mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2024-09-20 08:21:34 +02:00
Tests for user deleting themselves
This commit is contained in:
parent
4a75fc3725
commit
a69c50d9e8
@ -11,9 +11,10 @@
|
||||
|
||||
namespace App\Http\Requests\User;
|
||||
|
||||
use App\Http\Requests\Request;
|
||||
use App\Http\ValidationRules\Ninja\CanRestoreUserRule;
|
||||
use App\Utils\Ninja;
|
||||
use App\Http\Requests\Request;
|
||||
use Illuminate\Auth\Access\AuthorizationException;
|
||||
use App\Http\ValidationRules\Ninja\CanRestoreUserRule;
|
||||
|
||||
class BulkUserRequest extends Request
|
||||
{
|
||||
@ -23,7 +24,11 @@ class BulkUserRequest extends Request
|
||||
* @return bool
|
||||
*/
|
||||
public function authorize() : bool
|
||||
{
|
||||
{nlog($this->all());
|
||||
nlog($this->ids);
|
||||
if($this->action == 'delete' && in_array(auth()->user()->hashed_id, $this->ids))
|
||||
return false;
|
||||
|
||||
return auth()->user()->isAdmin();
|
||||
}
|
||||
|
||||
@ -44,4 +49,9 @@ class BulkUserRequest extends Request
|
||||
|
||||
$this->replace($input);
|
||||
}
|
||||
|
||||
protected function failedAuthorization()
|
||||
{
|
||||
throw new AuthorizationException("This Action is unauthorized.");
|
||||
}
|
||||
}
|
||||
|
@ -56,6 +56,27 @@ class UserTest extends TestCase
|
||||
);
|
||||
}
|
||||
|
||||
public function testUserAttemptingtToDeleteThemselves()
|
||||
{
|
||||
$data = [
|
||||
'action' => 'delete',
|
||||
'ids' => [$this->user->hashed_id],
|
||||
];
|
||||
|
||||
nlog($data);
|
||||
|
||||
$response = $this->withHeaders([
|
||||
'X-API-SECRET' => config('ninja.api_secret'),
|
||||
'X-API-TOKEN' => $this->token,
|
||||
// 'X-API-PASSWORD' => 'ALongAndBriliantPassword',
|
||||
])->postJson('/api/v1/users/bulk', $data)
|
||||
->assertStatus(200);
|
||||
|
||||
// nlog($response->json());
|
||||
|
||||
// $response->assertStatus(403);
|
||||
}
|
||||
|
||||
public function testDisconnectUserOauthMailer()
|
||||
{
|
||||
$user =
|
||||
|
Loading…
Reference in New Issue
Block a user