public function getCurrentUserScope(ApiTester $I) { $user = $I->createAndLoginUser(); $I->createProjectAndSetHeader(); $I->loginClient($I->getCurrentClient()); $second_user = $I->createUser(true); $I->loginUser($user); $I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update']]); $I->loginUser($second_user); $I->sendGET('api/v1/projects/users'); $I->assertProjectUser(); }
public function canNotEditItself(ApiTester $I) { $user = $I->createAndLoginUser(); $I->createProjectAndSetHeader(); $I->sendPUT('api/v1/projects/users', ['user_id' => $user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update', 'users_manage']]); $I->seeResponseCodeIs(403); $I->loginClient($I->getCurrentClient()); $second_user = $I->createUser(true); $I->loginUser($user); $I->sendPOST('api/v1/projects/users', ['user_id' => $second_user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update', 'users_manage']]); $I->seeResponseCodeIs(201); $I->loginUser($second_user); $I->sendPUT('api/v1/projects/users', ['user_id' => $user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update', 'users_manage']]); $I->seeResponseCodeIs(403); $I->loginUser($user); $I->sendPOST('api/v1/projects/users/admin', ['user_id' => $second_user->_id]); $I->seeResponseCodeIs(200); $I->loginUser($second_user); $I->sendPUT('api/v1/projects/users', ['user_id' => $user->_id, 'role' => 'manager', 'scope' => ['tables_view', 'tables_update', 'users_manage']]); $I->seeResponseCodeIs(200); }