[Tests] Add tests for user me action

See #100

Author: lindyhopchris

tests/dummy/app/Http/Controllers/Api/V1/UserController.php

@@ -0,0 +1,42 @@
+<?php
+/*
+ * Copyright 2021 Cloud Creativity Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Api\V1;
+
+use App\Http\Controllers\Controller;
+use Illuminate\Http\Request;
+use LaravelJsonApi\Core\Responses\DataResponse;
+use LaravelJsonApi\Laravel\Http\Controllers\Actions;
+
+class UserController extends Controller
+{
+
+    use Actions\FetchOne;
+
+    /**
+     * Return the current user.
+     *
+     * @param Request $request
+     * @return DataResponse
+     */
+    public function me(Request $request): DataResponse
+    {
+        return DataResponse::make($request->user());
+    }
+}

tests/dummy/app/Policies/UserPolicy.php

@@ -0,0 +1,38 @@
+<?php
+/*
+ * Copyright 2021 Cloud Creativity Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+declare(strict_types=1);
+
+namespace App\Policies;
+
+use App\Models\User;
+
+class UserPolicy
+{
+
+    /**
+     * Determine if the user can view the other user.
+     *
+     * @param User $user
+     * @param User $other
+     * @return bool
+     */
+    public function view(User $user, User $other): bool
+    {
+        return true;
+    }
+}

tests/dummy/routes/api.php

@@ -17,6 +17,12 @@
             $actions->withId()->post('publish');
         });
 
+        /** Users */
+        $server->resource('users')->only('show')->actions(function ($actions) {
+            // we use `-me` because `me` would match the hash-id pattern
+            $actions->get('-me', 'me');
+        });
+
         /** Videos */
         $server->resource('videos')->relationships(function ($relationships) {
             $relationships->hasMany('tags');

tests/dummy/tests/Api/V1/Users/ReadTest.php

@@ -0,0 +1,59 @@
+<?php
+/*
+ * Copyright 2021 Cloud Creativity Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+declare(strict_types=1);
+
+namespace App\Tests\Api\V1\Users;
+
+use App\Models\User;
+use App\Tests\Api\V1\TestCase;
+
+class ReadTest extends TestCase
+{
+
+    public function test(): void
+    {
+        $user = User::factory()->createOne();
+
+        $expected = $this->serializer
+            ->user($user)
+            ->jsonSerialize();
+
+        $response = $this
+            ->actingAs(User::factory()->createOne())
+            ->jsonApi('users')
+            ->get(url('/api/v1/users', $expected['id']));
+
+        $response->assertFetchedOneExact($expected);
+    }
+
+    public function testMe(): void
+    {
+        $user = User::factory()->createOne();
+
+        $expected = $this->serializer
+            ->user($user)
+            ->jsonSerialize();
+
+        $response = $this
+            ->actingAs($user)
+            ->jsonApi('users')
+            ->get(url('/api/v1/users/-me'));
+
+        $response->assertFetchedOneExact($expected);
+    }
+}

tests/lib/Integration/Routing/ActionsTest.php

@@ -271,4 +271,67 @@ public function testWithMiddleware(): void
         $this->assertSame("api.v1.posts.image", $route->getName());
         $this->assertSame(['api', 'my-middleware1', 'jsonapi:v1', 'my-middleware2'], $route->action['middleware']);
     }
+
+    /**
+     * This test was created from a question on Slack. In the test, we check that if an
+     * action is registered without a URL prefix, the route matching can distinguish
+     * between:
+     *
+     * DELETE /api/v1/posts/purge
+     * DELETE /api/v1/posts/123
+     */
+    public function testNoActionPrefixCanMatchIfActionDoesNotMatchIdPattern(): void
+    {
+        $server = $this->createServer('v1');
+        $this->createSchema($server, 'posts', '\d+');
+
+        $this->defaultApiRoutes(function () {
+            JsonApiRoute::server('v1')->prefix('v1')->resources(function ($server) {
+                $server->resource('posts', PostController::class)
+                    ->actions(function ($actions) {
+                        $actions->delete('purge');
+                        $actions->withId()->post('publish');
+                    });
+            });
+        });
+
+        $route = $this->assertMatch('DELETE', '/api/v1/posts/purge');
+        $this->assertSame('App\Http\Controllers\Api\V1\PostController@purge', $route->action['controller']);
+        $this->assertSame('v1.posts.purge', $route->getName());
+
+        $route = $this->assertMatch('DELETE', '/api/v1/posts/123');
+        $this->assertSame('App\Http\Controllers\Api\V1\PostController@destroy', $route->action['controller']);
+        $this->assertSame('v1.posts.destroy', $route->getName());
+
+        $route = $this->assertMatch('POST', '/api/v1/posts/123/publish');
+        $this->assertSame('App\Http\Controllers\Api\V1\PostController@publish', $route->action['controller']);
+        $this->assertSame('v1.posts.publish', $route->getName());
+    }
+
+    /**
+     * This is a common scenario that is seen in questions - registering a `me` action
+     * on the users resource to return the current signed-in user.
+     */
+    public function testUserMeDoesNotConflictWithRetrievingUser(): void
+    {
+        $server = $this->createServer('v1');
+        $this->createSchema($server, 'users', '\d+');
+
+        $this->defaultApiRoutes(function () {
+            JsonApiRoute::server('v1')->prefix('v1')->resources(function ($server) {
+                $server->resource('users', 'App\Http\Controllers\Api\V1\UserController')
+                    ->actions(function ($actions) {
+                        $actions->get('me');
+                    });
+            });
+        });
+
+        $route = $this->assertMatch('GET', '/api/v1/users/me');
+        $this->assertSame('App\Http\Controllers\Api\V1\UserController@me', $route->action['controller']);
+        $this->assertSame('v1.users.me', $route->getName());
+
+        $route = $this->assertMatch('GET', '/api/v1/users/1');
+        $this->assertSame('App\Http\Controllers\Api\V1\UserController@show', $route->action['controller']);
+        $this->assertSame('v1.users.show', $route->getName());
+    }
 }