feat: implement basic API

with authorization and validation
2026-01-07 16:37:50 +00:00 · 2026-01-07 16:37:50 +00:00 · 6fbeedd50c
commit 6fbeedd50c
parent b033262bd7
21 changed files with 599 additions and 10 deletions
--- a/tests/Unit/EntryApiTest.php
+++ b/tests/Unit/EntryApiTest.php
@ -0,0 +1,92 @@
+<?php
+
+use App\Models\Entry;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Facades\Config;
+use App\Models\User;
+
+uses(RefreshDatabase::class);
+
+test('can list entries', function () {
+    $user = User::factory()->create();
+    Entry::factory()->count(3)->create();
+
+    $response = $this->actingAs($user)->getJson('/api/entries');
+
+    $response->assertOk()
+             ->assertJsonCount(3);
+});
+
+test('can create an entry', function () {
+    $admin = User::factory()->create(['email' => config('app.admin_email')]);
+
+    $this->actingAs($admin);
+
+    $data = [
+        'title' => 'Sample Title',
+        'content' => 'Sample Content',
+    ];
+
+    $response = $this->postJson('/api/entries', $data);
+
+    $response->assertCreated()
+             ->assertJsonFragment($data);
+});
+
+test('can show an entry', function () {
+    $user = User::factory()->create();
+    $entry = Entry::factory()->create();
+
+    $response = $this->actingAs($user)->getJson("/api/entries/{$entry->id}");
+
+    $response->assertOk()
+             ->assertJsonFragment(['id' => $entry->id]);
+});
+
+test('can update an entry', function () {
+    $user = User::factory()->create();
+    $entry = Entry::factory()->create();
+    $data = ['title' => 'Updated Title'];
+
+    $response = $this->actingAs($user)->putJson("/api/entries/{$entry->id}", $data);
+
+    $response->assertOk()
+             ->assertJsonFragment($data);
+});
+
+test('can delete an entry', function () {
+    $user = User::factory()->create();
+    $entry = Entry::factory()->create();
+
+    $response = $this->actingAs($user)->deleteJson("/api/entries/{$entry->id}");
+
+    $response->assertNoContent();
+
+    $this->assertDatabaseMissing('entries', ['id' => $entry->id]);
+});
+
+test('only admin can create entries', function () {
+    $adminEmail = Config::get('app.admin_email');
+    $user = User::factory()->create(['email' => $adminEmail]);
+
+    $this->actingAs($user)
+        ->postJson('/api/entries', ['title' => 'Test', 'content' => 'Test content'])
+        ->assertCreated();
+
+    $nonAdmin = User::factory()->create(['email' => 'nonadmin@example.com']);
+
+    $this->actingAs($nonAdmin)
+        ->postJson('/api/entries', ['title' => 'Test', 'content' => 'Test content'])
+        ->assertForbidden();
+});
+
+test('authenticated users can read entries', function () {
+    $user = User::factory()->create();
+
+    $this->actingAs($user)
+        ->getJson('/api/entries')
+        ->assertOk();
+
+    $this->getJson('/api/entries')
+        ->assertOk();
+});