Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
in my CategoriesController i have one method index that return view to categories page..
to open this page the user must be authenticated and has permission to
'view categories'
here is my test method to check if the user can see this page or not
class CategoryTest extends TestCase { use RefreshDatabase;
/** @test */
public function it_can_see_all_categories()
{
$this->withoutExceptionHandling();
$category = factory(Category::class)->create();
$permission = Permission::create(['name' => 'view categoriesssss' , 'group' => 'categ' , 'label' => 'categ']);
$role = Role::create(['name' => 'admin']);
$role->givePermissionTo($permission);
$user = factory(User::class)->create();
$response = $this
->actingAs($user)
->get('/categories');
$response->assertStatus(200);
$response->assertSee($category->name);
}
}
it get green even if i passed wrong permission name..
It seems to be a flaw in your code. If you look closely you can see that you never assign the role the to the user using a relationship. Maybe because the user doesn't have a role you return true somewhere?
If you assign the role to the user and pass the wrong permission it should fail right! Otherwise you have a bug ;)
when i create user with faker i hard coded the role_id = 1, but still the authorization not working,
any help...
Are you doing the permission check through a Middleware or in the Controller? I would go to wherever that check is supposed to be performed, and dump() out various variables related to the permission check. Then run the tests again for more information.
ok let me try, i'll be back soon..
How do you know that the role_id will be 1? What if you have some role somewhere else already, it won't have an ID of 1!
when i create a user with factory i hard coded the role_id with 1
@BrandonSurowiec i do the permission in controller through validation request
public function authorize()
{
return $this->user()->can('view categories');
}
@BishoyWagih You don't understand my point! Let me try again.
So when you create a user you say it has a role with ID of 1! Perfect. However in your test you create a new role using the factory that has that certain permission. How do you know that that role has an id of 1 that you just created? Maybe you created a role somewhere else and it has an id of 2 now? That means your user has another role and therefore not that permission!
@bobbybouwmann you are right, i'm trying to fix it, i rewrite the method like this
/** @test */
public function it_can_see_all_categories()
{
$this->withoutExceptionHandling();
$category = factory(Category::class)->create();
$permission = Permission::create(['name' => 'view categoriesssss' , 'group' => 'categ' , 'label' => 'categ']);
$user = factory(User::class)->create();
$role = Role::find($user->role_id);
$response = $this
->actingAs($user)
->get('/categories');
$response->assertStatus(200);
$response->assertSee($category->name);
}
is that correct but still same result..
Please or to participate in this conversation.