chatroom/tests/Feature/GuestbookControllerTest.php

<?php

namespace Tests\Feature;

use App\Models\Guestbook;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;

class GuestbookControllerTest extends TestCase
{
    use RefreshDatabase;

    public function test_index_displays_public_messages()
    {
        $user = User::factory()->create();
        $otherUser = User::factory()->create();

        // Public message
        Guestbook::create([
            'who' => $otherUser->username,
            'towho' => null,
            'secret' => 0,
            'text_title' => 'Public Title',
            'text_body' => 'Public message body',
            'ip' => '127.0.0.1',
            'post_time' => now(),
        ]);

        // Secret message to someone else
        Guestbook::create([
            'who' => $otherUser->username,
            'towho' => 'anotheruser',
            'secret' => 1,
            'text_title' => 'Secret Title',
            'text_body' => 'Secret message body',
            'ip' => '127.0.0.1',
            'post_time' => now(),
        ]);

        $response = $this->actingAs($user)->get(route('guestbook.index', ['tab' => 'public']));

        $response->assertStatus(200);
        $response->assertViewIs('guestbook.index');
        $response->assertSee('Public message body');
        $response->assertDontSee('Secret message body');
    }

    public function test_can_post_public_message()
    {
        $user = User::factory()->create();

        $response = $this->actingAs($user)->post(route('guestbook.store'), [
            'text_title' => 'Hello',
            'text_body' => 'World',
        ]);

        $response->assertRedirect();

        $this->assertDatabaseHas('guestbooks', [
            'who' => $user->username,
            'towho' => null,
            'secret' => 0,
            'text_body' => 'World',
        ]);
    }

    public function test_can_post_secret_message_to_user()
    {
        $user = User::factory()->create();
        $targetUser = User::factory()->create(['username' => 'target']);

        $response = $this->actingAs($user)->post(route('guestbook.store'), [
            'text_title' => 'Secret',
            'text_body' => 'Top secret',
            'towho' => 'target',
            'secret' => 1,
        ]);

        $response->assertRedirect();

        $this->assertDatabaseHas('guestbooks', [
            'who' => $user->username,
            'towho' => 'target',
            'secret' => 1,
            'text_body' => 'Top secret',
        ]);
    }

    public function test_cannot_post_message_to_non_existent_user()
    {
        $user = User::factory()->create();

        $response = $this->actingAs($user)->post(route('guestbook.store'), [
            'text_title' => 'Secret',
            'text_body' => 'Top secret',
            'towho' => 'nonexistent',
            'secret' => 1,
        ]);

        $response->assertRedirect();
        $response->assertSessionHas('error');

        $this->assertDatabaseMissing('guestbooks', [
            'who' => $user->username,
            'towho' => 'nonexistent',
        ]);
    }

    public function test_user_can_delete_own_message()
    {
        $user = User::factory()->create();

        $message = Guestbook::create([
            'who' => $user->username,
            'towho' => null,
            'secret' => 0,
            'text_title' => 'My Body',
            'text_body' => 'Delete me',
            'ip' => '127.0.0.1',
            'post_time' => now(),
        ]);

        $response = $this->actingAs($user)->delete(route('guestbook.destroy', $message->id));

        $response->assertRedirect();
        $response->assertSessionHas('success');
        $this->assertDatabaseMissing('guestbooks', ['id' => $message->id]);
    }

    public function test_user_cannot_delete_others_message()
    {
        $owner = User::factory()->create();
        $otherUser = User::factory()->create(['user_level' => 1]); // regular user

        $message = Guestbook::create([
            'who' => $owner->username,
            'towho' => null,
            'secret' => 0,
            'text_title' => 'Their Body',
            'text_body' => 'Cant touch this',
            'ip' => '127.0.0.1',
            'post_time' => now(),
        ]);

        $response = $this->actingAs($otherUser)->delete(route('guestbook.destroy', $message->id));

        $response->assertStatus(403);
        $this->assertDatabaseHas('guestbooks', ['id' => $message->id]);
    }

    public function test_admin_can_delete_others_message()
    {
        $owner = User::factory()->create();
        $admin = User::factory()->create(['user_level' => 15]);

        $message = Guestbook::create([
            'who' => $owner->username,
            'towho' => null,
            'secret' => 0,
            'text_title' => 'Their Body',
            'text_body' => 'Delete by admin',
            'ip' => '127.0.0.1',
            'post_time' => now(),
        ]);

        $response = $this->actingAs($admin)->delete(route('guestbook.destroy', $message->id));

        $response->assertRedirect();
        $response->assertSessionHas('success');
        $this->assertDatabaseMissing('guestbooks', ['id' => $message->id]);
    }
}