From 8a42a3dde4b21272554cb935b6be126897612c28 Mon Sep 17 00:00:00 2001
From: Serreau Jovann <jovann@siteconseil.fr>
Date: Mon, 23 Mar 2026 15:35:21 +0100
Subject: [PATCH] aa

---
 tests/Controller/AccountControllerTest.php | 62 ++++++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/tests/Controller/AccountControllerTest.php b/tests/Controller/AccountControllerTest.php
index 7c0a7b5..0cf7022 100644
--- a/tests/Controller/AccountControllerTest.php
+++ b/tests/Controller/AccountControllerTest.php
@@ -16,6 +16,68 @@ class AccountControllerTest extends WebTestCase
         self::assertResponseRedirects();
     }
 
+    public function testEventQrCodeAccessAndResponse(): void
+    {
+        $client = static::createClient();
+        $em = static::getContainer()->get(EntityManagerInterface::class);
+
+        // 1. Setup Organizer and their Event
+        $user = $this->createUser(['ROLE_ORGANIZER'], true);
+        $event = $this->createEvent($em, $user);
+        $event->setSlug('test-event-slug');
+        $em->flush();
+
+        // 2. Authenticate
+        $client->loginUser($user);
+
+        // 3. Request the QR Code
+        $client->request('GET', '/mon-compte/evenement/' . $event->getId() . '/qrcode');
+
+        // 4. Assertions for Successful Response
+        self::assertResponseIsSuccessful();
+        self::assertResponseHeaderSame('Content-Type', 'image/png');
+        self::assertResponseHeaderSame(
+            'Content-Disposition',
+            'attachment; filename="qrcode-test-event-slug.png"'
+        );
+
+        // 5. Verify the content is a valid PNG binary (Magic numbers: \x89PNG)
+        $content = $client->getResponse()->getContent();
+        self::assertStringStartsWith("\x89PNG", $content);
+    }
+
+    public function testEventQrCodeDeniedForOtherOrganizer(): void
+    {
+        $client = static::createClient();
+        $em = static::getContainer()->get(EntityManagerInterface::class);
+
+        $owner = $this->createUser(['ROLE_ORGANIZER'], true);
+        $other = $this->createUser(['ROLE_ORGANIZER'], true);
+        $event = $this->createEvent($em, $owner);
+
+        $client->loginUser($other);
+        $client->request('GET', '/mon-compte/evenement/' . $event->getId() . '/qrcode');
+
+        // Access denied because the event belongs to $owner, not $other
+        self::assertResponseStatusCodeSame(403);
+    }
+
+    public function testEventQrCodeDeniedForSimpleUser(): void
+    {
+        $client = static::createClient();
+        $em = static::getContainer()->get(EntityManagerInterface::class);
+
+        $owner = $this->createUser(['ROLE_ORGANIZER'], true);
+        $simpleUser = $this->createUser(['ROLE_USER'], false);
+        $event = $this->createEvent($em, $owner);
+
+        $client->loginUser($simpleUser);
+        $client->request('GET', '/mon-compte/evenement/' . $event->getId() . '/qrcode');
+
+        // Denied because ROLE_ORGANIZER is required
+        self::assertResponseStatusCodeSame(403);
+    }
+
     public function testAccountReturnsSuccessWhenAuthenticated(): void
     {
         $client = static::createClient();