create(); $otherUser = User::factory()->create(); // Public message Guestbook::create([ 'who' => $otherUser->username, 'towho' => null, 'secret' => 0, 'text_title' => 'Public Title', 'text_body' => 'Public message body', 'ip' => '127.0.0.1', 'post_time' => now(), ]); // Secret message to someone else Guestbook::create([ 'who' => $otherUser->username, 'towho' => 'anotheruser', 'secret' => 1, 'text_title' => 'Secret Title', 'text_body' => 'Secret message body', 'ip' => '127.0.0.1', 'post_time' => now(), ]); $response = $this->actingAs($user)->get(route('guestbook.index', ['tab' => 'public'])); $response->assertStatus(200); $response->assertViewIs('guestbook.index'); $response->assertSee('Public message body'); $response->assertDontSee('Secret message body'); } public function test_can_post_public_message() { $user = User::factory()->create(); $response = $this->actingAs($user)->post(route('guestbook.store'), [ 'text_title' => 'Hello', 'text_body' => 'World', ]); $response->assertRedirect(); $this->assertDatabaseHas('guestbooks', [ 'who' => $user->username, 'towho' => null, 'secret' => 0, 'text_body' => 'World', ]); } public function test_can_post_secret_message_to_user() { $user = User::factory()->create(); $targetUser = User::factory()->create(['username' => 'target']); $response = $this->actingAs($user)->post(route('guestbook.store'), [ 'text_title' => 'Secret', 'text_body' => 'Top secret', 'towho' => 'target', 'secret' => 1, ]); $response->assertRedirect(); $this->assertDatabaseHas('guestbooks', [ 'who' => $user->username, 'towho' => 'target', 'secret' => 1, 'text_body' => 'Top secret', ]); } public function test_cannot_post_message_to_non_existent_user() { $user = User::factory()->create(); $response = $this->actingAs($user)->post(route('guestbook.store'), [ 'text_title' => 'Secret', 'text_body' => 'Top secret', 'towho' => 'nonexistent', 'secret' => 1, ]); $response->assertRedirect(); $response->assertSessionHas('error'); $this->assertDatabaseMissing('guestbooks', [ 'who' => $user->username, 'towho' => 'nonexistent', ]); } public function test_user_can_delete_own_message() { $user = User::factory()->create(); $message = Guestbook::create([ 'who' => $user->username, 'towho' => null, 'secret' => 0, 'text_title' => 'My Body', 'text_body' => 'Delete me', 'ip' => '127.0.0.1', 'post_time' => now(), ]); $response = $this->actingAs($user)->delete(route('guestbook.destroy', $message->id)); $response->assertRedirect(); $response->assertSessionHas('success'); $this->assertDatabaseMissing('guestbooks', ['id' => $message->id]); } public function test_user_cannot_delete_others_message() { $owner = User::factory()->create(); $otherUser = User::factory()->create(['user_level' => 1]); // regular user $message = Guestbook::create([ 'who' => $owner->username, 'towho' => null, 'secret' => 0, 'text_title' => 'Their Body', 'text_body' => 'Cant touch this', 'ip' => '127.0.0.1', 'post_time' => now(), ]); $response = $this->actingAs($otherUser)->delete(route('guestbook.destroy', $message->id)); $response->assertStatus(403); $this->assertDatabaseHas('guestbooks', ['id' => $message->id]); } public function test_admin_can_delete_others_message() { $owner = User::factory()->create(); $admin = User::factory()->create(['user_level' => 15]); $message = Guestbook::create([ 'who' => $owner->username, 'towho' => null, 'secret' => 0, 'text_title' => 'Their Body', 'text_body' => 'Delete by admin', 'ip' => '127.0.0.1', 'post_time' => now(), ]); $response = $this->actingAs($admin)->delete(route('guestbook.destroy', $message->id)); $response->assertRedirect(); $response->assertSessionHas('success'); $this->assertDatabaseMissing('guestbooks', ['id' => $message->id]); } }