From 9d8ae685f608681a1a4b480fc077a131394ae995 Mon Sep 17 00:00:00 2001
From: philipp lang <philipp@aweos.de>
Date: Wed, 8 Mar 2023 00:04:00 +0100
Subject: [PATCH] Add destroy test

---
 src/MediaController.php       |  3 +++
 tests/Feature/DestroyTest.php | 35 +++++++++++++++++++++++++++++++++++
 tests/Feature/IndexTest.php   | 10 ++++++++++
 tests/Feature/UpdateTest.php  | 16 ++++++++++++++++
 tests/TestCase.php            |  1 +
 5 files changed, 65 insertions(+)
 create mode 100644 tests/Feature/DestroyTest.php

diff --git a/src/MediaController.php b/src/MediaController.php
index b72bc10..e2081de 100644
--- a/src/MediaController.php
+++ b/src/MediaController.php
@@ -62,6 +62,8 @@ class MediaController
 
     public function update(Request $request, Media $media): MediaData
     {
+        $this->authorize('updateMedia', $media->model);
+
         $rules = collect($media->model->getMediaCollection($media->collection_name)->runCallback('withPropertyValidation', $media->file_name))
             ->mapWithKeys(fn ($rule, $key) => ["properties.{$key}" => $rule])->toArray();
 
@@ -76,6 +78,7 @@ class MediaController
     {
         $model = app('media-library-helpers')->get($parentModel);
         $model = $model::find($parentId);
+        $this->authorize('listMedia', $model);
         $isSingle = 1 === $model->getMediaCollection($collection)->collectionSizeLimit;
 
         abort_if($isSingle && !$model->getFirstMedia($collection), 404);
diff --git a/tests/Feature/DestroyTest.php b/tests/Feature/DestroyTest.php
new file mode 100644
index 0000000..7314248
--- /dev/null
+++ b/tests/Feature/DestroyTest.php
@@ -0,0 +1,35 @@
+<?php
+
+namespace Zoomyboy\MedialibraryHelper\Tests\Feature;
+
+test('it deletes multiple media', function () {
+    $this->auth()->registerModel();
+    $post = $this->newPost();
+    $post->addMedia($this->pdfFile()->getPathname())->withCustomProperties(['test' => 'old'])->preservingOriginal()->toMediaCollection('multipleForced');
+    $post->addMedia($this->pdfFile()->getPathname())->withCustomProperties(['test' => 'old'])->preservingOriginal()->toMediaCollection('multipleForced');
+    $media = $post->getFirstMedia('multipleForced');
+
+    $this->deleteJson("/mediaupload/{$media->id}")->assertStatus(200);
+
+    $this->assertCount(1, $post->fresh()->getMedia('multipleForced'));
+});
+
+test('it deletes single media', function () {
+    $this->auth()->registerModel();
+    $post = $this->newPost();
+    $post->addMedia($this->pdfFile()->getPathname())->withCustomProperties(['test' => 'old'])->preservingOriginal()->toMediaCollection('defaultSingleFile');
+    $media = $post->getFirstMedia('defaultSingleFile');
+
+    $this->deleteJson("/mediaupload/{$media->id}")->assertStatus(200);
+
+    $this->assertCount(0, $post->fresh()->getMedia('defaultSingleFile'));
+});
+
+test('it needs authorization', function () {
+    $this->auth(['destroyMedia' => false])->registerModel();
+    $post = $this->newPost();
+    $post->addMedia($this->pdfFile()->getPathname())->withCustomProperties(['test' => 'old'])->preservingOriginal()->toMediaCollection('defaultSingleFile');
+    $media = $post->getFirstMedia('defaultSingleFile');
+
+    $this->deleteJson("/mediaupload/{$media->id}")->assertStatus(403);
+});
diff --git a/tests/Feature/IndexTest.php b/tests/Feature/IndexTest.php
index 9f6d456..02bd2c6 100644
--- a/tests/Feature/IndexTest.php
+++ b/tests/Feature/IndexTest.php
@@ -28,6 +28,16 @@ test('it gets media for single', function () {
     $response->assertJsonPath('properties.test', 'old');
 });
 
+test('it checks for authorization', function () {
+    $this->auth(['listMedia' => false])->registerModel();
+    $post = $this->newPost();
+    $post->addMedia($this->pdfFile()->getPathname())->withCustomProperties(['test' => 'old'])->preservingOriginal()->toMediaCollection('images');
+
+    $response = $this->getJson("/mediaupload/post/{$post->id}/images");
+
+    $response->assertStatus(403);
+});
+
 test('it returns 404 when media not found', function () {
     $this->auth()->registerModel();
     $post = $this->newPost();
diff --git a/tests/Feature/UpdateTest.php b/tests/Feature/UpdateTest.php
index 731666d..70b3d20 100644
--- a/tests/Feature/UpdateTest.php
+++ b/tests/Feature/UpdateTest.php
@@ -37,3 +37,19 @@ test('it validates a single files properties', function () {
     $response->assertStatus(422);
     $response->assertJsonValidationErrors('properties.test');
 });
+
+test('it checks for authorization', function () {
+    $this->auth(['updateMedia' => false])->registerModel();
+    $post = $this->newPost();
+    $post->addMedia($this->pdfFile()->getPathname())->preservingOriginal()->toMediaCollection('multipleProperties');
+    $media = $post->getFirstMedia('multipleProperties');
+
+    $response = $this->patchJson("/mediaupload/{$media->id}", [
+        'properties' => [
+            'test' => 'new',
+            'missing' => 'value',
+        ],
+    ]);
+
+    $response->assertStatus(403);
+});
diff --git a/tests/TestCase.php b/tests/TestCase.php
index 44e8f5d..f9dff79 100644
--- a/tests/TestCase.php
+++ b/tests/TestCase.php
@@ -64,6 +64,7 @@ class TestCase extends BaseTestCase
             'storeMedia' => true,
             'updateMedia' => true,
             'destroyMedia' => true,
+            'listMedia' => true,
             ...$policies,
         ];