Files
minicrm/tests/Feature/ClosingPermissionTest.php
phuongtc 3a8db5cae6
Some checks failed
Tests / PHP 8.3 (push) Has been cancelled
Tests / PHP 8.4 (push) Has been cancelled
Tests / PHP 8.5 (push) Has been cancelled
feat: granular permissions, export backup, user/role management
- PermissionSeeder: 29 permissions with role mapping (admin/manager/staff)
- Policies updated to use hasPermissionTo() instead of hasRole()
- ExportBackup command: JSON per-table backup with chunk processing
- UserResource: CRUD users with role assignment (admin only)
- RoleResource: CRUD roles with permission assignment (admin only)
- UserPolicy + RolePolicy: admin-only access control
- ImportCskh: detailed skip logging with color in dry-run mode
- Widgets: permission-based visibility checks
- Tests: 8/8 pass (21 assertions)
2026-05-02 04:47:10 +00:00

190 lines
7.1 KiB
PHP

<?php
use App\Models\Customer;
use App\Models\Department;
use App\Models\Feedback;
use App\Models\FeedbackAttachment;
use App\Models\FeedbackChannel;
use App\Models\User;
use App\Services\ClosingService;
use Spatie\Permission\Models\Permission;
use Spatie\Permission\Models\Role;
uses(\Illuminate\Foundation\Testing\RefreshDatabase::class);
beforeEach(function () {
app()[\Spatie\Permission\PermissionRegistrar::class]->forgetCachedPermissions();
// Create permissions
Permission::firstOrCreate(['name' => 'close-ticket']);
Permission::firstOrCreate(['name' => 'view-feedback']);
Permission::firstOrCreate(['name' => 'create-feedback']);
Permission::firstOrCreate(['name' => 'update-feedback']);
Permission::firstOrCreate(['name' => 'add-interaction']);
Permission::firstOrCreate(['name' => 'transfer-department']);
});
// ─── Scenario 1: Staff cannot close ticket ───────────────────────────
test('staff cannot close ticket - returns 403 forbidden', function () {
$staffRole = Role::create(['name' => 'staff']);
$staffRole->givePermissionTo(['view-feedback', 'create-feedback', 'update-feedback', 'add-interaction']);
$staff = User::factory()->create();
$staff->assignRole('staff');
$channel = FeedbackChannel::create(['name' => 'Email', 'slug' => 'email']);
$customer = Customer::create(['name' => 'Test Customer', 'email' => 'test@test.com']);
$feedback = Feedback::create([
'customer_id' => $customer->id,
'feedback_channel_id' => $channel->id,
'title' => 'Test Feedback',
'content' => 'Test content',
'status' => 'resolved',
]);
$this->actingAs($staff);
$closingService = app(ClosingService::class);
try {
$closingService->close($feedback, $staff);
$this->fail('Expected HttpException (403) but none thrown.');
} catch (\Symfony\Component\HttpKernel\Exception\HttpException $e) {
expect($e->getStatusCode())->toBe(403);
expect($e->getMessage())->toBe('Chỉ lãnh đạo cấp phòng mới có quyền đóng phiếu.');
}
expect($feedback->fresh()->status)->toBe('resolved');
});
// ─── Scenario 2: Manager cannot close without proof_of_resolution ────
test('manager cannot close ticket without proof_of_resolution evidence', function () {
$managerRole = Role::create(['name' => 'manager']);
$managerRole->givePermissionTo(['close-ticket', 'view-feedback', 'create-feedback', 'update-feedback', 'transfer-department']);
$manager = User::factory()->create();
$manager->assignRole('manager');
$dept = Department::create(['name' => 'CSKH', 'manager_id' => $manager->id]);
$channel = FeedbackChannel::create(['name' => 'Email', 'slug' => 'email-2']);
$customer = Customer::create(['name' => 'Test Customer 2', 'email' => 'test2@test.com']);
$feedback = Feedback::create([
'customer_id' => $customer->id,
'feedback_channel_id' => $channel->id,
'title' => 'Test Feedback 2',
'content' => 'Test content',
'status' => 'resolved',
'current_department_id' => $dept->id,
]);
$this->actingAs($manager);
$closingService = app(ClosingService::class);
try {
$closingService->close($feedback, $manager);
$this->fail('Expected ValidationException but none thrown.');
} catch (\Illuminate\Validation\ValidationException $e) {
expect($e->errors()['status'][0])->toBe('Yêu cầu cung cấp tài liệu bằng chứng để hoàn tất quy trình.');
}
expect($feedback->fresh()->status)->toBe('resolved');
});
// ─── Scenario 2b: Manager CAN close with proof_of_resolution ─────────
test('manager can close ticket with proof_of_resolution evidence', function () {
\Illuminate\Support\Facades\Notification::fake();
$managerRole = Role::create(['name' => 'manager']);
$managerRole->givePermissionTo(['close-ticket', 'view-feedback', 'create-feedback', 'update-feedback', 'transfer-department']);
$manager = User::factory()->create();
$manager->assignRole('manager');
$dept = Department::create(['name' => 'Ky Thuat', 'manager_id' => $manager->id]);
$channel = FeedbackChannel::create(['name' => 'Phone', 'slug' => 'phone']);
$customer = Customer::create(['name' => 'Test Customer 3', 'email' => 'test3@test.com']);
$feedback = Feedback::create([
'customer_id' => $customer->id,
'feedback_channel_id' => $channel->id,
'title' => 'Test Feedback 3',
'content' => 'Test content',
'status' => 'resolved',
'current_department_id' => $dept->id,
]);
FeedbackAttachment::create([
'uuid' => 'test-uuid-123',
'feedback_id' => $feedback->id,
'user_id' => $manager->id,
'name' => 'proof.pdf',
'path' => 'feedback-attachments/proof.pdf',
'disk' => 'local',
'collection' => 'proof_of_resolution',
'mime_type' => 'application/pdf',
'size' => 1024,
]);
$this->actingAs($manager);
$closingService = app(ClosingService::class);
$closingService->close($feedback, $manager);
expect($feedback->fresh()->status)->toBe('closed');
});
// ─── Scenario 2c: Manager cannot close ticket from other department ──
test('manager cannot close ticket from department they do not manage', function () {
$managerRole = Role::create(['name' => 'manager']);
$managerRole->givePermissionTo(['close-ticket', 'view-feedback', 'create-feedback', 'update-feedback', 'transfer-department']);
$manager = User::factory()->create();
$manager->assignRole('manager');
$deptA = Department::create(['name' => 'CSKH', 'manager_id' => $manager->id]);
$deptB = Department::create(['name' => 'Ky Thuat', 'manager_id' => null]);
$channel = FeedbackChannel::create(['name' => 'Phone', 'slug' => 'phone-2']);
$customer = Customer::create(['name' => 'Test Customer 4', 'email' => 'test4@test.com']);
$feedback = Feedback::create([
'customer_id' => $customer->id,
'feedback_channel_id' => $channel->id,
'title' => 'Test Feedback 4',
'content' => 'Test content',
'status' => 'resolved',
'current_department_id' => $deptB->id,
]);
FeedbackAttachment::create([
'uuid' => 'test-uuid-456',
'feedback_id' => $feedback->id,
'user_id' => $manager->id,
'name' => 'proof.pdf',
'path' => 'feedback-attachments/proof2.pdf',
'disk' => 'local',
'collection' => 'proof_of_resolution',
'mime_type' => 'application/pdf',
'size' => 1024,
]);
$this->actingAs($manager);
$closingService = app(ClosingService::class);
try {
$closingService->close($feedback, $manager);
$this->fail('Expected HttpException (403) but none thrown.');
} catch (\Symfony\Component\HttpKernel\Exception\HttpException $e) {
expect($e->getStatusCode())->toBe(403);
expect($e->getMessage())->toBe('Bạn chỉ có thể đóng phiếu thuộc phòng ban mình quản lý.');
}
expect($feedback->fresh()->status)->toBe('resolved');
});