Ivan - Add ruby api testing for comment/create
This commit is contained in:
parent
855c99398d
commit
830e2115a3
|
@ -1,40 +1,57 @@
|
|||
<?php
|
||||
use RedBeanPHP\Facade as RedBean;
|
||||
use Respect\Validation\Validator as DataValidator;
|
||||
DataValidator::with('CustomValidations', true);
|
||||
|
||||
class CommentController extends Controller {
|
||||
const PATH = '/comment';
|
||||
|
||||
private $ticketId;
|
||||
private $ticket;
|
||||
private $content;
|
||||
|
||||
public function validations() {
|
||||
return [
|
||||
'permission' => 'any',
|
||||
'requestData' => []
|
||||
'permission' => 'user',
|
||||
'requestData' => [
|
||||
'content' => [
|
||||
'validation' => DataValidator::length(20, 500),
|
||||
'error' => ERRORS::INVALID_CONTENT
|
||||
],
|
||||
'ticketId' => [
|
||||
'validation' => DataValidator::dataStoreId('ticket'),
|
||||
'error' => ERRORS::INVALID_TICKET
|
||||
]
|
||||
]
|
||||
];
|
||||
}
|
||||
|
||||
public function handler() {
|
||||
$session = Session::getInstance();
|
||||
$this->requestData();
|
||||
$this->storeComment();
|
||||
|
||||
if ($session->isLoggedWithId($this->ticket->author->id) || Controller::isStaffLogged()) {
|
||||
$this->storeComment();
|
||||
Response::respondSuccess();
|
||||
} else {
|
||||
Response::respondError(ERRORS::NO_PERMISSION);
|
||||
}
|
||||
}
|
||||
|
||||
private function requestData() {
|
||||
$this->ticketId = Controller::request('ticketId');
|
||||
$ticketId = Controller::request('ticketId');
|
||||
|
||||
$this->ticket = Ticket::getTicket($ticketId);
|
||||
$this->content = Controller::request('content');
|
||||
}
|
||||
|
||||
private function storeComment() {
|
||||
$comment = new Comment();
|
||||
$comment->setProperties(array(
|
||||
'content' => $this->content
|
||||
'content' => $this->content,
|
||||
'author' => Controller::getLoggedUser(),
|
||||
'date' => Date::getCurrentDate()
|
||||
));
|
||||
|
||||
$ticket = Ticket::getTicket($this->ticketId);
|
||||
$ticket->ownCommentList->add($comment);
|
||||
//$comment->store();
|
||||
$ticket->store();
|
||||
$this->ticket->ownCommentList->add($comment);
|
||||
$this->ticket->store();
|
||||
}
|
||||
}
|
|
@ -10,5 +10,6 @@ class ERRORS {
|
|||
const INVALID_NAME = 'Invalid name';
|
||||
const INVALID_SETTING = 'Invalid setting';
|
||||
const INVALID_DEPARTMENT = 'Invalid department';
|
||||
const INVALID_TICKET = 'Invalid ticket';
|
||||
const INIT_SETTINGS_DONE = 'Settings already initialized';
|
||||
}
|
||||
|
|
|
@ -38,7 +38,7 @@ spl_autoload_register(function ($class) {
|
|||
});
|
||||
|
||||
//Load custom validations
|
||||
include_once 'libs/validations/dataStoreExists.php';
|
||||
include_once 'libs/validations/dataStoreId.php';
|
||||
|
||||
// LOAD CONTROLLERS
|
||||
foreach (glob('controllers/*.php') as $controller) {
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
<?php
|
||||
require_once 'libs/Validator.php';
|
||||
require_once 'models/Session.php';
|
||||
|
||||
abstract class Controller {
|
||||
|
||||
|
@ -38,6 +39,23 @@ abstract class Controller {
|
|||
return User::getUser((int)self::request('csrf_userid'));
|
||||
}
|
||||
|
||||
public static function isUserLogged() {
|
||||
$session = Session::getInstance();
|
||||
|
||||
return $session->checkAuthentication(array(
|
||||
'userId' => Controller::request('csrf_userid'),
|
||||
'token' => Controller::request('csrf_token')
|
||||
));
|
||||
}
|
||||
|
||||
public static function isStaffLogged() {
|
||||
return Controller::isUserLogged() && (Controller::getLoggedUser()->admin === 1);
|
||||
}
|
||||
|
||||
public static function isAdminLogged() {
|
||||
return Controller::isUserLogged() && (Controller::getLoggedUser()->admin === 2);
|
||||
}
|
||||
|
||||
public static function getAppInstance() {
|
||||
return \Slim\Slim::getInstance();
|
||||
}
|
||||
|
|
|
@ -15,9 +15,9 @@ class Validator {
|
|||
private function validatePermissions($permission) {
|
||||
$permissions = [
|
||||
'any' => true,
|
||||
'user' => $this->isUserLogged(),
|
||||
'staff' => $this->isStaffLogged(),
|
||||
'admin' => $this->isAdminLogged()
|
||||
'user' => Controller::isUserLogged(),
|
||||
'staff' => Controller::isStaffLogged(),
|
||||
'admin' => Controller::isAdminLogged()
|
||||
];
|
||||
|
||||
if (!$permissions[$permission]) {
|
||||
|
@ -41,21 +41,4 @@ class Validator {
|
|||
}
|
||||
}
|
||||
|
||||
private function isUserLogged() {
|
||||
$session = Session::getInstance();
|
||||
|
||||
return $session->checkAuthentication(array(
|
||||
'userId' => Controller::request('csrf_userid'),
|
||||
'token' => Controller::request('csrf_token')
|
||||
));
|
||||
}
|
||||
|
||||
private function isStaffLogged() {
|
||||
return $this->isUserLogged() && (Controller::getLoggedUser()->admin === 1);
|
||||
}
|
||||
|
||||
private function isAdminLogged() {
|
||||
return $this->isUserLogged() && (Controller::getLoggedUser()->admin === 2);
|
||||
}
|
||||
|
||||
}
|
|
@ -26,7 +26,7 @@ class Session {
|
|||
|
||||
public function createSession($userId) {
|
||||
$this->store('userId', $userId);
|
||||
$this->store('token', $this->generateToken());
|
||||
$this->store('token', Hashing::generateRandomToken());
|
||||
}
|
||||
|
||||
public function getToken() {
|
||||
|
@ -46,10 +46,6 @@ class Session {
|
|||
$token === $data['token'];
|
||||
}
|
||||
|
||||
public function isLoggedWithId($userId) {
|
||||
return ($this->getStoredData('userId') === $userId);
|
||||
}
|
||||
|
||||
private function store($key, $value) {
|
||||
$_SESSION[$key] = $value;
|
||||
}
|
||||
|
@ -64,7 +60,7 @@ class Session {
|
|||
return $storedValue;
|
||||
}
|
||||
|
||||
private function generateToken() {
|
||||
return Hashing::generateRandomToken();
|
||||
public function isLoggedWithId($userId) {
|
||||
return ($this->getStoredData('userId') === $userId);
|
||||
}
|
||||
}
|
|
@ -1,13 +1,23 @@
|
|||
class Scripts
|
||||
def self.createUser(email = 'steve@jobs.com', password = 'custompassword', name = 'steve jobs')
|
||||
response = request('/user/signup', {
|
||||
'name' => name,
|
||||
'email' => email,
|
||||
'password' => password
|
||||
:name => name,
|
||||
:email => email,
|
||||
:password => password
|
||||
})
|
||||
|
||||
if response['status'] === 'fail'
|
||||
raise "Could not create user"
|
||||
raise 'Could not create user'
|
||||
end
|
||||
end
|
||||
|
||||
def self.login(email = 'steve@jobs.com', password = 'custompassword')
|
||||
request('/user/logout')
|
||||
response = request('/user/login', {
|
||||
:email => email,
|
||||
:password => password
|
||||
})
|
||||
|
||||
response['data']
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,23 +1,87 @@
|
|||
describe 'ticket/comment/' do
|
||||
#it 'should fail if not logged' do
|
||||
|
||||
#end
|
||||
|
||||
describe 'on successful request' do
|
||||
|
||||
it 'should add comment to current ticket' do
|
||||
it 'should fail if invalid token is passed' do
|
||||
result = request('/ticket/comment', {
|
||||
content: 'some commment content',
|
||||
content: 'some comment content',
|
||||
ticketId: 1,
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: 'INVALID_TOKEN'
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('You have no permission to access')
|
||||
end
|
||||
|
||||
it 'should fail if content is too short' do
|
||||
result = request('/ticket/comment', {
|
||||
content: 'Test',
|
||||
ticketId: 1,
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('Invalid content')
|
||||
end
|
||||
|
||||
it 'should fail if content is very long' do
|
||||
long_text = ''
|
||||
600.times {long_text << 'a'}
|
||||
|
||||
result = request('/ticket/comment', {
|
||||
content: long_text,
|
||||
ticketId: 1,
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('Invalid content')
|
||||
end
|
||||
|
||||
it 'should fail if ticket does not exist' do
|
||||
result = request('/ticket/comment', {
|
||||
content: 'some comment content',
|
||||
ticketId: 30,
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('Invalid ticket')
|
||||
end
|
||||
|
||||
it 'should add comment to ticket' do
|
||||
result = request('/ticket/comment', {
|
||||
content: 'some comment content',
|
||||
ticketId: 1,
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
})
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
comment = $database.getRow('comment', '1', 'id')
|
||||
(comment['content']).should.equal('some comment content')
|
||||
(comment['ticket_id']).should.equal('1')
|
||||
(comment['author_id']).should.equal('1')
|
||||
end
|
||||
|
||||
# it 'should link the comment to author' do
|
||||
it 'should fail if user is not the author nor owner' do
|
||||
Scripts.createUser('commenter@comment.com', 'commenter', 'Commenter')
|
||||
data = Scripts.login('commenter@comment.com', 'commenter')
|
||||
|
||||
result = request('/ticket/comment', {
|
||||
content: 'some comment content',
|
||||
ticketId: 1,
|
||||
csrf_userid: data['userId'],
|
||||
csrf_token: data['token']
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('You have no permission to access')
|
||||
end
|
||||
|
||||
#it 'should add comment if logged as ticket owner' do
|
||||
|
||||
#end
|
||||
end
|
||||
end
|
|
@ -8,6 +8,19 @@ describe '/ticket/create' do
|
|||
$csrf_userid = result['data']['userId']
|
||||
$csrf_token = result['data']['token']
|
||||
|
||||
it 'should fail if invalid token is passed' do
|
||||
result = request('/ticket/create', {
|
||||
title: 'GG',
|
||||
departmentId: 1,
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: 'INVALID_TOKEN'
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('You have no permission to access')
|
||||
|
||||
end
|
||||
|
||||
it 'should fail if title is too short' do
|
||||
result = request('/ticket/create', {
|
||||
title: 'GG',
|
||||
|
@ -62,6 +75,20 @@ describe '/ticket/create' do
|
|||
|
||||
end
|
||||
|
||||
it 'should fail if departmentId is invalid' do
|
||||
result = request('/ticket/create',{
|
||||
title: 'Winter is coming',
|
||||
content: 'The north remembers',
|
||||
departmentId: 30,
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('Invalid department')
|
||||
|
||||
end
|
||||
|
||||
it 'should create ticket if pass data is valid' do
|
||||
result = request('/ticket/create',{
|
||||
title: 'Winter is coming',
|
||||
|
@ -73,7 +100,15 @@ describe '/ticket/create' do
|
|||
|
||||
puts result['message']
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
ticket = $database.getRow('ticket','Winter is coming','title')
|
||||
(ticket['content']).should.equal('The north remembers')
|
||||
(ticket['unread']).should.equal('0')
|
||||
(ticket['closed']).should.equal('0')
|
||||
(ticket['department_id']).should.equal('1')
|
||||
(ticket['author_id']).should.equal('1')
|
||||
|
||||
ticket_user_relation = $database.getRow('ticket_user','1','ticket_id')
|
||||
(ticket_user_relation['user_id']).should.equal('1')
|
||||
end
|
||||
end
|
|
@ -1,15 +1,16 @@
|
|||
describe '/user/signup' do
|
||||
it 'should create user in database' do
|
||||
response = request('/user/signup', {
|
||||
'name' => 'Steve Jobs',
|
||||
'email' => 'steve@jobs.com',
|
||||
'password' => 'custom'
|
||||
:name => 'Steve Jobs',
|
||||
:email => 'steve@jobs.com',
|
||||
:password => 'custom'
|
||||
})
|
||||
|
||||
userRow = $database.getRow('user', response['data']['userId'])
|
||||
|
||||
(userRow['email']).should.equal('steve@jobs.com')
|
||||
(userRow['name']).should.equal('Steve Jobs')
|
||||
(userRow['admin']).should.equal('0')
|
||||
end
|
||||
|
||||
it 'should fail if name is invalid' do
|
||||
|
|
Loading…
Reference in New Issue