Ivan - STAFF LOGIN - Add Staff login to backend [skip ci]
This commit is contained in:
ivan
parent
116c974f9c
commit
cc7c5bfb3d
|
|
@ -0,0 +1,9 @@
|
|||
<?php
|
||||
require_once 'staff/get.php';
|
||||
|
||||
$systemControllerGroup = new ControllerGroup();
|
||||
$systemControllerGroup->setGroupPath('/staff');
|
||||
|
||||
$systemControllerGroup->addController(new GetStaffController);
|
||||
|
||||
$systemControllerGroup->finalize();
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
<?php
|
||||
use Respect\Validation\Validator as DataValidator;
|
||||
DataValidator::with('CustomValidations', true);
|
||||
|
||||
class GetStaffController extends Controller {
|
||||
const PATH = '/get';
|
||||
|
||||
public function validations() {
|
||||
return [
|
||||
'permission' => 'staff_1',
|
||||
'requestData' => []
|
||||
];
|
||||
}
|
||||
|
||||
public function handler() {
|
||||
$user = Controller::getLoggedUser();
|
||||
$parsedDepartmentList = [];
|
||||
$departmentList = $user->sharedDepartmentList;
|
||||
|
||||
foreach($departmentList as $department) {
|
||||
$parsedDepartmentList[] = [
|
||||
'id' => $department->id,
|
||||
'name' => $department->name
|
||||
];
|
||||
}
|
||||
|
||||
Response::respondSuccess([
|
||||
'name' => $user->name,
|
||||
'email' => $user->email,
|
||||
'profilePic' => $user->profilePic,
|
||||
'level' => $user->level,
|
||||
'staff' => true,
|
||||
'departments' => $parsedDepartmentList
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
|
@ -13,6 +13,11 @@ class GetUserController extends Controller {
|
|||
}
|
||||
|
||||
public function handler() {
|
||||
if (Controller::isStaffLogged()) {
|
||||
Response::respondError(ERRORS::INVALID_CREDENTIALS);
|
||||
return;
|
||||
}
|
||||
|
||||
$user = Controller::getLoggedUser();
|
||||
$parsedTicketList = [];
|
||||
$ticketList = $user->sharedTicketList;
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ class LoginController extends Controller {
|
|||
}
|
||||
|
||||
private function createUserSession() {
|
||||
Session::getInstance()->createSession($this->userInstance->id);
|
||||
Session::getInstance()->createSession($this->userInstance->id, Controller::request('staff'));
|
||||
}
|
||||
|
||||
private function getUserData() {
|
||||
|
|
@ -55,6 +55,7 @@ class LoginController extends Controller {
|
|||
return array(
|
||||
'userId' => $userInstance->id,
|
||||
'userEmail' => $userInstance->email,
|
||||
'staff' => Controller::request('staff'),
|
||||
'token' => Session::getInstance()->getToken(),
|
||||
'rememberToken' => $this->rememberToken
|
||||
);
|
||||
|
|
@ -64,7 +65,11 @@ class LoginController extends Controller {
|
|||
$email = Controller::request('email');
|
||||
$password = Controller::request('password');
|
||||
|
||||
return User::authenticate($email, $password);
|
||||
if(Controller::request('staff')) {
|
||||
return Staff::authenticate($email, $password);
|
||||
} else {
|
||||
return User::authenticate($email, $password);
|
||||
}
|
||||
}
|
||||
|
||||
private function getUserByRememberToken() {
|
||||
|
|
|
|||
|
|
@ -36,7 +36,13 @@ abstract class Controller {
|
|||
}
|
||||
|
||||
public static function getLoggedUser() {
|
||||
return User::getUser((int)self::request('csrf_userid'));
|
||||
$session = Session::getInstance();
|
||||
|
||||
if ($session->isStaffLogged()) {
|
||||
return Staff::getUser((int)self::request('csrf_userid'));
|
||||
} else {
|
||||
return User::getUser((int)self::request('csrf_userid'));
|
||||
}
|
||||
}
|
||||
|
||||
public static function isUserLogged() {
|
||||
|
|
@ -48,12 +54,8 @@ abstract class Controller {
|
|||
));
|
||||
}
|
||||
|
||||
public static function isStaffLogged() {
|
||||
return Controller::isUserLogged() && (Controller::getLoggedUser()->admin === 1);
|
||||
}
|
||||
|
||||
public static function isAdminLogged() {
|
||||
return Controller::isUserLogged() && (Controller::getLoggedUser()->admin === 2);
|
||||
public static function isStaffLogged($level = 1) {
|
||||
return Controller::isUserLogged() && (Controller::getLoggedUser()->level >= $level);
|
||||
}
|
||||
|
||||
public static function getAppInstance() {
|
||||
|
|
|
|||
|
|
@ -16,8 +16,9 @@ class Validator {
|
|||
$permissions = [
|
||||
'any' => true,
|
||||
'user' => Controller::isUserLogged(),
|
||||
'staff' => Controller::isStaffLogged(),
|
||||
'admin' => Controller::isAdminLogged()
|
||||
'staff_1' => Controller::isStaffLogged(1),
|
||||
'staff_2' => Controller::isStaffLogged(2),
|
||||
'staff_3' => Controller::isStaffLogged(3)
|
||||
];
|
||||
|
||||
if (!$permissions[$permission]) {
|
||||
|
|
|
|||
|
|
@ -24,8 +24,9 @@ class Session {
|
|||
return self::$instance;
|
||||
}
|
||||
|
||||
public function createSession($userId) {
|
||||
public function createSession($userId, $staff = false) {
|
||||
$this->store('userId', $userId);
|
||||
$this->store('staff', $staff);
|
||||
$this->store('token', Hashing::generateRandomToken());
|
||||
}
|
||||
|
||||
|
|
@ -37,6 +38,10 @@ class Session {
|
|||
return !!$this->getToken();
|
||||
}
|
||||
|
||||
public function isStaffLogged() {
|
||||
return $this->getStoredData('staff');
|
||||
}
|
||||
|
||||
public function checkAuthentication($data) {
|
||||
$userId = $this->getStoredData('userId');
|
||||
$token = $this->getStoredData('token');
|
||||
|
|
|
|||
|
|
@ -3,6 +3,11 @@
|
|||
class Staff extends DataStore {
|
||||
const TABLE = 'staff';
|
||||
|
||||
public static function authenticate($userEmail, $userPassword) {
|
||||
$user = Staff::getUser($userEmail, 'email');
|
||||
|
||||
return ($user && Hashing::verifyPassword($userPassword, $user->password)) ? $user : new NullDataStore();
|
||||
}
|
||||
|
||||
public static function getProps() {
|
||||
return [
|
||||
|
|
|
|||
|
|
@ -15,16 +15,13 @@ class User extends DataStore {
|
|||
'email',
|
||||
'password',
|
||||
'name',
|
||||
'admin',
|
||||
'sharedTicketList',
|
||||
'verificationToken',
|
||||
];
|
||||
}
|
||||
|
||||
public function getDefaultProps() {
|
||||
return [
|
||||
'admin' => 0
|
||||
];
|
||||
return [];
|
||||
}
|
||||
|
||||
public static function getUser($value, $property = 'id') {
|
||||
|
|
|
|||
|
|
@ -35,10 +35,11 @@ class LoginControllerTest extends PHPUnit_Framework_TestCase {
|
|||
|
||||
$this->loginController->handler();
|
||||
|
||||
$this->assertTrue(Session::getInstance()->createSession->hasBeenCalledWithArgs('MOCK_ID'));
|
||||
$this->assertTrue(Session::getInstance()->createSession->hasBeenCalledWithArgs('MOCK_ID', null));
|
||||
$this->assertTrue(Response::get('respondSuccess')->hasBeenCalledWithArgs(array(
|
||||
'userId' => 'MOCK_ID',
|
||||
'userEmail' => 'MOCK_EMAIL',
|
||||
'staff' => null,
|
||||
'token' => 'TEST_TOKEN',
|
||||
'rememberToken' => null
|
||||
)));
|
||||
|
|
|
|||
|
|
@ -21,3 +21,4 @@ require './user/get.rb'
|
|||
require './ticket/create.rb'
|
||||
require './ticket/comment.rb'
|
||||
require './ticket/get.rb'
|
||||
require './staff/get.rb'
|
||||
|
|
|
|||
|
|
@ -26,3 +26,8 @@ class Database
|
|||
end
|
||||
|
||||
$database = Database.new
|
||||
|
||||
$staff = {
|
||||
:email => 'staff@opensupports.com',
|
||||
:password => 'staff'
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,11 +11,12 @@ class Scripts
|
|||
end
|
||||
end
|
||||
|
||||
def self.login(email = 'steve@jobs.com', password = 'custompassword')
|
||||
def self.login(email = 'steve@jobs.com', password = 'custompassword', staff = false)
|
||||
request('/user/logout')
|
||||
response = request('/user/login', {
|
||||
:email => email,
|
||||
:password => password
|
||||
:password => password,
|
||||
:staff => staff
|
||||
})
|
||||
|
||||
if response['data'].any?
|
||||
|
|
|
|||
|
|
@ -0,0 +1,15 @@
|
|||
describe '/staff/get/' do
|
||||
request('/user/logout')
|
||||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
|
||||
it 'should return staff member data' do
|
||||
result = request('/staff/get', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
})
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
(result['data']['name']).should.equal('Emilia Clarke')
|
||||
(result['data']['staff']).should.equal(true)
|
||||
end
|
||||
end
|
||||
|
|
@ -13,13 +13,36 @@ describe '/user/login' do
|
|||
(result['status']).should.equal('fail')
|
||||
end
|
||||
|
||||
# it 'should login correctly' do
|
||||
it 'should login correctly' do
|
||||
result = request('/user/login', {
|
||||
email: @loginEmail,
|
||||
password: @loginPass
|
||||
})
|
||||
|
||||
# end
|
||||
(result['status']).should.equal('success')
|
||||
end
|
||||
|
||||
# it 'should fail if already logged in' do
|
||||
it 'should fail if already logged in' do
|
||||
result = request('/user/login', {
|
||||
email: @loginEmail,
|
||||
password: @loginPass
|
||||
})
|
||||
|
||||
# end
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('User is already logged in')
|
||||
end
|
||||
|
||||
it 'should login staff member' do
|
||||
request('/user/logout', {})
|
||||
result = request('/user/login', {
|
||||
email: $staff[:email],
|
||||
password: $staff[:password],
|
||||
staff: true
|
||||
})
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
(result['data']['staff']).should.equal('true')
|
||||
end
|
||||
|
||||
it 'should return remember token' do
|
||||
request('/user/logout', {})
|
||||
|
|
@ -31,7 +54,7 @@ describe '/user/login' do
|
|||
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
@rememberToken = result['data']['rememberToken']# falta comproversion
|
||||
@rememberToken = result['data']['rememberToken']
|
||||
@userid = result['data']['userId']
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ describe '/user/signup' do
|
|||
|
||||
(userRow['email']).should.equal('steve@jobs.com')
|
||||
(userRow['name']).should.equal('Steve Jobs')
|
||||
(userRow['admin']).should.equal('0')
|
||||
end
|
||||
|
||||
it 'should fail if name is invalid' do
|
||||
|
|
|
|||
Loading…
Reference in New Issue