hosting-backend/tests/Unit/PortfolioPolicyTest.php

<?php

namespace Tests\Unit;

use App\Models\Portfolio;
use App\Models\User;
use App\Policies\PortfolioPolicy;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;

class PortfolioPolicyTest extends TestCase
{
    use RefreshDatabase;

    private PortfolioPolicy $policy;
    private User $owner;
    private User $otherUser;
    private Portfolio $portfolio;

    protected function setUp(): void
    {
        parent::setUp();
        $this->policy = new PortfolioPolicy();
        $this->owner = User::factory()->create();
        $this->otherUser = User::factory()->create();
        $this->portfolio = Portfolio::factory()->create(['user_id' => $this->owner->id]);
    }

    /**
     * Test owner can view their portfolio.
     */
    public function test_owner_can_view_portfolio()
    {
        $this->assertTrue($this->policy->view($this->owner, $this->portfolio));
    }

    /**
     * Test non-owner cannot view portfolio.
     */
    public function test_non_owner_cannot_view_portfolio()
    {
        $this->assertFalse($this->policy->view($this->otherUser, $this->portfolio));
    }

    /**
     * Test owner can update their portfolio.
     */
    public function test_owner_can_update_portfolio()
    {
        $this->assertTrue($this->policy->update($this->owner, $this->portfolio));
    }

    /**
     * Test non-owner cannot update portfolio.
     */
    public function test_non_owner_cannot_update_portfolio()
    {
        $this->assertFalse($this->policy->update($this->otherUser, $this->portfolio));
    }

    /**
     * Test owner can delete their portfolio.
     */
    public function test_owner_can_delete_portfolio()
    {
        $this->assertTrue($this->policy->delete($this->owner, $this->portfolio));
    }

    /**
     * Test non-owner cannot delete portfolio.
     */
    public function test_non_owner_cannot_delete_portfolio()
    {
        $this->assertFalse($this->policy->delete($this->otherUser, $this->portfolio));
    }

    /**
     * Test owner can upload to active portfolio.
     */
    public function test_owner_can_upload_to_active_portfolio()
    {
        $activePortfolio = Portfolio::factory()->create([
            'user_id' => $this->owner->id,
            'active' => true,
        ]);

        $this->assertTrue($this->policy->upload($this->owner, $activePortfolio));
    }

    /**
     * Test owner cannot upload to inactive portfolio.
     */
    public function test_owner_cannot_upload_to_inactive_portfolio()
    {
        $inactivePortfolio = Portfolio::factory()->create([
            'user_id' => $this->owner->id,
            'active' => false,
        ]);

        $this->assertFalse($this->policy->upload($this->owner, $inactivePortfolio));
    }

    /**
     * Test non-owner cannot upload to active portfolio.
     */
    public function test_non_owner_cannot_upload_to_portfolio()
    {
        $activePortfolio = Portfolio::factory()->create([
            'user_id' => $this->owner->id,
            'active' => true,
        ]);

        $this->assertFalse($this->policy->upload($this->otherUser, $activePortfolio));
    }

    /**
     * Test owner can deploy their portfolio.
     */
    public function test_owner_can_deploy_portfolio()
    {
        $this->assertTrue($this->policy->deploy($this->owner, $this->portfolio));
    }

    /**
     * Test non-owner cannot deploy portfolio.
     */
    public function test_non_owner_cannot_deploy_portfolio()
    {
        $this->assertFalse($this->policy->deploy($this->otherUser, $this->portfolio));
    }

    /**
     * Test authorization checks are case-sensitive on user_id.
     */
    public function test_policy_checks_exact_user_id()
    {
        $portfolioForOwner = Portfolio::factory()->create(['user_id' => 1]);
        $userWithDifferentId = User::factory()->create();
        // Ensure user has different ID
        $this->assertNotEquals(1, $userWithDifferentId->id);

        $this->assertFalse($this->policy->view($userWithDifferentId, $portfolioForOwner));
    }

    /**
     * Test multiple users have separate authorization.
     */
    public function test_multiple_users_have_separate_authorization()
    {
        $user1 = User::factory()->create();
        $user2 = User::factory()->create();

        $portfolio1 = Portfolio::factory()->create(['user_id' => $user1->id]);
        $portfolio2 = Portfolio::factory()->create(['user_id' => $user2->id]);

        $this->assertTrue($this->policy->view($user1, $portfolio1));
        $this->assertFalse($this->policy->view($user1, $portfolio2));
        $this->assertTrue($this->policy->view($user2, $portfolio2));
        $this->assertFalse($this->policy->view($user2, $portfolio1));
    }
}