Дмитрий
110 lines
3.1 KiB
PHP
110 lines
3.1 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\Deal;
|
|
use App\Models\Project;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use Illuminate\Foundation\Testing\DatabaseTransactions;
|
|
use Illuminate\Support\Facades\DB;
|
|
|
|
/**
|
|
* Task 7 (audit-p1-auth): bulk activity_log rows must carry
|
|
* user_id, ip_address, user_agent from the current request.
|
|
*
|
|
* Three operations: transition / destroy / restore.
|
|
*/
|
|
uses(DatabaseTransactions::class);
|
|
|
|
beforeEach(function () {
|
|
$this->tenant = Tenant::factory()->create();
|
|
$this->user = User::factory()->for($this->tenant)->create();
|
|
$this->actingAs($this->user);
|
|
|
|
DB::statement('SET app.current_tenant_id = '.$this->tenant->id);
|
|
$this->project = Project::factory()->for($this->tenant)->create();
|
|
});
|
|
|
|
it('bulk transition записывает user_id и ip_address в activity_log', function () {
|
|
$deals = Deal::factory()->count(3)
|
|
->for($this->tenant)
|
|
->for($this->project)
|
|
->create(['status' => 'new']);
|
|
|
|
$this->withServerVariables(['REMOTE_ADDR' => '10.9.8.7'])
|
|
->postJson('/api/deals/transition', [
|
|
'ids' => $deals->pluck('id')->all(),
|
|
'status' => 'won',
|
|
])
|
|
->assertOk();
|
|
|
|
$rows = DB::table('activity_log')
|
|
->where('event', 'deal.status_changed')
|
|
->whereIn('deal_id', $deals->pluck('id'))
|
|
->get();
|
|
|
|
expect($rows)->toHaveCount(3);
|
|
|
|
foreach ($rows as $row) {
|
|
expect((int) $row->user_id)->toBe($this->user->id)
|
|
->and((string) $row->ip_address)->toBe('10.9.8.7');
|
|
}
|
|
});
|
|
|
|
it('bulk destroy записывает user_id и ip_address в activity_log', function () {
|
|
$deals = Deal::factory()->count(2)
|
|
->for($this->tenant)
|
|
->for($this->project)
|
|
->create();
|
|
|
|
$this->withServerVariables(['REMOTE_ADDR' => '192.168.1.1'])
|
|
->deleteJson('/api/deals', [
|
|
'ids' => $deals->pluck('id')->all(),
|
|
])
|
|
->assertOk();
|
|
|
|
$rows = DB::table('activity_log')
|
|
->where('event', 'deal.deleted')
|
|
->whereIn('deal_id', $deals->pluck('id'))
|
|
->get();
|
|
|
|
expect($rows)->toHaveCount(2);
|
|
|
|
foreach ($rows as $row) {
|
|
expect((int) $row->user_id)->toBe($this->user->id)
|
|
->and((string) $row->ip_address)->toBe('192.168.1.1');
|
|
}
|
|
});
|
|
|
|
it('bulk restore записывает user_id и ip_address в activity_log', function () {
|
|
$deals = Deal::factory()->count(2)
|
|
->for($this->tenant)
|
|
->for($this->project)
|
|
->create();
|
|
|
|
// Soft-delete first
|
|
$this->deleteJson('/api/deals', [
|
|
'ids' => $deals->pluck('id')->all(),
|
|
])->assertOk();
|
|
|
|
// Now restore
|
|
$this->withServerVariables(['REMOTE_ADDR' => '172.16.0.5'])
|
|
->postJson('/api/deals/restore', [
|
|
'ids' => $deals->pluck('id')->all(),
|
|
])
|
|
->assertOk();
|
|
|
|
$rows = DB::table('activity_log')
|
|
->where('event', 'deal.restored')
|
|
->whereIn('deal_id', $deals->pluck('id'))
|
|
->get();
|
|
|
|
expect($rows)->toHaveCount(2);
|
|
|
|
foreach ($rows as $row) {
|
|
expect((int) $row->user_id)->toBe($this->user->id)
|
|
->and((string) $row->ip_address)->toBe('172.16.0.5');
|
|
}
|
|
});
|