OrderCheck/tests/Feature/AttachmentTest.php

<?php

namespace Tests\Feature;

use App\Models\Attachment;
use App\Models\Order;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Storage;
use Tests\TestCase;

class AttachmentTest extends TestCase
{
    use RefreshDatabase;

    public function test_guest_cannot_access_attachment()
    {
        $order = Order::create([
            'number' => 'CMD-2026-0001',
            'label' => 'Ordinateur portable',
            'type' => 'Matériel réseau / Serveur',
            'supplier' => 'Dell',
            'quote_number' => 'DEV-2026-0001',
            'amount_ht' => 1000.00,
            'amount_ttc' => 1200.00,
            'requested_by' => 'Sylvain',
            'delivery_deadline' => now()->addDays(30),
            'status' => 'draft',
        ]);

        $attachment = Attachment::create([
            'order_id' => $order->id,
            'file_path' => 'commandes/1/devis.pdf',
            'file_name' => 'devis.pdf',
            'file_type' => 'quote',
        ]);

        $response = $this->get(route('attachments.show', $attachment->id));

        $response->assertRedirect('/login');
    }

    public function test_authenticated_user_can_access_attachment_when_file_exists()
    {
        Storage::fake('public');

        $user = User::create([
            'name' => 'Jérémy',
            'email' => 'jeremy@agglo.local',
            'password' => bcrypt('password'),
            'role' => 'chef_service',
        ]);

        $order = Order::create([
            'number' => 'CMD-2026-0001',
            'label' => 'Ordinateur portable',
            'type' => 'Matériel réseau / Serveur',
            'supplier' => 'Dell',
            'quote_number' => 'DEV-2026-0001',
            'amount_ht' => 1000.00,
            'amount_ttc' => 1200.00,
            'requested_by' => 'Sylvain',
            'delivery_deadline' => now()->addDays(30),
            'status' => 'draft',
        ]);

        Storage::disk('public')->put("commandes/{$order->id}/devis.pdf", "dummy content");

        $attachment = Attachment::create([
            'order_id' => $order->id,
            'file_path' => "commandes/{$order->id}/devis.pdf",
            'file_name' => 'devis.pdf',
            'file_type' => 'quote',
        ]);

        $response = $this->actingAs($user)->get(route('attachments.show', $attachment->id));

        $response->assertOk();
        $response->assertHeader('Content-Disposition', 'inline; filename="devis.pdf"');
    }
}