/** *create dependent objects before running each test **/ public final function setUp() { //run the default setUp() method first parent::setUp(); // *********************** $password = "******"; $activation = bin2hex(random_bytes(16)); $salt = bin2hex(random_bytes(32)); $hash = hash_pbkdf2("sha512", $password, $salt, 262144); // creates and inserts Company to sql for User foreign key relations $this->company = new Company(null, "Taco B.", "404 Taco St.", "suite:666", "Attention!!", "NM", "Burque", "87106", "5055551111", "*****@*****.**", "www.tocobell.com"); $this->company->insert($this->getPDO()); $_SESSION["company"] = $this->company; // creates and inserts Access to sql for User foreign key relations $this->access = new Access(null, "requestor or admin"); $this->access->insert($this->getPDO()); // create and insert a Crew to own the test Schedule $this->crew = new Crew(null, $this->company->getCompanyId(), "Burque"); $this->crew->insert($this->getPDO()); //***************** //create and insert a User to test Shift $this->requestor = new User(null, $this->company->getCompanyId(), $this->crew->getCrewId(), $this->access->getAccessId(), "5551212", "Johnny", "Requestorman", "*****@*****.**", $activation, $hash, $salt); $this->requestor->insert($this->getPDO()); //create and insert a User to test Shift $this->admin = new User(null, $this->company->getCompanyId(), $this->crew->getCrewId(), $this->access->getAccessId(), "5551212", "Dave", "Adminman", "*****@*****.**", $activation, $hash, $salt); $this->admin->insert($this->getPDO()); //create and insert a Request to test Shift $this->request = new Request(null, $this->requestor->getUserId(), $this->admin->getUserId(), null, null, false, "I can haz time off nao, plz?", "Yes, and bring me a sandwich."); $this->request->insert($this->getPDO()); }
/** * create dependent objects before running each test */ public final function setUp() { // run the default setUp() method first parent::setUp(); $password = "******"; $activation = bin2hex(random_bytes(16)); $salt = bin2hex(random_bytes(32)); $hash = hash_pbkdf2("sha512", $password, $salt, 262144); // creates and inserts Company to sql for User foreign key relations $this->company = new Company(null, "Taco B.", "404 Taco St.", "suite:666", "Attention!!", "NM", "Burque", "87106", "5055551111", "*****@*****.**", "www.tocobell.com"); $this->company->insert($this->getPDO()); $_SESSION["company"] = $this->company; // creates and inserts Crew to sql for User foreign key relations $this->crew = new Crew(null, $this->company->getCompanyId(), "the moon"); $this->crew->insert($this->getPDO()); // creates and inserts Access to sql for User foreign key relations $this->access = new Access(null, "requestor or admin"); $this->access->insert($this->getPDO()); // create and insert a User to own the test Request $this->requestor = new User(null, $this->company->getCompanyId(), $this->crew->getCrewId(), $this->access->getAccessId(), "5551212", "Johnny", "Requestorman", "*****@*****.**", $activation, $hash, $salt); $this->requestor->insert($this->getPDO()); $this->admin = new User(null, $this->company->getCompanyId(), $this->crew->getCrewId(), $this->access->getAccessId(), "5552121", "Suzy", "Hughes", "*****@*****.**", $activation, $hash, $salt); $this->admin->insert($this->getPDO()); // calculate the date (just use the time the unit test was setup...) $this->VALID_REQUESTTIMESTAMP = new \DateTime(); $this->VALID_REQUESTACTIONTIMESTAMP = new \DateTime(); }
/** * test grabbing all access **/ public function testGetAllValidAccess() { //count all the rows and save it for later $numRows = $this->getConnection()->getRowCount("access"); //create a new access and insert into mySQL $access = new Access(null, $this->VALID_ACCESSNAME); $access->insert($this->getPDO()); //grab the data from mySQL and enforce the fields match our expectations $results = Access::getAllAccess($this->getPDO()); $this->assertEquals($numRows + 1, $this->getConnection()->getRowCount("access")); $this->assertCount(1, $results); $this->assertContainsOnlyInstancesOf("Edu\\Cnm\\Timecrunchers\\Access", $results); //grab the result from the array and validate it $pdoAccess = $results[0]; $this->assertEquals($pdoAccess->getAccessName(), $this->VALID_ACCESSNAME); }
} else { if (empty($shiftUserId) === false) { $shift = Shift::getShiftByShiftUserId($pdo, $shiftUserId); if ($shift !== null) { $reply->data = $shift; } } else { $shifts = Shift::getAllShifts($pdo); if ($shifts !== null) { $reply->data = $shifts; } } } } // block non-admin users from doing admin-only tasks if (Access::isAdminLoggedIn() === true) { if ($method === "PUT" || $method === "POST") { // this is where we injected admin only abilities verifyXsrf(); $requestContent = file_get_contents("php://input"); $requestObject = json_decode($requestContent); //make sure all fields are present, in order to prevent database issues if (empty($requestObject->shiftUserId) === true) { throw new \InvalidArgumentException("Shift user id cannot be empty", 405); } if (empty($requestObject->shiftCrewId) === true) { throw new \InvalidArgumentException("Shift crew cannot be empty", 405); } if (empty($requestObject->shiftRequestId) === true) { throw new \InvalidArgumentException("Shift request id cannot be empty", 405); }
} //perform put or post if ($method === "PUT") { $access = Access::getAccessByAccessId($pdo, $id); if ($access === null) { throw new RuntimeException("access does not exist", 404); } $access = new Access($id, $requestObject->accessName); $access->update($pdo); $reply->message = "Access updated ok"; //check to make sure a non-admin is only attempting to edit themselves //if not, take their temp access and throw an exception // use the example from Slack to determine admins } else { if ($method === "POST") { $access = new Access(null, $requestObject->accessName); $access->insert($pdo); $reply->message = "Access created OK"; } } } } else { throw new RuntimeException("Must be an administrator to gain access."); } } } catch (Exception $exception) { $reply->status = $exception->getCode(); $reply->message = $exception->getMessage(); } catch (TypeError $typeError) { $reply->status = $typeError->getCode(); $reply->message = $typeError->getMessage();