planner; $userOne = User::factory()->planner($planner)->create(['name' => 'Melissa']); $userTwo = User::factory()->planner($planner)->create(['name' => 'Jochen']); $users = collect([$userOne, $userTwo]); $dishes = Dish::factory()->planner($planner)->count(rand(15, 20))->create(); $dishes->each(fn (Dish $dish) => $dish->users()->sync($users->pluck('id')->toArray())); $dateRangeStart = '2024-01-01'; $dateRangeEnd = '2024-01-07'; $period = CarbonPeriod::create($dateRangeStart, $dateRangeEnd); foreach ($period as $date) { $schedule = Schedule::factory()->planner($planner)->date($date)->create(); $users->each(function (User $user) use ($schedule) { $randomUserDish = $user->userDishes->random(); return ScheduledUserDish::factory() ->schedule($schedule) ->user($randomUserDish->user) ->userDish($randomUserDish) ->create(); }); } $randomScheduledUserDish = ScheduledUserDish::all()->random(); $this ->actingAs($planner) ->get(route('api.scheduled-user-dishes.show', $randomScheduledUserDish)) ->assertStatus(200) ->assertJson(fn (AssertableJson $json) => $json ->where('success', true) ->has('payload', fn ($json) => $json ->has('scheduled_user_dish', fn (AssertableJson $json) => $json ->where('id', $randomScheduledUserDish->id) ->where('is_skipped', false) ->has('schedule', fn (AssertableJson $json) => $json ->has('id') ->where('date', $randomScheduledUserDish->schedule->date->format('Y-m-d')) ) ->has('userDish', fn (AssertableJson $json) => $json ->has('id') ->has('user', fn (AssertableJson $json) => $json ->where('id', $randomScheduledUserDish->userDish->user->id) ->where('name', $randomScheduledUserDish->userDish->user->name) ) ->has('dish', fn (AssertableJson $json) => $json ->where('id', $randomScheduledUserDish->userDish->dish->id) ->where('planner_id', $planner->id) ->where('name', $randomScheduledUserDish->userDish->dish->name) ->has('users', 2) ) ->has('recurrences') ) ) ) ->where('errors', null) ); } public function test_planner_cannot_read_scheduled_user_dish_from_other_planner(): void { $planner = $this->planner; $otherPlanner = Planner::factory()->create(); $userOne = User::factory()->planner($otherPlanner)->create(['name' => 'Melissa']); $userTwo = User::factory()->planner($otherPlanner)->create(['name' => 'Jochen']); $users = collect([$userOne, $userTwo]); $dishes = Dish::factory()->planner($otherPlanner)->count(rand(15, 20))->create(); $dishes->each(fn (Dish $dish) => $dish->users()->sync($users->pluck('id')->toArray())); $dateRangeStart = '2024-01-01'; $dateRangeEnd = '2024-01-07'; $period = CarbonPeriod::create($dateRangeStart, $dateRangeEnd); foreach ($period as $date) { $schedule = Schedule::factory()->planner($otherPlanner)->date($date)->create(); $users->each(function (User $user) use ($schedule) { $randomUserDish = $user->userDishes->random(); return ScheduledUserDish::factory() ->schedule($schedule) ->user($randomUserDish->user) ->userDish($randomUserDish) ->create(); }); } $randomScheduledUserDish = ScheduledUserDish::all()->random(); $this ->actingAs($planner) ->get(route('api.scheduled-user-dishes.show', $randomScheduledUserDish)) ->assertStatus(403) ->assertJson(fn (AssertableJson $json) => $json ->where('success', false) ->where('payload', null) ->where('errors', [ "This action is unauthorized." ]) ); } }