Users controller updates and unit tests

2016-07-31 19:50:59 +00:00 · 2016-07-31 19:50:59 +00:00 · e0a0cb4470
commit e0a0cb4470
parent 8c1c68d792
3 changed files with 95 additions and 17 deletions
--- a/src/api/controllers/Users.php
+++ b/src/api/controllers/Users.php
@ -11,21 +11,7 @@ class Users extends BaseController {
        }
        $this->apiJson->setSuccess();
-        $userBeans = R::findAll('user');
+        $data = $this->getAllUsersCleaned($request);
        $userIds = $this->getUserIdsByBoardAccess(Auth::GetUserId($request));
        $actor = new User($this->container, Auth::GetUserId($request));
        $isAdmin = ($actor->security_level->getValue() === SecurityLevel::Admin);
        $data = [];
        foreach($userBeans as $bean) {
            $user = new User($this->container);
            $user->loadFromBean($bean);
            if (in_array($user->id, $userIds) || $isAdmin) {
                $data[] = $this->cleanUser($user);
            }
        }
        $this->apiJson->addData($data);
        return $this->jsonResponse($response);
@ -71,8 +57,16 @@ class Users extends BaseController {
            return $this->jsonResponse($response, $status);
        }
        $data = json_decode($request->getBody());
        $user = new User($this->container);
-        $user->loadFromJson($request->getBody());
+
        if (isset($data->password)) {
            $data->password_hash =
                password_hash($data->password, PASSWORD_BCRYPT);
            unset($data->password);
            unset($data->password_verify);
        }
        $user->loadFromJson(json_encode($data));
        if (!$user->save()) {
            $this->logger->addError('Add User: ', [$user]);
@ -90,6 +84,7 @@ class Users extends BaseController {
        $this->apiJson->setSuccess();
        $this->apiJson->addAlert('success',
            'User ' . $user->username . ' added.');
        $this->apiJson->addData($this->getAllUsersCleaned($request));
        return $this->jsonResponse($response);
    }
@ -133,6 +128,12 @@ class Users extends BaseController {
        }
        $data->active_token = $user->active_token;
        if (isset($data->password)) {
            $data->password_hash =
                password_hash($data->password, PASSWORD_BCRYPT);
            unset($data->password);
        }
        $update->loadFromJson(json_encode($data));
        if ($user->id !== $update->id) {
@ -164,7 +165,7 @@ class Users extends BaseController {
        $this->apiJson->setSuccess();
        $this->apiJson->addAlert('success',
            'User ' . $update->username . ' updated.');
-        $this->apiJson->addData(json_encode($update));
+        $this->apiJson->addData(json_encode($this->cleanUser($update)));
        return $this->jsonResponse($response);
    }
@ -210,6 +211,7 @@ class Users extends BaseController {
        $this->apiJson->setSuccess();
        $this->apiJson->addAlert('success', 'User options updated.');
        $this->apiJson->addData(json_encode($update));
        $this->apiJson->addData(json_encode($this->cleanUser($user)));
        return $this->jsonResponse($response);
    }
@ -243,10 +245,31 @@ class Users extends BaseController {
        $this->apiJson->setSuccess();
        $this->apiJson->addAlert('success',
            'User ' . $before->username . ' removed.');
        $this->apiJson->addData($this->getAllUsersCleaned($request));
        return $this->jsonResponse($response);
    }
    private function getAllUsersCleaned($request) {
        $userBeans = R::findAll('user');
        $userIds = $this->getUserIdsByBoardAccess(Auth::GetUserId($request));
        $actor = new User($this->container, Auth::GetUserId($request));
        $isAdmin = ($actor->security_level->getValue() === SecurityLevel::Admin);
        $data = [];
        foreach($userBeans as $bean) {
            $user = new User($this->container);
            $user->loadFromBean($bean);
            if (in_array($user->id, $userIds) || $isAdmin) {
                $data[] = $this->cleanUser($user);
            }
        }
        return $data;
    }
    private function getUserIdsByBoardAccess($userId) {
        $userIds = [];
--- a/src/api/models/User.php
+++ b/src/api/models/User.php
@ -43,6 +43,16 @@ class User extends BaseModel {
        return $retVal;
    }
    public function delete() {
        $userOpts = new UserOptions($this->container, $this->user_option_id);
        if ($userOpts->id === $this->user_option_id) {
            $userOpts->delete();
        }
        parent::delete();
    }
    public function updateBean() {
        $bean = $this->bean;
--- a/test/api/controllers/UsersTest.php
+++ b/test/api/controllers/UsersTest.php
@ -1,6 +1,9 @@
 <?php
 require_once __DIR__ . '/../Mocks.php';
 /**
 * @group single
 */
 class UsersTest extends PHPUnit_Framework_TestCase {
    private $users;
@ -118,6 +121,24 @@ class UsersTest extends PHPUnit_Framework_TestCase {
            $actual->alerts[0]['text']);
    }
    public function testAddUserFrontend() {
        $user = DataMock::getUser();
        $user->id = 0;
        $user->user_option_id = 0;
        $user->default_board_id = 0;
        $user->password = 'test';
        $user->password_verify = 'test';
        $request = new RequestMock();
        $request->header = [DataMock::getJwt()];
        $request->payload = $user;
        $actual = $this->users->addUser($request,
            new ResponseMock(), null);
        $this->assertEquals('success', $actual->status);
    }
    public function testAddRemoveUser() {
        $expected = new ApiJson();
@ -310,6 +331,30 @@ class UsersTest extends PHPUnit_Framework_TestCase {
        $this->assertEquals('failure', $response->status);
    }
    public function testChangePasswordOverride() {
        $this->createUser();
        $tmp = RedBeanPHP\R::load('user', 2);
        $this->assertEquals(2, $tmp->id);
        $tmp->password_hash = password_hash('testpass', PASSWORD_BCRYPT);
        RedBeanPHP\R::store($tmp);
        $user = DataMock::getUser();
        $user->password = 'newpassword';
        $args = [];
        $args['id'] = $user->id;
        $request = new RequestMock();
        $request->payload = $user;
        $request->header = [DataMock::getJwt()];
        $response = $this->users->updateUser($request,
            new ResponseMock(), $args);
        $this->assertEquals('success', $response->status);
    }
    public function testChangePassword() {
        $this->createUser();