FIX(mapping form): redirect if user is not "user of"

Refs: #919

FIX(mapping form): redirect if user is not "user of"
Refs: #919
18b7a62c · Fabrice Gangler · 8c2d7465 · 18b7a62c · 18b7a62c
Commit 18b7a62c authored Jun 12, 2020 by Fabrice Gangler 🎨
2 changed files
--- a/src/Controller/Api/V1/TaxonomysSoftwaresController.php
+++ b/src/Controller/Api/V1/TaxonomysSoftwaresController.php
@@ -96,6 +96,17 @@ class TaxonomysSoftwaresController extends CommonTaxonomySoftwareController
            return $this->redirect("$allowedUrl", 301);
        }

+        // Check if current user is already a "user of"
+        $registry = TableRegistry::get("RelationshipsSoftwaresUsers");
+        $userOf = $registry->exists([
+            'user_id' => $userId,
+            'software_id' => $softwareId,
+            'relationship_id' =>  $this->getRelationshipIdByName('UserOf'),
+        ]);
+        if ($userOf === false) { // not already "user of"
+            return $this->redirect("/$lang/softwares/$softwareId", 302);
+        }
+
        // Get already existing associations between the user, the software and the taxonomies
        $existingEntries = $this->TaxonomysSoftwares->getListByUserIdBySofwareId($userId, $softwareId);
                // example: Array( <taxonId> => taxonomySoftware, ...)

--- a/tests/TestCase/Controller/Api/V1/TaxonomysSoftwaresControllerTest.php
+++ b/tests/TestCase/Controller/Api/V1/TaxonomysSoftwaresControllerTest.php
@@ -52,6 +52,40 @@ class TaxonomysSoftwaresControllerTest extends ApiIntegrationTestCase
 //// Public actions /////////////////////////////////////////////////////////////////////////////////////////////////
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

+    /**
+     * Try to display mapping form by connected user (type = "Administration")
+     * without being declared user of the software
+     *
+     *      URL: /en/mappingForm/<softwareId>  ---> redirect 302 to /en/softwares/<softwareId>
+     *           /fr/mappingForm/<softwareId>  ---> redirect 302 to /fr/softwares/<softwareId>
+     *
+     * @group public
+     * @group taxonomy
+     * @group taxonomy_public
+     * @group taxonomy-software
+     * @group taxonomy-software_public
+     * @group taxonomy-software_mappingForm
+     *
+     * @return void
+     */
+    public function testMappingFormDisplayWithoutDeclaredUserOf()
+    {
+
+        $softwareId = 2; // software ID 2 "Lutèce"
+        $url =  "/fr/mappingForm/$softwareId";
+        $expectedUrl = "/fr/softwares/$softwareId";
+
+        // connected user (type = "Administration")
+        // is not a "user of"
+        $this->setConnectedAdministrationSession();
+        $userUrl = "/fr/users/6";
+        $r = $this->checkUrlOk($userUrl, ['html'], false);
+        $this->assertNotContains("id=\"softwarePreviewCard-$softwareId\"", $r['html']['data']);
+
+        // Mapping form redirect to software page
+        $this->checkUrlRedirectToAnotherUrl($url, $expectedUrl, ['html'], 302);
+    }
+

    /**
     * MappingForm method used by connected user (type = "Administration")
@@ -70,7 +104,8 @@ class TaxonomysSoftwaresControllerTest extends ApiIntegrationTestCase
     */
    public function testMappingFormDisplay()
    {
-        $url =  '/fr/mappingForm/2'; // software ID 2 "Lutèce"
+        $softwareId = 2; // software ID 2 "Lutèce"
+        $url =  "/fr/mappingForm/$softwareId";
        $title = "<title>Logiciel Lutèce : déclarer vos usages</title>";

        // Anonymous user
@@ -86,7 +121,17 @@ class TaxonomysSoftwaresControllerTest extends ApiIntegrationTestCase
        $this->checkUrlNotAuthorized($url, ['html']);

        // connected user (type = "Administration")
-        $this->setConnectedAdministrationSession();
+        $this->setConnectedAdministrationSession(); // user ID = 6
+
+        // Beforehand, the user declares himself/herself to be a user of the software.
+        $userUrl = "/fr/users/6";
+        $r = $this->checkUrlOk($userUrl, ['html'], false);
+        $this->assertNotContains("id=\"softwarePreviewCard-$softwareId\"", $r['html']['data']);
+        $this->post("api/v1/softwares/usersSoftware/$softwareId.json");
+        $r = $this->checkUrlOk($userUrl, ['html'], false);
+        $this->assertContains("id=\"softwarePreviewCard-$softwareId\"", $r['html']['data']);
+
+        // Check form
        $r = $this->checkUrlOk($url, ['html']);
        $html = $r['html']['data'];
        $this->assertContains('<html lang="fr">', $html);