[DEV-205] Users/Staffs should not be able to change the email for one already used by another user/staff (#1121)
* add verification of email on staffs * add email verification users * fix inviteStaff ruby test function * add edit staff ruby tests * add edit user ruby tests * update other ruby tests
This commit is contained in:
parent
fe1dd1bd48
commit
b9f5f7fcf1
|
@ -85,7 +85,11 @@ class EditStaffController extends Controller {
|
|||
private function editInformation() {
|
||||
|
||||
if(Controller::request('email')) {
|
||||
$this->staffInstance->email = Controller::request('email');
|
||||
$newEmail = Controller::request('email');
|
||||
|
||||
$this->verifyEmail($newEmail);
|
||||
|
||||
$this->staffInstance->email = $newEmail;
|
||||
}
|
||||
|
||||
if(Controller::request('password')) {
|
||||
|
@ -131,6 +135,19 @@ class EditStaffController extends Controller {
|
|||
$this->staffInstance->store();
|
||||
}
|
||||
|
||||
private function verifyEmail($email){
|
||||
|
||||
$staff = Staff::getDataStore($email,'email');
|
||||
$user = User::getDataStore($email,'email');
|
||||
|
||||
if($user->email == $email){
|
||||
throw new RequestException(ERRORS::INVALID_EMAIL);
|
||||
}
|
||||
|
||||
if($staff->email == $email && $this->staffInstance->email != $email){
|
||||
throw new RequestException(ERRORS::INVALID_EMAIL);
|
||||
}
|
||||
}
|
||||
|
||||
private function getDepartmentList() {
|
||||
$listDepartments = new DataStoreList();
|
||||
|
|
|
@ -42,7 +42,11 @@ class EditEmail extends Controller{
|
|||
$newEmail = Controller::request('newEmail');
|
||||
$user = Controller::getLoggedUser();
|
||||
$oldEmail = $user->email;
|
||||
|
||||
$this->verifyEmail($newEmail, $user);
|
||||
|
||||
$user->email = $newEmail;
|
||||
|
||||
$user->store();
|
||||
|
||||
$mailSender = MailSender::getInstance();
|
||||
|
@ -55,4 +59,18 @@ class EditEmail extends Controller{
|
|||
|
||||
Response::respondSuccess();
|
||||
}
|
||||
|
||||
private function verifyEmail($email, $logedUser){
|
||||
|
||||
$staff = Staff::getDataStore($email,'email');
|
||||
$user = User::getDataStore($email,'email');
|
||||
|
||||
if($user->email == $email && $logedUser->email != $email){
|
||||
throw new RequestException(ERRORS::INVALID_EMAIL);
|
||||
}
|
||||
|
||||
if($staff->email == $email){
|
||||
throw new RequestException(ERRORS::INVALID_EMAIL);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -28,7 +28,7 @@ class Scripts
|
|||
:name => name,
|
||||
:email => email,
|
||||
:level => level,
|
||||
:departments => departments.to_string
|
||||
:departments => departments.to_str
|
||||
})
|
||||
end
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ describe'/staff/delete' do
|
|||
(row).should.equal(nil)
|
||||
|
||||
row = $database.getRow('department', 1, 'id')
|
||||
(row['owners']).should.equal(4)
|
||||
(row['owners']).should.equal(6)
|
||||
|
||||
end
|
||||
|
||||
|
@ -31,6 +31,6 @@ describe'/staff/delete' do
|
|||
(result['message']).should.equal('INVALID_STAFF')
|
||||
|
||||
row = $database.getRow('department', 1, 'id')
|
||||
(row['owners']).should.equal(4)
|
||||
(row['owners']).should.equal(6)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -107,4 +107,73 @@ describe'/staff/edit' do
|
|||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('NO_PERMISSION')
|
||||
end
|
||||
|
||||
it 'should success if email selected is used by himself' do
|
||||
|
||||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
|
||||
result = request('/staff/invite', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
name: 'sellamamarlos',
|
||||
email: 'dalas@os4.com',
|
||||
level: 2,
|
||||
profilePic: '',
|
||||
departments: '[1]'
|
||||
})
|
||||
|
||||
row = $database.getRow('staff', 'dalas@os4.com', 'email')
|
||||
|
||||
result = request('/staff/edit', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
staffId: row['id'],
|
||||
email: row['email']
|
||||
})
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
staffRow = $database.getRow('staff', 'dalas@os4.com', 'email')
|
||||
|
||||
(staffRow['email']).should.equal('dalas@os4.com')
|
||||
|
||||
end
|
||||
|
||||
it 'should fail if email selected is already used' do
|
||||
|
||||
staffRow = $database.getRow('staff', 'dalas@os4.com', 'email')
|
||||
|
||||
result = request('/staff/invite', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
name: 'sellamamarlos',
|
||||
email: 'dalas2@os4.com',
|
||||
level: 2,
|
||||
profilePic: '',
|
||||
departments: '[1]'
|
||||
})
|
||||
|
||||
staffRow2 = $database.getRow('staff', 'dalas2@os4.com', 'email')
|
||||
userRow = $database.getRow('user', 'miare@os4.com', 'email')
|
||||
|
||||
result = request('/staff/edit', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
staffId: staffRow['id'],
|
||||
email: staffRow2['email'],
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('INVALID_EMAIL')
|
||||
|
||||
result = request('/staff/edit', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
staffId: staffRow['id'],
|
||||
email: userRow['email'],
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('INVALID_EMAIL')
|
||||
end
|
||||
end
|
||||
|
|
|
@ -42,4 +42,65 @@ describe '/user/edit-email' do
|
|||
csrf_token: $csrf_token
|
||||
})
|
||||
end
|
||||
|
||||
|
||||
it 'should success if email selected is used by himself' do
|
||||
|
||||
Scripts.logout()
|
||||
|
||||
Scripts.createUser('miare@os4.com','sellamamarlos', 'maria')
|
||||
|
||||
result = request('/user/login', {
|
||||
email: 'miare@os4.com',
|
||||
password: 'sellamamarlos'
|
||||
})
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
$csrf_userid = result['data']['userId']
|
||||
$csrf_token = result['data']['token']
|
||||
|
||||
row = $database.getRow('user', 'miare@os4.com', 'email')
|
||||
|
||||
result = request('/user/edit-email', {
|
||||
newEmail: row['email'],
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
})
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
row = $database.getRow('user', 'miare@os4.com', 'email')
|
||||
|
||||
(row['email']).should.equal('miare@os4.com')
|
||||
|
||||
end
|
||||
|
||||
it 'should fail if email selected is already used' do
|
||||
|
||||
staffRow = $database.getRow('staff', 1, 'id')
|
||||
userRow = $database.getRow('user', 1, 'id')
|
||||
|
||||
result = request('/user/edit-email', {
|
||||
newEmail: staffRow['email'],
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
})
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('INVALID_EMAIL')
|
||||
|
||||
row = $database.getRow('user', 'miare@os4.com', 'email')
|
||||
(row['email']).should.equal('miare@os4.com')
|
||||
|
||||
result = request('/user/edit-email', {
|
||||
newEmail: userRow['email'],
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
})
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('INVALID_EMAIL')
|
||||
|
||||
row = $database.getRow('user', 'miare@os4.com', 'email')
|
||||
(row['email']).should.equal('miare@os4.com')
|
||||
end
|
||||
end
|
||||
|
|
|
@ -117,7 +117,7 @@ describe '/staff/supervisor-user-list' do
|
|||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
|
||||
result = request('/user/edit-supervised-list', {
|
||||
userIdList: "[30,31,32]",
|
||||
userIdList: "[31,32,33]",
|
||||
userId: supervisor['id'],
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
|
@ -164,7 +164,7 @@ describe '/staff/supervisor-user-list' do
|
|||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
|
||||
request('/user/edit-supervised-list', {
|
||||
userIdList: "[30]",
|
||||
userIdList: "[31]",
|
||||
userId: supervisor['id'],
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
|
|
|
@ -16,7 +16,7 @@ describe '/user/get-supervised-tickets' do
|
|||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
|
||||
result = request('/user/edit-supervised-list', {
|
||||
userIdList: "[30,32,31]",
|
||||
userIdList: "[31,33,32]",
|
||||
userId: supervisor['id'],
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
|
@ -28,7 +28,7 @@ describe '/user/get-supervised-tickets' do
|
|||
Scripts.login('supervisor@opensupports.com', 'passwordOfSupervisor')
|
||||
|
||||
result = request('/user/get-supervised-tickets', {
|
||||
supervisedUsers: "[1000,30]",
|
||||
supervisedUsers: "[1000,31]",
|
||||
showOwnTickets: 1,
|
||||
page: 1,
|
||||
csrf_userid: $csrf_userid,
|
||||
|
@ -39,7 +39,7 @@ describe '/user/get-supervised-tickets' do
|
|||
(result['message']).should.equal('INVALID_SUPERVISED_USERS')
|
||||
|
||||
result = request('/user/get-supervised-tickets', {
|
||||
supervisedUsers: "[32,30,1]",
|
||||
supervisedUsers: "[33,31,1]",
|
||||
showOwnTickets: 1,
|
||||
page: 1,
|
||||
csrf_userid: $csrf_userid,
|
||||
|
@ -51,7 +51,7 @@ describe '/user/get-supervised-tickets' do
|
|||
|
||||
|
||||
result = request('/user/get-supervised-tickets', {
|
||||
supervisedUsers: "32",
|
||||
supervisedUsers: "33",
|
||||
showOwnTickets: 1,
|
||||
page: 1,
|
||||
csrf_userid: $csrf_userid,
|
||||
|
@ -73,7 +73,7 @@ describe '/user/get-supervised-tickets' do
|
|||
(result['message']).should.equal('INVALID_SUPERVISED_USERS')
|
||||
|
||||
result = request('/user/get-supervised-tickets', {
|
||||
supervisedUsers: "[{'id' :29 , 'staff' true}]",
|
||||
supervisedUsers: "[{'id' :30 , 'staff' true}]",
|
||||
showOwnTickets: 1,
|
||||
page: 1,
|
||||
csrf_userid: $csrf_userid,
|
||||
|
@ -86,7 +86,7 @@ describe '/user/get-supervised-tickets' do
|
|||
|
||||
it 'should return the tickets of the authors searched' do
|
||||
result = request('/user/get-supervised-tickets', {
|
||||
supervisedUsers: "[30,32,31]",
|
||||
supervisedUsers: "[31,33,32]",
|
||||
showOwnTickets: 0,
|
||||
page: 1,
|
||||
csrf_userid: $csrf_userid,
|
||||
|
@ -101,7 +101,7 @@ describe '/user/get-supervised-tickets' do
|
|||
end
|
||||
it 'should return the tickets of the authors searched including logged user' do
|
||||
result = request('/user/get-supervised-tickets', {
|
||||
supervisedUsers: "[30,32]",
|
||||
supervisedUsers: "[31,33]",
|
||||
showOwnTickets: 1,
|
||||
page: 1,
|
||||
csrf_userid: $csrf_userid,
|
||||
|
@ -115,7 +115,7 @@ describe '/user/get-supervised-tickets' do
|
|||
(result['data']['tickets'][2]['title']).should.equal(ticketsupervisor['title'])
|
||||
|
||||
result = request('/user/get-supervised-tickets', {
|
||||
supervisedUsers: "[30,32,29]",
|
||||
supervisedUsers: "[31,33,30]",
|
||||
page: 1,
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
|
@ -147,7 +147,7 @@ describe '/user/get-supervised-tickets' do
|
|||
supervisor2 = $database.getRow('user', 'supervisor2@opensupports.com', 'email')
|
||||
|
||||
result = request('/user/edit-supervised-list', {
|
||||
userIdList: "[30,32,31]",
|
||||
userIdList: "[31,33,32]",
|
||||
userId: supervisor2['id'],
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
|
@ -155,7 +155,7 @@ describe '/user/get-supervised-tickets' do
|
|||
|
||||
Scripts.login('supervisor@opensupports.com', 'passwordOfSupervisor')
|
||||
result = request('/user/get-supervised-tickets', {
|
||||
supervisedUsers: "[30,32,31]",
|
||||
supervisedUsers: "[31,33,32]",
|
||||
showOwnTickets: 0,
|
||||
page: 1,
|
||||
csrf_userid: $csrf_userid,
|
||||
|
@ -171,7 +171,7 @@ describe '/user/get-supervised-tickets' do
|
|||
|
||||
Scripts.login('supervisor2@opensupports.com', 'usersupervised2')
|
||||
result = request('/user/get-supervised-tickets', {
|
||||
supervisedUsers: "[30,32,31]",
|
||||
supervisedUsers: "[31,33,32]",
|
||||
showOwnTickets: 0,
|
||||
page: 1,
|
||||
csrf_userid: $csrf_userid,
|
||||
|
@ -192,7 +192,7 @@ describe '/user/get-supervised-tickets' do
|
|||
Scripts.login('usersupervised1@opensupports.com', 'usersupervised1')
|
||||
|
||||
result = request('/user/get-supervised-tickets', {
|
||||
supervisedUsers: "[29]",
|
||||
supervisedUsers: "[30]",
|
||||
page: 1,
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
|
@ -205,7 +205,7 @@ describe '/user/get-supervised-tickets' do
|
|||
Scripts.login('usersupervised2@opensupports.com', 'usersupervised2')
|
||||
|
||||
result = request('/user/get-supervised-tickets', {
|
||||
supervisedUsers: "[29]",
|
||||
supervisedUsers: "[30]",
|
||||
page: 1,
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
|
@ -218,7 +218,7 @@ describe '/user/get-supervised-tickets' do
|
|||
Scripts.login('usersupervised3@opensupports.com', 'usersupervised3')
|
||||
|
||||
result = request('/user/get-supervised-tickets', {
|
||||
supervisedUsers: "[29]",
|
||||
supervisedUsers: "[30]",
|
||||
page: 1,
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
|
|
|
@ -36,7 +36,7 @@ describe '/user/get-users' do
|
|||
})
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
(result['data']['users'].size).should.equal(7)
|
||||
(result['data']['users'].size).should.equal(8)
|
||||
end
|
||||
|
||||
it 'should get users with order by tickets and asc' do
|
||||
|
|
Loading…
Reference in New Issue