/** * test grabbing a crew by crewCompanyId **/ public function testGetCrewByCrewCompanyId() { //count the number of rows and save it for later $numRows = $this->getConnection()->getRowCount("crew"); //create a new Crew an insert it into mySQL $crew = new Crew(null, $this->company->getCompanyId(), $this->VALID_CREWLOCATION); $crew->insert($this->getPDO()); //grab the data from mySQL and enforce the fields match our expectations $pdoCrews = Crew::getCrewByCrewCompanyId($this->getPDO(), $crew->getCrewCompanyId()); foreach ($pdoCrews as $pdoCrew) { if ($pdoCrew->getCrewId() === $crew->getCrewId()) { $this->assertEquals($numRows + 1, $this->getConnection()->getRowCount("crew")); $this->assertEquals($pdoCrew->getCrewId(), $crew->getCrewId()); $this->assertEquals($pdoCrew->getCrewLocation(), $crew->getCrewLocation()); $this->assertEquals($pdoCrew->getCrewCompanyId(), $crew->getCrewCompanyId()); } } }
//sanitize and trim the other fields $crewCompanyId = filter_input(INPUT_GET, "crewCompanyId", FILTER_VALIDATE_INT); $crewLocation = filter_input(INPUT_GET, "crewLocation", FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); //handle REST calls , while only allowing administrators access to database-modifying methods if ($method === "GET") { //set XSRF cookie setXsrfCookie("/"); //get the crew based on the given field if (empty($id) === false) { $crew = Crew::getCrewByCrewId($pdo, $id); if ($crew !== null && $crew->getCrewId() === $_SESSION["user"]->getUserCrewId()) { $reply->data = $crew; } } else { if (empty($crewCompanyId) === false) { $crew = Crew::getCrewByCrewCompanyId($pdo, $crewCompanyId); if ($crew !== null && $crew->getCrewId() === $_SESSION["user"]->getUserCrewId()) { $reply->data = $crew; } } else { if (empty($crewLocation) === false) { $crew = Crew::getCrewByCrewLocation($pdo, $crewLocation); if ($crew !== null && $crew->getCrewId() === $_SESSION["user"]->getUserCrewId()) { $reply->data = $crew; } } } } } else { if ($method === "PUT" || $method === "POST" || $method === "DELETE") { // block non-admin users from doing admin-only tasks