed, onBeforeUnmount, ref, watch } from 'vue';
|
||||
import { usePage } from '@inertiajs/vue3';
|
||||
import axios from 'axios';
|
||||
import ActionMessage from '@/Components/ActionMessage.vue';
|
||||
import FormSection from '@/Components/FormSection.vue';
|
||||
import { Field, FieldError, FieldLabel } from '@/packages/ui/src/field';
|
||||
@@ -16,6 +15,7 @@ import {
|
||||
useUserQuery,
|
||||
} from '@/utils/useUserQuery';
|
||||
import type { UpdateUserBody, User } from '@/packages/api/src';
|
||||
import { getApiValidationFieldErrors } from '@/utils/apiValidation';
|
||||
|
||||
const { user } = useUserQuery();
|
||||
const updateUser = useUpdateUserMutation();
|
||||
@@ -58,17 +58,9 @@ const hasUploadedPhoto = computed(() => {
|
||||
return !!url && !url.includes('ui-avatars.com');
|
||||
});
|
||||
|
||||
const fieldErrors = computed<Record<string, string>>(() => {
|
||||
const err = updateUser.error.value;
|
||||
if (!axios.isAxiosError(err) || err.response?.status !== 422) return {};
|
||||
const raw = err.response.data?.errors as Record<string, string[]> | undefined;
|
||||
if (!raw) return {};
|
||||
const flat: Record<string, string> = {};
|
||||
for (const [key, messages] of Object.entries(raw)) {
|
||||
if (Array.isArray(messages) && messages[0]) flat[key] = messages[0];
|
||||
}
|
||||
return flat;
|
||||
});
|
||||
const fieldErrors = computed<Record<string, string>>(() =>
|
||||
getApiValidationFieldErrors(updateUser.error.value)
|
||||
);
|
||||
|
||||
function buildPayload(): UpdateUserBody {
|
||||
if (!user.value) return {};
|
||||
|
||||
@@ -1,25 +1,68 @@
|
||||
<script setup lang="ts">
|
||||
import { useForm, usePage } from '@inertiajs/vue3';
|
||||
import { computed, ref, watch } from 'vue';
|
||||
import axios from 'axios';
|
||||
import { router, usePage } from '@inertiajs/vue3';
|
||||
import FormSection from '@/Components/FormSection.vue';
|
||||
import { Field, FieldLabel, FieldError } from '@/packages/ui/src/field';
|
||||
import { Field, FieldError, FieldLabel } from '@/packages/ui/src/field';
|
||||
import PrimaryButton from '@/packages/ui/src/Buttons/PrimaryButton.vue';
|
||||
import TextInput from '@/packages/ui/src/Input/TextInput.vue';
|
||||
import type { User } from '@/types/models';
|
||||
import { initializeStores } from '@/utils/init';
|
||||
import { useOrganizationStore } from '@/utils/useOrganization';
|
||||
import { useNotificationsStore } from '@/utils/notification';
|
||||
import {
|
||||
getApiValidationFieldErrors,
|
||||
getApiValidationMessage,
|
||||
isApiValidationError,
|
||||
} from '@/utils/apiValidation';
|
||||
|
||||
const form = useForm({
|
||||
name: '',
|
||||
const name = ref('');
|
||||
const processing = ref(false);
|
||||
const createError = ref<unknown>(null);
|
||||
const organizationStore = useOrganizationStore();
|
||||
const notifications = useNotificationsStore();
|
||||
|
||||
const fieldErrors = computed<Record<string, string>>(() =>
|
||||
getApiValidationFieldErrors(createError.value)
|
||||
);
|
||||
|
||||
watch(name, () => {
|
||||
createError.value = null;
|
||||
});
|
||||
|
||||
const createTeam = () => {
|
||||
form.post(route('teams.store'), {
|
||||
errorBag: 'createTeam',
|
||||
preserveScroll: true,
|
||||
onSuccess: () => {
|
||||
initializeStores();
|
||||
},
|
||||
});
|
||||
const createTeam = async () => {
|
||||
processing.value = true;
|
||||
createError.value = null;
|
||||
try {
|
||||
const organization = await organizationStore.createOrganization(name.value);
|
||||
if (organization) {
|
||||
notifications.addNotification('success', 'Organization created successfully');
|
||||
// The backend already switched the current organization to the new one.
|
||||
// Flush Inertia's prefetch cache and do a full reload so the new
|
||||
// organization context is picked up everywhere.
|
||||
router.flushAll();
|
||||
router.visit(route('dashboard'));
|
||||
}
|
||||
} catch (error) {
|
||||
createError.value = error;
|
||||
if (isApiValidationError(error)) {
|
||||
notifications.addNotification(
|
||||
'error',
|
||||
getApiValidationMessage(error, 'Failed to create organization')
|
||||
);
|
||||
} else if (axios.isAxiosError(error)) {
|
||||
notifications.addNotification(
|
||||
'error',
|
||||
'Failed to create organization',
|
||||
error.response?.data?.message ?? 'Please try again later.'
|
||||
);
|
||||
} else {
|
||||
notifications.addNotification('error', 'Failed to create organization');
|
||||
}
|
||||
} finally {
|
||||
processing.value = false;
|
||||
}
|
||||
};
|
||||
|
||||
const page = usePage<{
|
||||
auth: {
|
||||
user: User;
|
||||
@@ -60,16 +103,17 @@ const page = usePage<{
|
||||
<FieldLabel for="name">Organization Name</FieldLabel>
|
||||
<TextInput
|
||||
id="name"
|
||||
v-model="form.name"
|
||||
v-model="name"
|
||||
type="text"
|
||||
class="block w-full"
|
||||
autofocus />
|
||||
<FieldError v-if="form.errors.name">{{ form.errors.name }}</FieldError>
|
||||
autofocus
|
||||
:aria-invalid="Boolean(fieldErrors.name)" />
|
||||
<FieldError v-if="fieldErrors.name">{{ fieldErrors.name }}</FieldError>
|
||||
</Field>
|
||||
</template>
|
||||
|
||||
<template #actions>
|
||||
<PrimaryButton :class="{ 'opacity-25': form.processing }" :disabled="form.processing">
|
||||
<PrimaryButton :class="{ 'opacity-25': processing }" :disabled="processing">
|
||||
Create
|
||||
</PrimaryButton>
|
||||
</template>
|
||||
|
||||
@@ -1,26 +1,36 @@
|
||||
<script setup lang="ts">
|
||||
import { ref } from 'vue';
|
||||
import { useForm } from '@inertiajs/vue3';
|
||||
import { router } from '@inertiajs/vue3';
|
||||
import ActionSection from '@/Components/ActionSection.vue';
|
||||
import ConfirmationModal from '@/Components/ConfirmationModal.vue';
|
||||
import DangerButton from '@/packages/ui/src/Buttons/DangerButton.vue';
|
||||
import SecondaryButton from '@/packages/ui/src/Buttons/SecondaryButton.vue';
|
||||
import { useOrganizationStore } from '@/utils/useOrganization';
|
||||
|
||||
const props = defineProps({
|
||||
team: Object,
|
||||
});
|
||||
const props = defineProps<{
|
||||
team: { id: string };
|
||||
}>();
|
||||
|
||||
const confirmingTeamDeletion = ref(false);
|
||||
const form = useForm({});
|
||||
const processing = ref(false);
|
||||
const organizationStore = useOrganizationStore();
|
||||
|
||||
const confirmTeamDeletion = () => {
|
||||
confirmingTeamDeletion.value = true;
|
||||
};
|
||||
|
||||
const deleteTeam = () => {
|
||||
form.delete(route('teams.destroy', props.team), {
|
||||
errorBag: 'deleteTeam',
|
||||
});
|
||||
const deleteTeam = async () => {
|
||||
processing.value = true;
|
||||
try {
|
||||
await organizationStore.deleteOrganization(props.team.id);
|
||||
// The backend reassigns the user's current organization after deletion,
|
||||
// so flush the prefetch cache and reload into the dashboard.
|
||||
router.flushAll();
|
||||
router.visit(route('dashboard'));
|
||||
} catch {
|
||||
// Request errors are surfaced as notifications by the store.
|
||||
processing.value = false;
|
||||
}
|
||||
};
|
||||
</script>
|
||||
|
||||
@@ -59,8 +69,8 @@ const deleteTeam = () => {
|
||||
|
||||
<DangerButton
|
||||
class="ms-3"
|
||||
:class="{ 'opacity-25': form.processing }"
|
||||
:disabled="form.processing"
|
||||
:class="{ 'opacity-25': processing }"
|
||||
:disabled="processing"
|
||||
@click="deleteTeam">
|
||||
Delete Organization
|
||||
</DangerButton>
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<script setup lang="ts">
|
||||
import { Link, useForm } from '@inertiajs/vue3';
|
||||
import { Link, router } from '@inertiajs/vue3';
|
||||
import { reactive, ref } from 'vue';
|
||||
import axios from 'axios';
|
||||
import ActionMessage from '@/Components/ActionMessage.vue';
|
||||
import FormSection from '@/Components/FormSection.vue';
|
||||
import { Field, FieldLabel, FieldError } from '@/packages/ui/src/field';
|
||||
@@ -10,22 +12,66 @@ import type { Permissions } from '@/types/jetstream';
|
||||
import { CreditCardIcon } from '@heroicons/vue/20/solid';
|
||||
import { isBillingActivated } from '@/utils/billing';
|
||||
import { canManageBilling } from '@/utils/permissions';
|
||||
import { api } from '@/packages/api/src';
|
||||
import { useNotificationsStore } from '@/utils/notification';
|
||||
import { getApiValidationFieldErrors, isApiValidationError } from '@/utils/apiValidation';
|
||||
|
||||
const props = defineProps<{
|
||||
team: Organization;
|
||||
permissions: Permissions;
|
||||
}>();
|
||||
|
||||
const form = useForm({
|
||||
const form = reactive({
|
||||
name: props.team.name,
|
||||
currency: props.team.currency,
|
||||
});
|
||||
|
||||
const updateTeamName = () => {
|
||||
form.put(route('teams.update', props.team.id), {
|
||||
errorBag: 'updateTeamName',
|
||||
preserveScroll: true,
|
||||
});
|
||||
const errors = ref<Record<string, string>>({});
|
||||
const processing = ref(false);
|
||||
const recentlySuccessful = ref(false);
|
||||
const notifications = useNotificationsStore();
|
||||
let recentlySuccessfulTimeout: ReturnType<typeof setTimeout> | undefined;
|
||||
|
||||
const updateTeamName = async () => {
|
||||
processing.value = true;
|
||||
recentlySuccessful.value = false;
|
||||
errors.value = {};
|
||||
try {
|
||||
await api.updateOrganization(
|
||||
{
|
||||
name: form.name,
|
||||
currency: form.currency,
|
||||
},
|
||||
{
|
||||
params: {
|
||||
organization: props.team.id,
|
||||
},
|
||||
}
|
||||
);
|
||||
notifications.addNotification('success', 'Organization updated successfully');
|
||||
recentlySuccessful.value = true;
|
||||
if (recentlySuccessfulTimeout) {
|
||||
clearTimeout(recentlySuccessfulTimeout);
|
||||
}
|
||||
recentlySuccessfulTimeout = setTimeout(() => {
|
||||
recentlySuccessful.value = false;
|
||||
}, 2000);
|
||||
router.reload({ only: ['auth', 'team'] });
|
||||
} catch (error) {
|
||||
if (isApiValidationError(error)) {
|
||||
errors.value = getApiValidationFieldErrors(error);
|
||||
} else if (axios.isAxiosError(error)) {
|
||||
notifications.addNotification(
|
||||
'error',
|
||||
'Failed to update organization',
|
||||
error.response?.data?.message ?? 'Please try again later.'
|
||||
);
|
||||
} else {
|
||||
notifications.addNotification('error', 'Failed to update organization');
|
||||
}
|
||||
} finally {
|
||||
processing.value = false;
|
||||
}
|
||||
};
|
||||
</script>
|
||||
|
||||
@@ -74,7 +120,7 @@ const updateTeamName = () => {
|
||||
class="block w-full"
|
||||
:disabled="!permissions.canUpdateTeam" />
|
||||
|
||||
<FieldError v-if="form.errors.name">{{ form.errors.name }}</FieldError>
|
||||
<FieldError v-if="errors.name">{{ errors.name }}</FieldError>
|
||||
</Field>
|
||||
|
||||
<!-- Currency -->
|
||||
@@ -94,14 +140,14 @@ const updateTeamName = () => {
|
||||
{{ currencyKey }} - {{ currencyTranslated }}
|
||||
</option>
|
||||
</select>
|
||||
<FieldError v-if="form.errors.currency">{{ form.errors.currency }}</FieldError>
|
||||
<FieldError v-if="errors.currency">{{ errors.currency }}</FieldError>
|
||||
</Field>
|
||||
</template>
|
||||
|
||||
<template v-if="permissions.canUpdateTeam" #actions>
|
||||
<ActionMessage :on="form.recentlySuccessful" class="me-3"> Saved. </ActionMessage>
|
||||
<ActionMessage :on="recentlySuccessful" class="me-3"> Saved. </ActionMessage>
|
||||
|
||||
<PrimaryButton :class="{ 'opacity-25': form.processing }" :disabled="form.processing">
|
||||
<PrimaryButton :class="{ 'opacity-25': processing }" :disabled="processing">
|
||||
Save
|
||||
</PrimaryButton>
|
||||
</template>
|
||||
|
||||
@@ -4,7 +4,7 @@ import DeleteTeamForm from '@/Pages/Teams/Partials/DeleteTeamForm.vue';
|
||||
import SectionBorder from '@/Components/SectionBorder.vue';
|
||||
import UpdateTeamNameForm from '@/Pages/Teams/Partials/UpdateTeamNameForm.vue';
|
||||
import type { Organization } from '@/types/models';
|
||||
import type { Permissions, Role } from '@/types/jetstream';
|
||||
import type { Permissions } from '@/types/jetstream';
|
||||
import OrganizationBillableRate from '@/Pages/Teams/Partials/OrganizationBillableRate.vue';
|
||||
import OrganizationFormatSettings from '@/Pages/Teams/Partials/OrganizationFormatSettings.vue';
|
||||
import OrganizationTimeEntrySettings from '@/Pages/Teams/Partials/OrganizationTimeEntrySettings.vue';
|
||||
@@ -14,7 +14,6 @@ import { storeToRefs } from 'pinia';
|
||||
|
||||
defineProps<{
|
||||
team: Organization;
|
||||
availableRoles: Role[];
|
||||
permissions: Permissions;
|
||||
}>();
|
||||
|
||||
@@ -54,7 +53,7 @@ onMounted(async () => {
|
||||
<OrganizationTimeEntrySettings v-if="permissions.canUpdateTeam" />
|
||||
<SectionBorder />
|
||||
|
||||
<template v-if="permissions.canDeleteTeam && !team.personal_team">
|
||||
<template v-if="permissions.canDeleteTeam">
|
||||
<DeleteTeamForm class="mt-10 sm:mt-0" :team="team" />
|
||||
</template>
|
||||
</template>
|
||||
|
||||
@@ -803,6 +803,39 @@ const endpoints = makeApi([
|
||||
z.object({ code: z.string(), name: z.string(), symbol: z.string() }).passthrough()
|
||||
),
|
||||
},
|
||||
{
|
||||
method: 'post',
|
||||
path: '/v1/organizations',
|
||||
alias: 'createOrganization',
|
||||
requestFormat: 'json',
|
||||
parameters: [
|
||||
{
|
||||
name: 'body',
|
||||
type: 'Body',
|
||||
schema: z.object({ name: z.string().max(255) }).passthrough(),
|
||||
},
|
||||
],
|
||||
response: z.object({ data: OrganizationResource }).passthrough(),
|
||||
errors: [
|
||||
{
|
||||
status: 401,
|
||||
description: `Unauthenticated`,
|
||||
schema: z.object({ message: z.string() }).passthrough(),
|
||||
},
|
||||
{
|
||||
status: 403,
|
||||
description: `Authorization error`,
|
||||
schema: z.object({ message: z.string() }).passthrough(),
|
||||
},
|
||||
{
|
||||
status: 422,
|
||||
description: `Validation error`,
|
||||
schema: z
|
||||
.object({ message: z.string(), errors: z.record(z.array(z.string())) })
|
||||
.passthrough(),
|
||||
},
|
||||
],
|
||||
},
|
||||
{
|
||||
method: 'get',
|
||||
path: '/v1/organizations/:organization',
|
||||
@@ -877,6 +910,37 @@ const endpoints = makeApi([
|
||||
},
|
||||
],
|
||||
},
|
||||
{
|
||||
method: 'delete',
|
||||
path: '/v1/organizations/:organization',
|
||||
alias: 'deleteOrganization',
|
||||
requestFormat: 'json',
|
||||
parameters: [
|
||||
{
|
||||
name: 'organization',
|
||||
type: 'Path',
|
||||
schema: z.string(),
|
||||
},
|
||||
],
|
||||
response: z.void(),
|
||||
errors: [
|
||||
{
|
||||
status: 401,
|
||||
description: `Unauthenticated`,
|
||||
schema: z.object({ message: z.string() }).passthrough(),
|
||||
},
|
||||
{
|
||||
status: 403,
|
||||
description: `Authorization error`,
|
||||
schema: z.object({ message: z.string() }).passthrough(),
|
||||
},
|
||||
{
|
||||
status: 404,
|
||||
description: `Not found`,
|
||||
schema: z.object({ message: z.string() }).passthrough(),
|
||||
},
|
||||
],
|
||||
},
|
||||
{
|
||||
method: 'get',
|
||||
path: '/v1/organizations/:organization/charts/daily-tracked-hours',
|
||||
@@ -4447,6 +4511,42 @@ The report is considered public if the `is_public` field is set to &#x
|
||||
},
|
||||
],
|
||||
},
|
||||
{
|
||||
method: 'put',
|
||||
path: '/v1/users/me/current-organization',
|
||||
alias: 'updateMyCurrentOrganization',
|
||||
description: `Switches the organization that the user is currently working in. The user
|
||||
must be a member of the given organization. This endpoint is independent of
|
||||
the organization.`,
|
||||
requestFormat: 'json',
|
||||
parameters: [
|
||||
{
|
||||
name: 'body',
|
||||
type: 'Body',
|
||||
schema: z.object({ organization_id: z.string().uuid() }).passthrough(),
|
||||
},
|
||||
],
|
||||
response: z.object({ data: UserResource }).passthrough(),
|
||||
errors: [
|
||||
{
|
||||
status: 401,
|
||||
description: `Unauthenticated`,
|
||||
schema: z.object({ message: z.string() }).passthrough(),
|
||||
},
|
||||
{
|
||||
status: 403,
|
||||
description: `Authorization error`,
|
||||
schema: z.object({ message: z.string() }).passthrough(),
|
||||
},
|
||||
{
|
||||
status: 422,
|
||||
description: `Validation error`,
|
||||
schema: z
|
||||
.object({ message: z.string(), errors: z.record(z.array(z.string())) })
|
||||
.passthrough(),
|
||||
},
|
||||
],
|
||||
},
|
||||
{
|
||||
method: 'put',
|
||||
path: '/v1/users/:user',
|
||||
|
||||
@@ -1,11 +1,8 @@
|
||||
import type { User } from '@/types/models';
|
||||
|
||||
export interface Permissions {
|
||||
canAddTeamMembers: boolean;
|
||||
canDeleteTeam: boolean;
|
||||
canRemoveTeamMembers: boolean;
|
||||
canUpdateTeam: boolean;
|
||||
canUpdateTeamMembers: boolean;
|
||||
}
|
||||
|
||||
export interface Session {
|
||||
|
||||
31
resources/js/utils/apiValidation.ts
Normal file
31
resources/js/utils/apiValidation.ts
Normal file
@@ -0,0 +1,31 @@
|
||||
import axios, { type AxiosError } from 'axios';
|
||||
|
||||
type ApiValidationResponse = {
|
||||
message?: string;
|
||||
errors?: Record<string, string[]>;
|
||||
};
|
||||
|
||||
export function isApiValidationError(error: unknown): error is AxiosError<ApiValidationResponse> {
|
||||
return axios.isAxiosError<ApiValidationResponse>(error) && error.response?.status === 422;
|
||||
}
|
||||
|
||||
export function getApiValidationFieldErrors(error: unknown): Record<string, string> {
|
||||
if (!isApiValidationError(error)) {
|
||||
return {};
|
||||
}
|
||||
|
||||
const fieldErrors: Record<string, string> = {};
|
||||
for (const [field, messages] of Object.entries(error.response?.data?.errors ?? {})) {
|
||||
if (Array.isArray(messages) && messages[0]) {
|
||||
fieldErrors[field] = messages[0];
|
||||
}
|
||||
}
|
||||
return fieldErrors;
|
||||
}
|
||||
|
||||
export function getApiValidationMessage(error: unknown, fallback: string): string {
|
||||
if (!isApiValidationError(error)) {
|
||||
return fallback;
|
||||
}
|
||||
return error.response?.data?.message ?? fallback;
|
||||
}
|
||||
@@ -11,23 +11,29 @@ import { useNotificationsStore } from '@/utils/notification';
|
||||
import { getCurrentOrganizationId } from '@/utils/useUser';
|
||||
import { api } from '@/packages/api/src';
|
||||
|
||||
export function switchOrganization(organizationId: string) {
|
||||
// Clear Inertia's prefetch cache to prevent stale pages from the old
|
||||
// organization being served when navigating after the switch.
|
||||
router.flushAll();
|
||||
export async function switchOrganization(organizationId: string) {
|
||||
const { handleApiRequestNotifications } = useNotificationsStore();
|
||||
try {
|
||||
await handleApiRequestNotifications(
|
||||
() => api.updateMyCurrentOrganization({ organization_id: organizationId }),
|
||||
undefined,
|
||||
'Failed to switch organization'
|
||||
);
|
||||
} catch {
|
||||
// The error notification is surfaced by the request handler.
|
||||
return;
|
||||
}
|
||||
|
||||
router.put(
|
||||
route('current-team.update'),
|
||||
{
|
||||
team_id: organizationId,
|
||||
// The current organization changed server-side. Clear Inertia's prefetch
|
||||
// cache and reload into the dashboard so the new organization context
|
||||
// (auth.user.current_team) is picked up everywhere.
|
||||
router.flushAll();
|
||||
router.visit(route('dashboard'), {
|
||||
preserveState: false,
|
||||
onSuccess: () => {
|
||||
initializeStores();
|
||||
},
|
||||
{
|
||||
preserveState: false,
|
||||
onSuccess: () => {
|
||||
initializeStores();
|
||||
},
|
||||
}
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
export const useOrganizationStore = defineStore('organization', () => {
|
||||
@@ -67,9 +73,33 @@ export const useOrganizationStore = defineStore('organization', () => {
|
||||
}
|
||||
}
|
||||
|
||||
async function createOrganization(name: string): Promise<Organization | null> {
|
||||
const response = await api.createOrganization({ name });
|
||||
return response?.data ?? null;
|
||||
}
|
||||
|
||||
async function deleteOrganization(organizationId: string) {
|
||||
await handleApiRequestNotifications(
|
||||
() =>
|
||||
api.deleteOrganization(undefined, {
|
||||
params: {
|
||||
organization: organizationId,
|
||||
},
|
||||
}),
|
||||
'Organization deleted successfully',
|
||||
'Failed to delete organization'
|
||||
);
|
||||
}
|
||||
|
||||
const organization = computed<Organization | null>(() => {
|
||||
return organizationResponse.value?.data || null;
|
||||
});
|
||||
|
||||
return { organization, fetchOrganization, updateOrganization };
|
||||
return {
|
||||
organization,
|
||||
fetchOrganization,
|
||||
updateOrganization,
|
||||
createOrganization,
|
||||
deleteOrganization,
|
||||
};
|
||||
});
|
||||
|
||||
@@ -2,13 +2,13 @@
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Enums\Role;
|
||||
use App\Http\Controllers\Web\DashboardController;
|
||||
use App\Http\Controllers\Web\HomeController;
|
||||
use App\Http\Controllers\Web\OrganizationController;
|
||||
use App\Http\Controllers\Web\OrganizationInvitationController;
|
||||
use App\Http\Controllers\Web\UserController;
|
||||
use App\Http\Controllers\Web\UserProfileController;
|
||||
use App\Service\PermissionStore;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Support\Facades\Route;
|
||||
use Inertia\Inertia;
|
||||
@@ -74,7 +74,14 @@ Route::middleware([
|
||||
|
||||
Route::get('/members', function () {
|
||||
return Inertia::render('Members', [
|
||||
'availableRoles' => Role::values(),
|
||||
'availableRoles' => collect(PermissionStore::roleDefinitions())
|
||||
->map(fn (array $definition, string $key): array => [
|
||||
'key' => $key,
|
||||
'name' => $definition['name'],
|
||||
'description' => $definition['description'],
|
||||
])
|
||||
->values()
|
||||
->all(),
|
||||
]);
|
||||
})->name('members');
|
||||
|
||||
|
||||
@@ -5,12 +5,9 @@ declare(strict_types=1);
|
||||
namespace Tests\Feature;
|
||||
|
||||
use App\Enums\Weekday;
|
||||
use App\Mail\VerifyUpdatedEmailMail;
|
||||
use App\Models\User;
|
||||
use App\Service\TimezoneService;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Illuminate\Support\Facades\Mail;
|
||||
use Illuminate\Support\Facades\URL;
|
||||
use Tests\TestCase;
|
||||
|
||||
class ProfileInformationTest extends TestCase
|
||||
@@ -39,66 +36,4 @@ class ProfileInformationTest extends TestCase
|
||||
$user = $user->fresh();
|
||||
$this->assertEquals($user->name, $user->name);
|
||||
}
|
||||
|
||||
public function test_pending_email_verification_redirects_with_danger_banner_when_email_already_in_use(): void
|
||||
{
|
||||
// Arrange
|
||||
User::factory()->create([
|
||||
'email' => 'taken@example.com',
|
||||
'is_placeholder' => false,
|
||||
]);
|
||||
$user = User::factory()->create([
|
||||
'email' => 'current@example.com',
|
||||
'pending_email' => 'taken@example.com',
|
||||
]);
|
||||
$this->actingAs($user);
|
||||
$verificationUrl = URL::temporarySignedRoute(
|
||||
'users.verify-email-change',
|
||||
now()->addMinutes(60),
|
||||
[
|
||||
'user' => $user->getKey(),
|
||||
'email' => 'taken@example.com',
|
||||
],
|
||||
false
|
||||
);
|
||||
|
||||
// Act
|
||||
$response = $this->get($verificationUrl);
|
||||
|
||||
// Assert
|
||||
$response->assertRedirect(route('dashboard'));
|
||||
$response->assertSessionHas('bannerStyle', 'danger');
|
||||
$response->assertSessionHas('bannerText', 'The email address is already in use.');
|
||||
$user = $user->fresh();
|
||||
$this->assertEquals('current@example.com', $user->email);
|
||||
$this->assertEquals('taken@example.com', $user->pending_email);
|
||||
}
|
||||
|
||||
public function test_stale_pending_email_verification_link_is_rejected(): void
|
||||
{
|
||||
// Arrange
|
||||
$user = User::factory()->create([
|
||||
'email' => 'current@example.com',
|
||||
'pending_email' => 'newer@example.com',
|
||||
]);
|
||||
$this->actingAs($user);
|
||||
$verificationUrl = URL::temporarySignedRoute(
|
||||
'users.verify-email-change',
|
||||
now()->addMinutes(60),
|
||||
[
|
||||
'user' => $user->getKey(),
|
||||
'email' => 'older@example.com',
|
||||
],
|
||||
false
|
||||
);
|
||||
|
||||
// Act
|
||||
$response = $this->get($verificationUrl);
|
||||
|
||||
// Assert
|
||||
$response->assertForbidden();
|
||||
$user = $user->fresh();
|
||||
$this->assertEquals('current@example.com', $user->email);
|
||||
$this->assertEquals('newer@example.com', $user->pending_email);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -61,6 +61,7 @@ class RegistrationTest extends TestCaseWithDatabase
|
||||
$member = Member::query()->whereBelongsTo($user, 'user')->whereBelongsTo($organization, 'organization')->firstOrFail();
|
||||
$this->assertSame(Role::Owner->value, $member->role);
|
||||
Event::assertNotDispatched(NewsletterRegistered::class);
|
||||
$this->assertSame($organization->getKey(), $user->current_team_id);
|
||||
}
|
||||
|
||||
public function test_user_registration_fails_if_registration_is_deactivated(): void
|
||||
|
||||
35
tests/Unit/Endpoint/Web/MembersEndpointTest.php
Normal file
35
tests/Unit/Endpoint/Web/MembersEndpointTest.php
Normal file
@@ -0,0 +1,35 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Tests\Unit\Endpoint\Web;
|
||||
|
||||
use Inertia\Testing\AssertableInertia as Assert;
|
||||
|
||||
class MembersEndpointTest extends EndpointTestAbstract
|
||||
{
|
||||
public function test_members_passes_available_roles_as_objects_with_key_name_and_description(): void
|
||||
{
|
||||
// Arrange
|
||||
$data = $this->createUserWithPermission([
|
||||
'members:view',
|
||||
]);
|
||||
$this->actingAs($data->user);
|
||||
|
||||
// Act
|
||||
$response = $this->get(route('members'));
|
||||
|
||||
// Assert
|
||||
$response->assertOk();
|
||||
$response->assertInertia(fn (Assert $page) => $page
|
||||
->component('Members')
|
||||
->has('availableRoles', 5, fn (Assert $role) => $role
|
||||
->has('key')
|
||||
->has('name')
|
||||
->has('description')
|
||||
)
|
||||
->where('availableRoles.0.key', 'owner')
|
||||
->where('availableRoles.0.name', 'Owner')
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -4,12 +4,14 @@ declare(strict_types=1);
|
||||
|
||||
namespace Tests\Unit\Endpoint\Web;
|
||||
|
||||
use App\Enums\Role;
|
||||
use App\Http\Controllers\Web\OrganizationController;
|
||||
use App\Models\Organization;
|
||||
use App\Models\OrganizationInvitation;
|
||||
use App\Models\User;
|
||||
use Inertia\Testing\AssertableInertia as Assert;
|
||||
use PHPUnit\Framework\Attributes\CoversClass;
|
||||
use PHPUnit\Framework\Attributes\DataProvider;
|
||||
|
||||
#[CoversClass(OrganizationController::class)]
|
||||
class OrganizationEndpointTest extends EndpointTestAbstract
|
||||
@@ -65,14 +67,37 @@ class OrganizationEndpointTest extends EndpointTestAbstract
|
||||
->where('team.owner.name', $data->owner->name)
|
||||
->has('team.owner.profile_photo_url')
|
||||
->has('currencies')
|
||||
->where('availableRoles', [])
|
||||
->where('availablePermissions', [])
|
||||
->where('defaultPermissions', [])
|
||||
->where('permissions.canAddTeamMembers', true)
|
||||
->where('permissions.canDeleteTeam', true)
|
||||
->where('permissions.canRemoveTeamMembers', true)
|
||||
->where('permissions.canUpdateTeam', true)
|
||||
->where('permissions.canUpdateTeamMembers', true)
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, array{role: Role, canUpdateTeam: bool, canDeleteTeam: bool}>
|
||||
*/
|
||||
public static function showPermissionsPerRoleProvider(): array
|
||||
{
|
||||
return [
|
||||
'owner can update and delete' => ['role' => Role::Owner, 'canUpdateTeam' => true, 'canDeleteTeam' => true],
|
||||
'admin can update but not delete' => ['role' => Role::Admin, 'canUpdateTeam' => true, 'canDeleteTeam' => false],
|
||||
'employee can neither update nor delete' => ['role' => Role::Employee, 'canUpdateTeam' => false, 'canDeleteTeam' => false],
|
||||
];
|
||||
}
|
||||
|
||||
#[DataProvider('showPermissionsPerRoleProvider')]
|
||||
public function test_organization_show_returns_permissions_based_on_role(Role $role, bool $canUpdateTeam, bool $canDeleteTeam): void
|
||||
{
|
||||
// Arrange
|
||||
$data = $this->createUserWithRole($role);
|
||||
$this->actingAs($data->user);
|
||||
|
||||
// Act
|
||||
$response = $this->get(route('organizations.show', [$data->organization->getKey()]));
|
||||
|
||||
// Assert
|
||||
$response->assertOk();
|
||||
$response->assertInertia(fn (Assert $page) => $page
|
||||
->component('Teams/Show')
|
||||
->where('permissions.canUpdateTeam', $canUpdateTeam)
|
||||
->where('permissions.canDeleteTeam', $canDeleteTeam)
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
253
tests/Unit/Endpoint/Web/UserEndpointTest.php
Normal file
253
tests/Unit/Endpoint/Web/UserEndpointTest.php
Normal file
@@ -0,0 +1,253 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Tests\Unit\Endpoint\Web;
|
||||
|
||||
use App\Http\Controllers\Web\UserController;
|
||||
use App\Models\User;
|
||||
use Illuminate\Support\Carbon;
|
||||
use Illuminate\Support\Facades\URL;
|
||||
use PHPUnit\Framework\Attributes\CoversClass;
|
||||
|
||||
#[CoversClass(UserController::class)]
|
||||
class UserEndpointTest extends EndpointTestAbstract
|
||||
{
|
||||
public function test_pending_email_verification_updates_email_and_redirects_with_success_banner(): void
|
||||
{
|
||||
// Arrange
|
||||
$this->travelTo(Carbon::parse('2024-01-02 12:00:00', 'UTC'));
|
||||
$user = User::factory()->create([
|
||||
'email' => 'current@example.com',
|
||||
'pending_email' => 'new@example.com',
|
||||
'email_verified_at' => null,
|
||||
]);
|
||||
$this->actingAs($user);
|
||||
$verificationUrl = URL::temporarySignedRoute(
|
||||
'users.verify-email-change',
|
||||
now()->addMinutes(60),
|
||||
[
|
||||
'user' => $user->getKey(),
|
||||
'email' => 'NEW@EXAMPLE.COM',
|
||||
],
|
||||
false
|
||||
);
|
||||
|
||||
// Act
|
||||
$response = $this->get($verificationUrl);
|
||||
|
||||
// Assert
|
||||
$response->assertRedirect(route('dashboard'));
|
||||
$response->assertSessionHas('bannerStyle', 'success');
|
||||
$response->assertSessionHas('bannerText', 'Your email address has been updated successfully.');
|
||||
$user->refresh();
|
||||
$this->assertSame('new@example.com', $user->email);
|
||||
$this->assertNull($user->pending_email);
|
||||
$this->assertTrue(now()->equalTo($user->email_verified_at));
|
||||
}
|
||||
|
||||
public function test_pending_email_verification_is_rejected_for_another_authenticated_user(): void
|
||||
{
|
||||
// Arrange
|
||||
$user = User::factory()->create([
|
||||
'email' => 'current@example.com',
|
||||
'pending_email' => 'new@example.com',
|
||||
]);
|
||||
$this->actingAs(User::factory()->create());
|
||||
$verificationUrl = URL::temporarySignedRoute(
|
||||
'users.verify-email-change',
|
||||
now()->addMinutes(60),
|
||||
[
|
||||
'user' => $user->getKey(),
|
||||
'email' => 'new@example.com',
|
||||
],
|
||||
false
|
||||
);
|
||||
|
||||
// Act
|
||||
$response = $this->get($verificationUrl);
|
||||
|
||||
// Assert
|
||||
$response->assertForbidden();
|
||||
$user->refresh();
|
||||
$this->assertSame('current@example.com', $user->email);
|
||||
$this->assertSame('new@example.com', $user->pending_email);
|
||||
}
|
||||
|
||||
public function test_pending_email_verification_without_email_is_rejected(): void
|
||||
{
|
||||
// Arrange
|
||||
$user = User::factory()->create([
|
||||
'email' => 'current@example.com',
|
||||
'pending_email' => 'new@example.com',
|
||||
]);
|
||||
$this->actingAs($user);
|
||||
$verificationUrl = URL::temporarySignedRoute(
|
||||
'users.verify-email-change',
|
||||
now()->addMinutes(60),
|
||||
['user' => $user->getKey()],
|
||||
false
|
||||
);
|
||||
|
||||
// Act
|
||||
$response = $this->get($verificationUrl);
|
||||
|
||||
// Assert
|
||||
$response->assertForbidden();
|
||||
$user->refresh();
|
||||
$this->assertSame('current@example.com', $user->email);
|
||||
$this->assertSame('new@example.com', $user->pending_email);
|
||||
}
|
||||
|
||||
public function test_pending_email_verification_with_non_string_email_is_rejected(): void
|
||||
{
|
||||
// Arrange
|
||||
$user = User::factory()->create([
|
||||
'email' => 'current@example.com',
|
||||
'pending_email' => 'new@example.com',
|
||||
]);
|
||||
$this->actingAs($user);
|
||||
$verificationUrl = URL::temporarySignedRoute(
|
||||
'users.verify-email-change',
|
||||
now()->addMinutes(60),
|
||||
[
|
||||
'user' => $user->getKey(),
|
||||
'email' => ['new@example.com'],
|
||||
],
|
||||
false
|
||||
);
|
||||
|
||||
// Act
|
||||
$response = $this->get($verificationUrl);
|
||||
|
||||
// Assert
|
||||
$response->assertForbidden();
|
||||
$user->refresh();
|
||||
$this->assertSame('current@example.com', $user->email);
|
||||
$this->assertSame('new@example.com', $user->pending_email);
|
||||
}
|
||||
|
||||
public function test_stale_pending_email_verification_link_is_rejected(): void
|
||||
{
|
||||
// Arrange
|
||||
$user = User::factory()->create([
|
||||
'email' => 'current@example.com',
|
||||
'pending_email' => 'newer@example.com',
|
||||
]);
|
||||
$this->actingAs($user);
|
||||
$verificationUrl = URL::temporarySignedRoute(
|
||||
'users.verify-email-change',
|
||||
now()->addMinutes(60),
|
||||
[
|
||||
'user' => $user->getKey(),
|
||||
'email' => 'older@example.com',
|
||||
],
|
||||
false
|
||||
);
|
||||
|
||||
// Act
|
||||
$response = $this->get($verificationUrl);
|
||||
|
||||
// Assert
|
||||
$response->assertForbidden();
|
||||
$user->refresh();
|
||||
$this->assertSame('current@example.com', $user->email);
|
||||
$this->assertSame('newer@example.com', $user->pending_email);
|
||||
}
|
||||
|
||||
public function test_pending_email_verification_redirects_with_danger_banner_when_email_already_in_use(): void
|
||||
{
|
||||
// Arrange
|
||||
User::factory()->create([
|
||||
'email' => 'taken@example.com',
|
||||
'is_placeholder' => false,
|
||||
]);
|
||||
$user = User::factory()->create([
|
||||
'email' => 'current@example.com',
|
||||
'pending_email' => 'taken@example.com',
|
||||
]);
|
||||
$this->actingAs($user);
|
||||
$verificationUrl = URL::temporarySignedRoute(
|
||||
'users.verify-email-change',
|
||||
now()->addMinutes(60),
|
||||
[
|
||||
'user' => $user->getKey(),
|
||||
'email' => 'taken@example.com',
|
||||
],
|
||||
false
|
||||
);
|
||||
|
||||
// Act
|
||||
$response = $this->get($verificationUrl);
|
||||
|
||||
// Assert
|
||||
$response->assertRedirect(route('dashboard'));
|
||||
$response->assertSessionHas('bannerStyle', 'danger');
|
||||
$response->assertSessionHas('bannerText', 'The email address is already in use.');
|
||||
$user->refresh();
|
||||
$this->assertSame('current@example.com', $user->email);
|
||||
$this->assertSame('taken@example.com', $user->pending_email);
|
||||
}
|
||||
|
||||
public function test_pending_email_verification_ignores_placeholder_users_with_the_same_email(): void
|
||||
{
|
||||
// Arrange
|
||||
User::factory()->placeholder()->create([
|
||||
'email' => 'new@example.com',
|
||||
]);
|
||||
$user = User::factory()->create([
|
||||
'email' => 'current@example.com',
|
||||
'pending_email' => 'new@example.com',
|
||||
'email_verified_at' => null,
|
||||
]);
|
||||
$this->actingAs($user);
|
||||
$verificationUrl = URL::temporarySignedRoute(
|
||||
'users.verify-email-change',
|
||||
now()->addMinutes(60),
|
||||
[
|
||||
'user' => $user->getKey(),
|
||||
'email' => 'new@example.com',
|
||||
],
|
||||
false
|
||||
);
|
||||
|
||||
// Act
|
||||
$response = $this->get($verificationUrl);
|
||||
|
||||
// Assert
|
||||
$response->assertRedirect(route('dashboard'));
|
||||
$response->assertSessionHas('bannerStyle', 'success');
|
||||
$user->refresh();
|
||||
$this->assertSame('new@example.com', $user->email);
|
||||
$this->assertNull($user->pending_email);
|
||||
$this->assertNotNull($user->email_verified_at);
|
||||
}
|
||||
|
||||
public function test_pending_email_verification_with_invalid_signature_is_rejected(): void
|
||||
{
|
||||
// Arrange
|
||||
$user = User::factory()->create([
|
||||
'email' => 'current@example.com',
|
||||
'pending_email' => 'new@example.com',
|
||||
]);
|
||||
$this->actingAs($user);
|
||||
$verificationUrl = URL::temporarySignedRoute(
|
||||
'users.verify-email-change',
|
||||
now()->addMinutes(60),
|
||||
[
|
||||
'user' => $user->getKey(),
|
||||
'email' => 'new@example.com',
|
||||
],
|
||||
false
|
||||
);
|
||||
|
||||
// Act
|
||||
$response = $this->get($verificationUrl.'&invalid');
|
||||
|
||||
// Assert
|
||||
$response->assertForbidden();
|
||||
$user->refresh();
|
||||
$this->assertSame('current@example.com', $user->email);
|
||||
$this->assertSame('new@example.com', $user->pending_email);
|
||||
}
|
||||
}
|
||||
131
tests/Unit/Service/Dto/UserAgentDtoTest.php
Normal file
131
tests/Unit/Service/Dto/UserAgentDtoTest.php
Normal file
@@ -0,0 +1,131 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Tests\Unit\Service\Dto;
|
||||
|
||||
use App\Service\Dto\UserAgentDto;
|
||||
use PHPUnit\Framework\Attributes\CoversClass;
|
||||
use Tests\TestCase;
|
||||
|
||||
#[CoversClass(UserAgentDto::class)]
|
||||
class UserAgentDtoTest extends TestCase
|
||||
{
|
||||
public function test_chrome_on_windows_is_detected_as_a_desktop_browser(): void
|
||||
{
|
||||
// Arrange
|
||||
$userAgent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36';
|
||||
$agent = new UserAgentDto;
|
||||
$agent->setUserAgent($userAgent);
|
||||
|
||||
// Act
|
||||
$platform = $agent->platform();
|
||||
$browser = $agent->browser();
|
||||
$isDesktop = $agent->isDesktop();
|
||||
|
||||
// Assert
|
||||
$this->assertSame('Windows', $platform);
|
||||
$this->assertSame('Chrome', $browser);
|
||||
$this->assertTrue($isDesktop);
|
||||
}
|
||||
|
||||
public function test_edge_is_detected_before_chrome(): void
|
||||
{
|
||||
// Arrange
|
||||
$userAgent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0';
|
||||
$agent = new UserAgentDto;
|
||||
$agent->setUserAgent($userAgent);
|
||||
|
||||
// Act
|
||||
$browser = $agent->browser();
|
||||
|
||||
// Assert
|
||||
$this->assertSame('Edge', $browser);
|
||||
}
|
||||
|
||||
public function test_iphone_safari_is_detected_as_a_non_desktop_browser(): void
|
||||
{
|
||||
// Arrange
|
||||
$userAgent = 'Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1';
|
||||
$agent = new UserAgentDto;
|
||||
$agent->setUserAgent($userAgent);
|
||||
|
||||
// Act
|
||||
$platform = $agent->platform();
|
||||
$browser = $agent->browser();
|
||||
$isDesktop = $agent->isDesktop();
|
||||
|
||||
// Assert
|
||||
$this->assertSame('iOS', $platform);
|
||||
$this->assertSame('Safari', $browser);
|
||||
$this->assertFalse($isDesktop);
|
||||
}
|
||||
|
||||
public function test_ipad_is_detected_as_non_desktop(): void
|
||||
{
|
||||
// Arrange
|
||||
$userAgent = 'Mozilla/5.0 (iPad; CPU OS 17_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1';
|
||||
$agent = new UserAgentDto;
|
||||
$agent->setUserAgent($userAgent);
|
||||
|
||||
// Act
|
||||
$isDesktop = $agent->isDesktop();
|
||||
|
||||
// Assert
|
||||
$this->assertFalse($isDesktop);
|
||||
}
|
||||
|
||||
public function test_unknown_user_agent_has_no_platform_or_browser_and_is_a_desktop(): void
|
||||
{
|
||||
// Arrange
|
||||
$agent = new UserAgentDto;
|
||||
$agent->setUserAgent('CustomClient/1.0');
|
||||
|
||||
// Act
|
||||
$platform = $agent->platform();
|
||||
$browser = $agent->browser();
|
||||
$isDesktop = $agent->isDesktop();
|
||||
|
||||
// Assert
|
||||
$this->assertNull($platform);
|
||||
$this->assertNull($browser);
|
||||
$this->assertTrue($isDesktop);
|
||||
}
|
||||
|
||||
public function test_cloudfront_desktop_header_is_detected_as_desktop(): void
|
||||
{
|
||||
// Arrange
|
||||
$agent = new UserAgentDto;
|
||||
$agent->setUserAgent('Amazon CloudFront');
|
||||
$agent->setHttpHeaders([
|
||||
'HTTP_CLOUDFRONT_IS_DESKTOP_VIEWER' => 'true',
|
||||
]);
|
||||
|
||||
// Act
|
||||
$isDesktop = $agent->isDesktop();
|
||||
|
||||
// Assert
|
||||
$this->assertTrue($isDesktop);
|
||||
}
|
||||
|
||||
public function test_cached_values_are_resolved_for_the_current_user_agent(): void
|
||||
{
|
||||
// Arrange
|
||||
$agent = new UserAgentDto;
|
||||
$agent->setUserAgent('Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/120.0.0.0 Safari/537.36');
|
||||
$agent->platform();
|
||||
$agent->browser();
|
||||
$agent->isDesktop();
|
||||
$agent->setUserAgent('Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) Version/17.0 Mobile/15E148 Safari/604.1');
|
||||
|
||||
// Act
|
||||
$platform = $agent->platform();
|
||||
$browser = $agent->browser();
|
||||
$isDesktop = $agent->isDesktop();
|
||||
|
||||
// Assert
|
||||
$this->assertSame('iOS', $platform);
|
||||
$this->assertSame('Safari', $browser);
|
||||
$this->assertFalse($isDesktop);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user