//set XSRF cookie setXsrfCookie("/"); //get the shift based on the given field if (empty($id) === false) { $shift = Shift::getShiftByShiftId($pdo, $id); if ($shift !== null) { $reply->data = $shift; } } else { if (empty($shiftUserId) === false) { $shift = Shift::getShiftByShiftUserId($pdo, $shiftUserId); if ($shift !== null) { $reply->data = $shift; } } else { $shifts = Shift::getAllShifts($pdo); if ($shifts !== null) { $reply->data = $shifts; } } } } // block non-admin users from doing admin-only tasks if (Access::isAdminLoggedIn() === true) { if ($method === "PUT" || $method === "POST") { // this is where we injected admin only abilities verifyXsrf(); $requestContent = file_get_contents("php://input"); $requestObject = json_decode($requestContent); //make sure all fields are present, in order to prevent database issues if (empty($requestObject->shiftUserId) === true) {
/** *test grabbing all shifts **/ public function testGetAllValidShifts() { //count the number of rows and save it for later $numRows = $this->getConnection()->getRowCount("shift"); //create a new Shift and insert it into mySQL $shift = new Shift(null, $this->requestor->getUserId(), $this->crew->getCrewId(), $this->request->getRequestId(), $this->VALID_SHIFTSTARTTIME, $this->VALID_SHIFTDURATION, $this->VALID_SHIFTDATE, $this->VALID_SHIFTDELETE); $shift->insert($this->getPDO()); $this->AssertEquals($numRows + 1, $this->getConnection()->getRowCount("shift")); //grab the data from mySQL and enforce the fields match our expectations $pdoShifts = Shift::getAllShifts($this->getPDO()); //grab the result from the array and validate it foreach ($pdoShifts as $pdoShift) { if ($pdoShift->getShiftId() === $shift->getShiftId()) { $this->assertEquals($pdoShift->getShiftUserId(), $this->requestor->getUserId()); $this->assertEquals($pdoShift->getShiftCrewId(), $this->crew->getCrewId()); $this->assertEquals($pdoShift->getShiftRequestId(), $this->request->getRequestId()); $this->assertEquals($pdoShift->getShiftStartTime(), $this->VALID_SHIFTSTARTTIME); $this->assertEquals($pdoShift->getShiftDuration(), $this->VALID_SHIFTDURATION); $this->assertEquals($pdoShift->getShiftDate()->format("Y-m-d"), $this->VALID_SHIFTDATE); $this->assertEquals($pdoShift->getShiftDelete(), $this->VALID_SHIFTDELETE); } } }