public function checkApplicationableAccess(ApiTester $I) { $first_user = $I->createUser(true); /** Main user, Project admin */ $second_user = $I->createUser(true); /** Test user, Project admin */ $I->loginUser($first_user); $I->createProjectAndSetHeader(); $table = $I->createTable(); $I->sendGET('api/v1/admin/tables/' . $table->_id); $I->seeResponseCodeIs(200); $I->logout(); $I->loginUser($second_user); $I->sendGET('api/v1/admin/tables/' . $table->_id); $I->seeResponseCodeIs(403); $I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id]); $I->seeResponseCodeIs(403); $I->loginUser($first_user); $I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id]); $I->seeResponseCodeIs(422); $I->seeResponseContains('The role field is required'); $I->seeResponseContains('The scope field is required'); $I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id, 'role' => 'manager', 'scope' => ['tables_create', 'tables_view', 'uncreated_scope']]); $I->seeResponseCodeIs(422); $I->seeResponseContains('The selected scope is invalid.'); $I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id, 'role' => 'manager', 'scope' => ['tables_create', 'tables_view', 'tables_update']]); $I->seeResponseCodeIs(201); $I->loginUser($second_user); $I->sendGET('api/v1/admin/tables/' . $table->_id); $I->seeResponseCodeIs(200); $I->loginUser($first_user); $I->sendDELETE('api/v1/projects/users', ['user_id' => $second_user->_id]); $I->seeResponseCodeIs(200); $I->loginUser($second_user); $I->sendGET('api/v1/admin/tables/' . $table->_id); $I->seeResponseCodeIs(403); }
public function checkDecisionAccess(ApiTester $I) { $user = $I->createAndLoginUser(); $I->createProjectAndSetHeader(); $table = $I->createTable($I->getShortTableDataMatchingTypeAll()); $decisions = ['points' => 15, 'request' => ['string' => 'Invalid', 'numeric' => 1, 'bool' => false]]; $data = $I->makeDecision($table->_id, $decisions['request'], 'scoring'); $I->sendGET('api/v1/admin/decisions'); $I->assertContains($data->_id, $I->grabResponse()); $second_user = $I->createUser(true); $I->loginUser($second_user); $I->createProject(true); $I->sendGET('api/v1/admin/decisions'); $I->assertNotContains($data->_id, $I->grabResponse()); $I->loginUser($user); $I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id, 'role' => 'manager', 'scope' => ['tables_create', 'tables_view', 'tables_update', 'decisions_view']]); $I->loginUser($second_user); $I->sendGET('api/v1/admin/decisions'); $I->assertContains($data->_id, $I->grabResponse()); }
public function getCurrentUserScope(ApiTester $I) { $user = $I->createAndLoginUser(); $I->createProjectAndSetHeader(); $I->loginClient($I->getCurrentClient()); $second_user = $I->createUser(true); $I->loginUser($user); $I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update']]); $I->loginUser($second_user); $I->sendGET('api/v1/projects/users'); $I->assertProjectUser(); }
public function removeTokens(ApiTester $I) { $user = $I->createUser(); $I->getMongo(); $tokens = ['reset_password' => ["token" => '$2y$10$iiPJClTgDWOgP0SR1ZgwLeMO4qNZkGFXHRjRpkyl.xC2K6OLPxExK', "expired" => time() + 30], 'verify_email' => ["token" => '$3y$10$iiPJClTgDWOgP0SR1ZgwLeMO4qNZkGFXHRjRpkyl.xC1K6OLPxExK', "expired" => time() - 1]]; $filter = ['_id' => new MongoDB\BSON\ObjectID($user->_id)]; $bulk = new MongoDB\Driver\BulkWrite(); $bulk->update($filter, ['$set' => ['tokens' => $tokens, 'refreshTokens.0.expires' => time() - 1]]); $I->getMongo()->executeBulkWrite('gandalf_test.users', $bulk); exec('php artisan tokens:delete'); $query = new MongoDB\Driver\Query($filter); $rows = $I->getMongo()->executeQuery('gandalf_test.users', $query); $user = $rows->toArray()[0]; $I->assertFalse(property_exists($user->tokens, 'verify_email'), 'Expired verify_email token don\'t deleted'); $I->assertEquals(0, count($user->refreshTokens), 'Expired refresh token do not deleted'); }