1. 首頁
  2. 問答
  3. 如何在Laravel中測試未經授權的方法?

如何在Laravel中測試未經授權的方法?

2017-08-30 39 views
2

我有控制器Post與典型的CRUD方法。 我有一個PostPolicy,其中:如何在Laravel中測試未經授權的方法?

public function destroy(User $user, Post $post) 
{ 
    $user->id === $post->author_id; 
}

我想寫測試這一點。當我檢查用戶是否刪除他自己的帖子 - 一切正常。

但是,當我測試,如果其他用戶的用戶可以刪除不屬於自己的崗位,laravel測試發送錯誤:

Illuminate\Auth\Access\AuthorizationException: This action is unauthorized.

如何繞過它或者有寫這個測試的另一種方法?

代碼

<?php 

namespace Tests\Feature; 

use Tests\TestCase; 
use App\Models\Feeds\Feed; 
use App\Models\User; 
use Tests\SphinxConnection; 
use Illuminate\Foundation\Testing\DatabaseMigrations; 
class PolicyTest extends TestCase 
{ 
    use DatabaseMigrations, 
     SphinxConnection; 

    public function testFeedPolicy() 
    { 
     $this->expectException(\Illuminate\Auth\Access\AuthorizationException::class); 

     $user1 = factory(User::class)->create([ 
      'id' => 1, 
     ]); 
     $user2 = factory(User::class)->create([ 
      'id' => 2, 
     ]); 

     factory(Post::class)->create([ 
      'id' => 27, 
      'editor_id' => 2, 
     ]); 
     factory(Post::class)->create([ 
      'id' => 30, 
      'editor_id' => 2, 
     ]); 

     $this->delete('/api/feeds/27', [], [ 
      'authorization' => "Bearer {$user2->api_token}", 
      'accept' => 'application/json', 
     ])->assertJson([ 

     ]);; 
     $this->delete('/api/feeds/30', [], [ 
      'authorization' => "Bearer {$user1->api_token}", 
      'accept' => 'application/json', 
     ])->assertJson([ 

     ]);; 
    } 
}

來源

2017-08-30 yrrtyrt

+0

你能顯示你的測試代碼嗎? –

+0

更新文章.... – yrrtyrt

+0

您使用的是什麼版本的Laravel 5? –

回答

0

您可以添加以下到您的測試方法的開頭:

$this->expectException(\Illuminate\Auth\Access\AuthorizationException::class);

編輯

您的測試方法可能看起來是這樣的:

/** @test */ 
function a_user_can_delete_their_own_post() 
{ 
    $user = factory(User::class)->create(); 

    $post = factory(Post::class)->create([ 
     'editor_id' => $user->id, 
    ]); 

    $this->actingAs($user); 

    $this 
     ->delete("/api/feeds/{$post->id}", [], [ 
      'authorization' => "Bearer {$user->api_token}", 
      'accept'  => 'application/json', 
     ]) 
     ->assertResponseOk(); 

    $this->assertFalse(Post::where('id', $post->id)->exists()); 
} 

/** @test */ 
function a_user_can_not_delete_a_post_they_do_not_own() 
{ 
    $this->expectException(\Illuminate\Auth\Access\AuthorizationException::class); 

    $user = factory(User::class)->create(); 

    $post = factory(Post::class)->create([ 
     'editor_id' => $user->id + 1, 
    ]); 

    $this->actingAs($user); 

    $this->delete("/api/feeds/{$post->id}", [], [ 
     'authorization' => "Bearer {$user->api_token}", 
     'accept'  => 'application/json', 
    ]); 
}

希望這有助於!

來源

2017-08-30 11:02:32

+0

測試將始終完成,即使用戶也無法刪除帖子。 – yrrtyrt

+0

當我添加你寫的字符串 - 測試總是OK,所以我沒想到結果。 – yrrtyrt

+0

@yrrtyrt您是否測試用戶可以刪除帖子,並且其他用戶無法使用相同方法(功能)刪除帖子? –

相關問題

 相關問題