more fixes

tests/Feature/ArtworkDownloadTest.php

@@ -0,0 +1,133 @@
+<?php
+
+declare(strict_types=1);
+
+use App\Models\Artwork;
+use App\Models\User;
+use Illuminate\Support\Facades\File;
+
+beforeEach(function () {
+    $root = storage_path('framework/testing/artwork-downloads');
+    config(['uploads.storage_root' => $root]);
+
+    if (File::exists($root)) {
+        File::deleteDirectory($root);
+    }
+
+    File::makeDirectory($root, 0755, true);
+});
+
+afterEach(function () {
+    $root = storage_path('framework/testing/artwork-downloads');
+    if (File::exists($root)) {
+        File::deleteDirectory($root);
+    }
+});
+
+function makeOriginalFile(string $hash, string $ext, string $content = 'test-image-content'): string
+{
+    $root = rtrim((string) config('uploads.storage_root'), DIRECTORY_SEPARATOR);
+    $firstDir = substr($hash, 0, 2);
+    $secondDir = substr($hash, 2, 2);
+    $dir = $root . DIRECTORY_SEPARATOR . 'original' . DIRECTORY_SEPARATOR . $firstDir . DIRECTORY_SEPARATOR . $secondDir;
+
+    File::makeDirectory($dir, 0755, true, true);
+
+    $path = $dir . DIRECTORY_SEPARATOR . $hash . '.' . $ext;
+    File::put($path, $content);
+
+    return $path;
+}
+
+it('downloads an existing artwork file', function () {
+    $hash = 'a9f3e6c1b8';
+    $ext = 'png';
+    makeOriginalFile($hash, $ext);
+
+    $artwork = Artwork::factory()->create([
+        'file_name' => 'Sky Sunset',
+        'hash' => $hash,
+        'file_ext' => $ext,
+    ]);
+
+    $response = $this->get("/download/artwork/{$artwork->id}");
+
+    $response->assertOk();
+    $response->assertDownload('Sky Sunset.png');
+});
+
+it('forces the download filename using file_name and extension', function () {
+    $hash = 'b7c4d1e2f3';
+    $ext = 'jpg';
+    makeOriginalFile($hash, $ext);
+
+    $artwork = Artwork::factory()->create([
+        'file_name' => 'My Original Name',
+        'hash' => $hash,
+        'file_ext' => $ext,
+    ]);
+
+    $response = $this->get("/download/artwork/{$artwork->id}");
+
+    $response->assertOk();
+    $response->assertDownload('My Original Name.jpg');
+});
+
+it('returns 404 for a missing artwork', function () {
+    $this->get('/download/artwork/999999')->assertNotFound();
+});
+
+it('returns 404 when the original file is missing', function () {
+    $artwork = Artwork::factory()->create([
+        'hash' => 'c1d2e3f4a5',
+        'file_ext' => 'webp',
+    ]);
+
+    $this->get("/download/artwork/{$artwork->id}")->assertNotFound();
+});
+
+it('logs download metadata with user and request context', function () {
+    $hash = 'd4e5f6a7b8';
+    $ext = 'gif';
+    makeOriginalFile($hash, $ext);
+
+    $user = User::factory()->create();
+    $artwork = Artwork::factory()->create([
+        'hash' => $hash,
+        'file_ext' => $ext,
+    ]);
+
+    $this->actingAs($user)
+        ->withHeaders([
+            'User-Agent' => 'SkinbaseTestAgent/1.0',
+            'Referer' => 'https://example.test/art/' . $artwork->id,
+        ])
+        ->get("/download/artwork/{$artwork->id}")
+        ->assertOk();
+
+    $this->assertDatabaseHas('artwork_downloads', [
+        'artwork_id' => $artwork->id,
+        'user_id' => $user->id,
+        'ip_address' => '127.0.0.1',
+        'user_agent' => 'SkinbaseTestAgent/1.0',
+        'referer' => 'https://example.test/art/' . $artwork->id,
+    ]);
+});
+
+it('logs guest download with null user_id', function () {
+    $hash = 'e1f2a3b4c5';
+    $ext = 'png';
+    makeOriginalFile($hash, $ext);
+
+    $artwork = Artwork::factory()->create([
+        'hash' => $hash,
+        'file_ext' => $ext,
+    ]);
+
+    $this->get("/download/artwork/{$artwork->id}")->assertOk();
+
+    $this->assertDatabaseHas('artwork_downloads', [
+        'artwork_id' => $artwork->id,
+        'user_id' => null,
+    ]);
+});

tests/Feature/AvatarUploadTest.php

@@ -1,5 +1,7 @@
 <?php
 
+namespace Tests\Feature;
+
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Http\UploadedFile;
 use Illuminate\Support\Facades\DB;

tests/Feature/Stories/AdminStoryModerationWorkflowTest.php

@@ -0,0 +1,76 @@
+<?php
+
+use App\Models\Story;
+use App\Models\User;
+use App\Notifications\StoryStatusNotification;
+use Illuminate\Support\Facades\Notification;
+use Illuminate\Support\Str;
+
+function createPendingReviewStory(User $creator): Story
+{
+    return Story::query()->create([
+        'creator_id' => $creator->id,
+        'title' => 'Pending Story ' . Str::random(6),
+        'slug' => 'pending-story-' . Str::lower(Str::random(8)),
+        'content' => '<p>Pending review content</p>',
+        'story_type' => 'creator_story',
+        'status' => 'pending_review',
+        'submitted_for_review_at' => now(),
+    ]);
+}
+
+it('non moderator cannot access admin stories review queue', function () {
+    $user = User::factory()->create(['role' => 'user']);
+
+    $this->actingAs($user)
+        ->get(route('admin.stories.review'))
+        ->assertStatus(403);
+});
+
+it('admin can approve a pending story and notify creator', function () {
+    Notification::fake();
+
+    $admin = User::factory()->create(['role' => 'admin']);
+    $creator = User::factory()->create();
+
+    $story = createPendingReviewStory($creator);
+
+    $response = $this->actingAs($admin)
+        ->post(route('admin.stories.approve', ['story' => $story->id]));
+
+    $response->assertRedirect();
+
+    $story->refresh();
+
+    expect($story->status)->toBe('published');
+    expect($story->reviewed_by_id)->toBe($admin->id);
+    expect($story->reviewed_at)->not->toBeNull();
+    expect($story->published_at)->not->toBeNull();
+
+    Notification::assertSentTo($creator, StoryStatusNotification::class);
+});
+
+it('moderator can reject a pending story with reason and notify creator', function () {
+    Notification::fake();
+
+    $moderator = User::factory()->create(['role' => 'moderator']);
+    $creator = User::factory()->create();
+
+    $story = createPendingReviewStory($creator);
+
+    $response = $this->actingAs($moderator)
+        ->post(route('admin.stories.reject', ['story' => $story->id]), [
+            'reason' => 'Please remove promotional external links and resubmit.',
+        ]);
+
+    $response->assertRedirect();
+
+    $story->refresh();
+
+    expect($story->status)->toBe('rejected');
+    expect($story->reviewed_by_id)->toBe($moderator->id);
+    expect($story->reviewed_at)->not->toBeNull();
+    expect($story->rejected_reason)->toContain('promotional external links');
+
+    Notification::assertSentTo($creator, StoryStatusNotification::class);
+});

tests/Feature/Stories/CreatorStoryWorkflowTest.php

@@ -0,0 +1,96 @@
+<?php
+
+use App\Models\Story;
+use App\Models\User;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Str;
+
+function storyPayload(array $overrides = []): array
+{
+    return array_merge([
+        'title' => 'Story ' . Str::random(8),
+        'cover_image' => 'https://example.test/cover.jpg',
+        'excerpt' => 'A compact excerpt for testing.',
+        'story_type' => 'creator_story',
+        'content' => '<p>Hello Story World</p>',
+        'status' => 'draft',
+        'submit_action' => 'save_draft',
+    ], $overrides);
+}
+
+it('creator can create a draft story from editor form', function () {
+    $creator = User::factory()->create();
+
+    $response = $this->actingAs($creator)
+        ->post(route('creator.stories.store'), storyPayload());
+
+    $story = Story::query()->where('creator_id', $creator->id)->latest('id')->first();
+
+    expect($story)->not->toBeNull();
+    expect($story->status)->toBe('draft');
+    expect($story->slug)->not->toBe('');
+
+    $response->assertRedirect(route('creator.stories.edit', ['story' => $story->id]));
+});
+
+it('creator autosave updates draft fields and creates tags from csv', function () {
+    $creator = User::factory()->create();
+
+    $story = Story::query()->create([
+        'creator_id' => $creator->id,
+        'title' => 'Autosave Draft',
+        'slug' => 'autosave-draft-' . Str::lower(Str::random(6)),
+        'content' => '<p>Original</p>',
+        'story_type' => 'creator_story',
+        'status' => 'draft',
+    ]);
+
+    $response = $this->actingAs($creator)->postJson(
+        route('creator.stories.autosave', ['story' => $story->id]),
+        [
+            'title' => 'Autosaved Title',
+            'content' => '<p>Autosaved content with enough words for reading time.</p>',
+            'tags_csv' => 'alpha,beta',
+        ]
+    );
+
+    $response->assertOk()->assertJson(['ok' => true]);
+
+    $story->refresh();
+
+    expect($story->title)->toBe('Autosaved Title');
+    expect($story->status)->toBe('draft');
+
+    $this->assertDatabaseHas('story_tags', ['slug' => 'alpha']);
+    $this->assertDatabaseHas('story_tags', ['slug' => 'beta']);
+
+    $tagIds = DB::table('story_tags')->whereIn('slug', ['alpha', 'beta'])->pluck('id')->all();
+    foreach ($tagIds as $tagId) {
+        $this->assertDatabaseHas('relation_story_tags', [
+            'story_id' => $story->id,
+            'tag_id' => $tagId,
+        ]);
+    }
+});
+
+it('creator can submit draft for review', function () {
+    $creator = User::factory()->create();
+
+    $story = Story::query()->create([
+        'creator_id' => $creator->id,
+        'title' => 'Review Draft',
+        'slug' => 'review-draft-' . Str::lower(Str::random(6)),
+        'content' => '<p>Review content</p>',
+        'story_type' => 'creator_story',
+        'status' => 'draft',
+    ]);
+
+    $response = $this->actingAs($creator)
+        ->post(route('creator.stories.submit-review', ['story' => $story->id]));
+
+    $response->assertRedirect();
+
+    $story->refresh();
+    expect($story->status)->toBe('pending_review');
+    expect($story->submitted_for_review_at)->not->toBeNull();
+});