我有控制器Post
與典型的CRUD方法。 我有一個PostPolicy,其中:如何在Laravel中測試未經授權的方法?
public function destroy(User $user, Post $post)
{
$user->id === $post->author_id;
}
我想寫測試這一點。當我檢查用戶是否刪除他自己的帖子 - 一切正常。
但是,當我測試,如果其他用戶的用戶可以刪除不屬於自己的崗位,laravel測試發送錯誤:
Illuminate\Auth\Access\AuthorizationException: This action is unauthorized.
如何繞過它或者有寫這個測試的另一種方法?
代碼
<?php
namespace Tests\Feature;
use Tests\TestCase;
use App\Models\Feeds\Feed;
use App\Models\User;
use Tests\SphinxConnection;
use Illuminate\Foundation\Testing\DatabaseMigrations;
class PolicyTest extends TestCase
{
use DatabaseMigrations,
SphinxConnection;
public function testFeedPolicy()
{
$this->expectException(\Illuminate\Auth\Access\AuthorizationException::class);
$user1 = factory(User::class)->create([
'id' => 1,
]);
$user2 = factory(User::class)->create([
'id' => 2,
]);
factory(Post::class)->create([
'id' => 27,
'editor_id' => 2,
]);
factory(Post::class)->create([
'id' => 30,
'editor_id' => 2,
]);
$this->delete('/api/feeds/27', [], [
'authorization' => "Bearer {$user2->api_token}",
'accept' => 'application/json',
])->assertJson([
]);;
$this->delete('/api/feeds/30', [], [
'authorization' => "Bearer {$user1->api_token}",
'accept' => 'application/json',
])->assertJson([
]);;
}
}
你能顯示你的測試代碼嗎? –
更新文章.... – yrrtyrt
您使用的是什麼版本的Laravel 5? –