From 6cfcbc2d107dfe37bed31cc6a8e9e77ecadf6663 Mon Sep 17 00:00:00 2001
From: "Edward Tirado Jr." <ed@etdevelopment.net>
Date: Sat, 18 Apr 2026 00:47:26 -0500
Subject: [PATCH] added tests for role updating

---
 tests/Feature/AuthTest.php                   | 22 +------
 tests/Feature/UpdateCollaboratorRoleTest.php | 60 +++++++++++++-------
 2 files changed, 43 insertions(+), 39 deletions(-)

diff --git a/tests/Feature/AuthTest.php b/tests/Feature/AuthTest.php
index 34b95ea..815f44f 100644
--- a/tests/Feature/AuthTest.php
+++ b/tests/Feature/AuthTest.php
@@ -16,8 +16,6 @@ class AuthTest extends TestCase
             ->postJson('/api/register', [
                 'username' => 'johndoe',
                 'email' => 'john@example.com',
-                'password' => 'password123',
-                'password_confirmation' => 'password123',
             ]);
 
         $response->assertStatus(201)
@@ -31,12 +29,10 @@ class AuthTest extends TestCase
         $response = $this->postJson('/api/register', [
             'username' => '',
             'email' => 'not-an-email',
-            'password' => 'short',
-            'password_confirmation' => 'mismatch',
         ]);
 
         $response->assertStatus(422)
-            ->assertJsonValidationErrors(['username', 'email', 'password']);
+            ->assertJsonValidationErrors(['username', 'email']);
     }
 
     public function test_registration_fails_with_duplicate_email(): void
@@ -46,8 +42,6 @@ class AuthTest extends TestCase
         $response = $this->postJson('/api/register', [
             'username' => 'johndoe',
             'email' => 'john@example.com',
-            'password' => 'password123',
-            'password_confirmation' => 'password123',
         ]);
 
         $response->assertStatus(422)
@@ -61,8 +55,6 @@ class AuthTest extends TestCase
         $response = $this->postJson('/api/register', [
             'username' => 'johndoe',
             'email' => 'john@example.com',
-            'password' => 'password123',
-            'password_confirmation' => 'password123',
         ]);
 
         $response->assertStatus(422)
@@ -111,18 +103,8 @@ class AuthTest extends TestCase
 
     public function test_unauthenticated_user_cannot_access_protected_routes(): void
     {
-        $response = $this->getJson('/api/user');
+        $response = $this->getJson('/api/roles');
 
         $response->assertStatus(401);
     }
-
-    public function test_authenticated_user_can_access_user_endpoint(): void
-    {
-        $user = User::factory()->create();
-
-        $response = $this->actingAs($user)->getJson('/api/user');
-
-        $response->assertOk()
-            ->assertJsonFragment(['email' => $user->email]);
-    }
 }
diff --git a/tests/Feature/UpdateCollaboratorRoleTest.php b/tests/Feature/UpdateCollaboratorRoleTest.php
index f800019..6931615 100644
--- a/tests/Feature/UpdateCollaboratorRoleTest.php
+++ b/tests/Feature/UpdateCollaboratorRoleTest.php
@@ -14,28 +14,11 @@ class UpdateCollaboratorRoleTest extends TestCase
     use RefreshDatabase;
 
     private Role $adminRole;
+
     private Role $editorRole;
+
     private Role $viewerRole;
 
-    protected function setUp(): void
-    {
-        parent::setUp();
-        $this->seed(DatabaseSeeder::class);
-
-        $this->adminRole = Role::where('name', 'ADMIN')->first();
-        $this->editorRole = Role::where('name', 'EDITOR')->first();
-        $this->viewerRole = Role::where('name', 'VIEWER')->first();
-    }
-
-    private function makeList(User $owner): MovieList
-    {
-        return MovieList::create([
-            'name' => 'Test List',
-            'owner' => $owner->getKey(),
-            'slug' => 'test-list',
-        ]);
-    }
-
     public function test_role_id_is_required(): void
     {
         $owner = User::factory()->create();
@@ -50,6 +33,15 @@ class UpdateCollaboratorRoleTest extends TestCase
             ->assertJsonValidationErrors(['role_id']);
     }
 
+    private function makeList(User $owner): MovieList
+    {
+        return MovieList::create([
+            'name' => 'Test List',
+            'owner' => $owner->getKey(),
+            'slug' => 'test-list',
+        ]);
+    }
+
     public function test_role_id_must_exist_in_roles_table(): void
     {
         $owner = User::factory()->create();
@@ -125,6 +117,26 @@ class UpdateCollaboratorRoleTest extends TestCase
         $response->assertForbidden();
     }
 
+    public function test_admin_collaborator_cannot_update_own_role(): void
+    {
+        $owner = User::factory()->create();
+        $admin = User::factory()->create();
+        $movieList = $this->makeList($owner);
+        $movieList->collaborators()->attach($admin, ['role_id' => $this->adminRole->getKey()]);
+
+        $response = $this->actingAs($admin)
+            ->patchJson("/api/movielists/{$movieList->getKey()}/collaborators/{$admin->getKey()}", [
+                'role_id' => $this->editorRole->getKey(),
+            ]);
+
+        $response->assertUnprocessable();
+        $this->assertDatabaseHas('movie_list_user', [
+            'movie_list_id' => $movieList->getKey(),
+            'user_id' => $admin->getKey(),
+            'role_id' => $this->adminRole->getKey(),
+        ]);
+    }
+
     public function test_unrelated_user_cannot_update_collaborator_role(): void
     {
         $owner = User::factory()->create();
@@ -140,4 +152,14 @@ class UpdateCollaboratorRoleTest extends TestCase
 
         $response->assertForbidden();
     }
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+        $this->seed(DatabaseSeeder::class);
+
+        $this->adminRole = Role::where('name', 'ADMIN')->first();
+        $this->editorRole = Role::where('name', 'EDITOR')->first();
+        $this->viewerRole = Role::where('name', 'VIEWER')->first();
+    }
 }