panel/tests/Integration/Api/Client/Server/NetworkAllocationControllerTest.php at 8f0eda21c58cdce2a697b0eae44fee5c19bc6024 · ghzhost/panel · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
<?php

namespace Pterodactyl\Tests\Integration\Api\Client\Server;

use Pterodactyl\Models\User;
use Illuminate\Http\Response;
use Pterodactyl\Models\Allocation;
use Pterodactyl\Models\Permission;
use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;

class NetworkAllocationControllerTest extends ClientApiIntegrationTestCase
{
    /**
     * Test that a servers allocations are returned in the expected format.
     */
    public function testServerAllocationsAreReturned()
    {
        [$user, $server] = $this->generateTestAccount();

        $response = $this->actingAs($user)->getJson($this->link($server, '/network/allocations'));

        $response->assertOk();
        $response->assertJsonPath('object', 'list');
        $response->assertJsonCount(1, 'data');

        $this->assertJsonTransformedWith($response->json('data.0.attributes'), $server->allocation);
    }

    /**
     * Test that allocations cannot be returned without the required user permissions.
     */
    public function testServerAllocationsAreNotReturnedWithoutPermission()
    {
        [$user, $server] = $this->generateTestAccount();
        $user2 = User::factory()->create();

        $server->owner_id = $user2->id;
        $server->save();

        $this->actingAs($user)->getJson($this->link($server, '/network/allocations'))
            ->assertNotFound();

        [$user, $server] = $this->generateTestAccount([Permission::ACTION_ALLOCATION_CREATE]);

        $this->actingAs($user)->getJson($this->link($server, '/network/allocations'))
            ->assertForbidden();
    }

    /**
     * Tests that notes on an allocation can be set correctly.
     *
     * @dataProvider updatePermissionsDataProvider
     */
    public function testAllocationNotesCanBeUpdated(array $permissions)
    {
        [$user, $server] = $this->generateTestAccount($permissions);
        $allocation = $server->allocation;

        $this->assertNull($allocation->notes);

        $this->actingAs($user)->postJson($this->link($allocation), [])
            ->assertStatus(Response::HTTP_UNPROCESSABLE_ENTITY)
            ->assertJsonPath('errors.0.meta.rule', 'present');

        $this->actingAs($user)->postJson($this->link($allocation), ['notes' => 'Test notes'])
            ->assertOk()
            ->assertJsonPath('object', Allocation::RESOURCE_NAME)
            ->assertJsonPath('attributes.notes', 'Test notes');

        $allocation = $allocation->refresh();

        $this->assertSame('Test notes', $allocation->notes);

        $this->actingAs($user)->postJson($this->link($allocation), ['notes' => null])
            ->assertOk()
            ->assertJsonPath('object', Allocation::RESOURCE_NAME)
            ->assertJsonPath('attributes.notes', null);

        $allocation = $allocation->refresh();

        $this->assertNull($allocation->notes);
    }

    public function testAllocationNotesCannotBeUpdatedByInvalidUsers()
    {
        [$user, $server] = $this->generateTestAccount();
        $user2 = User::factory()->create();

        $server->owner_id = $user2->id;
        $server->save();

        $this->actingAs($user)->postJson($this->link($server->allocation))->assertNotFound();

        [$user, $server] = $this->generateTestAccount([Permission::ACTION_ALLOCATION_CREATE]);

        $this->actingAs($user)->postJson($this->link($server->allocation))->assertForbidden();
    }

    /**
     * @dataProvider updatePermissionsDataProvider
     */
    public function testPrimaryAllocationCanBeModified(array $permissions)
    {
        [$user, $server] = $this->generateTestAccount($permissions);
        $allocation = $server->allocation;
        $allocation2 = Allocation::factory()->create(['node_id' => $server->node_id, 'server_id' => $server->id]);

        $server->allocation_id = $allocation->id;
        $server->save();

        $this->actingAs($user)->postJson($this->link($allocation2, '/primary'))
            ->assertOk();

        $server = $server->refresh();

        $this->assertSame($allocation2->id, $server->allocation_id);
    }

    public function testPrimaryAllocationCannotBeModifiedByInvalidUser()
    {
        [$user, $server] = $this->generateTestAccount();
        $user2 = User::factory()->create();

        $server->owner_id = $user2->id;
        $server->save();

        $this->actingAs($user)->postJson($this->link($server->allocation, '/primary'))
            ->assertNotFound();

        [$user, $server] = $this->generateTestAccount([Permission::ACTION_ALLOCATION_CREATE]);

        $this->actingAs($user)->postJson($this->link($server->allocation, '/primary'))
            ->assertForbidden();
    }

    public function updatePermissionsDataProvider()
    {
        return [[[]], [[Permission::ACTION_ALLOCATION_UPDATE]]];
    }

    public function deletePermissionsDataProvider()
    {
        return [[[]], [[Permission::ACTION_ALLOCATION_DELETE]]];
    }
}