initial commit

tests/Feature/Web/VmAuthorizationTest.php

@@ -0,0 +1,66 @@
+<?php
+
+namespace Tests\Feature\Web;
+
+use App\Enums\UserRole;
+use App\Models\Customer;
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class VmAuthorizationTest extends TestCase
+{
+    use RefreshDatabase;
+
+    public function test_customer_only_sees_own_vms(): void
+    {
+        $customerUser = User::factory()->create(['role' => UserRole::Customer]);
+        $otherUser = User::factory()->create(['role' => UserRole::Customer]);
+
+        $ownVm = Customer::query()->create([
+            'user_id' => $customerUser->id,
+            'name' => 'own-vm',
+            'domain' => 'own.hexahost.de',
+            'status' => 'active',
+        ]);
+
+        Customer::query()->create([
+            'user_id' => $otherUser->id,
+            'name' => 'other-vm',
+            'domain' => 'other.hexahost.de',
+            'status' => 'active',
+        ]);
+
+        $this->actingAs($customerUser)
+            ->get(route('vms.index'))
+            ->assertOk()
+            ->assertSee('own-vm')
+            ->assertDontSee('other-vm');
+
+        $this->actingAs($customerUser)
+            ->get(route('vms.show', $ownVm))
+            ->assertOk();
+
+        $otherVm = Customer::query()->where('name', 'other-vm')->first();
+        $this->actingAs($customerUser)
+            ->get(route('vms.show', $otherVm))
+            ->assertForbidden();
+    }
+
+    public function test_admin_sees_all_vms(): void
+    {
+        $admin = User::factory()->create(['role' => UserRole::Admin]);
+
+        Customer::query()->create([
+            'user_id' => User::factory()->create()->id,
+            'name' => 'vm-a',
+            'domain' => 'a.hexahost.de',
+            'status' => 'active',
+        ]);
+
+        $this->actingAs($admin)
+            ->get(route('vms.index'))
+            ->assertOk()
+            ->assertSee('vm-a');
+    }
+}