-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtest-api.http
More file actions
147 lines (107 loc) · 3.01 KB
/
test-api.http
File metadata and controls
147 lines (107 loc) · 3.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
### Test API Authentication
# 1. Test API Status
GET http://localhost/api/
Content-Type: application/json
###
# 2. Login with Super Admin
POST http://localhost/api/auth/login
Content-Type: application/json
{
"email": "admin@tenderhub.com",
"password": "password"
}
###
# 3. Login with Manager User
POST http://localhost/api/auth/login
Content-Type: application/json
{
"email": "manager@tenderhub.com",
"password": "password"
}
###
# 4. Get user profile with grouped permissions (replace TOKEN with actual token from login)
GET http://localhost/api/auth/profile
Authorization: Bearer TOKEN
Content-Type: application/json
###
# 5. Get user permissions (now includes grouped permissions)
GET http://localhost/api/auth/permissions
Authorization: Bearer TOKEN
Content-Type: application/json
###
# 6. Test user info with grouped permissions
GET http://localhost/api/test/user-info
Authorization: Bearer TOKEN
Content-Type: application/json
###
# 7. Get all permissions grouped by categories (Admin only)
GET http://localhost/api/admin/permissions-grouped
Authorization: Bearer ADMIN_TOKEN
Content-Type: application/json
###
# 8. Test admin only (requires Super Admin role)
GET http://localhost/api/test/admin-only
Authorization: Bearer SUPER_ADMIN_TOKEN
Content-Type: application/json
###
# 9. Test permission check (requires view-users permission)
GET http://localhost/api/test/can-view-users
Authorization: Bearer TOKEN_WITH_VIEW_USERS_PERMISSION
Content-Type: application/json
###
# 10. Test role check
GET http://localhost/api/test/role/Manager
Authorization: Bearer TOKEN
Content-Type: application/json
###
# 11. Test permission check
GET http://localhost/api/test/permission/view-products
Authorization: Bearer TOKEN
Content-Type: application/json
###
# 12. Register new user
POST http://localhost/api/auth/register
Content-Type: application/json
{
"name": "Test User",
"email": "test@example.com",
"password": "password123",
"password_confirmation": "password123",
"role": "User"
}
###
# 13. Change password
POST http://localhost/api/auth/change-password
Authorization: Bearer TOKEN
Content-Type: application/json
{
"current_password": "password",
"new_password": "newpassword123",
"new_password_confirmation": "newpassword123"
}
###
# 14. Refresh token
POST http://localhost/api/auth/refresh-token
Authorization: Bearer TOKEN
Content-Type: application/json
###
# 15. Logout
POST http://localhost/api/auth/logout
Authorization: Bearer TOKEN
Content-Type: application/json
###
# 16. Admin Dashboard (requires view-admin-dashboard permission)
GET http://localhost/api/admin/dashboard
Authorization: Bearer ADMIN_TOKEN
Content-Type: application/json
###
# 17. List all roles (requires view-roles permission)
GET http://localhost/api/admin/roles
Authorization: Bearer ADMIN_TOKEN
Content-Type: application/json
###
# 18. List all permissions (requires view-permissions permission)
GET http://localhost/api/admin/permissions
Authorization: Bearer ADMIN_TOKEN
Content-Type: application/json
###