Ivan - Add ruby api testing for comment/create

This commit is contained in:
ivan 2016-08-04 15:18:29 -03:00
parent 855c99398d
commit 830e2115a3
11 changed files with 192 additions and 67 deletions

View File

@ -1,40 +1,57 @@
<?php
use RedBeanPHP\Facade as RedBean;
use Respect\Validation\Validator as DataValidator;
DataValidator::with('CustomValidations', true);
class CommentController extends Controller {
const PATH = '/comment';
private $ticketId;
private $ticket;
private $content;
public function validations() {
return [
'permission' => 'any',
'requestData' => []
'permission' => 'user',
'requestData' => [
'content' => [
'validation' => DataValidator::length(20, 500),
'error' => ERRORS::INVALID_CONTENT
],
'ticketId' => [
'validation' => DataValidator::dataStoreId('ticket'),
'error' => ERRORS::INVALID_TICKET
]
]
];
}
public function handler() {
$session = Session::getInstance();
$this->requestData();
$this->storeComment();
if ($session->isLoggedWithId($this->ticket->author->id) || Controller::isStaffLogged()) {
$this->storeComment();
Response::respondSuccess();
} else {
Response::respondError(ERRORS::NO_PERMISSION);
}
}
private function requestData() {
$this->ticketId = Controller::request('ticketId');
$ticketId = Controller::request('ticketId');
$this->ticket = Ticket::getTicket($ticketId);
$this->content = Controller::request('content');
}
private function storeComment() {
$comment = new Comment();
$comment->setProperties(array(
'content' => $this->content
'content' => $this->content,
'author' => Controller::getLoggedUser(),
'date' => Date::getCurrentDate()
));
$ticket = Ticket::getTicket($this->ticketId);
$ticket->ownCommentList->add($comment);
//$comment->store();
$ticket->store();
$this->ticket->ownCommentList->add($comment);
$this->ticket->store();
}
}

View File

@ -10,5 +10,6 @@ class ERRORS {
const INVALID_NAME = 'Invalid name';
const INVALID_SETTING = 'Invalid setting';
const INVALID_DEPARTMENT = 'Invalid department';
const INVALID_TICKET = 'Invalid ticket';
const INIT_SETTINGS_DONE = 'Settings already initialized';
}

View File

@ -38,7 +38,7 @@ spl_autoload_register(function ($class) {
});
//Load custom validations
include_once 'libs/validations/dataStoreExists.php';
include_once 'libs/validations/dataStoreId.php';
// LOAD CONTROLLERS
foreach (glob('controllers/*.php') as $controller) {

View File

@ -1,5 +1,6 @@
<?php
require_once 'libs/Validator.php';
require_once 'models/Session.php';
abstract class Controller {
@ -38,6 +39,23 @@ abstract class Controller {
return User::getUser((int)self::request('csrf_userid'));
}
public static function isUserLogged() {
$session = Session::getInstance();
return $session->checkAuthentication(array(
'userId' => Controller::request('csrf_userid'),
'token' => Controller::request('csrf_token')
));
}
public static function isStaffLogged() {
return Controller::isUserLogged() && (Controller::getLoggedUser()->admin === 1);
}
public static function isAdminLogged() {
return Controller::isUserLogged() && (Controller::getLoggedUser()->admin === 2);
}
public static function getAppInstance() {
return \Slim\Slim::getInstance();
}

View File

@ -15,9 +15,9 @@ class Validator {
private function validatePermissions($permission) {
$permissions = [
'any' => true,
'user' => $this->isUserLogged(),
'staff' => $this->isStaffLogged(),
'admin' => $this->isAdminLogged()
'user' => Controller::isUserLogged(),
'staff' => Controller::isStaffLogged(),
'admin' => Controller::isAdminLogged()
];
if (!$permissions[$permission]) {
@ -41,21 +41,4 @@ class Validator {
}
}
private function isUserLogged() {
$session = Session::getInstance();
return $session->checkAuthentication(array(
'userId' => Controller::request('csrf_userid'),
'token' => Controller::request('csrf_token')
));
}
private function isStaffLogged() {
return $this->isUserLogged() && (Controller::getLoggedUser()->admin === 1);
}
private function isAdminLogged() {
return $this->isUserLogged() && (Controller::getLoggedUser()->admin === 2);
}
}

View File

@ -26,7 +26,7 @@ class Session {
public function createSession($userId) {
$this->store('userId', $userId);
$this->store('token', $this->generateToken());
$this->store('token', Hashing::generateRandomToken());
}
public function getToken() {
@ -46,10 +46,6 @@ class Session {
$token === $data['token'];
}
public function isLoggedWithId($userId) {
return ($this->getStoredData('userId') === $userId);
}
private function store($key, $value) {
$_SESSION[$key] = $value;
}
@ -64,7 +60,7 @@ class Session {
return $storedValue;
}
private function generateToken() {
return Hashing::generateRandomToken();
public function isLoggedWithId($userId) {
return ($this->getStoredData('userId') === $userId);
}
}

View File

@ -1,13 +1,23 @@
class Scripts
def self.createUser(email = 'steve@jobs.com', password = 'custompassword', name = 'steve jobs')
response = request('/user/signup', {
'name' => name,
'email' => email,
'password' => password
:name => name,
:email => email,
:password => password
})
if response['status'] === 'fail'
raise "Could not create user"
raise 'Could not create user'
end
end
def self.login(email = 'steve@jobs.com', password = 'custompassword')
request('/user/logout')
response = request('/user/login', {
:email => email,
:password => password
})
response['data']
end
end

View File

@ -1,23 +1,87 @@
describe 'ticket/comment/' do
#it 'should fail if not logged' do
#end
describe 'on successful request' do
it 'should add comment to current ticket' do
it 'should fail if invalid token is passed' do
result = request('/ticket/comment', {
content: 'some commment content',
content: 'some comment content',
ticketId: 1,
csrf_userid: $csrf_userid,
csrf_token: 'INVALID_TOKEN'
})
(result['status']).should.equal('fail')
(result['message']).should.equal('You have no permission to access')
end
it 'should fail if content is too short' do
result = request('/ticket/comment', {
content: 'Test',
ticketId: 1,
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('fail')
(result['message']).should.equal('Invalid content')
end
it 'should fail if content is very long' do
long_text = ''
600.times {long_text << 'a'}
result = request('/ticket/comment', {
content: long_text,
ticketId: 1,
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('fail')
(result['message']).should.equal('Invalid content')
end
it 'should fail if ticket does not exist' do
result = request('/ticket/comment', {
content: 'some comment content',
ticketId: 30,
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('fail')
(result['message']).should.equal('Invalid ticket')
end
it 'should add comment to ticket' do
result = request('/ticket/comment', {
content: 'some comment content',
ticketId: 1,
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('success')
comment = $database.getRow('comment', '1', 'id')
(comment['content']).should.equal('some comment content')
(comment['ticket_id']).should.equal('1')
(comment['author_id']).should.equal('1')
end
# it 'should link the comment to author' do
it 'should fail if user is not the author nor owner' do
Scripts.createUser('commenter@comment.com', 'commenter', 'Commenter')
data = Scripts.login('commenter@comment.com', 'commenter')
result = request('/ticket/comment', {
content: 'some comment content',
ticketId: 1,
csrf_userid: data['userId'],
csrf_token: data['token']
})
(result['status']).should.equal('fail')
(result['message']).should.equal('You have no permission to access')
end
#it 'should add comment if logged as ticket owner' do
#end
end
end

View File

@ -8,6 +8,19 @@ describe '/ticket/create' do
$csrf_userid = result['data']['userId']
$csrf_token = result['data']['token']
it 'should fail if invalid token is passed' do
result = request('/ticket/create', {
title: 'GG',
departmentId: 1,
csrf_userid: $csrf_userid,
csrf_token: 'INVALID_TOKEN'
})
(result['status']).should.equal('fail')
(result['message']).should.equal('You have no permission to access')
end
it 'should fail if title is too short' do
result = request('/ticket/create', {
title: 'GG',
@ -62,6 +75,20 @@ describe '/ticket/create' do
end
it 'should fail if departmentId is invalid' do
result = request('/ticket/create',{
title: 'Winter is coming',
content: 'The north remembers',
departmentId: 30,
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('fail')
(result['message']).should.equal('Invalid department')
end
it 'should create ticket if pass data is valid' do
result = request('/ticket/create',{
title: 'Winter is coming',
@ -73,7 +100,15 @@ describe '/ticket/create' do
puts result['message']
(result['status']).should.equal('success')
ticket = $database.getRow('ticket','Winter is coming','title')
(ticket['content']).should.equal('The north remembers')
(ticket['unread']).should.equal('0')
(ticket['closed']).should.equal('0')
(ticket['department_id']).should.equal('1')
(ticket['author_id']).should.equal('1')
ticket_user_relation = $database.getRow('ticket_user','1','ticket_id')
(ticket_user_relation['user_id']).should.equal('1')
end
end

View File

@ -1,15 +1,16 @@
describe '/user/signup' do
it 'should create user in database' do
response = request('/user/signup', {
'name' => 'Steve Jobs',
'email' => 'steve@jobs.com',
'password' => 'custom'
:name => 'Steve Jobs',
:email => 'steve@jobs.com',
:password => 'custom'
})
userRow = $database.getRow('user', response['data']['userId'])
(userRow['email']).should.equal('steve@jobs.com')
(userRow['name']).should.equal('Steve Jobs')
(userRow['admin']).should.equal('0')
end
it 'should fail if name is invalid' do