cms/tests/Feature/Admin/UserManagementTest.php

<?php

namespace Tests\Feature\Admin;

use App\Models\Role;
use App\Models\User;
use Database\Seeders\RoleSeeder;
use Database\Seeders\PermissionSeeder;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;

class UserManagementTest extends TestCase
{
    use RefreshDatabase;

    protected User $admin;

    protected function setUp(): void
    {
        parent::setUp();
        $this->seed(PermissionSeeder::class);
        $this->seed(RoleSeeder::class);
        $this->admin = User::factory()->create();
        $this->admin->roles()->attach(Role::where('slug', 'admin')->first());
    }

    public function test_admin_can_view_users_index(): void
    {
        $response = $this->actingAs($this->admin)->get('/loom/users');

        $response->assertStatus(200);
        $response->assertSee($this->admin->email);
    }

    public function test_admin_can_create_user(): void
    {
        $role = Role::where('slug', 'editor')->first();

        $response = $this->actingAs($this->admin)->post('/loom/users', [
            'name' => 'New User',
            'email' => 'newuser@example.com',
            'password' => 'password123',
            'password_confirmation' => 'password123',
            'roles' => [$role->id],
        ]);

        $response->assertRedirect('/loom/users');
        $this->assertDatabaseHas('users', ['email' => 'newuser@example.com']);

        $user = User::where('email', 'newuser@example.com')->first();
        $this->assertTrue($user->roles->contains($role->id));
    }

    public function test_admin_can_update_user(): void
    {
        $user = User::factory()->create(['is_protected' => false]);
        $role = Role::where('slug', 'author')->first();

        $response = $this->actingAs($this->admin)->put("/loom/users/{$user->id}", [
            'name' => 'Updated Name',
            'email' => 'updated@example.com',
            'roles' => [$role->id],
        ]);

        $response->assertRedirect('/loom/users');
        $this->assertDatabaseHas('users', [
            'id' => $user->id,
            'name' => 'Updated Name',
            'email' => 'updated@example.com',
        ]);

        $this->assertTrue($user->fresh()->roles->contains($role->id));
    }

    public function test_admin_cannot_update_protected_user_email(): void
    {
        // The admin from factory is not protected by default, but let's make one
        $protectedUser = User::factory()->create(['is_protected' => true]);
        $originalEmail = $protectedUser->email;

        $response = $this->actingAs($this->admin)->put("/loom/users/{$protectedUser->id}", [
            'name' => 'New Name',
            'email' => 'newemail@example.com',
        ]);

        $response->assertRedirect('/loom/users');
        $this->assertDatabaseHas('users', [
            'id' => $protectedUser->id,
            'name' => 'New Name',
            'email' => $originalEmail,
        ]);
    }

    public function test_admin_can_delete_user(): void
    {
        $user = User::factory()->create(['is_protected' => false]);

        $response = $this->actingAs($this->admin)->delete("/loom/users/{$user->id}");

        $response->assertRedirect('/loom/users');
        $this->assertDatabaseMissing('users', ['id' => $user->id]);
    }

    public function test_admin_cannot_delete_protected_user(): void
    {
        $protectedUser = User::factory()->create(['is_protected' => true]);

        $response = $this->actingAs($this->admin)->delete("/loom/users/{$protectedUser->id}");

        $response->assertSessionHas('error');
        $this->assertDatabaseHas('users', ['id' => $protectedUser->id]);
    }
}