测试RESTful控制器更新方法时使用Laravel Passport授权用户

时间:2019-08-28 09:34:38

标签: laravel laravel-5 authorization laravel-passport

每次运行测试时,我都得到403响应状态,我在这里做错了什么? 我试图从测试中删除Passport授权,但是随后我重定向到登录页面302状态响应。

//PostTest:

public function test_can_update_post()
{
    //creating a user
    $user = factory(User::class)->create();

    //creating an author for post
    $author = factory(Author::class)->create([
        'user_id' => $user->id,
    ]);

    //creating a post
    $post = factory(Post::class)->create([
        'author_id' => $author->id,
    ]);

    $data = [
        'title' => $this->faker->title,
        'content' => $this->faker->paragraph,
    ];

    //authorizing user
    //I have tried to remove this line, then I'm gettig a redirect to login page 302
    $user = Passport::actingAs($user);

    $this->actingAs($user)
        ->patch(route('posts.update', $post->id), $data)
        ->assertStatus(200);// why I'm getting 403???
}

//API route:

Route::patch('posts/{post}')
    ->uses('PostController@update')
    ->middleware('auth:api')
    ->name('posts.update');


//PostController update method:

public function update(PostUpdateRequest $request, Post $post)
{
    $this->authorize('update', $post);

    $post->title = $request->input('title');
    $post->content = $request->input('content');

    $post->save();

    return new PostResource($post);
}

//PostPolocy

public function update(User $user, Post $post)
{
    return Author::where('user_id', $user->id)->first()->id === $post->author_id;
}

我希望响应状态为200

1 个答案:

答案 0 :(得分:0)

我已将PostPolicy更新方法中的行更改为:

if(!$user->author) {
    return false;
}

return $user->author->id == $post->author_id;

这对我有用。