Ivan - Add ruby api testing for comment/create

2016-08-04 15:18:29 -03:00 · 2016-08-04 15:18:29 -03:00 · 830e2115a3
parent 855c99398d
commit 830e2115a3
11 changed files with 192 additions and 67 deletions
--- a/server/controllers/ticket/comment.php
+++ b/server/controllers/ticket/comment.php
@ -1,40 +1,57 @@
 <?php
-use RedBeanPHP\Facade as RedBean;
+use Respect\Validation\Validator as DataValidator;
+DataValidator::with('CustomValidations', true);

 class CommentController extends Controller {
    const PATH = '/comment';

-    private $ticketId;
+    private $ticket;
    private $content;

    public function validations() {
        return [
-            'permission' => 'any',
-            'requestData' => []
+            'permission' => 'user',
+            'requestData' => [
+                'content' => [
+                    'validation' => DataValidator::length(20, 500),
+                    'error' => ERRORS::INVALID_CONTENT
+                ],
+                'ticketId' => [
+                    'validation' => DataValidator::dataStoreId('ticket'),
+                    'error' => ERRORS::INVALID_TICKET
+                ]
+            ]
        ];
    }

    public function handler() {
+        $session = Session::getInstance();
        $this->requestData();
-        $this->storeComment();

-        Response::respondSuccess();
+        if ($session->isLoggedWithId($this->ticket->author->id) || Controller::isStaffLogged()) {
+            $this->storeComment();
+            Response::respondSuccess();
+        } else {
+            Response::respondError(ERRORS::NO_PERMISSION);
+        }
    }

    private function requestData() {
-        $this->ticketId = Controller::request('ticketId');
+        $ticketId = Controller::request('ticketId');
+
+        $this->ticket = Ticket::getTicket($ticketId);
        $this->content = Controller::request('content');
    }

    private function storeComment() {
        $comment = new Comment();
        $comment->setProperties(array(
-            'content' => $this->content
+            'content' => $this->content,
+            'author' => Controller::getLoggedUser(),
+            'date' => Date::getCurrentDate()
        ));

-        $ticket = Ticket::getTicket($this->ticketId);
-        $ticket->ownCommentList->add($comment);
-        //$comment->store();
-        $ticket->store();
+        $this->ticket->ownCommentList->add($comment);
+        $this->ticket->store();
    }
 }
--- a/server/data/ERRORS.php
+++ b/server/data/ERRORS.php
@ -10,5 +10,6 @@ class ERRORS {
    const INVALID_NAME = 'Invalid name';
    const INVALID_SETTING = 'Invalid setting';
    const INVALID_DEPARTMENT = 'Invalid department';
+    const INVALID_TICKET = 'Invalid ticket';
    const INIT_SETTINGS_DONE = 'Settings already initialized';
 }
--- a/server/index.php
+++ b/server/index.php
@ -38,7 +38,7 @@ spl_autoload_register(function ($class) {
 });

 //Load custom validations
-include_once 'libs/validations/dataStoreExists.php';
+include_once 'libs/validations/dataStoreId.php';

 // LOAD CONTROLLERS
 foreach (glob('controllers/*.php') as $controller) {
--- a/server/libs/Controller.php
+++ b/server/libs/Controller.php
@ -1,5 +1,6 @@
 <?php
 require_once 'libs/Validator.php';
+require_once 'models/Session.php';

 abstract class Controller {

@ -38,6 +39,23 @@ abstract class Controller {
        return User::getUser((int)self::request('csrf_userid'));
    }

+    public static function isUserLogged() {
+        $session = Session::getInstance();
+
+        return $session->checkAuthentication(array(
+            'userId' => Controller::request('csrf_userid'),
+            'token' => Controller::request('csrf_token')
+        ));
+    }
+
+    public static function isStaffLogged() {
+        return Controller::isUserLogged() && (Controller::getLoggedUser()->admin === 1);
+    }
+
+    public static function isAdminLogged() {
+        return Controller::isUserLogged() && (Controller::getLoggedUser()->admin === 2);
+    }
+
    public static function getAppInstance() {
        return \Slim\Slim::getInstance();
    }
--- a/server/libs/Validator.php
+++ b/server/libs/Validator.php
@ -15,9 +15,9 @@ class Validator {
    private function validatePermissions($permission) {
        $permissions = [
            'any' => true,
-            'user' => $this->isUserLogged(),
-            'staff' => $this->isStaffLogged(),
-            'admin' => $this->isAdminLogged()
+            'user' => Controller::isUserLogged(),
+            'staff' => Controller::isStaffLogged(),
+            'admin' => Controller::isAdminLogged()
        ];

        if (!$permissions[$permission]) {
@ -41,21 +41,4 @@ class Validator {
        }
    }

-    private function isUserLogged() {
-        $session = Session::getInstance();
-
-        return $session->checkAuthentication(array(
-            'userId' => Controller::request('csrf_userid'),
-            'token' => Controller::request('csrf_token')
-        ));
-    }
-
-    private function isStaffLogged() {
-        return $this->isUserLogged() && (Controller::getLoggedUser()->admin === 1);
-    }
-
-    private function isAdminLogged() {
-        return $this->isUserLogged() && (Controller::getLoggedUser()->admin === 2);
-    }
-
 }
--- a/server/libs/validations/dataStoreExists.php
+++ b/server/libs/validations/dataStoreExists.php
--- a/server/models/Session.php
+++ b/server/models/Session.php
@ -26,7 +26,7 @@ class Session {

    public function createSession($userId) {
        $this->store('userId', $userId);
-        $this->store('token', $this->generateToken());
+        $this->store('token', Hashing::generateRandomToken());
    }

    public function getToken() {
@ -46,10 +46,6 @@ class Session {
               $token === $data['token'];
    }

-    public function isLoggedWithId($userId) {
-        return ($this->getStoredData('userId') === $userId);
-    }
-
    private function store($key, $value) {
        $_SESSION[$key] = $value;
    }
@ -63,8 +59,8 @@ class Session {

        return $storedValue;
    }
-
-    private function generateToken() {
-        return Hashing::generateRandomToken();
+    
+    public function isLoggedWithId($userId) {
+        return ($this->getStoredData('userId') === $userId);
    }
 }
--- a/tests/scripts.rb
+++ b/tests/scripts.rb
@ -1,13 +1,23 @@
 class Scripts
    def self.createUser(email = 'steve@jobs.com', password = 'custompassword', name = 'steve jobs')
        response = request('/user/signup', {
-            'name' => name,
-            'email' => email,
-            'password' => password
+            :name => name,
+            :email => email,
+            :password => password
        })

        if response['status'] === 'fail'
-            raise "Could not create user"
+            raise 'Could not create user'
        end
    end
+
+    def self.login(email = 'steve@jobs.com', password = 'custompassword')
+        request('/user/logout')
+        response = request('/user/login', {
+            :email => email,
+            :password => password
+        })
+
+        response['data']
+    end
 end
--- a/tests/ticket/comment.rb
+++ b/tests/ticket/comment.rb
@ -1,23 +1,87 @@
 describe 'ticket/comment/' do
-    #it 'should fail if not logged' do
+    it 'should fail if invalid token is passed' do
+        result = request('/ticket/comment', {
+            content: 'some comment content',
+            ticketId: 1,
+            csrf_userid: $csrf_userid,
+            csrf_token: 'INVALID_TOKEN'
+        })
+
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('You have no permission to access')
+    end
+
+    it 'should fail if content is too short' do
+        result = request('/ticket/comment', {
+            content: 'Test',
+            ticketId: 1,
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('Invalid content')
+    end
+
+    it 'should fail if content is very long' do
+        long_text = ''
+        600.times {long_text << 'a'}
+
+        result = request('/ticket/comment', {
+            content: long_text,
+            ticketId: 1,
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('Invalid content')
+    end
+
+    it 'should fail if ticket does not exist' do
+        result = request('/ticket/comment', {
+            content: 'some comment content',
+            ticketId: 30,
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('Invalid ticket')
+    end
+
+    it 'should add comment to ticket' do
+        result = request('/ticket/comment', {
+            content: 'some comment content',
+            ticketId: 1,
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+
+        comment = $database.getRow('comment', '1', 'id')
+        (comment['content']).should.equal('some comment content')
+        (comment['ticket_id']).should.equal('1')
+        (comment['author_id']).should.equal('1')
+    end
+
+    it 'should fail if user is not the author nor owner' do
+        Scripts.createUser('commenter@comment.com', 'commenter', 'Commenter')
+        data = Scripts.login('commenter@comment.com', 'commenter')
+
+        result = request('/ticket/comment', {
+            content: 'some comment content',
+            ticketId: 1,
+            csrf_userid: data['userId'],
+            csrf_token: data['token']
+        })
+
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('You have no permission to access')
+    end
+
+    #it 'should add comment if logged as ticket owner' do

    #end
-
-    describe 'on successful request' do
-
-        it 'should add comment to current ticket' do
-            result = request('/ticket/comment', {
-                content: 'some commment content',
-                ticketId: 1,
-                csrf_userid: $csrf_userid,
-                csrf_token: $csrf_token
-            })
-
-            (result['status']).should.equal('success')
-        end
-
-        # it 'should link the comment to author' do
-
-        # end
-    end
 end
--- a/tests/ticket/create.rb
+++ b/tests/ticket/create.rb
@ -8,6 +8,19 @@ describe '/ticket/create' do
    $csrf_userid = result['data']['userId']
    $csrf_token = result['data']['token']

+    it 'should fail if invalid token is passed' do
+        result = request('/ticket/create', {
+            title: 'GG',
+            departmentId: 1,
+            csrf_userid: $csrf_userid,
+            csrf_token: 'INVALID_TOKEN'
+        })
+
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('You have no permission to access')
+
+    end
+
    it 'should fail if title is too short' do
        result = request('/ticket/create', {
            title: 'GG',
@ -62,6 +75,20 @@ describe '/ticket/create' do

    end

+    it 'should fail if departmentId is invalid' do
+        result = request('/ticket/create',{
+            title: 'Winter is coming',
+            content: 'The north remembers',
+            departmentId: 30,
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('Invalid department')
+
+    end
+
    it 'should create ticket if pass data is valid' do
        result = request('/ticket/create',{
            title: 'Winter is coming',
@ -73,7 +100,15 @@ describe '/ticket/create' do

        puts result['message']
        (result['status']).should.equal('success')
+
        ticket = $database.getRow('ticket','Winter is coming','title')
        (ticket['content']).should.equal('The north remembers')
+        (ticket['unread']).should.equal('0')
+        (ticket['closed']).should.equal('0')
+        (ticket['department_id']).should.equal('1')
+        (ticket['author_id']).should.equal('1')
+
+        ticket_user_relation = $database.getRow('ticket_user','1','ticket_id')
+        (ticket_user_relation['user_id']).should.equal('1')
    end
 end
--- a/tests/user/signup.rb
+++ b/tests/user/signup.rb
@ -1,15 +1,16 @@
 describe '/user/signup' do
    it 'should create user in database' do
        response = request('/user/signup', {
-          'name' => 'Steve Jobs',
-          'email' => 'steve@jobs.com',
-          'password' => 'custom'
+          :name => 'Steve Jobs',
+          :email => 'steve@jobs.com',
+          :password => 'custom'
        })

        userRow = $database.getRow('user', response['data']['userId'])

        (userRow['email']).should.equal('steve@jobs.com')
        (userRow['name']).should.equal('Steve Jobs')
+        (userRow['admin']).should.equal('0')
    end

    it 'should fail if name is invalid' do