seed(PermissionSeeder::class); $this->seed(RoleSeeder::class); $this->admin = User::factory()->create(); $this->admin->roles()->attach(Role::where('slug', 'admin')->first()); } public function test_admin_can_view_users_index(): void { $response = $this->actingAs($this->admin)->get('/loom/users'); $response->assertStatus(200); $response->assertSee($this->admin->email); } public function test_admin_can_create_user(): void { $role = Role::where('slug', 'editor')->first(); $response = $this->actingAs($this->admin)->post('/loom/users', [ 'name' => 'New User', 'email' => 'newuser@example.com', 'password' => 'password123', 'password_confirmation' => 'password123', 'roles' => [$role->id], ]); $response->assertRedirect('/loom/users'); $this->assertDatabaseHas('users', ['email' => 'newuser@example.com']); $user = User::where('email', 'newuser@example.com')->first(); $this->assertTrue($user->roles->contains($role->id)); } public function test_admin_can_update_user(): void { $user = User::factory()->create(['is_protected' => false]); $role = Role::where('slug', 'author')->first(); $response = $this->actingAs($this->admin)->put("/loom/users/{$user->id}", [ 'name' => 'Updated Name', 'email' => 'updated@example.com', 'roles' => [$role->id], ]); $response->assertRedirect('/loom/users'); $this->assertDatabaseHas('users', [ 'id' => $user->id, 'name' => 'Updated Name', 'email' => 'updated@example.com', ]); $this->assertTrue($user->fresh()->roles->contains($role->id)); } public function test_admin_cannot_update_protected_user_email(): void { // The admin from factory is not protected by default, but let's make one $protectedUser = User::factory()->create(['is_protected' => true]); $originalEmail = $protectedUser->email; $response = $this->actingAs($this->admin)->put("/loom/users/{$protectedUser->id}", [ 'name' => 'New Name', 'email' => 'newemail@example.com', ]); $response->assertRedirect('/loom/users'); $this->assertDatabaseHas('users', [ 'id' => $protectedUser->id, 'name' => 'New Name', 'email' => $originalEmail, ]); } public function test_admin_can_delete_user(): void { $user = User::factory()->create(['is_protected' => false]); $response = $this->actingAs($this->admin)->delete("/loom/users/{$user->id}"); $response->assertRedirect('/loom/users'); $this->assertDatabaseMissing('users', ['id' => $user->id]); } public function test_admin_cannot_delete_protected_user(): void { $protectedUser = User::factory()->create(['is_protected' => true]); $response = $this->actingAs($this->admin)->delete("/loom/users/{$protectedUser->id}"); $response->assertSessionHas('error'); $this->assertDatabaseHas('users', ['id' => $protectedUser->id]); } }