In this episode, we dive into situations where using Laravel Dusk (or end-to-end browser tests in general) just isn't the best option—especially when it comes to testing things like authorization rules.
To get hands-on, we start by setting up proper authorization for updating and deleting tasks in our app, making sure that only the rightful owner of a task can modify or remove it. We use Laravel policies and form requests to handle the authorization logic cleanly.
Next, we try to write a Dusk test to confirm that a user can't delete or update someone else's tasks. But we quickly hit a roadblock: there's no way for a user to even see tasks they don't own in the UI, making an end-to-end test for this scenario both pointless and awkward to set up. We'd basically have to hack the app just for the test to work, which is a big red flag.
Instead, we ditch Dusk for this use case and write straightforward feature tests instead. These tests directly send HTTP requests as different users and confirm that forbidden actions are properly blocked. They're faster, more reliable, and fit this scenario perfectly.
The takeaway: always try to start with feature tests—they're quick and cover most backend logic elegantly. Reach for Dusk only when you need to verify frontend flows (like users clicking buttons or navigating pages), not backend restrictions that aren't even visible in the interface.