admin = User::factory()->create([ 'role' => 1 ]); $this->employee = User::factory()->create([ 'role' => 2 ]); $this->news = News::factory()->create(); } /** @test */ public function admin_can_view_a_news() { $response = $this->actingAs($this->admin) ->get(route('news.index')); $response->assertStatus(200); // Authorized access } /** @test */ public function employee_can_view_a_news() { $response = $this->actingAs($this->employee) ->get(route('news.index')); $response->assertStatus(200); // Authorized access } /** @test */ public function admin_can_create_a_news() { $data = [ 'title' => 'Title', 'content' => 'Test Content', ]; $response = $this->actingAs($this->admin) ->post(route('news.store'), $data); $response->assertRedirect(route('news.index')); // Success $this->assertDatabaseHas('news', $data); } /** @test */ public function employee_cannot_create_a_news() { $data = ['title' => 'Test Title', 'content' => 'Test Content']; $response = $this->actingAs($this->employee) ->post(route('news.store'), $data); $response->assertStatus(403); // Forbidden $this->assertDatabaseMissing('news', $data); } /** @test */ public function admin_can_update_a_news() { $data = ['title' => 'Updated Title', 'content' => 'Updated Content']; $response = $this->actingAs($this->admin) ->put(route('news.update', $this->news->id), $data); $response->assertRedirect(route('news.index')); $this->assertDatabaseHas('news', $data); } /** @test */ /*public function employee_cannot_update_a_news() { $data = ['title' => 'Updated Title', 'content' => 'Updated Content']; $response = $this->actingAs($this->employee) ->put(route('news.update', $this->news), $data); $response->assertStatus(403); // Forbidden $this->assertDatabaseMissing('news', $data); }*/ /** @test */ public function admin_can_delete_a_news() { $response = $this->actingAs($this->admin) ->delete(route('news.destroy', $this->news)); $response->assertRedirect(route('news.index')); // Forbidden $this->assertDatabaseMissing('news', ['id' => $this->news->id]); } /** @test */ public function employee_cannot_delete_a_news() { $response = $this->actingAs($this->employee) ->delete(route('news.destroy', $this->news)); $response->assertStatus(403); // Forbidden $this->assertDatabaseHas('news', ['id' => $this->news->id]); } }