diff --git a/server/controllers/ticket/comment.php b/server/controllers/ticket/comment.php index 6331fdf0..bc3e4a91 100644 --- a/server/controllers/ticket/comment.php +++ b/server/controllers/ticket/comment.php @@ -16,8 +16,8 @@ class CommentController extends Controller { 'validation' => DataValidator::length(20, 500), 'error' => ERRORS::INVALID_CONTENT ], - 'ticketId' => [ - 'validation' => DataValidator::dataStoreId('ticket'), + 'ticketNumber' => [ + 'validation' => DataValidator::validTicketNumber(), 'error' => ERRORS::INVALID_TICKET ] ] @@ -37,9 +37,9 @@ class CommentController extends Controller { } private function requestData() { - $ticketId = Controller::request('ticketId'); + $ticketNumber = Controller::request('ticketNumber'); - $this->ticket = Ticket::getTicket($ticketId); + $this->ticket = Ticket::getByTicketNumber($ticketNumber); $this->content = Controller::request('content'); } diff --git a/server/controllers/ticket/get.php b/server/controllers/ticket/get.php index fcc9a16f..071ac74a 100644 --- a/server/controllers/ticket/get.php +++ b/server/controllers/ticket/get.php @@ -22,6 +22,10 @@ class TicketGetController extends Controller { $ticket = Ticket::getByTicketNumber($ticketNumber); - Response::respondSuccess($ticket->toArray()); + if ($ticket->isNull() || $ticket->author->id != Controller::getLoggedUser()->id) { + Response::respondError(ERRORS::INVALID_TICKET); + } else { + Response::respondSuccess($ticket->toArray()); + } } } \ No newline at end of file diff --git a/server/controllers/user.php b/server/controllers/user.php index be42a986..94e1b60b 100644 --- a/server/controllers/user.php +++ b/server/controllers/user.php @@ -6,6 +6,7 @@ include 'user/recover-password.php'; include 'user/send-recover-password.php'; include 'user/edit-password.php'; include 'user/edit-email.php'; +include 'user/get.php'; $userControllers = new ControllerGroup(); $userControllers->setGroupPath('/user'); @@ -17,5 +18,6 @@ $userControllers->addController(new SendRecoverPasswordController); $userControllers->addController(new RecoverPasswordController); $userControllers->addController(new EditPassword); $userControllers->addController(new EditEmail); +$userControllers->addController(new GetUserController); $userControllers->finalize(); diff --git a/server/controllers/user/get.php b/server/controllers/user/get.php new file mode 100644 index 00000000..9310c5cf --- /dev/null +++ b/server/controllers/user/get.php @@ -0,0 +1,30 @@ + 'user', + 'requestData' => [] + ]; + } + + public function handler() { + $user = Controller::getLoggedUser(); + $parsedTicketList = []; + $ticketList = $user->sharedTicketList; + + foreach($ticketList as $ticket) { + $parsedTicketList[] = $ticket->toArray(); + } + + Response::respondSuccess([ + 'name' => $user->name, + 'email' => $user->email, + 'tickets' => $parsedTicketList + ]); + } +} \ No newline at end of file diff --git a/server/index.php b/server/index.php index 2adb7b1f..db77a0df 100644 --- a/server/index.php +++ b/server/index.php @@ -41,6 +41,7 @@ spl_autoload_register(function ($class) { include_once 'libs/validations/dataStoreId.php'; include_once 'libs/validations/userEmail.php'; include_once 'libs/validations/captcha.php'; +include_once 'libs/validations/validTicketNumber.php'; // LOAD CONTROLLERS foreach (glob('controllers/*.php') as $controller) { diff --git a/server/libs/DataStoreList.php b/server/libs/DataStoreList.php index 88babde2..d4fb8dc0 100644 --- a/server/libs/DataStoreList.php +++ b/server/libs/DataStoreList.php @@ -1,7 +1,7 @@ list); + } + public function add(DataStore $dataStore) { $this->list[] = $dataStore; } diff --git a/server/libs/validations/validTicketNumber.php b/server/libs/validations/validTicketNumber.php new file mode 100644 index 00000000..87942c4e --- /dev/null +++ b/server/libs/validations/validTicketNumber.php @@ -0,0 +1,14 @@ +isNull(); + } +} \ No newline at end of file diff --git a/tests/init.rb b/tests/init.rb index c552e0a2..fb875785 100644 --- a/tests/init.rb +++ b/tests/init.rb @@ -17,6 +17,7 @@ require './user/send-recover-password.rb' require './user/recover-password.rb' require './user/edit-password.rb' require './user/edit-email.rb' +require './user/get.rb' require './ticket/create.rb' require './ticket/comment.rb' require './ticket/get.rb' diff --git a/tests/scripts.rb b/tests/scripts.rb index 1c7fc804..f6b3e18d 100644 --- a/tests/scripts.rb +++ b/tests/scripts.rb @@ -18,6 +18,23 @@ class Scripts :password => password }) + if response['data'].any? + $csrf_userid = response['data']['userId'] + $csrf_token = response['data']['token'] + end + response['data'] end + + def self.createTicket() + result = request('/ticket/create', { + title: 'Winter is coming', + content: 'The north remembers', + departmentId: 1, + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + result['data'] + end end diff --git a/tests/ticket/comment.rb b/tests/ticket/comment.rb index eff1cbd9..3d21d6e6 100644 --- a/tests/ticket/comment.rb +++ b/tests/ticket/comment.rb @@ -1,8 +1,15 @@ describe '/ticket/comment/' do + Scripts.createUser('commenter@os4.com', 'commenter', 'Commenter') + Scripts.login('commenter@os4.com', 'commenter') + + result = Scripts.createTicket + + @ticketNumber = result['ticketNumber'] + it 'should fail if invalid token is passed' do result = request('/ticket/comment', { content: 'some comment content', - ticketId: 1, + ticketId: @ticketNumber, csrf_userid: $csrf_userid, csrf_token: 'INVALID_TOKEN' }) @@ -14,7 +21,7 @@ describe '/ticket/comment/' do it 'should fail if content is too short' do result = request('/ticket/comment', { content: 'Test', - ticketId: 1, + ticketNumber: @ticketNumber, csrf_userid: $csrf_userid, csrf_token: $csrf_token }) @@ -29,7 +36,7 @@ describe '/ticket/comment/' do result = request('/ticket/comment', { content: long_text, - ticketId: 1, + ticketNumber: @ticketNumber, csrf_userid: $csrf_userid, csrf_token: $csrf_token }) @@ -41,7 +48,7 @@ describe '/ticket/comment/' do it 'should fail if ticket does not exist' do result = request('/ticket/comment', { content: 'some comment content', - ticketId: 30, + ticketNumber: 30, csrf_userid: $csrf_userid, csrf_token: $csrf_token }) @@ -53,28 +60,28 @@ describe '/ticket/comment/' do it 'should add comment to ticket' do result = request('/ticket/comment', { content: 'some comment content', - ticketId: 1, + ticketNumber: @ticketNumber, csrf_userid: $csrf_userid, csrf_token: $csrf_token }) (result['status']).should.equal('success') - comment = $database.getRow('comment', '1', 'id') + ticket = $database.getRow('ticket', @ticketNumber, 'ticket_number') + comment = $database.getRow('comment', ticket['id'], 'ticket_id') (comment['content']).should.equal('some comment content') - (comment['ticket_id']).should.equal('1') (comment['author_id']).should.equal($csrf_userid) end it 'should fail if user is not the author nor owner' do - Scripts.createUser('commenter@comment.com', 'commenter', 'Commenter') - data = Scripts.login('commenter@comment.com', 'commenter') + Scripts.createUser('no_commenter@comment.com', 'no_commenter', 'No Commenter') + Scripts.login('no_commenter@comment.com', 'no_commenter') result = request('/ticket/comment', { content: 'some comment content', - ticketId: 1, - csrf_userid: data['userId'], - csrf_token: data['token'] + ticketNumber: @ticketNumber, + csrf_userid: $csrf_userid, + csrf_token: $csrf_token }) (result['status']).should.equal('fail') diff --git a/tests/ticket/create.rb b/tests/ticket/create.rb index f9756732..f5367232 100644 --- a/tests/ticket/create.rb +++ b/tests/ticket/create.rb @@ -1,13 +1,7 @@ describe '/ticket/create' do request('/user/logout') - Scripts.createUser('jonsnow@os4.com','jonpass','Jon Snow') - result = request('/user/login', { - email: 'jonsnow@os4.com', - password: 'jonpass' - }) - - $csrf_userid = result['data']['userId'] - $csrf_token = result['data']['token'] + Scripts.createUser('creator@os4.com','creator','Creator') + Scripts.login('creator@os4.com','creator') it 'should fail if invalid token is passed' do result = request('/ticket/create', { @@ -77,7 +71,7 @@ describe '/ticket/create' do end it 'should fail if departmentId is invalid' do - result = request('/ticket/create',{ + result = request('/ticket/create', { title: 'Winter is coming', content: 'The north remembers', departmentId: 30, @@ -91,7 +85,7 @@ describe '/ticket/create' do end it 'should create ticket if pass data is valid' do - result = request('/ticket/create',{ + result = request('/ticket/create', { title: 'Winter is coming', content: 'The north remembers', departmentId: 1, @@ -110,7 +104,7 @@ describe '/ticket/create' do (ticket['author_id']).should.equal($csrf_userid) (ticket['ticket_number'].size).should.equal(6) - ticket_user_relation = $database.getRow('ticket_user','1','ticket_id') + ticket_user_relation = $database.getRow('ticket_user', ticket['id'],'ticket_id') (ticket_user_relation['user_id']).should.equal($csrf_userid) end diff --git a/tests/ticket/get.rb b/tests/ticket/get.rb index c40b2886..8cb77ad4 100644 --- a/tests/ticket/get.rb +++ b/tests/ticket/get.rb @@ -1,30 +1,51 @@ describe '/ticket/get/' do request('/user/logout') Scripts.createUser('cersei@os4.com', 'cersei','Cersei Lannister') - result = request('/user/login', { - email: 'cersei@os4.com', - password: 'cersei' - }) - $csrf_userid = result['data']['userId'] - $csrf_token = result['data']['token'] - result = request('/ticket/create', { - title: 'Should we pay?', - content: 'A Lannister always pays his debts.', - departmentId: 1, - csrf_userid: $csrf_userid, - csrf_token: $csrf_token - }) - @ticketNumber = result['data']['ticketNumber'] + Scripts.createUser('not_ticket_getter@os4.com', 'not_ticket_getter','No Author') - #it 'should fail if ticketNumber is invalid' do + before do + result = Scripts.login('cersei@os4.com', 'cersei') + $csrf_userid = result['userId'] + $csrf_token = result['token'] + result = request('/ticket/create', { + title: 'Should we pay?', + content: 'A Lannister always pays his debts.', + departmentId: 1, + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + @ticketNumber = result['data']['ticketNumber'] + end - #end + it 'should fail if ticketNumber is invalid' do + result = request('/ticket/get', { + ticketNumber: (@ticketNumber.to_i + 1).to_s, + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) - #it 'should fail if ticket does not belong to user' do + (result['status']).should.equal('fail') + end - #end + it 'should fail if ticket does not belong to user' do + request('/user/logout') + result = Scripts.login('not_ticket_getter@os4.com', 'not_ticket_getter') + + $csrf_userid = result['userId'] + $csrf_token = result['token'] + result = request('/ticket/get', { + ticketNumber: @ticketNumber, + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('fail') + end it 'should successfully return the ticket information' do + result = Scripts.login('cersei@os4.com', 'cersei') + $csrf_userid = result['userId'] + $csrf_token = result['token'] result = request('/ticket/get', { ticketNumber: @ticketNumber, csrf_userid: $csrf_userid, diff --git a/tests/user/get.rb b/tests/user/get.rb new file mode 100644 index 00000000..543404a8 --- /dev/null +++ b/tests/user/get.rb @@ -0,0 +1,57 @@ +describe '/user/get' do + request('/user/logout') + Scripts.createUser('user_get@os4.com', 'user_get','User Get') + + result = Scripts.login('user_get@os4.com', 'user_get') + $csrf_userid = result['userId'] + $csrf_token = result['token'] + result = request('/ticket/create', { + title: 'Should we pay?', + content: 'A Lannister always pays his debts.', + departmentId: 1, + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + @ticketNumber = result['data']['ticketNumber'] + + it 'should fail if not logged' do + request('/user/logout') + result = request('/user/get', { + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('fail') + end + + it 'should successfully return the ticket information' do + result = Scripts.login('user_get@os4.com', 'user_get') + $csrf_userid = result['userId'] + $csrf_token = result['token'] + result = request('/user/get', { + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + ticket = $database.getRow('ticket', @ticketNumber, 'ticket_number') + + (result['status']).should.equal('success') + (result['data']['name']).should.equal('User Get') + (result['data']['email']).should.equal('user_get@os4.com') + + ticketFromUser = result['data']['tickets'][0] + (ticketFromUser['ticketNumber']).should.equal(ticket['ticket_number']) + (ticketFromUser['title']).should.equal(ticket['title']) + (ticketFromUser['content']).should.equal(ticket['content']) + (ticketFromUser['department']['id']).should.equal('1') + (ticketFromUser['department']['name']).should.equal($database.getRow('department', 1)['name']) + (ticketFromUser['date']).should.equal(ticket['date']) + (ticketFromUser['file']).should.equal(ticket['file']) + (ticketFromUser['language']).should.equal(ticket['language']) + (ticketFromUser['unread']).should.equal(false) + (ticketFromUser['author']['name']).should.equal('User Get') + (ticketFromUser['author']['email']).should.equal('user_get@os4.com') + (ticketFromUser['owner']).should.equal([]) + (ticketFromUser['comments']).should.equal([]) + end +end \ No newline at end of file