Tests for user deleting themselves

app/Http/Requests/User/BulkUserRequest.php

@@ -11,9 +11,10 @@
 
 namespace App\Http\Requests\User;
 
-use App\Http\Requests\Request;
-use App\Http\ValidationRules\Ninja\CanRestoreUserRule;
 use App\Utils\Ninja;
+use App\Http\Requests\Request;
+use Illuminate\Auth\Access\AuthorizationException;
+use App\Http\ValidationRules\Ninja\CanRestoreUserRule;
 
 class BulkUserRequest extends Request
 {
@@ -23,7 +24,11 @@ class BulkUserRequest extends Request
      * @return bool
      */
     public function authorize() : bool
-    {
+    {nlog($this->all());
+        nlog($this->ids);
+        if($this->action == 'delete' && in_array(auth()->user()->hashed_id, $this->ids))
+            return false;
+
         return auth()->user()->isAdmin();
     }
 
@@ -44,4 +49,9 @@ class BulkUserRequest extends Request
 
         $this->replace($input);
     }
+
+    protected function failedAuthorization()
+    {
+        throw new AuthorizationException("This Action is unauthorized.");
+    }
 }

tests/Feature/UserTest.php

@@ -56,6 +56,27 @@ class UserTest extends TestCase
         );
     }
 
+    public function testUserAttemptingtToDeleteThemselves()
+    {
+        $data = [
+            'action' => 'delete',
+            'ids' => [$this->user->hashed_id],
+        ];
+
+        nlog($data);
+
+        $response = $this->withHeaders([
+            'X-API-SECRET' => config('ninja.api_secret'),
+            'X-API-TOKEN' => $this->token,
+            // 'X-API-PASSWORD' => 'ALongAndBriliantPassword',
+        ])->postJson('/api/v1/users/bulk', $data)
+        ->assertStatus(200);
+
+        // nlog($response->json());
+
+        // $response->assertStatus(403);
+    }
+
     public function testDisconnectUserOauthMailer()
     {
         $user =