panel/tests/Integration/Api/Client/Server/Schedule/DeleteServerScheduleTest.php at 3ebb6eadbfdbb827cdad782cf4edf7df4e003ae6 · ghzhost/panel · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php

namespace Pterodactyl\Tests\Integration\Api\Client\Server\Schedule;

use Pterodactyl\Models\Task;
use Illuminate\Http\Response;
use Pterodactyl\Models\Schedule;
use Pterodactyl\Models\Permission;
use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;

class DeleteServerScheduleTest extends ClientApiIntegrationTestCase
{
    /**
     * Test that a schedule can be deleted from the system.
     *
     * @param array $permissions
     * @dataProvider permissionsDataProvider
     */
    public function testScheduleCanBeDeleted($permissions)
    {
        [$user, $server] = $this->generateTestAccount($permissions);

        $schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
        $task = factory(Task::class)->create(['schedule_id' => $schedule->id]);

        $this->actingAs($user)
            ->deleteJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}")
            ->assertStatus(Response::HTTP_NO_CONTENT);

        $this->assertDatabaseMissing('schedules', ['id' => $schedule->id]);
        $this->assertDatabaseMissing('tasks', ['id' => $task->id]);
    }

    /**
     * Test that no error is returned if the schedule does not exist on the system at all.
     */
    public function testNotFoundErrorIsReturnedIfScheduleDoesNotExistAtAll()
    {
        [$user, $server] = $this->generateTestAccount();

        $this->actingAs($user)
            ->deleteJson("/api/client/servers/{$server->uuid}/schedules/123456789")
            ->assertStatus(Response::HTTP_NOT_FOUND);
    }

    /**
     * Ensure that a schedule belonging to another server cannot be deleted and its presence is not
     * revealed to the user.
     */
    public function testNotFoundErrorIsReturnedIfScheduleDoesNotBelongToServer()
    {
        [$user, $server] = $this->generateTestAccount();
        [, $server2] = $this->generateTestAccount(['user_id' => $user->id]);

        $schedule = factory(Schedule::class)->create(['server_id' => $server2->id]);

        $this->actingAs($user)
            ->deleteJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}")
            ->assertStatus(Response::HTTP_NOT_FOUND);

        $this->assertDatabaseHas('schedules', ['id' => $schedule->id]);
    }

    /**
     * Test that an error is returned if the subuser does not have the required permissions to
     * delete the schedule from the server.
     */
    public function testErrorIsReturnedIfSubuserDoesNotHaveRequiredPermissions()
    {
        [$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_UPDATE]);

        $schedule = factory(Schedule::class)->create(['server_id' => $server->id]);

        $this->actingAs($user)
            ->deleteJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}")
            ->assertStatus(Response::HTTP_FORBIDDEN);

        $this->assertDatabaseHas('schedules', ['id' => $schedule->id]);
    }

    /**
     * @return array
     */
    public function permissionsDataProvider(): array
    {
        return [[[]], [[Permission::ACTION_SCHEDULE_DELETE]]];
    }
}