public function visibility(ApiTester $I)
{
$first_user = $I->createUser(true);
$second_user = $I->createUser(true);
$I->loginUser($first_user);
$project = $I->createProjectAndSetHeader();
$I->sendGET('api/v1/projects');
$I->assertContains($project->_id, $I->grabResponse());
$I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id, 'role' => 'manager', 'scope' => ['tables_create', 'tables_update']]);
$I->seeResponseCodeIs(422);
$I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id, 'role' => 'manager', 'scope' => ['tables_create', 'tables_view', 'tables_update']]);
$I->seeResponseCodeIs(201);
$I->loginUser($second_user);
$I->sendGET('api/v1/projects');
$I->assertContains($project->_id, $I->grabResponse());
}
public function checkDecisionAccess(ApiTester $I)
{
$user = $I->createAndLoginUser();
$I->createProjectAndSetHeader();
$table = $I->createTable($I->getShortTableDataMatchingTypeAll());
$decisions = ['points' => 15, 'request' => ['string' => 'Invalid', 'numeric' => 1, 'bool' => false]];
$data = $I->makeDecision($table->_id, $decisions['request'], 'scoring');
$I->sendGET('api/v1/admin/decisions');
$I->assertContains($data->_id, $I->grabResponse());
$second_user = $I->createUser(true);
$I->loginUser($second_user);
$I->createProject(true);
$I->sendGET('api/v1/admin/decisions');
$I->assertNotContains($data->_id, $I->grabResponse());
$I->loginUser($user);
$I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id, 'role' => 'manager', 'scope' => ['tables_create', 'tables_view', 'tables_update', 'decisions_view']]);
$I->loginUser($second_user);
$I->sendGET('api/v1/admin/decisions');
$I->assertContains($data->_id, $I->grabResponse());
}
public function invitation(ApiTester $I)
{
$faker = $I->getFaker();
$I->createAndLoginUser();
$first_project = $I->createProjectAndSetHeader();
$second_user_email = $faker->email;
$I->sendPOST('api/v1/invite', ['email' => $second_user_email, 'role' => 'manager', 'scope' => ['tables_create', 'tables_view']]);
$I->seeResponseCodeIs(200);
$second_project = $I->createProject(true);
$I->setHeader('X-Application', $second_project->_id);
$I->sendPOST('api/v1/invite', ['email' => $second_user_email, 'role' => 'manager', 'scope' => ['tables_create', 'tables_view']]);
$I->seeResponseCodeIs(200);
$I->logout();
$I->loginClient($I->getCurrentClient());
$I->loginUser($I->createUser(true, $second_user_email));
$I->sendGET('api/v1/projects');
$I->seeResponseCodeIs(200);
$I->assertContains($first_project->_id, $I->grabResponse());
$I->assertContains($second_project->_id, $I->grabResponse());
}
