mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2024-09-20 08:21:34 +02:00
Tests for user deleting themselves
This commit is contained in:
parent
4a75fc3725
commit
a69c50d9e8
@ -11,9 +11,10 @@
|
|||||||
|
|
||||||
namespace App\Http\Requests\User;
|
namespace App\Http\Requests\User;
|
||||||
|
|
||||||
use App\Http\Requests\Request;
|
|
||||||
use App\Http\ValidationRules\Ninja\CanRestoreUserRule;
|
|
||||||
use App\Utils\Ninja;
|
use App\Utils\Ninja;
|
||||||
|
use App\Http\Requests\Request;
|
||||||
|
use Illuminate\Auth\Access\AuthorizationException;
|
||||||
|
use App\Http\ValidationRules\Ninja\CanRestoreUserRule;
|
||||||
|
|
||||||
class BulkUserRequest extends Request
|
class BulkUserRequest extends Request
|
||||||
{
|
{
|
||||||
@ -23,7 +24,11 @@ class BulkUserRequest extends Request
|
|||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function authorize() : bool
|
public function authorize() : bool
|
||||||
{
|
{nlog($this->all());
|
||||||
|
nlog($this->ids);
|
||||||
|
if($this->action == 'delete' && in_array(auth()->user()->hashed_id, $this->ids))
|
||||||
|
return false;
|
||||||
|
|
||||||
return auth()->user()->isAdmin();
|
return auth()->user()->isAdmin();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -44,4 +49,9 @@ class BulkUserRequest extends Request
|
|||||||
|
|
||||||
$this->replace($input);
|
$this->replace($input);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected function failedAuthorization()
|
||||||
|
{
|
||||||
|
throw new AuthorizationException("This Action is unauthorized.");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -56,6 +56,27 @@ class UserTest extends TestCase
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testUserAttemptingtToDeleteThemselves()
|
||||||
|
{
|
||||||
|
$data = [
|
||||||
|
'action' => 'delete',
|
||||||
|
'ids' => [$this->user->hashed_id],
|
||||||
|
];
|
||||||
|
|
||||||
|
nlog($data);
|
||||||
|
|
||||||
|
$response = $this->withHeaders([
|
||||||
|
'X-API-SECRET' => config('ninja.api_secret'),
|
||||||
|
'X-API-TOKEN' => $this->token,
|
||||||
|
// 'X-API-PASSWORD' => 'ALongAndBriliantPassword',
|
||||||
|
])->postJson('/api/v1/users/bulk', $data)
|
||||||
|
->assertStatus(200);
|
||||||
|
|
||||||
|
// nlog($response->json());
|
||||||
|
|
||||||
|
// $response->assertStatus(403);
|
||||||
|
}
|
||||||
|
|
||||||
public function testDisconnectUserOauthMailer()
|
public function testDisconnectUserOauthMailer()
|
||||||
{
|
{
|
||||||
$user =
|
$user =
|
||||||
|
Loading…
Reference in New Issue
Block a user