Skip to content

GitLab

Commit 18b7a62c authored by Fabrice Gangler's avatar Fabrice Gangler 🎨
Browse files

FIX(mapping form): redirect if user is not "user of" 

Refs: #919
parent 8c2d7465
Pipeline #10013 failed with stage
in 5 minutes and 8 seconds
Hide whitespace changes
Inline Side-by-side
src/Controller/Api/V1/TaxonomysSoftwaresController.php
View file @ 18b7a62c
......@@ -96,6 +96,17 @@ class TaxonomysSoftwaresController extends CommonTaxonomySoftwareController
return $this->redirect("$allowedUrl", 301);
}
// Check if current user is already a "user of"
$registry = TableRegistry::get("RelationshipsSoftwaresUsers");
$userOf = $registry->exists([
'user_id' => $userId,
'software_id' => $softwareId,
'relationship_id' => $this->getRelationshipIdByName('UserOf'),
]);
if ($userOf === false) { // not already "user of"
return $this->redirect("/$lang/softwares/$softwareId", 302);
}
// Get already existing associations between the user, the software and the taxonomies
$existingEntries = $this->TaxonomysSoftwares->getListByUserIdBySofwareId($userId, $softwareId);
// example: Array( <taxonId> => taxonomySoftware, ...)
......
tests/TestCase/Controller/Api/V1/TaxonomysSoftwaresControllerTest.php
View file @ 18b7a62c
......@@ -52,6 +52,40 @@ class TaxonomysSoftwaresControllerTest extends ApiIntegrationTestCase
//// Public actions /////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/**
* Try to display mapping form by connected user (type = "Administration")
* without being declared user of the software
*
* URL: /en/mappingForm/<softwareId> ---> redirect 302 to /en/softwares/<softwareId>
* /fr/mappingForm/<softwareId> ---> redirect 302 to /fr/softwares/<softwareId>
*
* @group public
* @group taxonomy
* @group taxonomy_public
* @group taxonomy-software
* @group taxonomy-software_public
* @group taxonomy-software_mappingForm
*
* @return void
*/
public function testMappingFormDisplayWithoutDeclaredUserOf()
{
$softwareId = 2; // software ID 2 "Lutèce"
$url = "/fr/mappingForm/$softwareId";
$expectedUrl = "/fr/softwares/$softwareId";
// connected user (type = "Administration")
// is not a "user of"
$this->setConnectedAdministrationSession();
$userUrl = "/fr/users/6";
$r = $this->checkUrlOk($userUrl, ['html'], false);
$this->assertNotContains("id=\"softwarePreviewCard-$softwareId\"", $r['html']['data']);
// Mapping form redirect to software page
$this->checkUrlRedirectToAnotherUrl($url, $expectedUrl, ['html'], 302);
}
/**
* MappingForm method used by connected user (type = "Administration")
......@@ -70,7 +104,8 @@ class TaxonomysSoftwaresControllerTest extends ApiIntegrationTestCase
*/
public function testMappingFormDisplay()
{
$url = '/fr/mappingForm/2'; // software ID 2 "Lutèce"
$softwareId = 2; // software ID 2 "Lutèce"
$url = "/fr/mappingForm/$softwareId";
$title = "<title>Logiciel Lutèce : déclarer vos usages</title>";
// Anonymous user
......@@ -86,7 +121,17 @@ class TaxonomysSoftwaresControllerTest extends ApiIntegrationTestCase
$this->checkUrlNotAuthorized($url, ['html']);
// connected user (type = "Administration")
$this->setConnectedAdministrationSession();
$this->setConnectedAdministrationSession(); // user ID = 6
// Beforehand, the user declares himself/herself to be a user of the software.
$userUrl = "/fr/users/6";
$r = $this->checkUrlOk($userUrl, ['html'], false);
$this->assertNotContains("id=\"softwarePreviewCard-$softwareId\"", $r['html']['data']);
$this->post("api/v1/softwares/usersSoftware/$softwareId.json");
$r = $this->checkUrlOk($userUrl, ['html'], false);
$this->assertContains("id=\"softwarePreviewCard-$softwareId\"", $r['html']['data']);
// Check form
$r = $this->checkUrlOk($url, ['html']);
$html = $r['html']['data'];
$this->assertContains('<html lang="fr">', $html);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment