withCredentials() ->withUnencryptedCookie('auth_token', $cookie) ->postJson('/api/posts', [ 'title' => $title, 'body' => 'b', ]); $response->assertStatus(201); return $response->json('post.id'); } private function reLoginAsAdmin(string $email, string $password): string { $response = $this->postJson('/api/login', [ 'email' => $email, 'password' => $password, ]); return $response->getCookie('auth_token', false)->getValue(); } public function test_non_admin_cannot_feature_post(): void { $alice = $this->signupAndLogin( email: 'alice@example.com', displayName: 'alice', password: 'longenoughpassword', ); $postId = $this->createPost($alice['cookie'], 'P1'); $this->withCredentials() ->withUnencryptedCookie('auth_token', $alice['cookie']) ->postJson('/api/admin/posts/feature', [ 'postId' => $postId, 'slot' => 1, ]) ->assertStatus(403); } public function test_admin_features_post(): void { $alice = $this->signupAndLogin( email: 'alice@example.com', displayName: 'alice', password: 'longenoughpassword', ); $postId = $this->createPost($alice['cookie'], 'P1'); $this->promoteToAdmin($alice['user']->getId()); $cookie = $this->reLoginAsAdmin( 'alice@example.com', 'longenoughpassword', ); $this->withCredentials() ->withUnencryptedCookie('auth_token', $cookie) ->postJson('/api/admin/posts/feature', [ 'postId' => $postId, 'slot' => 1, ]) ->assertStatus(200) ->assertJsonPath('post.featureSlot', 1); } public function test_listing_featured_posts_is_public(): void { $alice = $this->signupAndLogin( email: 'alice@example.com', displayName: 'alice', password: 'longenoughpassword', ); $postId = $this->createPost($alice['cookie'], 'P1'); $this->promoteToAdmin($alice['user']->getId()); $cookie = $this->reLoginAsAdmin( 'alice@example.com', 'longenoughpassword', ); $this->withCredentials() ->withUnencryptedCookie('auth_token', $cookie) ->postJson('/api/admin/posts/feature', [ 'postId' => $postId, 'slot' => 2, ]) ->assertStatus(200); $this->resetClientState(); $response = $this->getJson('/api/posts/featured'); $response->assertStatus(200); $response->assertJsonPath('posts.0.id', $postId); $response->assertJsonPath('posts.0.featureSlot', 2); } public function test_admin_unfeatures_post(): void { $alice = $this->signupAndLogin( email: 'alice@example.com', displayName: 'alice', password: 'longenoughpassword', ); $postId = $this->createPost($alice['cookie'], 'P1'); $this->promoteToAdmin($alice['user']->getId()); $cookie = $this->reLoginAsAdmin( 'alice@example.com', 'longenoughpassword', ); $this->withCredentials() ->withUnencryptedCookie('auth_token', $cookie) ->postJson('/api/admin/posts/feature', [ 'postId' => $postId, 'slot' => 1, ]) ->assertStatus(200); $this->withCredentials() ->withUnencryptedCookie('auth_token', $cookie) ->postJson('/api/admin/posts/unfeature', [ 'postId' => $postId, ]) ->assertStatus(204); $this->resetClientState(); $this->getJson('/api/posts/featured') ->assertStatus(200) ->assertJsonPath('posts', []); } }