saasshop/tests/Feature/AdminPlatformOrderShowViewSyncedSubscriptionLinkUsesOrderShowSelfAsBackTest.php

<?php

namespace Tests\Feature;

use App\Models\Merchant;
use App\Models\Plan;
use App\Models\PlatformOrder;
use App\Models\SiteSubscription;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Arr;
use Tests\TestCase;

class AdminPlatformOrderShowViewSyncedSubscriptionLinkUsesOrderShowSelfAsBackTest extends TestCase
{
    use RefreshDatabase;

    protected function loginAsPlatformAdmin(): void
    {
        $this->seed();

        $this->post('/admin/login', [
            'email' => 'platform.admin@demo.local',
            'password' => 'Platform@123456',
        ])->assertRedirect('/admin');
    }

    public function test_view_synced_subscription_link_should_use_order_show_self_as_back_without_nested_back(): void
    {
        $this->loginAsPlatformAdmin();

        $merchant = Merchant::query()->firstOrFail();
        $plan = Plan::query()->create([
            'code' => 'po_show_view_synced_sub_back_plan',
            'name' => '平台订单详情查看已同步订阅 back 口径测试套餐',
            'billing_cycle' => 'monthly',
            'price' => 10,
            'list_price' => 10,
            'status' => 'active',
            'sort' => 10,
            'published_at' => now(),
        ]);

        $sub = SiteSubscription::query()->create([
            'merchant_id' => $merchant->id,
            'plan_id' => $plan->id,
            'status' => 'activated',
            'source' => 'manual',
            'subscription_no' => 'SUB_PO_SHOW_VIEW_SYNCED_BACK_0001',
            'plan_name' => $plan->name,
            'billing_cycle' => $plan->billing_cycle,
            'period_months' => 1,
            'amount' => 10,
            'starts_at' => now()->subDay(),
            'ends_at' => now()->addMonth(),
            'activated_at' => now()->subDay(),
        ]);

        $order = PlatformOrder::query()->create([
            'merchant_id' => $merchant->id,
            'plan_id' => $plan->id,
            'site_subscription_id' => $sub->id,
            'order_no' => 'PO_SHOW_VIEW_SYNCED_BACK_0001',
            'order_type' => 'new_purchase',
            'status' => 'pending',
            'payment_status' => 'unpaid',
            'plan_name' => $plan->name,
            'billing_cycle' => $plan->billing_cycle,
            'period_months' => 1,
            'quantity' => 1,
            'payable_amount' => 10,
            'paid_amount' => 0,
            'placed_at' => now(),
            'meta' => [],
        ]);

        // 模拟从列表进入详情页，携带 back
        $res = $this->get('/admin/platform-orders/' . $order->id . '?back=' . urlencode('/admin/platform-orders?status=pending'));
        $res->assertOk();

        // “查看已同步订阅”链接的 back 应该回到订单详情自身（不带外层 back），且不应出现 back 嵌套
        $expectedBack = '/admin/platform-orders/' . $order->id;
        $expectedUrl = '/admin/site-subscriptions/' . $sub->id . '?' . Arr::query([
            'back' => $expectedBack,
        ]);

        $res->assertSee($expectedUrl, false);
        $res->assertDontSee('back%3D', false);
    }

    public function test_view_synced_subscription_link_should_still_use_order_show_self_back_when_outer_back_is_unsafe(): void
    {
        $this->loginAsPlatformAdmin();

        $merchant = Merchant::query()->firstOrFail();
        $plan = Plan::query()->create([
            'code' => 'po_show_view_synced_sub_unsafe_back_plan',
            'name' => '平台订单详情查看已同步订阅 unsafe back 口径测试套餐',
            'billing_cycle' => 'monthly',
            'price' => 10,
            'list_price' => 10,
            'status' => 'active',
            'sort' => 10,
            'published_at' => now(),
        ]);

        $sub = SiteSubscription::query()->create([
            'merchant_id' => $merchant->id,
            'plan_id' => $plan->id,
            'status' => 'activated',
            'source' => 'manual',
            'subscription_no' => 'SUB_PO_SHOW_VIEW_SYNCED_BACK_0002',
            'plan_name' => $plan->name,
            'billing_cycle' => $plan->billing_cycle,
            'period_months' => 1,
            'amount' => 10,
            'starts_at' => now()->subDay(),
            'ends_at' => now()->addMonth(),
            'activated_at' => now()->subDay(),
        ]);

        $order = PlatformOrder::query()->create([
            'merchant_id' => $merchant->id,
            'plan_id' => $plan->id,
            'site_subscription_id' => $sub->id,
            'order_no' => 'PO_SHOW_VIEW_SYNCED_BACK_0002',
            'order_type' => 'new_purchase',
            'status' => 'pending',
            'payment_status' => 'unpaid',
            'plan_name' => $plan->name,
            'billing_cycle' => $plan->billing_cycle,
            'period_months' => 1,
            'quantity' => 1,
            'payable_amount' => 10,
            'paid_amount' => 0,
            'placed_at' => now(),
            'meta' => [],
        ]);

        $unsafeBack = '/admin/platform-orders?' . Arr::query([
            'status' => 'pending',
            'back' => '/admin',
        ]);

        $res = $this->get('/admin/platform-orders/' . $order->id . '?back=' . urlencode($unsafeBack));
        $res->assertOk();

        $expectedUrl = '/admin/site-subscriptions/' . $sub->id . '?' . Arr::query([
            'back' => '/admin/platform-orders/' . $order->id,
        ]);

        $res->assertSee($expectedUrl, false);
        $res->assertDontSee('back=' . $unsafeBack, false);
        $res->assertDontSee('back%3D', false);
    }
}