public function checkDecisionAccess(ApiTester $I)
{
$user = $I->createAndLoginUser();
$I->createProjectAndSetHeader();
$table = $I->createTable($I->getShortTableDataMatchingTypeAll());
$decisions = ['points' => 15, 'request' => ['string' => 'Invalid', 'numeric' => 1, 'bool' => false]];
$data = $I->makeDecision($table->_id, $decisions['request'], 'scoring');
$I->sendGET('api/v1/admin/decisions');
$I->assertContains($data->_id, $I->grabResponse());
$second_user = $I->createUser(true);
$I->loginUser($second_user);
$I->createProject(true);
$I->sendGET('api/v1/admin/decisions');
$I->assertNotContains($data->_id, $I->grabResponse());
$I->loginUser($user);
$I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id, 'role' => 'manager', 'scope' => ['tables_create', 'tables_view', 'tables_update', 'decisions_view']]);
$I->loginUser($second_user);
$I->sendGET('api/v1/admin/decisions');
$I->assertContains($data->_id, $I->grabResponse());
}
public function ruleIsset(ApiTester $I)
{
$user = $I->createAndLoginUser();
$I->createProjectAndSetHeader();
$table = $I->createTable(['title' => 'Test title', 'description' => 'Test description', 'matching_type' => 'decision', 'decision_type' => 'alpha_num', 'fields' => [["key" => ' IS SET ', "title" => 'Test', "source" => "request", "type" => 'numeric', "preset" => ['condition' => '$lte', 'value' => 10]], ["key" => 'Second ', "title" => 'Second', "source" => "request", "type" => 'string', 'preset' => null]], 'variants' => [['default_decision' => 'Decline', 'rules' => [['than' => 'Approve', 'title' => '', 'description' => '', 'conditions' => [['field_key' => ' IS SET ', 'condition' => '$is_set', 'value' => true], ['field_key' => 'Second ', 'condition' => '$is_set', 'value' => true]]]]]]]);
$I->sendPOST("api/v1/tables/{$table->_id}/decisions", [' ISSET ' => 8]);
$I->seeResponseCodeIs(422);
# invalid request type
$I->sendPOST("api/v1/tables/{$table->_id}/decisions", ['is_set' => 'invalid_type', 'second' => 'test']);
$I->seeResponseCodeIs(422);
# invalid request type
$I->sendPOST("api/v1/tables/{$table->_id}/decisions", ['is_set' => 200, 'second' => false]);
$I->seeResponseCodeIs(422);
$I->loginConsumer($I->createConsumer());
$decision = $I->makeDecision($table->_id, ['is_set' => 1000, 'second' => 'test']);
$I->sendGET('api/v1/admin/decisions/' . $decision->_id);
$I->seeResponseCodeIs(401);
$I->loginUser($user);
$I->makeDecision($table->_id, ['is_set' => 1000, 'second' => 'test']);
$I->sendGET('api/v1/admin/decisions/' . $decision->_id);
$I->assertResponseDataFields(['final_decision' => 'Approve', 'rules' => [['conditions' => [['field_key' => 'is_set', 'matched' => true], ['field_key' => 'second', 'matched' => true]]]]]);
}
public function getCurrentUserScope(ApiTester $I)
{
$user = $I->createAndLoginUser();
$I->createProjectAndSetHeader();
$I->loginClient($I->getCurrentClient());
$second_user = $I->createUser(true);
$I->loginUser($user);
$I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update']]);
$I->loginUser($second_user);
$I->sendGET('api/v1/projects/users');
$I->assertProjectUser();
}
public function canNotEditItself(ApiTester $I)
{
$user = $I->createAndLoginUser();
$I->createProjectAndSetHeader();
$I->sendPUT('api/v1/projects/users', ['user_id' => $user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update', 'users_manage']]);
$I->seeResponseCodeIs(403);
$I->loginClient($I->getCurrentClient());
$second_user = $I->createUser(true);
$I->loginUser($user);
$I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update', 'users_manage']]);
$I->seeResponseCodeIs(201);
$I->loginUser($second_user);
$I->sendPUT('api/v1/projects/users', ['user_id' => $user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update', 'users_manage']]);
$I->seeResponseCodeIs(403);
$I->loginUser($user);
$I->sendPOST('api/v1/projects/users/admin', ['user_id' => $second_user->_id]);
$I->seeResponseCodeIs(200);
$I->loginUser($second_user);
$I->sendPUT('api/v1/projects/users', ['user_id' => $user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update', 'users_manage']]);
$I->seeResponseCodeIs(200);
}
