aa

tests/Controller/AccountControllerTest.php

@@ -16,6 +16,68 @@ class AccountControllerTest extends WebTestCase
         self::assertResponseRedirects();
     }
 
+    public function testEventQrCodeAccessAndResponse(): void
+    {
+        $client = static::createClient();
+        $em = static::getContainer()->get(EntityManagerInterface::class);
+
+        // 1. Setup Organizer and their Event
+        $user = $this->createUser(['ROLE_ORGANIZER'], true);
+        $event = $this->createEvent($em, $user);
+        $event->setSlug('test-event-slug');
+        $em->flush();
+
+        // 2. Authenticate
+        $client->loginUser($user);
+
+        // 3. Request the QR Code
+        $client->request('GET', '/mon-compte/evenement/' . $event->getId() . '/qrcode');
+
+        // 4. Assertions for Successful Response
+        self::assertResponseIsSuccessful();
+        self::assertResponseHeaderSame('Content-Type', 'image/png');
+        self::assertResponseHeaderSame(
+            'Content-Disposition',
+            'attachment; filename="qrcode-test-event-slug.png"'
+        );
+
+        // 5. Verify the content is a valid PNG binary (Magic numbers: \x89PNG)
+        $content = $client->getResponse()->getContent();
+        self::assertStringStartsWith("\x89PNG", $content);
+    }
+
+    public function testEventQrCodeDeniedForOtherOrganizer(): void
+    {
+        $client = static::createClient();
+        $em = static::getContainer()->get(EntityManagerInterface::class);
+
+        $owner = $this->createUser(['ROLE_ORGANIZER'], true);
+        $other = $this->createUser(['ROLE_ORGANIZER'], true);
+        $event = $this->createEvent($em, $owner);
+
+        $client->loginUser($other);
+        $client->request('GET', '/mon-compte/evenement/' . $event->getId() . '/qrcode');
+
+        // Access denied because the event belongs to $owner, not $other
+        self::assertResponseStatusCodeSame(403);
+    }
+
+    public function testEventQrCodeDeniedForSimpleUser(): void
+    {
+        $client = static::createClient();
+        $em = static::getContainer()->get(EntityManagerInterface::class);
+
+        $owner = $this->createUser(['ROLE_ORGANIZER'], true);
+        $simpleUser = $this->createUser(['ROLE_USER'], false);
+        $event = $this->createEvent($em, $owner);
+
+        $client->loginUser($simpleUser);
+        $client->request('GET', '/mon-compte/evenement/' . $event->getId() . '/qrcode');
+
+        // Denied because ROLE_ORGANIZER is required
+        self::assertResponseStatusCodeSame(403);
+    }
+
     public function testAccountReturnsSuccessWhenAuthenticated(): void
     {
         $client = static::createClient();