tracer/speedBB
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Add ACP user deletion and split frontend bundles
All checks were successful
CI/CD Pipeline / deploy (push) Successful in 30s
Details
CI/CD Pipeline / promote_stable (push) Successful in 2s
Details

Browse Source
This commit is contained in:
tracer
2026-03-17 16:49:11 +01:00
parent ef84b73cb5
commit a2fe31925f
12 changed files with 442 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
tests/Feature/UserControllerTest.php
View File

@@ -164,6 +164,39 @@ it('allows admins to update user rank', function (): void {
expect($target->rank_id)->toBe($rank->id);
});
it('allows admins to delete users', function (): void {
$admin = makeAdmin();
$target = User::factory()->create();
Sanctum::actingAs($admin);
$response = $this->deleteJson("/api/users/{$target->id}");
$response->assertStatus(204);
$this->assertDatabaseMissing('users', ['id' => $target->id]);
});
it('forbids deleting founder user when actor is not founder', function (): void {
$admin = makeAdmin();
$founderRole = Role::firstOrCreate(['name' => 'ROLE_FOUNDER'], ['color' => '#111111']);
$founder = User::factory()->create();
$founder->roles()->attach($founderRole);
Sanctum::actingAs($admin);
$response = $this->deleteJson("/api/users/{$founder->id}");
$response->assertStatus(403);
});
it('prevents admins from deleting their own account', function (): void {
$admin = makeAdmin();
Sanctum::actingAs($admin);
$response = $this->deleteJson("/api/users/{$admin->id}");
$response->assertStatus(422);
$response->assertJsonFragment(['message' => 'You cannot delete your own account.']);
});
it('rejects update without admin role', function (): void {
$user = User::factory()->create();
$target = User::factory()->create();