public function checkDecisionAccess(ApiTester $I) { $user = $I->createAndLoginUser(); $I->createProjectAndSetHeader(); $table = $I->createTable($I->getShortTableDataMatchingTypeAll()); $decisions = ['points' => 15, 'request' => ['string' => 'Invalid', 'numeric' => 1, 'bool' => false]]; $data = $I->makeDecision($table->_id, $decisions['request'], 'scoring'); $I->sendGET('api/v1/admin/decisions'); $I->assertContains($data->_id, $I->grabResponse()); $second_user = $I->createUser(true); $I->loginUser($second_user); $I->createProject(true); $I->sendGET('api/v1/admin/decisions'); $I->assertNotContains($data->_id, $I->grabResponse()); $I->loginUser($user); $I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id, 'role' => 'manager', 'scope' => ['tables_create', 'tables_view', 'tables_update', 'decisions_view']]); $I->loginUser($second_user); $I->sendGET('api/v1/admin/decisions'); $I->assertContains($data->_id, $I->grabResponse()); }
public function ruleIsset(ApiTester $I) { $user = $I->createAndLoginUser(); $I->createProjectAndSetHeader(); $table = $I->createTable(['title' => 'Test title', 'description' => 'Test description', 'matching_type' => 'decision', 'decision_type' => 'alpha_num', 'fields' => [["key" => ' IS SET ', "title" => 'Test', "source" => "request", "type" => 'numeric', "preset" => ['condition' => '$lte', 'value' => 10]], ["key" => 'Second ', "title" => 'Second', "source" => "request", "type" => 'string', 'preset' => null]], 'variants' => [['default_decision' => 'Decline', 'rules' => [['than' => 'Approve', 'title' => '', 'description' => '', 'conditions' => [['field_key' => ' IS SET ', 'condition' => '$is_set', 'value' => true], ['field_key' => 'Second ', 'condition' => '$is_set', 'value' => true]]]]]]]); $I->sendPOST("api/v1/tables/{$table->_id}/decisions", [' ISSET ' => 8]); $I->seeResponseCodeIs(422); # invalid request type $I->sendPOST("api/v1/tables/{$table->_id}/decisions", ['is_set' => 'invalid_type', 'second' => 'test']); $I->seeResponseCodeIs(422); # invalid request type $I->sendPOST("api/v1/tables/{$table->_id}/decisions", ['is_set' => 200, 'second' => false]); $I->seeResponseCodeIs(422); $I->loginConsumer($I->createConsumer()); $decision = $I->makeDecision($table->_id, ['is_set' => 1000, 'second' => 'test']); $I->sendGET('api/v1/admin/decisions/' . $decision->_id); $I->seeResponseCodeIs(401); $I->loginUser($user); $I->makeDecision($table->_id, ['is_set' => 1000, 'second' => 'test']); $I->sendGET('api/v1/admin/decisions/' . $decision->_id); $I->assertResponseDataFields(['final_decision' => 'Approve', 'rules' => [['conditions' => [['field_key' => 'is_set', 'matched' => true], ['field_key' => 'second', 'matched' => true]]]]]); }
public function getCurrentUserScope(ApiTester $I) { $user = $I->createAndLoginUser(); $I->createProjectAndSetHeader(); $I->loginClient($I->getCurrentClient()); $second_user = $I->createUser(true); $I->loginUser($user); $I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update']]); $I->loginUser($second_user); $I->sendGET('api/v1/projects/users'); $I->assertProjectUser(); }
public function canNotEditItself(ApiTester $I) { $user = $I->createAndLoginUser(); $I->createProjectAndSetHeader(); $I->sendPUT('api/v1/projects/users', ['user_id' => $user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update', 'users_manage']]); $I->seeResponseCodeIs(403); $I->loginClient($I->getCurrentClient()); $second_user = $I->createUser(true); $I->loginUser($user); $I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update', 'users_manage']]); $I->seeResponseCodeIs(201); $I->loginUser($second_user); $I->sendPUT('api/v1/projects/users', ['user_id' => $user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update', 'users_manage']]); $I->seeResponseCodeIs(403); $I->loginUser($user); $I->sendPOST('api/v1/projects/users/admin', ['user_id' => $second_user->_id]); $I->seeResponseCodeIs(200); $I->loginUser($second_user); $I->sendPUT('api/v1/projects/users', ['user_id' => $user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update', 'users_manage']]); $I->seeResponseCodeIs(200); }