mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2024-09-20 08:21:34 +02:00
commit
591d715b04
@ -127,8 +127,7 @@ class UserFilters extends QueryFilters
|
||||
$user_array = $this->transformKeys(explode(',', $user_id));
|
||||
|
||||
return $this->builder->where(function ($query) use ($user_array) {
|
||||
$query->whereNotIn('id', $user_array)
|
||||
->where('account_id', auth()->user()->account_id);
|
||||
$query->whereNotIn('id', $user_array);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
@ -38,6 +38,8 @@ class UserTest extends TestCase
|
||||
|
||||
private $default_email = 'attach@gmail.com';
|
||||
|
||||
public $faker;
|
||||
|
||||
protected function setUp() :void
|
||||
{
|
||||
parent::setUp();
|
||||
@ -50,7 +52,7 @@ class UserTest extends TestCase
|
||||
|
||||
Model::reguard();
|
||||
|
||||
$this->withoutExceptionHandling();
|
||||
// $this->withoutExceptionHandling();
|
||||
|
||||
$this->withoutMiddleware(
|
||||
ThrottleRequests::class,
|
||||
@ -58,10 +60,9 @@ class UserTest extends TestCase
|
||||
);
|
||||
}
|
||||
|
||||
public function testUserAttemptingtToDeleteThemselves()
|
||||
private function mockAccount()
|
||||
{
|
||||
|
||||
|
||||
$account = Account::factory()->create([
|
||||
'hosted_client_count' => 1000,
|
||||
'hosted_company_count' => 1000,
|
||||
@ -74,6 +75,7 @@ class UserTest extends TestCase
|
||||
'account_id' => $this->account->id,
|
||||
'confirmation_code' => 'xyz123',
|
||||
'email' => $this->faker->unique()->safeEmail(),
|
||||
'password' => \Illuminate\Support\Facades\Hash::make('ALongAndBriliantPassword'),
|
||||
]);
|
||||
|
||||
$settings = CompanySettings::defaults();
|
||||
@ -101,18 +103,164 @@ class UserTest extends TestCase
|
||||
$company_token->name = 'test token';
|
||||
$company_token->token = $token;
|
||||
$company_token->is_system = true;
|
||||
$company_token->save();
|
||||
|
||||
return $company_token;
|
||||
|
||||
}
|
||||
|
||||
public function testUserResponse()
|
||||
{
|
||||
$company_token = $this->mockAccount();
|
||||
|
||||
$data = [
|
||||
'first_name' => 'hey',
|
||||
'last_name' => 'you',
|
||||
'email' => 'normal_user@gmail.com',
|
||||
'company_user' => [
|
||||
'is_admin' => true,
|
||||
'is_owner' => false,
|
||||
'permissions' => 'create_client,create_invoice',
|
||||
],
|
||||
'phone' => null,
|
||||
];
|
||||
|
||||
$response = $this->withHeaders([
|
||||
'X-API-SECRET' => config('ninja.api_secret'),
|
||||
'X-API-TOKEN' => $company_token->token,
|
||||
'X-API-PASSWORD' => 'ALongAndBriliantPassword',
|
||||
])->post('/api/v1/users?include=company_user', $data);
|
||||
|
||||
$response->assertStatus(200);
|
||||
|
||||
$user = $response->json();
|
||||
$user_id = $user['data']['id'];
|
||||
|
||||
$response = $this->withHeaders([
|
||||
'X-API-SECRET' => config('ninja.api_secret'),
|
||||
'X-API-TOKEN' => $company_token->token,
|
||||
'X-API-PASSWORD' => 'ALongAndBriliantPassword',
|
||||
])->get('/api/v1/users', $data);
|
||||
|
||||
$response->assertStatus(200);
|
||||
$arr = $response->json();
|
||||
|
||||
$this->assertCount(2, $arr['data']);
|
||||
|
||||
//archive the user we just created:
|
||||
|
||||
$data = [
|
||||
'action' => 'archive',
|
||||
'ids' => [$user_id],
|
||||
];
|
||||
|
||||
$response = $this->withHeaders([
|
||||
'X-API-SECRET' => config('ninja.api_secret'),
|
||||
'X-API-TOKEN' => $company_token->token,
|
||||
'X-API-PASSWORD' => 'ALongAndBriliantPassword',
|
||||
])->postJson('/api/v1/users/bulk', $data);
|
||||
|
||||
$response->assertStatus(200);
|
||||
|
||||
$this->assertCount(1, $response->json()['data']);
|
||||
|
||||
$response = $this->withHeaders([
|
||||
'X-API-SECRET' => config('ninja.api_secret'),
|
||||
'X-API-TOKEN' => $company_token->token,
|
||||
'X-API-PASSWORD' => 'ALongAndBriliantPassword',
|
||||
])->get("/api/v1/users?without={$company_token->user->hashed_id}");
|
||||
|
||||
$response->assertStatus(200);
|
||||
$this->assertCount(1, $response->json()['data']);
|
||||
|
||||
$response = $this->withHeaders([
|
||||
'X-API-SECRET' => config('ninja.api_secret'),
|
||||
'X-API-TOKEN' => $company_token->token,
|
||||
'X-API-PASSWORD' => 'ALongAndBriliantPassword',
|
||||
])->get("/api/v1/users?without={$company_token->user->hashed_id}&status=active");
|
||||
|
||||
$response->assertStatus(200);
|
||||
$this->assertCount(0, $response->json()['data']);
|
||||
|
||||
$response = $this->withHeaders([
|
||||
'X-API-SECRET' => config('ninja.api_secret'),
|
||||
'X-API-TOKEN' => $company_token->token,
|
||||
'X-API-PASSWORD' => 'ALongAndBriliantPassword',
|
||||
])->get("/api/v1/users?without={$company_token->user->hashed_id}&status=archived");
|
||||
|
||||
$response->assertStatus(200);
|
||||
$this->assertCount(1, $response->json()['data']);
|
||||
|
||||
$response = $this->withHeaders([
|
||||
'X-API-SECRET' => config('ninja.api_secret'),
|
||||
'X-API-TOKEN' => $company_token->token,
|
||||
'X-API-PASSWORD' => 'ALongAndBriliantPassword',
|
||||
])->get("/api/v1/users?without={$company_token->user->hashed_id}&status=deleted");
|
||||
|
||||
$response->assertStatus(200);
|
||||
$this->assertCount(0, $response->json()['data']);
|
||||
|
||||
|
||||
}
|
||||
|
||||
public function testUserAttemptingtToDeleteThemselves()
|
||||
{
|
||||
|
||||
$account = Account::factory()->create([
|
||||
'hosted_client_count' => 1000,
|
||||
'hosted_company_count' => 1000,
|
||||
]);
|
||||
|
||||
$account->num_users = 3;
|
||||
$account->save();
|
||||
|
||||
$user = User::factory()->create([
|
||||
'account_id' => $this->account->id,
|
||||
'confirmation_code' => 'xyz123',
|
||||
'email' => $this->faker->unique()->safeEmail(),
|
||||
'password' => \Illuminate\Support\Facades\Hash::make('ALongAndBriliantPassword'),
|
||||
]);
|
||||
|
||||
$settings = CompanySettings::defaults();
|
||||
$settings->client_online_payment_notification = false;
|
||||
$settings->client_manual_payment_notification = false;
|
||||
|
||||
$company = Company::factory()->create([
|
||||
'account_id' => $account->id,
|
||||
'settings' => $settings,
|
||||
]);
|
||||
|
||||
|
||||
$cu = CompanyUserFactory::create($user->id, $company->id, $account->id);
|
||||
$cu->is_owner = true;
|
||||
$cu->is_admin = true;
|
||||
$cu->is_locked = false;
|
||||
$cu->save();
|
||||
|
||||
$token = \Illuminate\Support\Str::random(64);
|
||||
|
||||
$company_token = new CompanyToken();
|
||||
$company_token->user_id = $user->id;
|
||||
$company_token->company_id = $company->id;
|
||||
$company_token->account_id = $account->id;
|
||||
$company_token->name = 'test token';
|
||||
$company_token->token = $token;
|
||||
$company_token->is_system = true;
|
||||
$company_token->save();
|
||||
|
||||
$data = [
|
||||
'ids' => [$user->hashed_id],
|
||||
];
|
||||
];
|
||||
|
||||
$response = $this->withHeaders([
|
||||
'X-API-SECRET' => config('ninja.api_secret'),
|
||||
'X-API-TOKEN' => $token,
|
||||
'X-API-PASSWORD' => 'ALongAndBriliantPassword',
|
||||
])->postJson('/api/v1/users/bulk?action=dete', $data)
|
||||
->assertStatus(403);
|
||||
])->postJson('/api/v1/users/bulk?action=delete', $data);
|
||||
|
||||
nlog($response);
|
||||
|
||||
$response->assertStatus(401);
|
||||
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user