- $file = $this->getTestImage($imageName);
- $this->call('POST', '/images/user/upload', [], [], ['file' => $file], []);
- $this->call('POST', '/images/user/upload', [], [], ['file' => $file], []);
+ public function test_standard_user_cant_view_other_profile_images()
+ {
+ $editor = $this->getEditor();
+ $admin = $this->getAdmin();
+
+ $this->actingAs($admin);
+ $file = $this->getTestProfileImage();
+ $this->call('POST', '/images/user/upload', ['uploaded_to' => $admin->id], [], ['file' => $file], []);
+
+ $this->actingAs($editor);
+ $adminImagesGet = $this->get("/images/user/all/0?uploaded_to=" . $admin->id);
+ $adminImagesGet->assertStatus(302);
+
+ $allImagesGet = $this->get("/images/user/all/0");
+ $allImagesGet->assertStatus(302);
+ }
+
+ public function test_standard_user_cant_upload_other_profile_images()
+ {
+ $editor = $this->getEditor();
+ $admin = $this->getAdmin();
+
+ $this->actingAs($editor);
+ $file = $this->getTestProfileImage();
+ $upload = $this->call('POST', '/images/user/upload', ['uploaded_to' => $admin->id], [], ['file' => $file], []);
+ $upload->assertStatus(302);
+
+ $this->assertDatabaseMissing('images', [
+ 'type' => 'user',
+ 'uploaded_to' => $admin->id,
+ ]);
+ }
+
+ public function test_user_images_deleted_on_user_deletion()
+ {
+ $editor = $this->getEditor();
+ $this->actingAs($editor);
+
+ $file = $this->getTestProfileImage();
+ $this->call('POST', '/images/user/upload', ['uploaded_to' => $editor->id], [], ['file' => $file], []);
+ $this->call('POST', '/images/user/upload', ['uploaded_to' => $editor->id], [], ['file' => $file], []);