diff --git a/app/Http/Controllers/Api/EvaluationsController.php b/app/Http/Controllers/Api/EvaluationsController.php
index 66a93178fdbeb8783044d8ab5ec9a4608e41d3a4..137efff427f869aa3efb389ad27b37c697173e5c 100644
--- a/app/Http/Controllers/Api/EvaluationsController.php
+++ b/app/Http/Controllers/Api/EvaluationsController.php
@@ -29,6 +29,12 @@ public function get(int $id)
return Evaluation::find($id);
}
+ /**
+ * Enregistre l'évaluation en tant que terminée (validation sur l'étape en cours)
+ * @param Request $request
+ * @param $id
+ * @return void
+ */
public function save(Request $request, $id = null)
{
// TODO
@@ -38,5 +44,7 @@ public function save(Request $request, $id = null)
public function delete(int $id = null)
{
+ // TODO filter by organization if not admin
+ abort(403);
}
}
diff --git a/app/Models/Evaluation.php b/app/Models/Evaluation.php
index 93236d6ce85ac0398af8081c3274b9fd70f0c46a..f5f392371bd2b55d0543dac51d676cf1e2c5279e 100644
--- a/app/Models/Evaluation.php
+++ b/app/Models/Evaluation.php
@@ -25,6 +25,8 @@
* @property int $organization_id
* @property int $current_step
* @property int $current_step_status
+ * @property string $author
+ * @property string $updated_by
*/
class Evaluation extends Model
{
diff --git a/database/seeders/OrganizationSeeder.php b/database/seeders/OrganizationSeeder.php
index 4f6d7094e4ac70ded665e03de554229b28460fc3..e7b0916113b4966b52e3bb9f97deb3966a648c6b 100644
--- a/database/seeders/OrganizationSeeder.php
+++ b/database/seeders/OrganizationSeeder.php
@@ -19,9 +19,9 @@ class OrganizationSeeder extends Seeder
*/
public function run()
{
- Organization::factory(10)->create()->each(function (Organization $org) {
- $org->users()->saveMany(User::factory(8)->make());
- $org->evaluations()->saveMany(Evaluation::factory(8)->make());
+ Organization::factory(5)->create()->each(function (Organization $org) {
+ $org->users()->saveMany(User::factory(5)->make());
+ $org->evaluations()->saveMany(Evaluation::factory(5)->make());
foreach ($org->evaluations as $eval) {
if ($eval->current_step > 1) {
diff --git a/tests/Feature/EvaluationsControllerTest.php b/tests/Feature/EvaluationsControllerTest.php
new file mode 100644
index 0000000000000000000000000000000000000000..213269b49cc4c697a683ac623f29f36ae8aeb0ff
--- /dev/null
+++ b/tests/Feature/EvaluationsControllerTest.php
@@ -0,0 +1,275 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\Models\Evaluation;
+use App\Models\Organization;
+use App\Models\User;
+use Carbon\Carbon;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class EvaluationsControllerTest extends TestCase
+{
+ use RefreshDatabase;
+
+ /**
+ * Test get all.
+ *
+ * @return void
+ */
+ public function testAdminUserCanGetAllEvaluations()
+ {
+ $user = User::where('role', User::ROLE_ADMIN)->first();
+ $response = $this->actingAs($user)->getJson(route('api.evaluations.all'));
+
+ if ($response->exception) {
+ dump($response->exception);
+ }
+
+ $response->assertOk();
+
+ $evals = Evaluation::with(['organization', 'dangerLevels', 'evaluationMeasures'])->get();
+
+ $this->assertEquals($evals->toArray(), $response->json());
+ }
+
+ /**
+ * Test get all.
+ *
+ * @return void
+ */
+ public function testUserCanOnlyGetEvaluationsFromOwnOrganization()
+ {
+ $user = User::where('role', User::ROLE_USER)->first();
+ $response = $this->actingAs($user)->getJson(route('api.evaluations.all'));
+
+ $response->assertOk();
+
+ $evals = Evaluation::with(['organization', 'dangerLevels', 'evaluationMeasures'])
+ ->where('organization_id', $user->organization_id)
+ ->get()
+ ;
+
+ $this->assertEquals($evals->toArray(), $response->json());
+ }
+
+
+ /**
+ * Test get all.
+ *
+ * @return void
+ */
+ public function testManagerCanOnlyGetEvaluationsFromOwnOrganization()
+ {
+ $user = User::where('role', User::ROLE_MANAGER)->first();
+ $response = $this->actingAs($user)->getJson(route('api.evaluations.all'));
+
+ $response->assertOk();
+
+ $evals = Evaluation::with(['organization', 'dangerLevels', 'evaluationMeasures'])
+ ->where('organization_id', $user->organization_id)
+ ->get()
+ ;
+
+ $this->assertEquals($evals->toArray(), $response->json());
+ }
+
+ /**
+ * test delete.
+ */
+ public function testAdminCanDeleteAnyEvaluation()
+ {
+ $user = User::where('role', User::ROLE_ADMIN)->first();
+
+ $eval = Evaluation::first();
+
+ $response = $this->actingAs($user)->deleteJson(route('api.evaluations.delete', ['id' => $eval->id]));
+
+ $response->assertStatus(204);
+ }
+
+ /**
+ * test delete.
+ */
+ public function testManagerCanDeleteEvaluationInOwnOrganization()
+ {
+ $user = User::where('role', User::ROLE_MANAGER)->first();
+
+ $eval = Evaluation::where('organization_id', $user->organization_id)->first();
+
+ $response = $this->actingAs($user)->deleteJson(route('api.evaluations.delete', ['id' => $eval->id]));
+
+ $response->assertStatus(204);
+ }
+
+ /**
+ * test delete.
+ */
+ public function testManagerCannotDeleteEvaluationInOtherOrganization()
+ {
+ $user = User::where('role', User::ROLE_MANAGER)->first();
+
+ $eval = Evaluation::where('organization_id', '!=', $user->organization_id)->first();
+
+ $response = $this->actingAs($user)->deleteJson(route('api.evaluations.delete', ['id' => $eval->id]));
+
+ $response->assertStatus(403);
+ }
+
+ /**
+ * test delete.
+ */
+ public function testUserCannotDeleteEvaluation()
+ {
+ $user = User::where('role', User::ROLE_USER)->first();
+
+ $eval = Evaluation::where('organization_id', $user->organization_id)->first();
+
+ $response = $this->actingAs($user)->deleteJson(route('api.evaluations.delete', ['id' => $eval->id]));
+
+ $response->assertStatus(403);
+ }
+
+ public function testPostEvaluationShouldCreateDraftEvaluation()
+ {
+ $user = User::where('role', User::ROLE_MANAGER)->first();
+
+ $eval = [
+ 'organization_id' => $user->organization_id,
+ 'current_step' => 1,
+ ];
+
+ $nextId = Evaluation::orderBy('id', 'desc')->first()->id + 1;
+
+ $response = $this->actingAs($user)->postJson(route('api.evaluations.post'), $eval);
+ $response->assertOk();
+
+ $data = $response->json();
+
+ $this->assertEquals([
+ 'id' => $nextId,
+ 'status' => Evaluation::STATUS_ONGOING,
+ 'current_step' => 1,
+ 'current_step_status' => Evaluation::STATUS_ONGOING,
+ 'author' => $user->firstname . ' ' . $user->lastname,
+ 'updated_by' => $user->firstname . ' ' . $user->lastname,
+ 'organization_id' => $user->organization_id,
+ 'organization' => $user->organization->toArray(),
+ 'created_at' => Carbon::now()->format('Y-m-d H:i:s'),
+ 'updated_at' => Carbon::now()->format('Y-m-d H:i:s'),
+ 'danger_levels' => [],
+ 'evaluation_measures' => [],
+ ], $data);
+
+ $dbEval = Evaluation::with(['organization', 'dangerLevels', 'evaluationMeasures'])->find($nextId);
+
+ $this->assertNotNull($dbEval);
+
+ $this->assertEquals($dbEval->toArray(), $data);
+ }
+
+
+ public function testPutDraftEvaluationShouldSaveDraftEvaluation()
+ {
+ $user = User::where('role', User::ROLE_MANAGER)->first();
+
+ $eval = Evaluation::where('organization_id', $user->organization_id)->first()->toArray();
+
+ $eval['current_step'] += 1;
+ $eval['draft'] = 1;
+
+ $response = $this->actingAs($user)->putJson(route('api.evaluations.put', ['id' => $eval['id']]), $eval);
+ $response->assertOk();
+
+ $data = $response->json();
+
+ $this->assertEquals([
+ 'id' => $eval['id'],
+ 'status' => Evaluation::STATUS_ONGOING,
+ 'current_step' => $eval['current_step'],
+ 'current_step_status' => Evaluation::STATUS_ONGOING,
+ 'author' => $user->firstname . ' ' . $user->lastname,
+ 'updated_by' => $user->firstname . ' ' . $user->lastname,
+ 'organization_id' => $user->organization_id,
+ 'organization' => $user->organization->toArray(),
+ 'created_at' => Carbon::now()->format('Y-m-d H:i:s'),
+ 'updated_at' => Carbon::now()->format('Y-m-d H:i:s'),
+ 'danger_levels' => [],
+ 'evaluation_measures' => [],
+ ], $data);
+
+ $dbEval = Evaluation::with(['organization', 'dangerLevels', 'evaluationMeasures'])->find($eval['id']);
+
+ $this->assertNotNull($dbEval);
+
+ $this->assertEquals($dbEval->toArray(), $data);
+ }
+
+ public function testPutEvaluationShouldSaveEvaluationWithFinishedStep()
+ {
+ $user = User::where('role', User::ROLE_MANAGER)->first();
+
+ $eval = Evaluation::where('organization_id', $user->organization_id)
+ ->where('current_step', '<', 5)
+ ->first()
+ ->toArray();
+
+ $eval['draft'] = 0;
+
+ $response = $this->actingAs($user)->putJson(route('api.evaluations.put', ['id' => $eval['id']]), $eval);
+ $response->assertOk();
+
+ $data = $response->json();
+
+ $this->assertEquals([
+ 'id' => $eval['id'],
+ 'status' => Evaluation::STATUS_DONE,
+ 'current_step' => $eval['current_step'],
+ 'current_step_status' => Evaluation::STATUS_DONE,
+ 'author' => $user->firstname . ' ' . $user->lastname,
+ 'updated_by' => $user->firstname . ' ' . $user->lastname,
+ 'organization_id' => $user->organization_id,
+ 'organization' => $user->organization->toArray(),
+ 'created_at' => Carbon::now()->format('Y-m-d H:i:s'),
+ 'updated_at' => Carbon::now()->format('Y-m-d H:i:s'),
+ 'danger_levels' => [],
+ 'evaluation_measures' => [],
+ ], $data);
+
+ $dbEval = Evaluation::with(['organization', 'dangerLevels', 'evaluationMeasures'])->find($eval['id']);
+
+ $this->assertNotNull($dbEval);
+
+ $this->assertEquals($dbEval->toArray(), $data);
+ }
+
+ public function testManagerCannotCreateEvaluationInOtherOrganization()
+ {
+ $user = User::where('role', User::ROLE_MANAGER)->first();
+
+ $org = Organization::where('id', '!=', $user->organization_id)->inRandomORder()->first();
+
+ $eval = [
+ 'organization_id' => $org->id,
+ 'current_step' => 1,
+ ];
+
+ $response = $this->actingAs($user)->postJson(route('api.evaluations.post'), $eval);
+ $response->assertStatus(403);
+ }
+
+ public function testUserCannotCreateEvaluation()
+ {
+ $user = User::where('role', User::ROLE_USER)->first();
+
+ $eval = [
+ 'organization_id' => $user->organization_id,
+ 'current_step' => 1,
+ ];
+
+ $response = $this->actingAs($user)->postJson(route('api.evaluations.post'), $eval);
+ $response->assertStatus(403);
+ }
+
+}