From 92d83d9f9a505f33e9f7a6362ebe0a71bedec713 Mon Sep 17 00:00:00 2001
From: Romulus21 <romain@delanoe.me>
Date: Sat, 15 Aug 2020 12:13:09 +0200
Subject: [PATCH] add staff remove & staff invite test

---
 app/Http/Controllers/EventController.php      | 12 ++-
 app/Http/Resources/User.php                   |  2 +-
 app/Models/User.php                           |  2 +-
 app/Policies/EventPolicy.php                  | 10 +-
 ...08_15_173607_create_event_guest_table.php} |  0
 routes/api.php                                |  5 +-
 tests/Feature/EventsTest.php                  | 91 ++++++++++++++++++-
 7 files changed, 111 insertions(+), 11 deletions(-)
 rename database/migrations/{2020_08_09_173607_create_event_guest_table.php => 2020_08_15_173607_create_event_guest_table.php} (100%)

diff --git a/app/Http/Controllers/EventController.php b/app/Http/Controllers/EventController.php
index f8555e6..98cd496 100644
--- a/app/Http/Controllers/EventController.php
+++ b/app/Http/Controllers/EventController.php
@@ -110,7 +110,17 @@ class EventController extends Controller
 
         $this->authorize('delete', $event);
 
-        $event->guests()->updateExistingPivot($user, array('is_staff' => 1), false);
+        $event->guests()->updateExistingPivot($user, ['is_staff' => true], false);
+
+        return (new EventResource($event))
+            ->response()
+            ->setStatusCode(200);
+    }
+
+    public function deleteGuestToStaffEvent(Event $event, User $user) {
+        $this->authorize('delete', $event);
+
+        $event->guests()->updateExistingPivot($user, ['is_staff' => false], false);
 
         return (new EventResource($event))
             ->response()
diff --git a/app/Http/Resources/User.php b/app/Http/Resources/User.php
index 22b2880..a34a45b 100644
--- a/app/Http/Resources/User.php
+++ b/app/Http/Resources/User.php
@@ -28,7 +28,7 @@ class User extends JsonResource
                     'last_login' => optional($this->login_at)->diffForHumans(),
                     'is_admin' => $this->isAdmin(),
                     'is_staff' => $this->whenPivotLoaded('event_guest', function() {
-                        return $this->pivot->is_staff;
+                        return (int) $this->pivot->is_staff;
                     }),
                 ],
             ],
diff --git a/app/Models/User.php b/app/Models/User.php
index 7ca4f09..a7be794 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -115,7 +115,7 @@ class User extends Authenticatable
 
     public function invitedEvent(): BelongsToMany
     {
-        return $this->belongsToMany(Event::class, 'event_guest')
+        return $this->belongsToMany(Event::class, 'event_guest', 'user_id', 'event_id')
             ->withPivot('is_staff', 'validated_at')
             ->withTimestamps();
     }
diff --git a/app/Policies/EventPolicy.php b/app/Policies/EventPolicy.php
index e3b5940..b9d30ad 100644
--- a/app/Policies/EventPolicy.php
+++ b/app/Policies/EventPolicy.php
@@ -53,7 +53,15 @@ class EventPolicy
      */
     public function update(User $user, Event $event)
     {
-        return $user->id == $event->user_id;
+        if($user->id == $event->user_id) {
+            return true;
+        } else {
+            $testedUser = $event->guests()->where('users.id', $user->id)->first();
+            if($testedUser !== null) {
+                return $testedUser->pivot->is_staff;
+            }
+        }
+        return false;
     }
 
     /**
diff --git a/database/migrations/2020_08_09_173607_create_event_guest_table.php b/database/migrations/2020_08_15_173607_create_event_guest_table.php
similarity index 100%
rename from database/migrations/2020_08_09_173607_create_event_guest_table.php
rename to database/migrations/2020_08_15_173607_create_event_guest_table.php
diff --git a/routes/api.php b/routes/api.php
index e607aa2..b48fb57 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -20,9 +20,10 @@ Route::middleware('auth:api')->group(function () {
 
     Route::get('/memos/home', 'MemosController@home');
 
-    Route::get('/events/{event}/invite/{user}', 'EventController@inviteUser');
+    Route::post('/events/{event}/invite/{user}', 'EventController@inviteUser');
     Route::delete('/events/{event}/invite/{user}', 'EventController@removeInviteUser');
-    Route::get('/events/{event}/staff/{user}', 'EventController@addGuestToStaffEvent');
+    Route::post('/events/{event}/staff/{user}', 'EventController@addGuestToStaffEvent');
+    Route::delete('/events/{event}/staff/{user}', 'EventController@deleteGuestToStaffEvent');
 
     Route::apiResources([
         '/users' => 'UserController',
diff --git a/tests/Feature/EventsTest.php b/tests/Feature/EventsTest.php
index 7aed7c0..0856ec1 100644
--- a/tests/Feature/EventsTest.php
+++ b/tests/Feature/EventsTest.php
@@ -346,7 +346,7 @@ class EventsTest extends TestCase
     }
 
     /** @test */
-    public function only_the_owner_can_patch_the_event()
+    public function only_the_owner_or_staff_can_patch_the_event()
     {
         $user = factory(User::class)->create();
         $event = factory(Event::class)->create(['id' => 123, 'user_id' => $user->id]);
@@ -394,7 +394,7 @@ class EventsTest extends TestCase
         $event = factory(Event::class)->create(['user_id' => $user->id]);
         $userTwo = factory(User::class)->create();
 
-        $response = $this->get('api/events/'.$event->id.'/invite/'.$userTwo->id);
+        $response = $this->post('api/events/'.$event->id.'/invite/'.$userTwo->id);
         $response->assertStatus(200);
         $response->assertJson([
             'data' => [
@@ -441,7 +441,7 @@ class EventsTest extends TestCase
         $userTwo = factory(User::class)->create();
         $event->guests()->attach($userTwo);
 
-        $response = $this->get('api/events/'.$event->id.'/staff/'.$userTwo->id);
+        $response = $this->post('api/events/'.$event->id.'/staff/'.$userTwo->id);
         $response->assertStatus(200);
         $response->assertJson([
             'data' => [
@@ -468,9 +468,90 @@ class EventsTest extends TestCase
         ]);
     }
 
-    // owner_can_remove_guest_to_staff_event
+    /** @test */
+    public function owner_can_remove_guest_to_staff_event()
+    {
+        $this->withoutExceptionHandling();
+        $this->actingAs($user = factory(User::class)->create(), 'api');
+        $event = factory(Event::class)->create(['user_id' => $user->id]);
+        $userTwo = factory(User::class)->create();
+        $event->guests()->attach($userTwo);
 
-    // staff_can_add_guest
+        $response = $this->delete('api/events/'.$event->id.'/staff/'.$userTwo->id);
+        $response->assertStatus(200);
+        $response->assertJson([
+            'data' => [
+                'event_id' => $event->id,
+                'attributes' => [
+                    'data' => [
+                        'invitations' => [
+                            [
+                                'data' => [
+                                    'user_id' => $userTwo->id,
+                                    'attributes' => [
+                                        'is_staff' => false,
+                                    ]
+
+                                ],
+                                'links' => [
+                                    'self' => url('/users/'.$userTwo->id),
+                                ],
+                            ]
+                        ],
+                    ]
+                ]
+            ]
+        ]);
+    }
+
+    /** @test */
+    public function staff_can_add_guest()
+    {
+        $this->withoutExceptionHandling();
+        $user = factory(User::class)->create();
+        $event = factory(Event::class)->create(['user_id' => $user->id]);
+        $this->actingAs($userTwo = factory(User::class)->create(), 'api');
+        $event->guests()->attach($userTwo);
+        $event->guests()->updateExistingPivot($userTwo, ['is_staff' => true], false);
+
+        $nexGuestUser = factory(User::class)->create();
+
+        $response = $this->post('api/events/'.$event->id.'/invite/'.$nexGuestUser->id);
+
+        $event = $event->fresh();
+
+        $response->assertStatus(200);
+        $this->assertCount(2, $event->guests);
+        $response->assertJson([
+            'data' => [
+                'event_id' => $event->id,
+                'attributes' => [
+                    'data' => [
+                        'invitations' => [
+                            [
+                                'data' => [
+                                    'user_id' => $userTwo->id,
+                                    'attributes' => [
+                                        'is_staff' => 1,
+                                    ]
+                                ],
+                            ],
+                            [
+                                'data' => [
+                                    'user_id' => $nexGuestUser->id,
+                                    'attributes' => [
+                                        'is_staff' => 0,
+                                    ]
+                                ]
+                            ]
+                        ],
+                    ]
+                ]
+            ]
+        ]);
+    }
+
+    // guest_can_invite_another_guest_if_public_event
 
     // guest_can_validate_event_participation