Route security implementation and tests
This commit is contained in:
kiswa
parent
9419931834
commit
0a4e4b2623
@ -4,6 +4,12 @@ use RedBeanPHP\R;
|
||||
class Attachments extends BaseController {
|
||||
|
||||
public function getAttachment($request, $response, $args) {
|
||||
$status = $this->secureRoute($request, $response,
|
||||
SecurityLevel::User);
|
||||
if ($status !== 200) {
|
||||
return $this->jsonResponse($response, $status);
|
||||
}
|
||||
|
||||
$attachment = new Attachment($this->container, (int)$args['id']);
|
||||
|
||||
if ($attachment->id === 0) {
|
||||
@ -22,6 +28,12 @@ class Attachments extends BaseController {
|
||||
}
|
||||
|
||||
public function addAttachment($request, $response, $args) {
|
||||
$status = $this->secureRoute($request, $response,
|
||||
SecurityLevel::User);
|
||||
if ($status !== 200) {
|
||||
return $this->jsonResponse($response, $status);
|
||||
}
|
||||
|
||||
$attachment = new Attachment($this->container);
|
||||
$attachment->loadFromJson($request->getBody());
|
||||
|
||||
@ -33,7 +45,7 @@ class Attachments extends BaseController {
|
||||
return $this->jsonResponse($response);
|
||||
}
|
||||
|
||||
// TODO: Get existing user to log user_id and name
|
||||
$actor = new User($this->container, Auth::GetUserId($request));
|
||||
$this->dbLogger->logChange($this->container, 0,
|
||||
'$user->name added attachment.', '', json_encode($attachment),
|
||||
'attachment', $attachment->id);
|
||||
@ -45,9 +57,29 @@ class Attachments extends BaseController {
|
||||
}
|
||||
|
||||
public function removeAttachment($request, $response, $args) {
|
||||
$status = $this->secureRoute($request, $response,
|
||||
SecurityLevel::User);
|
||||
if ($status !== 200) {
|
||||
return $this->jsonResponse($response, $status);
|
||||
}
|
||||
|
||||
$actor = new User($this->container, Auth::GetUserId($request));
|
||||
|
||||
$id = (int)$args['id'];
|
||||
$attachment = new Attachment($this->container, $id);
|
||||
|
||||
// If User level, only the user that created the attachment
|
||||
// may delete it. If higher level, delete is allowed.
|
||||
if ($actor->security_level->getValue() === SecurityLevel::User) {
|
||||
if ($actor->id !== $attachment->user_id) {
|
||||
$this->apiJson->addAlert('error',
|
||||
'You do not have sufficient permissions ' .
|
||||
'to remove this attachment.');
|
||||
|
||||
return $this->jsonResponse($response);
|
||||
}
|
||||
} // @codeCoverageIgnore
|
||||
|
||||
if ($attachment->id !== $id) {
|
||||
$this->logger->addError('Remove Attachment: ', [$attachment]);
|
||||
$this->apiJson->addAlert('error', 'Error removing attachment. ' .
|
||||
@ -59,9 +91,8 @@ class Attachments extends BaseController {
|
||||
$before = $attachment;
|
||||
$attachment->delete();
|
||||
|
||||
// TODO: Get existing user to log user_id and name
|
||||
$this->dbLogger->logChange($this->container, 0,
|
||||
'$user->name removed attachment ' . $before->name,
|
||||
$this->dbLogger->logChange($this->container, $actor->id,
|
||||
$actor->username .' removed attachment ' . $before->name,
|
||||
json_encode($before), '', 'attachment', $id);
|
||||
|
||||
$this->apiJson->setSuccess();
|
||||
|
||||
@ -16,6 +16,7 @@ class Boards extends BaseController {
|
||||
$this->apiJson->setSuccess();
|
||||
|
||||
foreach($boardBeans as $bean) {
|
||||
// TODO: Filter boards to those where the user is a member
|
||||
$board = new Board($this->container);
|
||||
$board->loadFromBean($bean);
|
||||
|
||||
@ -37,6 +38,7 @@ class Boards extends BaseController {
|
||||
}
|
||||
|
||||
$board = new Board($this->container, (int)$args['id']);
|
||||
// TODO: Filter boards to those where the user is a member
|
||||
|
||||
if ($board->id === 0) {
|
||||
$this->logger->addError('Attempt to load board ' . $args['id'] .
|
||||
@ -91,6 +93,7 @@ class Boards extends BaseController {
|
||||
}
|
||||
|
||||
$board = new Board($this->container, (int)$args['id']);
|
||||
// TODO: Filter boards to those where the user is a member
|
||||
|
||||
$update = new Board($this->container);
|
||||
$update->loadFromJson($request->getBody());
|
||||
|
||||
@ -20,9 +20,9 @@ $app->post ('/boards', 'Boards:addBoard'); // Admin
|
||||
$app->post ('/boards/{id}', 'Boards:updateBoard'); // BoardAdmin (with board access)
|
||||
$app->delete('/boards/{id}', 'Boards:removeBoard'); // Admin
|
||||
|
||||
$app->get ('/autoactions', 'AutoActions:getAllActions'); // User
|
||||
$app->post ('/autoactions', 'AutoActions:addAction'); // BoardAdmin
|
||||
$app->delete('/autoactions/{id}', 'AutoActions:removeAction'); // BoardAdmin
|
||||
$app->get ('/autoactions', 'AutoActions:getAllActions'); // User (by board access)
|
||||
$app->post ('/autoactions', 'AutoActions:addAction'); // BoardAdmin (with board access)
|
||||
$app->delete('/autoactions/{id}', 'AutoActions:removeAction'); // BoardAdmin (with board access)
|
||||
|
||||
$app->get ('/columns/{id}', 'Columns:getColumn'); // User (with board access)
|
||||
$app->post ('/columns', 'Columns:addColumn'); // BoardAdmin
|
||||
@ -31,8 +31,8 @@ $app->delete('/columns/{id}', 'Columns:removeColumn'); // BoardAdmi
|
||||
|
||||
$app->get ('/tasks/{id}', 'Tasks:getTask'); // User
|
||||
$app->post ('/tasks', 'Tasks:addTask'); // User
|
||||
$app->post ('/tasks/{id}', 'Tasks:updateTask'); // BoardAdmin or submitter
|
||||
$app->delete('/tasks/{id}', 'Tasks:removeTask'); // BoardAdmin or submitter
|
||||
$app->post ('/tasks/{id}', 'Tasks:updateTask'); // User
|
||||
$app->delete('/tasks/{id}', 'Tasks:removeTask'); // User
|
||||
|
||||
$app->get ('/comments/{id}', 'Comments:getComment'); // User
|
||||
$app->post ('/comments', 'Comments:addComment'); // User
|
||||
@ -49,8 +49,8 @@ $app->post ('/users', 'Users:addUser'); // Admin
|
||||
$app->post ('/users/{id}', 'Users:updateUser'); // Admin
|
||||
$app->delete('/users/{id}', 'Users:removeUser'); // Admin
|
||||
|
||||
$app->post('/login', 'Auth:login'); // Unsecured
|
||||
$app->post('/logout', 'Auth:logout'); // Unsecured
|
||||
$app->post ('/login', 'Auth:login'); // Unsecured
|
||||
$app->post ('/logout', 'Auth:logout'); // Unsecured
|
||||
|
||||
$app->run();
|
||||
R::close();
|
||||
|
||||
@ -5,6 +5,7 @@ class Attachment extends BaseModel {
|
||||
public $name = '';
|
||||
public $type = '';
|
||||
public $user_id = 0;
|
||||
public $task_id = 0;
|
||||
public $timestamp = null;
|
||||
|
||||
public function __construct($container, $id = 0) {
|
||||
@ -21,6 +22,7 @@ class Attachment extends BaseModel {
|
||||
$bean->name = $this->name;
|
||||
$bean->type = $this->type;
|
||||
$bean->user_id = $this->user_id;
|
||||
$bean->task_id = $this->task_id;
|
||||
$bean->timestamp = $this->timestamp;
|
||||
}
|
||||
|
||||
@ -59,6 +61,7 @@ class Attachment extends BaseModel {
|
||||
$this->name = $obj->name;
|
||||
$this->type = $obj->type;
|
||||
$this->user_id = (int) $obj->user_id;
|
||||
$this->task_id = (int) $obj->task_id;
|
||||
$this->timestamp = (int) $obj->timestamp;
|
||||
} catch (Exception $ex) {
|
||||
$this->is_valid = false;
|
||||
|
||||
@ -18,6 +18,7 @@ class ActionType extends Enum {
|
||||
|
||||
class AutoAction extends BaseModel {
|
||||
public $id = 0;
|
||||
public $board_id = 0;
|
||||
public $trigger;
|
||||
public $source_id = 0; // ID of the column etc. which triggers the action
|
||||
public $type;
|
||||
@ -36,6 +37,7 @@ class AutoAction extends BaseModel {
|
||||
$bean = $this->bean;
|
||||
|
||||
$bean->id = $this->id;
|
||||
$bean->board_id = $this->board_id;
|
||||
$bean->trigger = $this->trigger->getValue();
|
||||
$bean->source_id = $this->source_id;
|
||||
$bean->type = $this->type->getValue();
|
||||
@ -73,6 +75,7 @@ class AutoAction extends BaseModel {
|
||||
private function loadPropertiesFrom($obj) {
|
||||
try {
|
||||
$this->id = (int) $obj->id;
|
||||
$this->board_id = (int) $obj->board_id;
|
||||
$this->trigger = new ActionTrigger((int) $obj->trigger);
|
||||
$this->source_id = (int) $obj->source_id;
|
||||
$this->type = new ActionType((int) $obj->type);
|
||||
|
||||
@ -40,7 +40,8 @@ abstract class BaseModel {
|
||||
$ex->getTrace()
|
||||
]);
|
||||
|
||||
return false;
|
||||
return false; // @codeCoverageIgnore
|
||||
// Due to false negative
|
||||
}
|
||||
|
||||
return true;
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
class Category extends BaseModel {
|
||||
public $id = 0;
|
||||
public $name = '';
|
||||
public $board_id = 0;
|
||||
|
||||
public function __construct($container, $id = 0) {
|
||||
parent::__construct('column', $id, $container);
|
||||
@ -14,6 +15,7 @@ class Category extends BaseModel {
|
||||
|
||||
$bean->id = $this->id;
|
||||
$bean->name = $this->name;
|
||||
$bean->board_id = $this->board_id;
|
||||
}
|
||||
|
||||
public function loadFromBean($bean) {
|
||||
@ -48,6 +50,7 @@ class Category extends BaseModel {
|
||||
try {
|
||||
$this->id = (int) $obj->id;
|
||||
$this->name = $obj->name;
|
||||
$this->board_id = $obj->board_id;
|
||||
} catch (Exception $ex) {
|
||||
$this->is_valid = false;
|
||||
}
|
||||
|
||||
@ -3,6 +3,7 @@ class Column extends BaseModel {
|
||||
public $id = 0;
|
||||
public $name = '';
|
||||
public $position = 0;
|
||||
public $board_id = 0;
|
||||
public $tasks = []; // Task model array
|
||||
|
||||
public function __construct($container, $id = 0) {
|
||||
@ -17,6 +18,7 @@ class Column extends BaseModel {
|
||||
$bean->id = $this->id;
|
||||
$bean->name = $this->name;
|
||||
$bean->position = $this->position;
|
||||
$bean->board_id = $this->board_id;
|
||||
$bean->xownTaskList = [];
|
||||
|
||||
foreach($this->tasks as $task) {
|
||||
@ -71,6 +73,7 @@ class Column extends BaseModel {
|
||||
$this->id = (int) $obj->id;
|
||||
$this->name = $obj->name;
|
||||
$this->position = (int) $obj->position;
|
||||
$this->board_id = (int) $obj->board_id;
|
||||
} catch (Exception $ex) {
|
||||
$this->is_valid = false;
|
||||
}
|
||||
|
||||
@ -2,7 +2,8 @@
|
||||
class Comment extends BaseModel {
|
||||
public $id = 0;
|
||||
public $text = '';
|
||||
public $submitted_by = 0;
|
||||
public $user_id = 0;
|
||||
public $task_id = 0;
|
||||
|
||||
public function __construct($container, $id = 0) {
|
||||
parent::__construct('comment', $id, $container);
|
||||
@ -15,7 +16,8 @@ class Comment extends BaseModel {
|
||||
|
||||
$bean->id = $this->id;
|
||||
$bean->text = $this->text;
|
||||
$bean->submitted_by = $this->submitted_by;
|
||||
$bean->user_id = $this->user_id;
|
||||
$bean->task_id = $this->task_id;
|
||||
}
|
||||
|
||||
public function loadFromBean($bean) {
|
||||
@ -50,7 +52,8 @@ class Comment extends BaseModel {
|
||||
try {
|
||||
$this->id = (int) $obj->id;
|
||||
$this->text = $obj->text;
|
||||
$this->submitted_by = $obj->submitted_by;
|
||||
$this->user_id = $obj->user_id;
|
||||
$this->task_id = $obj->task_id;
|
||||
} catch (Exception $ex) {
|
||||
$this->is_valid = false;
|
||||
}
|
||||
|
||||
@ -5,6 +5,7 @@ class Task extends BaseModel {
|
||||
public $description = '';
|
||||
public $assignee_id = 0;
|
||||
public $category_id = 0;
|
||||
public $column_id = 0;
|
||||
public $color = '';
|
||||
public $due_date = null; // Date or null if not set
|
||||
public $points = null; // Integer or null if not set
|
||||
@ -26,6 +27,7 @@ class Task extends BaseModel {
|
||||
$bean->description = $this->description;
|
||||
$bean->assignee_id = $this->assignee_id;
|
||||
$bean->category_id = $this->category_id;
|
||||
$bean->column_id = $this->column_id;
|
||||
$bean->color = $this->color;
|
||||
$bean->due_date = $this->due_date;
|
||||
$bean->points = $this->points;
|
||||
@ -111,6 +113,7 @@ class Task extends BaseModel {
|
||||
$this->description = $obj->description;
|
||||
$this->assignee_id = (int)$obj->assignee_id;
|
||||
$this->category_id = (int)$obj->category_id;
|
||||
$this->column_id = (int)$obj->column_id;
|
||||
$this->color = $obj->color;
|
||||
$this->due_date = $obj->due_date;
|
||||
$this->points = $obj->points;
|
||||
|
||||
@ -28,6 +28,23 @@ class DataMock {
|
||||
return $jwt;
|
||||
}
|
||||
|
||||
public static function createStandardUser() {
|
||||
$request = new RequestMock();
|
||||
$user = DataMock::getUser();
|
||||
$user->id = 0;
|
||||
$user->username = 'standard';
|
||||
$user->security_level = SecurityLevel::User;
|
||||
|
||||
$jwt = DataMock::getJwt();
|
||||
$request->payload = $user;
|
||||
$request->header = [$jwt];
|
||||
|
||||
$users = new Users(new ContainerMock());
|
||||
$response = $users->addUser($request, new ResponseMock(), null);
|
||||
|
||||
return $response;
|
||||
}
|
||||
|
||||
public static function createUnpriviligedUser() {
|
||||
$request = new RequestMock();
|
||||
$user = DataMock::getUser();
|
||||
@ -65,6 +82,7 @@ class DataMock {
|
||||
$column->id = 1;
|
||||
$column->name = 'col1';
|
||||
$column->position = 1;
|
||||
$column->board_id = 1;
|
||||
$column->tasks[] = DataMock::getTask();
|
||||
|
||||
return $column;
|
||||
@ -73,6 +91,7 @@ class DataMock {
|
||||
public static function getCategory() {
|
||||
$category = new stdClass();
|
||||
$category->id = 1;
|
||||
$category->board_id = 1;
|
||||
$category->name = 'cat1';
|
||||
|
||||
return $category;
|
||||
@ -81,6 +100,7 @@ class DataMock {
|
||||
public static function getAutoAction() {
|
||||
$auto_action = new stdClass();
|
||||
$auto_action->id = 1;
|
||||
$auto_action->board_id = 1;
|
||||
$auto_action->trigger = ActionTrigger::SetToCategory;
|
||||
$auto_action->source_id = 1;
|
||||
$auto_action->type = ActionType::ClearDueDate;
|
||||
@ -124,6 +144,7 @@ class DataMock {
|
||||
$attachment->name = 'file.png';
|
||||
$attachment->type = 'image';
|
||||
$attachment->user_id = 1;
|
||||
$attachment->task_id = 1;
|
||||
$attachment->timestamp = 1234567890;
|
||||
|
||||
return $attachment;
|
||||
@ -134,7 +155,8 @@ class DataMock {
|
||||
|
||||
$comment->id = 1;
|
||||
$comment->text = 'test comment';
|
||||
$comment->submitted_by = 1;
|
||||
$comment->user_id = 1;
|
||||
$comment->task_id = 1;
|
||||
|
||||
return $comment;
|
||||
}
|
||||
@ -150,6 +172,7 @@ class DataMock {
|
||||
$task->due_date = 1234567890;
|
||||
$task->points = 3;
|
||||
$task->position = 1;
|
||||
$task->column_id = 1;
|
||||
$task->attachments[] = DataMock::getAttachment();
|
||||
$task->comments[] = DataMock::getComment();
|
||||
|
||||
|
||||
@ -7,77 +7,161 @@ class AttachmentsTest extends PHPUnit_Framework_TestCase {
|
||||
public static function setupBeforeClass() {
|
||||
try {
|
||||
RedBeanPHP\R::setup('sqlite:tests.db');
|
||||
// RedBeanPHP\R::fancyDebug(true);
|
||||
} catch (Exception $ex) { }
|
||||
}
|
||||
|
||||
public function setUp() {
|
||||
RedBeanPHP\R::nuke();
|
||||
|
||||
Auth::CreateInitialAdmin(new ContainerMock());
|
||||
|
||||
$this->attachments = new Attachments(new ContainerMock());
|
||||
}
|
||||
|
||||
public function testGetAttachment() {
|
||||
$expected = new ApiJson();
|
||||
$expected->addAlert('error', 'No attachment found for ID 1.');
|
||||
$request = new RequestMock();
|
||||
$request->header = [DataMock::getJwt()];
|
||||
|
||||
$args = [];
|
||||
$args['id'] = 1;
|
||||
|
||||
$actual = $this->attachments->getAttachment(null,
|
||||
$actual = $this->attachments->getAttachment($request,
|
||||
new ResponseMock(), $args);
|
||||
$this->assertEquals($expected, $actual);
|
||||
$this->assertEquals('No attachment found for ID 1.',
|
||||
$actual->alerts[0]['text']);
|
||||
|
||||
$this->createAttachment();
|
||||
$actual = $this->attachments->getAttachment(null,
|
||||
$request->header = [DataMock::getJwt()];
|
||||
|
||||
$this->attachments = new Attachments(new ContainerMock());
|
||||
|
||||
$actual = $this->attachments->getAttachment($request,
|
||||
new ResponseMock(), $args);
|
||||
$this->assertTrue($actual->status === 'success');
|
||||
$this->assertTrue(count($actual->data) === 1);
|
||||
$this->assertEquals('success', $actual->status);
|
||||
$this->assertEquals(2, count($actual->data));
|
||||
}
|
||||
|
||||
public function testAddRemoveAttachment() {
|
||||
$expected = new ApiJson();
|
||||
|
||||
$actual = $this->createAttachment();
|
||||
|
||||
$expected->setSuccess();
|
||||
$expected->addAlert('success', 'Attachment added.');
|
||||
|
||||
$this->assertEquals($expected, $actual);
|
||||
|
||||
$expected->addAlert('success', 'Attachment file.png removed.');
|
||||
$this->assertEquals('Attachment added.', $actual->alerts[0]['text']);
|
||||
|
||||
$args = [];
|
||||
$args['id'] = 1;
|
||||
|
||||
$actual = $this->attachments->removeAttachment(null,
|
||||
$this->attachments = new Attachments(new ContainerMock());
|
||||
$request =new RequestMock();
|
||||
$request->header = [DataMock::getJwt()];
|
||||
|
||||
$actual = $this->attachments->removeAttachment($request,
|
||||
new ResponseMock(), $args);
|
||||
|
||||
$this->assertEquals($expected, $actual);
|
||||
$this->assertEquals('Attachment file.png removed.',
|
||||
$actual->alerts[0]['text']);
|
||||
}
|
||||
|
||||
public function testAddBadAttachment() {
|
||||
$request = new RequestMock();
|
||||
$request->invalidPayload = true;
|
||||
$request->header = [DataMock::getJwt()];
|
||||
|
||||
$response = $this->attachments->addAttachment($request,
|
||||
new ResponseMock(), null);
|
||||
|
||||
$this->assertTrue($response->status === 'failure');
|
||||
$this->assertTrue($response->alerts[0]['type'] === 'error');
|
||||
$this->assertEquals('failure', $response->status);
|
||||
$this->assertEquals('error', $response->alerts[0]['type']);
|
||||
}
|
||||
|
||||
public function testAddRemoveUnprivileged() {
|
||||
$res = DataMock::createUnpriviligedUser();
|
||||
$this->assertEquals('success', $res->status);
|
||||
|
||||
$this->attachments = new Attachments(new ContainerMock());
|
||||
$request = new RequestMock();
|
||||
$request->header = [DataMock::getJwt(2)];
|
||||
|
||||
$attachment = DataMock::getAttachment();
|
||||
$attachment->id = 0;
|
||||
|
||||
$request->payload = $attachment;
|
||||
|
||||
$actual = $this->attachments->addAttachment($request,
|
||||
new ResponseMock(), null);
|
||||
|
||||
$this->assertEquals('Insufficient privileges.',
|
||||
$actual->alerts[0]['text']);
|
||||
|
||||
$this->createAttachment();
|
||||
$this->attachments = new Attachments(new ContainerMock());
|
||||
|
||||
$request = new RequestMock();
|
||||
$request->header = [DataMock::getJwt(2)];
|
||||
|
||||
$args = [];
|
||||
$args['id'] = 1;
|
||||
|
||||
$actual = $this->attachments->removeAttachment($request,
|
||||
new ResponseMock(), $args);
|
||||
|
||||
$this->assertEquals('Insufficient privileges.',
|
||||
$actual->alerts[0]['text']);
|
||||
}
|
||||
|
||||
public function testGetUnprivileged() {
|
||||
$res = DataMock::createUnpriviligedUser();
|
||||
$this->assertEquals('success', $res->status);
|
||||
|
||||
$this->attachments = new Attachments(new ContainerMock());
|
||||
$request = new RequestMock();
|
||||
$request->header = [DataMock::getJwt(2)];
|
||||
|
||||
$args = [];
|
||||
$args['id'] = 1;
|
||||
|
||||
$actual = $this->attachments->getAttachment($request,
|
||||
new ResponseMock(), $args);
|
||||
$this->assertEquals('Insufficient privileges.',
|
||||
$actual->alerts[0]['text']);
|
||||
}
|
||||
|
||||
public function testRemoveAttachmentUserSecurity() {
|
||||
$actual = $this->createAttachment();
|
||||
$this->assertEquals('Attachment added.', $actual->alerts[0]['text']);
|
||||
|
||||
$res = DataMock::createStandardUser();
|
||||
$this->assertEquals('success', $res->status);
|
||||
|
||||
$args = [];
|
||||
$args['id'] = 1;
|
||||
|
||||
$this->attachments = new Attachments(new ContainerMock());
|
||||
$request =new RequestMock();
|
||||
$request->header = [DataMock::getJwt(2)];
|
||||
|
||||
$actual = $this->attachments->removeAttachment($request,
|
||||
new ResponseMock(), $args);
|
||||
|
||||
$this->assertEquals('You do not have sufficient permissions to ' .
|
||||
'remove this attachment.', $actual->alerts[0]['text']);
|
||||
|
||||
}
|
||||
|
||||
public function testRemoveBadAttachment() {
|
||||
$args = [];
|
||||
$args['id'] = 5; // No such attachment
|
||||
|
||||
$response = $this->attachments->removeAttachment(null,
|
||||
$request = new RequestMock();
|
||||
$request->header = [DataMock::getJwt()];
|
||||
|
||||
$response = $this->attachments->removeAttachment($request,
|
||||
new ResponseMock(), $args);
|
||||
$this->assertTrue($response->status === 'failure');
|
||||
$this->assertEquals('failure', $response->status);
|
||||
}
|
||||
|
||||
private function createAttachment() {
|
||||
$request = new RequestMock();
|
||||
$request->header = [DataMock::getJwt()];
|
||||
|
||||
$attachment = DataMock::getAttachment();
|
||||
$attachment->id = 0;
|
||||
|
||||
@ -85,7 +169,7 @@ class AttachmentsTest extends PHPUnit_Framework_TestCase {
|
||||
|
||||
$response = $this->attachments->addAttachment($request,
|
||||
new ResponseMock(), null);
|
||||
$this->assertTrue($response->status === 'success');
|
||||
$this->assertEquals('success', $response->status);
|
||||
|
||||
return $response;
|
||||
}
|
||||
|
||||
@ -82,9 +82,6 @@ class BoardsTest extends PHPUnit_Framework_TestCase {
|
||||
$actual->alerts[0]['text']);
|
||||
}
|
||||
|
||||
/**
|
||||
* @group single
|
||||
*/
|
||||
public function testAddRemoveBoard() {
|
||||
$actual = $this->createBoard();
|
||||
|
||||
@ -103,20 +100,34 @@ class BoardsTest extends PHPUnit_Framework_TestCase {
|
||||
|
||||
$this->assertEquals('Board test removed.',
|
||||
$actual->alerts[0]['text']);
|
||||
}
|
||||
|
||||
public function testAddRemoveBoardUnpriviliged() {
|
||||
$args = [];
|
||||
$args['id'] = 1;
|
||||
|
||||
$res = DataMock::createUnpriviligedUser();
|
||||
$this->assertEquals('success', $res->status);
|
||||
|
||||
$request = new RequestMock();
|
||||
$request->header = [DataMock::getJwt(2)];
|
||||
|
||||
$this->boards = new Boards(new ContainerMock());
|
||||
|
||||
$actual = $this->boards->addBoard($request,
|
||||
new ResponseMock(), $args);
|
||||
$this->assertEquals('Insufficient privileges.',
|
||||
$actual->alerts[0]['text']);
|
||||
|
||||
$this->boards = new Boards(new ContainerMock());
|
||||
|
||||
$actual = $this->boards->removeBoard($request,
|
||||
new ResponseMock(), $args);
|
||||
$this->assertEquals('Insufficient privileges.',
|
||||
$actual->alerts[0]['text']);
|
||||
}
|
||||
|
||||
public function testAddBadBoard() {
|
||||
public function testAddRemoveBadBoard() {
|
||||
$request = new RequestMock();
|
||||
$request->invalidPayload = true;
|
||||
$request->header = [DataMock::getJwt()];
|
||||
@ -126,15 +137,17 @@ class BoardsTest extends PHPUnit_Framework_TestCase {
|
||||
|
||||
$this->assertEquals('failure', $response->status);
|
||||
$this->assertEquals('error', $response->alerts[0]['type']);
|
||||
}
|
||||
|
||||
public function testRemoveBadBoard() {
|
||||
$request = new RequestMock();
|
||||
$request->header = [DataMock::getJwt()];
|
||||
|
||||
$args = [];
|
||||
$args['id'] = 5; // No such board
|
||||
|
||||
$response =
|
||||
$this->boards->removeBoard(new RequestMock(),
|
||||
new ResponseMock(), $args);
|
||||
$this->boards = new Boards(new ContainerMock());
|
||||
|
||||
$response = $this->boards->removeBoard($request,
|
||||
new ResponseMock(), $args);
|
||||
$this->assertTrue($response->status === 'failure');
|
||||
}
|
||||
|
||||
@ -147,17 +160,29 @@ class BoardsTest extends PHPUnit_Framework_TestCase {
|
||||
$args = [];
|
||||
$args['id'] = $board->id;
|
||||
|
||||
$this->boards = new Boards(new ContainerMock());
|
||||
$request = new RequestMock();
|
||||
$request->payload = $board;
|
||||
$request->header = [DataMock::getJwt()];
|
||||
|
||||
$response = $this->boards->updateBoard($request,
|
||||
new ResponseMock(), $args);
|
||||
$this->assertTrue($response->status === 'success');
|
||||
$this->assertEquals('success', $response->status);
|
||||
|
||||
$this->boards = new Boards(new ContainerMock());
|
||||
$request->payload = new stdClass();
|
||||
$request->header = [DataMock::getJwt()];
|
||||
|
||||
$response = $this->boards->updateBoard($request,
|
||||
new ResponseMock(), $args);
|
||||
$this->assertTrue($response->alerts[2]['type'] === 'error');
|
||||
$this->assertEquals('error', $response->alerts[0]['type']);
|
||||
|
||||
$this->boards = new Boards(new ContainerMock());
|
||||
$request->header = null;
|
||||
|
||||
$response = $this->boards->updateBoard($request,
|
||||
new ResponseMock(), $args);
|
||||
$this->assertEquals('failure', $response->status);
|
||||
}
|
||||
|
||||
private function createBoard() {
|
||||
|
||||
@ -63,6 +63,7 @@ class AttachmentTest extends PHPUnit_Framework_TestCase {
|
||||
$this->assertTrue($bean->name === $attachment->name);
|
||||
$this->assertTrue($bean->type === $attachment->type);
|
||||
$this->assertTrue($bean->user_id === $attachment->user_id);
|
||||
$this->assertTrue($bean->task_id === $attachment->task_id);
|
||||
$this->assertTrue($bean->timestamp === $attachment->timestamp);
|
||||
}
|
||||
|
||||
@ -72,6 +73,7 @@ class AttachmentTest extends PHPUnit_Framework_TestCase {
|
||||
$this->assertTrue($attachment->name === 'file.png');
|
||||
$this->assertTrue($attachment->type === 'image');
|
||||
$this->assertTrue($attachment->user_id === 1);
|
||||
$this->assertTrue($attachment->task_id === 1);
|
||||
$this->assertTrue($attachment->timestamp === 1234567890);
|
||||
}
|
||||
|
||||
@ -81,6 +83,7 @@ class AttachmentTest extends PHPUnit_Framework_TestCase {
|
||||
$this->assertTrue($attachment->name === '');
|
||||
$this->assertTrue($attachment->type === '');
|
||||
$this->assertTrue($attachment->user_id === 0);
|
||||
$this->assertTrue($attachment->task_id === 0);
|
||||
$this->assertTrue($attachment->timestamp === null);
|
||||
}
|
||||
}
|
||||
|
||||
@ -59,6 +59,7 @@ class AutoActionTest extends PHPUnit_Framework_TestCase {
|
||||
$bean = $action->getBean();
|
||||
|
||||
$this->assertTrue($bean->id === $action->id);
|
||||
$this->assertTrue($bean->board_id === $action->board_id);
|
||||
$this->assertTrue($bean->trigger === $action->trigger->getValue());
|
||||
$this->assertTrue($bean->source_id === $action->source_id);
|
||||
$this->assertTrue($bean->type === $action->type->getValue());
|
||||
@ -70,6 +71,7 @@ class AutoActionTest extends PHPUnit_Framework_TestCase {
|
||||
$type = new ActionType(ActionType::ClearDueDate);
|
||||
|
||||
$this->assertTrue($attachment->id === 1);
|
||||
$this->assertTrue($attachment->board_id === 1);
|
||||
$this->assertTrue($attachment->trigger->getValue() ===
|
||||
$trigger->getValue());
|
||||
$this->assertTrue($attachment->source_id === 1);
|
||||
@ -80,6 +82,7 @@ class AutoActionTest extends PHPUnit_Framework_TestCase {
|
||||
|
||||
private function assertDefaultProperties($attachment) {
|
||||
$this->assertTrue($attachment->id === 0);
|
||||
$this->assertTrue($attachment->board_id === 0);
|
||||
$this->assertTrue($attachment->trigger->getValue() ===
|
||||
ActionTrigger::MoveToColumn);
|
||||
$this->assertTrue($attachment->source_id === 0);
|
||||
|
||||
@ -60,16 +60,19 @@ class CategoryTest extends PHPUnit_Framework_TestCase {
|
||||
|
||||
$this->assertTrue($bean->id === $category->id);
|
||||
$this->assertTrue($bean->name === $category->name);
|
||||
$this->assertTrue($bean->board_id === $category->board_id);
|
||||
}
|
||||
|
||||
private function assertDefaultProperties($category) {
|
||||
$this->assertTrue($category->id === 0);
|
||||
$this->assertTrue($category->name === '');
|
||||
$this->assertTrue($category->board_id === 0);
|
||||
}
|
||||
|
||||
private function assertMockProperties($category) {
|
||||
$this->assertTrue($category->id === 1);
|
||||
$this->assertTrue($category->name === 'cat1');
|
||||
$this->assertTrue($category->board_id === 1);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -63,18 +63,21 @@ class ColumnTest extends PHPUnit_Framework_TestCase {
|
||||
$this->assertTrue($bean->id === $column->id);
|
||||
$this->assertTrue($bean->name === $column->name);
|
||||
$this->assertTrue($bean->position === $column->position);
|
||||
$this->assertTrue($bean->board_id === $column->board_id);
|
||||
}
|
||||
|
||||
private function assertDefaultProperties($column) {
|
||||
$this->assertTrue($column->id === 0);
|
||||
$this->assertTrue($column->name === '');
|
||||
$this->assertTrue($column->position === 0);
|
||||
$this->assertTrue($column->board_id === 0);
|
||||
}
|
||||
|
||||
private function assertMockProperties($column) {
|
||||
$this->assertTrue($column->id === 1);
|
||||
$this->assertTrue($column->name === 'col1');
|
||||
$this->assertTrue($column->position === 1);
|
||||
$this->assertTrue($column->board_id === 1);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -60,16 +60,22 @@ class CommentTest extends PHPUnit_Framework_TestCase {
|
||||
|
||||
$this->assertTrue($bean->id === $comment->id);
|
||||
$this->assertTrue($bean->text === $comment->text);
|
||||
$this->assertTrue($bean->user_id === $comment->user_id);
|
||||
$this->assertTrue($bean->task_id === $comment->task_id);
|
||||
}
|
||||
|
||||
private function assertDefaultProperties($comment) {
|
||||
$this->assertTrue($comment->id === 0);
|
||||
$this->assertTrue($comment->text === '');
|
||||
$this->assertTrue($comment->user_id === 0);
|
||||
$this->assertTrue($comment->task_id === 0);
|
||||
}
|
||||
|
||||
private function assertMockProperties($comment) {
|
||||
$this->assertTrue($comment->id === 1);
|
||||
$this->assertTrue($comment->text === 'test comment');
|
||||
$this->assertTrue($comment->user_id === 1);
|
||||
$this->assertTrue($comment->task_id === 1);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -63,6 +63,7 @@ class TaskTest extends PHPUnit_Framework_TestCase {
|
||||
|
||||
$this->assertTrue($bean->id === $task->id);
|
||||
$this->assertTrue($bean->title === $task->title);
|
||||
$this->assertTrue($bean->column_id === $task->column_id);
|
||||
}
|
||||
|
||||
private function assertDefaultProperties($task) {
|
||||
@ -71,6 +72,7 @@ class TaskTest extends PHPUnit_Framework_TestCase {
|
||||
$this->assertTrue($task->description === '');
|
||||
$this->assertTrue($task->assignee_id === 0);
|
||||
$this->assertTrue($task->category_id === 0);
|
||||
$this->assertTrue($task->column_id === 0);
|
||||
$this->assertTrue($task->color === '');
|
||||
$this->assertTrue($task->due_date === null);
|
||||
$this->assertTrue($task->points === null);
|
||||
@ -83,6 +85,7 @@ class TaskTest extends PHPUnit_Framework_TestCase {
|
||||
$this->assertTrue($task->description === 'description');
|
||||
$this->assertTrue($task->assignee_id === 1);
|
||||
$this->assertTrue($task->category_id === 1);
|
||||
$this->assertTrue($task->column_id === 1);
|
||||
$this->assertTrue($task->color === '#ffffff');
|
||||
$this->assertTrue($task->due_date === 1234567890);
|
||||
$this->assertTrue($task->points === 3);
|
||||
|
||||
Reference in New Issue
Block a user