diff --git a/server/controllers/ticket/create.php b/server/controllers/ticket/create.php index 8cd3be5e..2d9294ba 100644 --- a/server/controllers/ticket/create.php +++ b/server/controllers/ticket/create.php @@ -63,7 +63,8 @@ class CreateController extends Controller { )); $author->sharedTicketList->add($ticket); - + $author->tickets++; + $author->store(); $ticket->store(); diff --git a/server/controllers/user.php b/server/controllers/user.php index 445d3000..c7a27ef6 100644 --- a/server/controllers/user.php +++ b/server/controllers/user.php @@ -8,6 +8,12 @@ include 'user/send-recover-password.php'; include 'user/edit-password.php'; include 'user/edit-email.php'; include 'user/get.php'; +include 'user/get-users.php'; +include 'user/get-user.php'; +include 'user/delete.php'; +include 'user/ban.php'; +include 'user/un-ban.php'; +include 'user/list-ban.php'; $userControllers = new ControllerGroup(); $userControllers->setGroupPath('/user'); @@ -21,5 +27,10 @@ $userControllers->addController(new RecoverPasswordController); $userControllers->addController(new EditPassword); $userControllers->addController(new EditEmail); $userControllers->addController(new GetUserController); - +$userControllers->addController(new GetUsersController); +$userControllers->addController(new GetUserByIdController); +$userControllers->addController(new DeleteUserController); +$userControllers->addController(new BanUserController); +$userControllers->addController(new UnBanUserController); +$userControllers->addController(new ListBanUserController); $userControllers->finalize(); diff --git a/server/controllers/user/ban.php b/server/controllers/user/ban.php new file mode 100644 index 00000000..699686d9 --- /dev/null +++ b/server/controllers/user/ban.php @@ -0,0 +1,37 @@ + 'staff_1', + 'requestData' => [ + 'email' => [ + 'validation' => DataValidator::email(), + 'error' => ERRORS::INVALID_EMAIL + ] + ] + ]; + } + + public function handler() { + $email = Controller::request('email'); + + $banRow = Ban::getDataStore($email,'email'); + if($banRow->isNull()) { + $ban = new Ban(); + + $ban->setProperties(array( + 'email' => $email + )); + + $ban->store(); + + Response::respondSuccess(); + } else { + Response::respondError(ERRORS::ALREADY_BANNED); + } + } +} \ No newline at end of file diff --git a/server/controllers/user/delete.php b/server/controllers/user/delete.php new file mode 100644 index 00000000..6240218a --- /dev/null +++ b/server/controllers/user/delete.php @@ -0,0 +1,27 @@ + 'staff_1', + 'requestData' => [ + 'userId' => [ + 'validation' => DataValidator::dataStoreId('user'), + 'error' => ERRORS::INVALID_USER + ] + ] + ]; + } + + public function handler() { + $userId = Controller::request('userId'); + $user = User::getDataStore($userId); + + $user->delete(); + Response::respondSuccess(); + } +} \ No newline at end of file diff --git a/server/controllers/user/get-user.php b/server/controllers/user/get-user.php new file mode 100644 index 00000000..92636ac0 --- /dev/null +++ b/server/controllers/user/get-user.php @@ -0,0 +1,31 @@ + 'staff_2', + 'requestData' => [ + 'userId' => [ + 'validation' => DataValidator::dataStoreId('user'), + 'error' => ERRORS::INVALID_USER + ] + ] + ]; + } + + public function handler() { + $userId = Controller::request('userId'); + $user = User::getDataStore($userId); + + Response::respondSuccess([ + 'name' => $user->name, + 'email' => $user->email, + 'signupDate' => $user->signupDate, + 'tickets' => $user->sharedTicketList->toArray() + ]); + } +} \ No newline at end of file diff --git a/server/controllers/user/get-users.php b/server/controllers/user/get-users.php new file mode 100644 index 00000000..a9bf0601 --- /dev/null +++ b/server/controllers/user/get-users.php @@ -0,0 +1,107 @@ + 'staff_2', + 'requestData' => [ + 'page' => [ + 'validation' => DataValidator::numeric(), + 'error' => ERRORS::INVALID_PAGE + ], + 'orderBy' => [ + 'validation' => DataValidator::in(['id','tickets']), + 'error' => ERRORS::INVALID_ORDER + ] + ] + ]; + } + + public function handler() { + $userList = $this->getUserList(); + $userListArray = []; + + foreach ($userList as $user) { + $userListArray[] = [ + 'id' => $user->id, + 'name' => $user->name, + 'tickets' => $user->tickets, + 'email' => $user->email, + 'signupDate' => $user->signupDate + ]; + } + + Response::respondSuccess([ + 'users' => $userListArray, + 'pages' => $this->getPagesQuantity(), + 'page' => Controller::request('page'), + 'orderBy' => Controller::request('orderBy'), + 'desc' => Controller::request('desc'), + 'search' => Controller::request('search') + ]); + } + + private function getUserList() { + $query = $this->getSearchQuery(); + + return User::find($query, [ + '%' . Controller::request('search') . '%', + '%' . Controller::request('search') . '%', + Controller::request('search') . '%', + Controller::request('search') . '%' + ]); + } + + private function getPagesQuantity() { + $query = ''; + + if(Controller::request('search')) { + $query .= " (name LIKE ? OR email LIKE ? )"; + } + + $usersQuantity = User::count($query, [ + '%' . Controller::request('search') . '%', + '%' . Controller::request('search') . '%' + ]); + + return ceil($usersQuantity / 10); + } + + private function getSearchQuery() { + $query = ''; + + if(Controller::request('search')) { + $query .= " (name LIKE ? OR email LIKE ? )"; + $query .= " ORDER BY CASE WHEN (name LIKE ? OR email LIKE ?)"; + $query .= " THEN 1 ELSE 2 END ASC,"; + } else { + $query .= " ORDER BY "; + } + + $query .= $this->getOrderAndLimit(); + + return $query; + } + + private function getOrderAndLimit() { + $query = ''; + + if(Controller::request('orderBy') === 'tickets') { + $query .= 'tickets'; + } else { + $query .= 'id'; + } + + if(Controller::request('desc')) { + $query .= ' desc'; + } else { + $query .= ' asc'; + } + $query .= " LIMIT 10 OFFSET ". ((Controller::request('page')-1)*10); + + return $query; + } +} \ No newline at end of file diff --git a/server/controllers/user/list-ban.php b/server/controllers/user/list-ban.php new file mode 100644 index 00000000..c037eabc --- /dev/null +++ b/server/controllers/user/list-ban.php @@ -0,0 +1,18 @@ + 'staff_1', + 'requestData' => [] + ]; + } + + public function handler() { + $banList = Ban::getAll()->toArray(); + Response::respondSuccess($banList); + } +} \ No newline at end of file diff --git a/server/controllers/user/signup.php b/server/controllers/user/signup.php index c112b906..b073fab1 100644 --- a/server/controllers/user/signup.php +++ b/server/controllers/user/signup.php @@ -43,6 +43,12 @@ class SignUpController extends Controller { Response::respondError(ERRORS::USER_EXISTS); return; } + $banRow = Ban::getDataStore($this->userEmail,'email'); + + if (!$banRow->isNull()) { + Response::respondError(ERRORS::ALREADY_BANNED); + return; + } $userId = $this->createNewUserAndRetrieveId(); $this->sendRegistrationMail(); @@ -65,6 +71,8 @@ class SignUpController extends Controller { $userInstance->setProperties([ 'name' => $this->userName, + 'signupDate' => Date::getCurrentDate(), + 'tickets' => 0, 'email' => $this->userEmail, 'password' => Hashing::hashPassword($this->userPassword) ]); diff --git a/server/controllers/user/un-ban.php b/server/controllers/user/un-ban.php new file mode 100644 index 00000000..15f6f18b --- /dev/null +++ b/server/controllers/user/un-ban.php @@ -0,0 +1,32 @@ + 'staff_1', + 'requestData' => [ + 'email' => [ + 'validation' => DataValidator::email(), + 'error' => ERRORS::INVALID_EMAIL + ] + ] + ]; + } + + public function handler() { + $email = Controller::request('email'); + $banRow = Ban::getDataStore($email,'email'); + + if($banRow->isNull()) { + Response::respondError(ERRORS::INVALID_EMAIL); + } else { + $banRow->delete(); + Response::respondSuccess(); + } + + } + +} \ No newline at end of file diff --git a/server/data/ERRORS.php b/server/data/ERRORS.php index ea579d71..91387377 100644 --- a/server/data/ERRORS.php +++ b/server/data/ERRORS.php @@ -22,4 +22,8 @@ class ERRORS { const INVALID_PAGE = 'INVALID_PAGE'; const INVALID_QUERY = 'INVALID_QUERY'; const INVALID_TOPIC = 'INVALID_TOPIC'; + const INVALID_SEARCH = 'INVALID_SEARCH'; + const INVALID_ORDER = 'INVALID_ORDER'; + const INVALID_USER = 'INVALID_USER'; + const ALREADY_BANNED = 'ALREADY_BANNED'; } diff --git a/server/models/Ban.php b/server/models/Ban.php new file mode 100644 index 00000000..4934915d --- /dev/null +++ b/server/models/Ban.php @@ -0,0 +1,17 @@ +email; + } +} \ No newline at end of file diff --git a/server/models/User.php b/server/models/User.php index b25f5a1a..beee0708 100644 --- a/server/models/User.php +++ b/server/models/User.php @@ -15,8 +15,9 @@ class User extends DataStore { 'email', 'password', 'name', - 'sharedTicketList', - 'verificationToken', + 'signupDate', + 'tickets', + 'sharedTicketList' ]; } diff --git a/tests/init.rb b/tests/init.rb index 0614319e..45791f55 100644 --- a/tests/init.rb +++ b/tests/init.rb @@ -35,5 +35,9 @@ require './staff/get-all-tickets.rb' require './ticket/events.rb' require './article/topic.rb' require './article/article.rb' +require './user/get-user.rb' +require './user/ban.rb' +require './user/get-users-test.rb' +require './user/delete.rb' diff --git a/tests/user/ban.rb b/tests/user/ban.rb new file mode 100644 index 00000000..86d03e2d --- /dev/null +++ b/tests/user/ban.rb @@ -0,0 +1,75 @@ +describe '/user/ban' do + + request('/user/logout') + result = request('/user/login', { + email: 'staff@opensupports.com', + password: 'staff', + staff: true + }) + + $csrf_userid = result['data']['userId'] + $csrf_token = result['data']['token'] + + it 'should ban user' do + result = request('/user/ban', { + email: 'nothing@hotmail.com', + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('success') + + user = $database.getRow('ban', 1 , 'id') + (user['email']).should.equal('nothing@hotmail.com') + + end + + it 'should get ban list' do + result = request('/user/list-ban', { + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['data'][0]).should.equal('nothing@hotmail.com') + + end + + it 'should not ban user if it is already banned' do + result = request('/user/ban', { + email: 'nothing@hotmail.com', + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('fail') + (result['message']).should.equal('ALREADY_BANNED') + + end + + it 'should un-ban user if it is already banned' do + result = request('/user/un-ban', { + email: 'nothing@hotmail.com', + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('success') + + user = $database.getRow('ban', 1 , 'id') + (user).should.equal(nil) + + end + + it 'should not un-ban user if it is not banned' do + result = request('/user/un-ban', { + email: 'nothing@hotmail.com', + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('fail') + (result['message']).should.equal('INVALID_EMAIL') + + end + +end \ No newline at end of file diff --git a/tests/user/delete.rb b/tests/user/delete.rb new file mode 100644 index 00000000..8b411d14 --- /dev/null +++ b/tests/user/delete.rb @@ -0,0 +1,28 @@ +describe '/user/delete' do + + request('/user/logout') + result = request('/user/login', { + email: 'staff@opensupports.com', + password: 'staff', + staff: true + }) + + $csrf_userid = result['data']['userId'] + $csrf_token = result['data']['token'] + + it 'should delete user' do + result = request('/user/delete', { + userId: 4, + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('success') + + user = $database.getRow('user', 4 , 'id') + (user).should.equal(nil) + + end +end + + diff --git a/tests/user/get-user.rb b/tests/user/get-user.rb new file mode 100644 index 00000000..ca9bf37c --- /dev/null +++ b/tests/user/get-user.rb @@ -0,0 +1,29 @@ +describe '/user/get-user' do + + request('/user/logout') + result = request('/user/login', { + email: 'staff@opensupports.com', + password: 'staff', + staff: true + }) + + $csrf_userid = result['data']['userId'] + $csrf_token = result['data']['token'] + + it 'should get user data' do + result = request('/user/get-user', { + userId: 4, + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('success') + + user = $database.getRow('user', 4 , 'id') + (user['email']).should.equal(result['data']['email']) + (user['signup_date']).should.equal(result['data']['signupDate']) + (user['name']).should.equal(result['data']['name']) + (user['tickets']).should.equal(result['data']['tickets'].size.to_s) + end + +end \ No newline at end of file diff --git a/tests/user/get-users-test.rb b/tests/user/get-users-test.rb new file mode 100644 index 00000000..8ccec70e --- /dev/null +++ b/tests/user/get-users-test.rb @@ -0,0 +1,89 @@ +describe '/user/get-users' do + + request('/user/logout') + Scripts.createUser('tests@hotmail.com','passdasdasdas','laasdasd') + Scripts.createUser('tests2@hotmail.com','passfasfasfsa','laeaefae') + Scripts.createUser('tests3@hotmail.com','passfasfasfws','laeczvwaf') + result = request('/user/login', { + email: 'staff@opensupports.com', + password: 'staff', + staff: true + }) + + $csrf_userid = result['data']['userId'] + $csrf_token = result['data']['token'] + + it 'should get users on first page' do + result = request('/user/get-users', { + page: 1, + orderBy:'id', + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('success') + (result['data']['users'].size).should.equal(10) + (result['data']['pages']).should.equal(2) + end + + it 'should get users on second page' do + result = request('/user/get-users', { + page:2, + orderBy:'id', + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('success') + (result['data']['users'].size).should.equal(3) + end + + it 'should get users with order by tickets and asc' do + result = request('/user/get-users', { + page:1, + orderBy:'tickets', + desc:false, + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('success') + users = result['data']['users'] + (1..(users.size-1)).each do |i| + (users[i]['tickets'].to_i >= users[i-1]['tickets'].to_i).should.equal(true) + end + end + + it 'should get users with order by tickets and desc' do + result = request('/user/get-users', { + page:1, + orderBy:'tickets', + desc:true, + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('success') + users = result['data']['users'] + (1..(users.size-1)).each do |i| + (users[i]['tickets'].to_i <= users[i-1]['tickets'].to_i).should.equal(true) + end + end + + it 'should get users with search' do + result = request('/user/get-users', { + page:1, + search:'la', + orderBy:'id', + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('success') + (result['data']['users'][0]['name']).should.equal('laasdasd') + (result['data']['users'][1]['name']).should.equal('laeaefae') + (result['data']['users'][2]['name']).should.equal('laeczvwaf') + (result['data']['users'][3]['name']).should.equal('Cersei Lannister') + (result['data']['users'][4]['name']).should.equal('Tyrion Lannister') + end +end \ No newline at end of file diff --git a/tests/user/get.rb b/tests/user/get.rb index e683ecbb..ef89384e 100644 --- a/tests/user/get.rb +++ b/tests/user/get.rb @@ -2,9 +2,7 @@ describe '/user/get' do request('/user/logout') Scripts.createUser('user_get@os4.com', 'user_get','User Get') - result = Scripts.login('user_get@os4.com', 'user_get') - $csrf_userid = result['userId'] - $csrf_token = result['token'] + Scripts.login('user_get@os4.com', 'user_get') result = request('/ticket/create', { title: 'Should we pay?', content: 'A Lannister always pays his debts.',