Missing Coverage
The following scenarios have no test coverage:
- Impersonation real session flow: existing test re-auths before DELETE, masking the escape-hatch bug. Need a test that mirrors what a browser session does.
- Double propose: calling
POST /ideas/{idea}/propose twice should result in exactly one project, not two.
- Propose with null fields: an idea with null summary/details should not crash on propose.
- Unauthenticated redirects: no test verifies that
/ideas, /notifications, and admin routes redirect unauthenticated users to /login.
- Idea user isolation: no test verifies a user cannot access another user's idea (
edit, update, delete).
- Non-admin blocked from admin routes:
GET /admin/users, GET /admin/users/{user}/edit, PUT /admin/users/{user}.
- Registration edge cases: duplicate email, missing required fields, password confirmation mismatch.
Files
tests/Feature/Admin/ImpersonationTest.phptests/Feature/IdeaProposalTest.php (new)tests/Feature/AuthRedirectTest.php (new)tests/Feature/IdeaIsolationTest.php (new)tests/Feature/Admin/UserControllerTest.php (new)tests/Feature/Auth/RegistrationTest.php
Missing Coverage
The following scenarios have no test coverage:
POST /ideas/{idea}/proposetwice should result in exactly one project, not two./ideas,/notifications, and admin routes redirect unauthenticated users to/login.edit,update,delete).GET /admin/users,GET /admin/users/{user}/edit,PUT /admin/users/{user}.Files
tests/Feature/Admin/ImpersonationTest.phptests/Feature/IdeaProposalTest.php(new)tests/Feature/AuthRedirectTest.php(new)tests/Feature/IdeaIsolationTest.php(new)tests/Feature/Admin/UserControllerTest.php(new)tests/Feature/Auth/RegistrationTest.php