diff --git a/app/Http/Controllers/Admin/EventController.php b/app/Http/Controllers/Admin/EventController.php index 42a28f2..972bfe7 100644 --- a/app/Http/Controllers/Admin/EventController.php +++ b/app/Http/Controllers/Admin/EventController.php @@ -37,8 +37,9 @@ class EventController extends Controller public function destroy(Request $request, Event $event) { - if (! Auth::user()->is_admin) { - abort(403); + if ($event->auditions()->count() > 0) { + return redirect()->route('admin.events.index')->with('error', + 'Cannot delete an event with auditions'); } $event->delete(); diff --git a/tests/Feature/Pages/Setup/EventsTest.php b/tests/Feature/Pages/Setup/EventsTest.php new file mode 100644 index 0000000..09f452a --- /dev/null +++ b/tests/Feature/Pages/Setup/EventsTest.php @@ -0,0 +1,153 @@ +assertOk(); +}); +it('does not allow normal users to manage events', function () { + // Arrange + actAsNormal(); + // Act & Assert + get(route('admin.events.index')) + ->assertRedirect(route('dashboard')) + ->assertSessionHas('error', 'You are not authorized to perform this action'); +}); +it('does not allow a guest to manage events', function () { + // Act & Assert + get(route('admin.events.index')) + ->assertRedirect(route('home')); +}); +it('shows a line for each event', function () { + // Arrange + $events = Event::factory()->count(3)->create(); + // Act & Assert + actAsAdmin(); + get(route('admin.events.index')) + ->assertOk() + ->assertSee($events[0]->name) + ->assertSee($events[1]->name) + ->assertSee($events[2]->name); +}); +it('shows a count of auditions in each event', function () { + // Arrange + $noAuditionEvent = Event::factory()->create(); + $fiveAuditionEvent = Event::factory()->hasAuditions(5)->create(); + actAsAdmin(); + // Act & Assert + get(route('admin.events.index')) + ->assertOk() + ->assertSee($noAuditionEvent->name.', 0 Audition') + ->assertSee($fiveAuditionEvent->name.', 5 Audition'); +}); +it('has a delete link only for events with no auditions', function () { + $noAuditionEvent = Event::factory()->create(); + $fiveAuditionEvent = Event::factory()->hasAuditions(5)->create(); + actAsAdmin(); + get(route('admin.events.index')) + ->assertOk() + ->assertSee(route('admin.events.destroy', $noAuditionEvent)) + ->assertDontSee(route('admin.events.destroy', $fiveAuditionEvent)); +}); +it('can delete an event', function () { + // Arrange + $noAuditionEvent = Event::factory()->create(); + $fiveAuditionEvent = Event::factory()->hasAuditions(5)->create(); + actAsAdmin(); + // Act & Assert + /** @noinspection PhpUnhandledExceptionInspection */ + delete(route('admin.events.destroy', $noAuditionEvent)) + ->assertRedirect(route('admin.events.index')) + ->assertSessionHasNoErrors() + ->assertSessionHas('success', 'Event deleted successfully'); + get(route('admin.events.index')) + ->assertOk() + ->assertDontSee($noAuditionEvent->name) + ->assertSee($fiveAuditionEvent->name); +}); +it('does not allow a normal user to delete an event', function () { + // Arrange + $noAuditionEvent = Event::factory()->create(); + actAsNormal(); + // Act & Assert + /** @noinspection PhpUnhandledExceptionInspection */ + delete(route('admin.events.destroy', $noAuditionEvent)) + ->assertRedirect(route('dashboard')) + ->assertSessionHasNoErrors() + ->assertSessionHas('error', 'You are not authorized to perform this action'); + actAsAdmin(); + get(route('admin.events.index')) + ->assertOk() + ->assertSee($noAuditionEvent->name); +}); +it('does not allow a guest to delete an event', function () { + // Arrange + $noAuditionEvent = Event::factory()->create(); + // Act & Assert + /** @noinspection PhpUnhandledExceptionInspection */ + delete(route('admin.events.destroy', $noAuditionEvent)) + ->assertRedirect(route('home')) + ->assertSessionHasNoErrors(); + actAsAdmin(); + get(route('admin.events.index')) + ->assertOk() + ->assertSee($noAuditionEvent->name); +}); +it('cannot delete an event with auditions', function () { + // Arrange + $event = Event::factory()->hasAuditions(5)->create(); + actAsAdmin(); + // Act & Assert + /** @noinspection PhpUnhandledExceptionInspection */ + delete(route('admin.events.destroy', $event)) + ->assertRedirect(route('admin.events.index')) + ->assertSessionHas('error', 'Cannot delete an event with auditions'); + get(route('admin.events.index')) + ->assertOk() + ->assertSee($event->name); +}); +it('has a form to add an event', function () { + // Arrange + actAsAdmin(); + // Act & Assert + get(route('admin.events.index')) + ->assertOk() + ->assertSee('Add New Event') + ->assertSee(route('admin.events.store')); +}); +it('allows an admin to add an event', function () { + $newEvent = Event::factory()->make(); + actAsAdmin(); + /** @noinspection PhpUnhandledExceptionInspection */ + post(route('admin.events.store'), ['name' => $newEvent->name]) + ->assertRedirect(route('admin.events.index')) + ->assertSessionHasNoErrors() + ->assertSessionHas('success', 'Event created successfully'); + get(route('admin.events.index')) + ->assertOk() + ->assertSee($newEvent->name); +}); +it('does not allow a guest or normal user to add an event', function () { + // Arrange + $newEvent = Event::factory()->make(); + // Act & Assert + /** @noinspection PhpUnhandledExceptionInspection */ + post(route('admin.events.store'), ['name' => $newEvent->name]) + ->assertRedirect(route('home')) + ->assertSessionHasNoErrors(); + actAsNormal(); + /** @noinspection PhpUnhandledExceptionInspection */ + post(route('admin.events.store'), ['name' => $newEvent->name]) + ->assertRedirect(route('dashboard')) + ->assertSessionHasNoErrors() + ->assertSessionHas('error', 'You are not authorized to perform this action'); +});