test(suspend): test that suspension works as expected (#3511)

Signed-off-by: Sami Mazouz <ilyasmazouz@gmail.com>
2025-08-06 16:36:47 +02:00 · 2022-07-08 19:24:59 +01:00
parent d82a73feed
commit d8d4eae9f5
10 changed files with 359 additions and 3 deletions
--- a/extensions/suspend/tests/integration/api/users/SuspendUserTest.php
+++ b/extensions/suspend/tests/integration/api/users/SuspendUserTest.php
@@ -0,0 +1,104 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Suspend\Tests\integration\api\users;
+
+use Carbon\Carbon;
+use Flarum\Testing\integration\RetrievesAuthorizedUsers;
+use Flarum\Testing\integration\TestCase;
+use Psr\Http\Message\ResponseInterface;
+
+class SuspendUserTest extends TestCase
+{
+    use RetrievesAuthorizedUsers;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->extension('flarum-suspend');
+
+        $this->prepareDatabase([
+            'users' => [
+                ['id' => 1, 'username' => 'Muralf', 'email' => 'muralf@machine.local', 'is_email_confirmed' => 1],
+                $this->normalUser(),
+                ['id' => 3, 'username' => 'acme', 'email' => 'acme@machine.local', 'is_email_confirmed' => 1],
+            ],
+            'groups' => [
+                ['id' => 5, 'name_singular' => 'Acme', 'name_plural' => 'Acme', 'is_hidden' => 0]
+            ],
+            'group_user' => [
+                ['user_id' => 3, 'group_id' => 5]
+            ],
+            'group_permission' => [
+                ['permission' => 'user.suspend', 'group_id' => 5]
+            ]
+        ]);
+    }
+
+    /**
+     * @dataProvider allowedToSuspendUser
+     * @test
+     */
+    public function can_suspend_user_if_allowed(?int $authenticatedAs, int $targetUserId, string $message)
+    {
+        $response = $this->sendSuspensionRequest($authenticatedAs, $targetUserId);
+
+        $this->assertEquals(200, $response->getStatusCode());
+    }
+
+    /**
+     * @dataProvider unallowedToSuspendUser
+     * @test
+     */
+    public function cannot_suspend_user_if_not_allowed(?int $authenticatedAs, int $targetUserId, string $message)
+    {
+        $response = $this->sendSuspensionRequest($authenticatedAs, $targetUserId);
+
+        $this->assertEquals(403, $response->getStatusCode());
+    }
+
+    public function allowedToSuspendUser(): array
+    {
+        return [
+            [1, 2, 'Admin can suspend any user'],
+            [1, 3, 'Admin can suspend any user'],
+            [3, 2, 'User with permission can suspend any user'],
+        ];
+    }
+
+    public function unallowedToSuspendUser(): array
+    {
+        return [
+            [1, 1, 'Admin cannot suspend self'],
+            [2, 2, 'User without permission cannot suspend self'],
+            [2, 3, 'User without permission cannot suspend other user'],
+            [3, 3, 'User with permission cannot suspend self'],
+            [3, 1, 'User with permission cannot suspend admin'],
+        ];
+    }
+
+    protected function sendSuspensionRequest(?int $authenticatedAs, int $targetUserId): ResponseInterface
+    {
+        return $this->send(
+            $this->request('PATCH', "/api/users/$targetUserId", [
+                'authenticatedAs' => $authenticatedAs,
+                'json' => [
+                    'data' => [
+                        'attributes' => [
+                            'suspendedUntil' => Carbon::now()->addDay(),
+                            'suspendReason' => 'Suspended for acme reasons.',
+                            'suspendMessage' => 'You have been suspended.',
+                        ]
+                    ]
+                ]
+            ])
+        );
+    }
+}