From 2d6b9d6c8b83b4b167b4a45e03617d391cc410de Mon Sep 17 00:00:00 2001 From: Matthew Ross Date: Thu, 9 Jun 2016 06:26:40 -0400 Subject: [PATCH] WIP - Will break build --- src/api/controllers/Auth.php | 16 ++++++++++++++++ src/api/controllers/AutoActions.php | 7 ++++--- test/api/controllers/AutoActionsTest.php | 20 +++++++++++++++++--- 3 files changed, 37 insertions(+), 6 deletions(-) diff --git a/src/api/controllers/Auth.php b/src/api/controllers/Auth.php index 7bd554b..75d2204 100644 --- a/src/api/controllers/Auth.php +++ b/src/api/controllers/Auth.php @@ -4,6 +4,22 @@ use Firebase\JWT\JWT; class Auth extends BaseController { + public static function HasBoardAccess($container, $request, $boardId) { + $hasAccess = false; + + $userId = Auth::GetUserId($request); + $board = new Board($container, $boardId); + + foreach($board->users as $user) { + if ($user->id === $userId) { + $hasAccess = true; + break; + } + } + + return $hasAccess; + } + public static function CreateInitialAdmin($container) { $admin = new User($container, 1); diff --git a/src/api/controllers/AutoActions.php b/src/api/controllers/AutoActions.php index 4057b1f..6e71ab4 100644 --- a/src/api/controllers/AutoActions.php +++ b/src/api/controllers/AutoActions.php @@ -12,8 +12,6 @@ class AutoActions extends BaseController { $actionBeans = R::findAll('auto_action'); - // TODO: Filter by boards user has access to - if(count($actionBeans)) { $this->apiJson->setSuccess(); @@ -21,7 +19,10 @@ class AutoActions extends BaseController { $action = new AutoAction($this->container); $action->loadFromBean($bean); - $this->apiJson->addData($action); + if (Auth::HasBoardAccess($this->container, + $request, $action->board_id)) { + $this->apiJson->addData($action); + } } } else { $this->logger->addInfo('No automatic actions in database.'); diff --git a/test/api/controllers/AutoActionsTest.php b/test/api/controllers/AutoActionsTest.php index 7db05cb..1be1dd4 100644 --- a/test/api/controllers/AutoActionsTest.php +++ b/test/api/controllers/AutoActionsTest.php @@ -18,6 +18,9 @@ class AutoActionsTest extends PHPUnit_Framework_TestCase { $this->actions = new AutoActions(new ContainerMock()); } + /** + * @group single + */ public function testGetAllActions() { $request = new RequestMock(); $request->header = [DataMock::getJwt()]; @@ -32,11 +35,11 @@ class AutoActionsTest extends PHPUnit_Framework_TestCase { $request->header = [DataMock::getJwt()]; - $actions = $this->actions->getAllActions($request, + $actual = $this->actions->getAllActions($request, new ResponseMock(), null); - $this->assertEquals(2, count($actions->data)); - $this->assertEquals('success', $actions->status); + $this->assertEquals(2, count($actual->data)); + $this->assertEquals('success', $actual->status); } public function testAddRemoveAction() { @@ -124,6 +127,17 @@ class AutoActionsTest extends PHPUnit_Framework_TestCase { } private function createAutoAction() { + $board = DataMock::getBoard(); + $board->users = []; + $board->users[] = new User(new ContainerMock(), 1); + + $request = new RequestMock(); + $request->payload = $board; + $request->header = [DataMock::getJwt()]; + + $boards = new Boards(new ContainerMock()); + $boards->addBoard($request, new ResponseMock(), null); + $request = new RequestMock(); $request->header = [DataMock::getJwt()];