public function getCurrentUserScope(ApiTester $I)
{
$user = $I->createAndLoginUser();
$I->createProjectAndSetHeader();
$I->loginClient($I->getCurrentClient());
$second_user = $I->createUser(true);
$I->loginUser($user);
$I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update']]);
$I->loginUser($second_user);
$I->sendGET('api/v1/projects/users');
$I->assertProjectUser();
}
public function canNotEditItself(ApiTester $I)
{
$user = $I->createAndLoginUser();
$I->createProjectAndSetHeader();
$I->sendPUT('api/v1/projects/users', ['user_id' => $user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update', 'users_manage']]);
$I->seeResponseCodeIs(403);
$I->loginClient($I->getCurrentClient());
$second_user = $I->createUser(true);
$I->loginUser($user);
$I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update', 'users_manage']]);
$I->seeResponseCodeIs(201);
$I->loginUser($second_user);
$I->sendPUT('api/v1/projects/users', ['user_id' => $user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update', 'users_manage']]);
$I->seeResponseCodeIs(403);
$I->loginUser($user);
$I->sendPOST('api/v1/projects/users/admin', ['user_id' => $second_user->_id]);
$I->seeResponseCodeIs(200);
$I->loginUser($second_user);
$I->sendPUT('api/v1/projects/users', ['user_id' => $user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update', 'users_manage']]);
$I->seeResponseCodeIs(200);
}
