create(); $this->getJson('/api/v1/artworks/' . $art->slug) ->assertStatus(200) ->assertJsonPath('slug', $art->slug) ->assertJsonStructure(['slug', 'title', 'description', 'file', 'published_at']); }); test('cannot view unapproved artwork', function () { $art = Artwork::factory()->unapproved()->create(); $this->getJson('/api/v1/artworks/' . $art->slug) ->assertStatus(404); }); test('soft-deleted artwork returns 404', function () { $art = Artwork::factory()->create(); $art->delete(); $this->getJson('/api/v1/artworks/' . $art->slug) ->assertStatus(404); }); test('category browsing returns artworks for the category only', function () { $contentType = ContentType::create(['name' => 'Photography', 'slug' => 'photography', 'description' => '']); $category = Category::create([ 'content_type_id' => $contentType->id, 'parent_id' => null, 'name' => 'Abstract', 'slug' => 'abstract', 'description' => '', 'is_active' => true, 'sort_order' => 0, ]); $inCat = Artwork::factory()->create(); $outCat = Artwork::factory()->create(); $inCat->categories()->attach($category->id); $this->getJson('/api/v1/categories/' . $category->slug . '/artworks') ->assertStatus(200) ->assertJsonStructure(['data', 'links', 'meta']) ->assertJsonCount(1, 'data') ->assertJsonPath('data.0.slug', $inCat->slug); }); test('unauthorized or private access is blocked (private artwork)', function () { $art = Artwork::factory()->private()->create(); $this->getJson('/api/v1/artworks/' . $art->slug) ->assertStatus(404); });