add more public share tests

souzaonofre · Oct 14, 2023 · 88dd911 · 88dd911
1 parent c81c9c3
commit 88dd911
Show file tree

Hide file tree

Showing 5 changed files with 73 additions and 11 deletions.
diff --git a/app/Http/Controllers/PublicShareController.php b/app/Http/Controllers/PublicShareController.php
@@ -7,6 +7,7 @@
 
 use App\Models\PublicShare;
 use App\Models\Collection;
+use Illuminate\Http\Response;
 
 class PublicShareController extends Controller
 {
@@ -30,14 +31,19 @@ public function index(Request $request)
 
     public function store(Request $request)
     {
+
         $this->validate($request, [
             'token' => 'required|string',
             'collection_id' => 'required|integer',
             'is_active' => 'required|boolean'
         ]);
 
-        // @TODO does this even work like this ???
-        $this->authorize('share', Collection::findOrFail($request->collection_id));
+        $collection = Collection::findOrFail($request->collection_id);
+        $this->authorize('share', $collection);
+
+        if (PublicShare::where('collection_id', $collection->id)->exists()) {
+            return response()->json('', Response::HTTP_BAD_REQUEST);
+        }
 
         $share = new PublicShare;
         $share->token = $request->token;
@@ -72,12 +78,10 @@ public function update(Request $request, int $id)
             $collection = Collection::find($share->collection_id);
         }
 
-        // @TODO does this even work like this ???
         $this->authorize('share', $collection);
 
         if (isset($request->is_active)) {
-            // apparently updating validatedData seems no to work properly when it comes to boolean
-            $share->is_active = $request->is_active;
+            $validatedData['is_active'] = boolval($request->is_active);
         }
 
         $share->update($validatedData);

diff --git a/app/Models/PublicShare.php b/app/Models/PublicShare.php
@@ -28,7 +28,7 @@ class PublicShare extends Authenticatable
      * @var array
      */
     protected $fillable = [
-        'token', 'collection_id',
+        'token', 'collection_id', 'is_active', 'created_by'
     ];
 
     /**

diff --git a/app/Policies/PublicSharePolicy.php b/app/Policies/PublicSharePolicy.php
@@ -3,7 +3,7 @@
 namespace App\Policies;
 
 use App\Models\User;
-use App\Models\Share;
+use App\Models\PublicShare;
 use Illuminate\Auth\Access\HandlesAuthorization;
 
 class PublicSharePolicy
@@ -24,10 +24,10 @@ public function __construct()
      * Determine whether the user can delete the share.
      *
      * @param  \App\Models\User  $user
-     * @param  \App\Models\Share  $share
+     * @param  \App\Models\PublicShare  $share
      * @return mixed
      */
-    public function delete(User $user, Share $share)
+    public function delete(User $user, PublicShare $share)
     {
         return $user->id === $share->created_by;
     }

diff --git a/config/auth.php b/config/auth.php
@@ -74,7 +74,7 @@
         ],
         'shares' => [
             'driver' => 'eloquent',
-            'model' => App\Models\Share::class,
+            'model' => App\Models\PublicShare::class,
         ],
 
         // 'users' => [

diff --git a/tests/Feature/ShareTest.php b/tests/Feature/ShareTest.php
@@ -6,6 +6,9 @@
 use Tests\TestCase;
 use App\Models\User;
 use App\Models\Collection;
+use App\Models\Post;
+use App\Models\PublicShare;
+use Illuminate\Testing\Fluent\AssertableJson;
 
 class ShareTest extends TestCase
 {
@@ -19,7 +22,7 @@ public function testCreateShare()
         $collection = Collection::factory()->create();
         $token = $this->faker->slug();
 
-        $response = $this->actingAs($user)->json('POST', 'api/shares', [
+        $response = $this->actingAs($user)->json('POST', 'api/shares/public', [
             'token' => $token,
             'collection_id' => $collection->id,
             'is_active' => true
@@ -31,4 +34,59 @@ public function testCreateShare()
         $response = $this->actingAs($user)->json('GET', 's?token=' . $token);
         $this->assertEquals(200, $response->status());
     }
+
+    public function testAccessSharedPosts()
+    {
+        $user = User::factory()->create();
+        $collection = Collection::factory()->create();
+        Post::factory(['collection_id' => $collection->id])->create();
+        $token = $this->faker->slug();
+
+        PublicShare::create([
+            'token' => $token,
+            'collection_id' => $collection->id,
+            'is_active' => true,
+            'created_by' => $user->id
+        ]);
+
+        $requestWithToken = $this->withHeaders([
+            'Authorization' => 'Bearer ' . $token,
+        ]);
+
+        $collection2 = Collection::factory()->create();
+        Post::factory(['collection_id' => $collection2->id])->create();
+
+        $response = $requestWithToken->json('GET', 'api/posts');
+        $this->assertEquals(200, $response->status());
+
+        $response = $requestWithToken->json('GET', 'api/posts?collection_id=' . $collection->id);
+        $this->assertEquals(200, $response->status());
+
+        $response = $requestWithToken->json('GET', 'api/posts?collection_id=' . $collection2->id);
+        $this->assertEquals(1, count($response->getData()->data));
+        $response->assertJson(
+            fn (AssertableJson $json) =>
+            $json->where('data.0.collection_id', $collection->id)
+        );
+    }
+
+    public function testDeleteShare()
+    {
+
+        $user = User::factory()->create();
+        $collection = Collection::factory()->create();
+        $token = $this->faker->slug();
+
+        $response = $this->actingAs($user)->json('POST', 'api/shares/public', [
+            'token' => $token,
+            'collection_id' => $collection->id,
+            'is_active' => true
+        ]);
+
+        $this->assertEquals(201, $response->status());
+        $share = $response->getData()->data;
+
+        $response = $this->actingAs($user)->json('DELETE', 'api/shares/public/' . $share->id);
+        $this->assertEquals(204, $response->status());
+    }
 }