store properties requires authentication now

Author: robuedi

README.md

@@ -19,7 +19,7 @@ Your local API Docs URL [here](http://localhost/docs/api#/)
 
 ## Test cases
 
-![Properties API](/readme/testcases.png)
+![Properties API](/readme/tests.png)
 
 ## License
 

app/Http/Controllers/Api/v1/PropertyController.php

@@ -11,9 +11,16 @@
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
 use Spatie\QueryBuilder\QueryBuilder;
+use App\Services\Properties\PropertyRepositoryService;
 
 class PropertyController extends Controller
 {
+    public function __construct()
+    {
+        //the user needs to be logged in for these methods to be accessed
+        $this->middleware('auth:api')->only('store');
+    }
+
     /**
      * List properties
      *
@@ -95,9 +102,10 @@ public function index(GenericListingRequest $request)
      *
      * `slug` field is set automatically using the `name` field when the status is set to <b>active</b> (value 1). Once set it can't be changed.
      */
-    public function store(StorePropertyRequest $request)
+    public function store(StorePropertyRequest $request, PropertyRepositoryService $propertyRepositoryService)
     {
-        $property = Property::create($request->only('name', 'owner_id', 'status_id'));
+        //store the new property
+        $property = $propertyRepositoryService->authUserRequestCreateProperty();
 
         return response()
             ->json(['data' => [

app/Http/Controllers/Auth/AuthController.php

@@ -28,6 +28,8 @@ public function __construct()
      * Login
      *
      * Get a JWT via given credentials.
+     * 
+     * @unauthenticated
      */
     public function login(LoginRequest $request): JsonResponse
     {

app/Http/Controllers/Auth/PasswordResetLinkController.php

@@ -19,6 +19,8 @@ class PasswordResetLinkController extends Controller
      * Handle an incoming password reset link request.
      *
      * @throws \Illuminate\Validation\ValidationException
+     * 
+     * @unauthenticated
      */
     public function store(Request $request): JsonResponse
     {

app/Http/Controllers/Auth/RegisteredUserController.php

@@ -22,6 +22,8 @@ class RegisteredUserController extends Controller
      * Handle an incoming registration request.
      *
      * @throws \Illuminate\Validation\ValidationException
+     * 
+     * @unauthenticated
      */
     public function register(Request $request): Response
     {

app/Http/Requests/v1/StorePropertyRequest.php

@@ -25,7 +25,6 @@ public function rules(): array
     {
         return [
             'name' => 'required|string|min:3',
-            'owner_id' => 'required|exists:users,id',
             'status_id' => ['required', Rule::enum(PropertyStatus::class)],
         ];
     }

app/Services/Properties/PropertyRepositoryService.php

@@ -0,0 +1,13 @@
+<?php
+
+namespace App\Services\Properties;
+
+use App\Models\Property;
+
+class PropertyRepositoryService 
+{
+    public function authUserRequestCreateProperty()
+    {
+        return Property::create([...request()->only('name', 'status_id'), ...['owner_id' => auth()->user()->id]]);
+    }
+}

readme/api-docs.png

@@ -5,4 +5,4 @@
 
 Route::prefix('v1')->name('api.v1.')->group(function () {
     Route::apiResource('properties', PropertyController::class);
-})->name('v1');
+});

readme/testcases.png

@@ -154,7 +154,7 @@
             ]);
 });
 
-it('stores a valid property', function (): void {
+it('fails to stores a valid property when unautenticated (unauthorized:401)', function (): void {
     $user = User::factory()->create();
 
     // send request to create
@@ -165,6 +165,19 @@
     ];
     $response = $this->postJson(route('api.v1.properties.store'), $recordData);
 
+    $response->assertUnauthorized();
+});
+
+it('stores a valid property', function (): void {
+    $user = User::factory()->create();
+
+    // send request to create
+    $recordData = [
+        'name' => 'Great Villa',
+        'status_id' => fake()->randomElement(PropertyStatus::values()),
+    ];
+    $response = $this->actingAs($user)->postJson(route('api.v1.properties.store'), $recordData);
+
     $response->assertStatus(Response::HTTP_CREATED);
     $response->assertHeader('Content-Type', 'application/json');
     $response->assertJson([
@@ -176,39 +189,61 @@
     $this->assertDatabaseHas((new Property)->getTable(), $recordData);
 });
 
+it('stores a valid property with the right user id even if different user id is sent', function (): void {
+    $user = User::factory()->create();
+    $testUser = User::factory()->create();
+
+    // send request to create
+    $recordData = [
+        'name' => 'Great Villa',
+        'owner_id' => $testUser->id,
+        'status_id' => fake()->randomElement(PropertyStatus::values()),
+    ];
+    $response = $this->actingAs($user)->postJson(route('api.v1.properties.store'), $recordData);
+
+    $response->assertStatus(Response::HTTP_CREATED);
+    $response->assertHeader('Content-Type', 'application/json');
+    $response->assertJson([
+        'data' => [
+            'id' => 1,
+        ],
+    ]);
+
+    $this->assertDatabaseHas((new Property)->getTable(), [...$recordData, ...['owner_id' => $user->id]]);
+});
+
 it('fails to store an empty property', function (): void {
+    $user = User::factory()->create();
 
     // send request to create
-    $response = $this->postJson(route('api.v1.properties.store'), []);
+    $response = $this->actingAs($user)->postJson(route('api.v1.properties.store'), []);
 
     $response->assertStatus(Response::HTTP_UNPROCESSABLE_ENTITY);
     $response->assertHeader('Content-Type', 'application/json');
     $response->assertJson([
-        'message' => 'The name field is required. (and 2 more errors)',
+        'message' => 'The name field is required. (and 1 more error)',
         'errors' => [
             'name' => ['The name field is required.'],
-            'owner_id' => ['The owner id field is required.'],
             'status_id' => ['The status id field is required.'],
         ],
     ]);
 });
 
 it('fails to store wrong values for a property', function (): void {
+    $user = User::factory()->create();
 
     // send request to create
-    $response = $this->postJson(route('api.v1.properties.store'), [
+    $response = $this->actingAs($user)->postJson(route('api.v1.properties.store'), [
         'name' => 'a',
-        'owner_id' => 7,
         'status_id' => 91,
     ]);
 
     $response->assertStatus(Response::HTTP_UNPROCESSABLE_ENTITY);
     $response->assertHeader('Content-Type', 'application/json');
     $response->assertJson([
-        'message' => 'The name field must be at least 3 characters. (and 2 more errors)',
+        'message' => 'The name field must be at least 3 characters. (and 1 more error)',
         'errors' => [
             'name' => ['The name field must be at least 3 characters.'],
-            'owner_id' => ['The selected owner id is invalid.'],
             'status_id' => ['The selected status id is invalid.'],
         ],
     ]);