signupAndLogin( email: 'alice@example.com', displayName: 'alice', password: 'longenoughpassword', ); $this->signupAndLogin( email: 'alex@example.com', displayName: 'alex', password: 'longenoughpassword', ); $this->resetClientState(); $response = $this->getJson('/api/users?q=al'); $response->assertStatus(200); $response->assertJsonCount(2, 'users'); } public function test_search_with_no_query_returns_empty(): void { $response = $this->getJson('/api/users'); $response->assertStatus(200); $response->assertJsonPath('users', []); } public function test_non_admin_cannot_promote(): void { $alice = $this->signupAndLogin( email: 'alice@example.com', displayName: 'alice', password: 'longenoughpassword', ); $bob = $this->signupAndLogin( email: 'bob@example.com', displayName: 'bob', password: 'longenoughpassword', ); $this->resetClientState(); $this->withCredentials() ->withUnencryptedCookie('auth_token', $alice['cookie']) ->postJson('/api/admin/users/promote', [ 'userId' => $bob['user']->getId(), ]) ->assertStatus(403); } public function test_admin_promotes_user(): void { $alice = $this->signupAndLogin( email: 'alice@example.com', displayName: 'alice', password: 'longenoughpassword', ); $bob = $this->signupAndLogin( email: 'bob@example.com', displayName: 'bob', password: 'longenoughpassword', ); $this->promoteToAdmin($alice['user']->getId()); $loginResponse = $this->postJson('/api/login', [ 'email' => 'alice@example.com', 'password' => 'longenoughpassword', ]); $aliceCookie = $loginResponse->getCookie('auth_token', false) ->getValue(); $this->resetClientState(); $this->withCredentials() ->withUnencryptedCookie('auth_token', $aliceCookie) ->postJson('/api/admin/users/promote', [ 'userId' => $bob['user']->getId(), ]) ->assertStatus(200) ->assertJsonPath('user.isAdmin', true); } }