Add api tests for permissions (list and add)

Fix issue with mass_insert when existing data already exist. Remove mobile detect
nikrou · Oct 8, 2014 · 8fc7938 · 8fc7938
1 parent 2df0f83
commit 8fc7938
Show file tree

Hide file tree

Showing 32 changed files with 854 additions and 1,710 deletions.
diff --git a/TODO.md b/TODO.md
@@ -8,3 +8,4 @@ Things to do
 
  * Use non minified javascript
  * Add more tests (unit and functional)
+ * Behat/Mink tests : use ID everywhere instead of names
diff --git a/admin/cat_perm.php b/admin/cat_perm.php
@@ -103,7 +103,7 @@
                 GROUP_ACCESS_TABLE,
                 array('group_id','cat_id'),
                 $inserts,
-                array('ignore'=>true)
+                array('ignore' => true)
             );
         }
 

diff --git a/admin/include/functions.php b/admin/include/functions.php
@@ -1892,7 +1892,7 @@ function add_permission_on_category($category_ids, $user_ids) {
         USER_ACCESS_TABLE,
         array('user_id','cat_id'),
         $inserts,
-        array('ignore'=>true)
+        array('ignore' => true)
     );
 }
 

diff --git a/behat.yml.travis.dist b/behat.yml.travis.dist
@@ -10,6 +10,7 @@ default:
         album: index.php?/category/%d
         picture: picture.php?/%%d/category/%d
 
+      upload_dir: upload/
       config_file: local/config/database.inc.php
       sql_init_file: features/sql/db_init.sql
       sql_cleanup_file: features/sql/db_cleanup.sql

diff --git a/features/api/pwg.categories.getImages.feature b/features/api/pwg.categories.getImages.feature
@@ -17,7 +17,7 @@ Feature: API
       | photo 2 | album 1 |
       | photo 3 | album 1 |
       | photo 4 | album 1 |
-    And "user1" can access "album 1"
+    And user "user1" can access "album 1"
 
   Scenario: Get images in album
     Given I am authenticated for api as "user1" with password "pass1"

diff --git a/features/api/pwg.images.addSimple.feature b/features/api/pwg.images.addSimple.feature
@@ -12,7 +12,7 @@ Feature: API
       | name   |
       | album 1|
     Then save "category_id"
-    And "user1" can access "album 1"
+    And user "user1" can access "album 1"
 
   Scenario: add an image to a category
     Given I am authenticated for api as "user1" with password "pass1"

diff --git a/features/api/pwg.images.delete.feature b/features/api/pwg.images.delete.feature
@@ -16,7 +16,7 @@ Feature: API
       | photo 1 | album 1 | features/media/img_1.png |
       | photo 2 | album 1 | features/media/img_2.png |
     Then save "image_id"
-    And "user1" can access "album 1"
+    And user "user1" can access "album 1"
 
   Scenario: add an image to a category
     Given I am authenticated for api as "user1" with password "pass1"

diff --git a/features/api/pwg.permissions.add.feature b/features/api/pwg.permissions.add.feature
@@ -0,0 +1,79 @@
+@api
+Feature: API
+  In order to manage my gallery
+  As a developer
+  I need to be able to use the api
+
+  Background: init
+    Given a user:
+      | username | password | status    |
+      | user1    | pass1    | webmaster |
+    Then save "user_id1"
+    Given a user:
+      | username | password | status |
+      | user2    | pass2    | normal |
+    Then save "user_id2"
+    And albums:
+      | name    | status  |
+      | album 1 | private |
+    Then save "album_id1"
+    And albums:
+      | name    | status  |
+      | album 2 | private |
+    Then save "album_id2"
+    And user "user2" can access "album 2"
+    And a group:
+      | name   |
+      | group1 |
+    Then save "group_id"
+    And users "SAVED:user_id1" belong to group "SAVED:group_id"
+
+  Scenario: give permissions for an album
+    Given I am authenticated for api as "user1" with password "pass1"
+    When I send a POST request to "pwg.permissions.add" with values:
+      | cat_id    | SAVED:album_id1 |
+      | user_id   | SAVED:user_id1  |
+      | pwg_token |                 |
+    When I send a GET request to "pwg.permissions.getList" with values:
+      | cat_id | SAVED:album_id1 |
+    Then the response has property "result/categories" with size 1
+    Then the response has property "result/categories/0/users" with size 1
+    Then the response has property "result/categories/0/users/0" equals to "SAVED:user_id1"
+
+  Scenario: append permissions for an album
+    Given I am authenticated for api as "user1" with password "pass1"
+    When I send a POST request to "pwg.permissions.add" with values:
+      | cat_id    | SAVED:album_id2 |
+      | user_id   | SAVED:user_id1  |
+      | pwg_token |                 |
+    When I send a GET request to "pwg.permissions.getList" with values:
+      | cat_id | SAVED:album_id2 |
+    Then the response has property "result/categories" with size 1
+    Then the response has property "result/categories/0/users" with size 2
+    Then the response has property "result/categories/0/users/0" equals to "SAVED:user_id2"
+    Then the response has property "result/categories/0/users/1" equals to "SAVED:user_id1"
+
+  Scenario: update permissions for same user on same album
+    Given I am authenticated for api as "user1" with password "pass1"
+    When I send a POST request to "pwg.permissions.add" with values:
+      | cat_id    | SAVED:album_id2 |
+      | user_id   | SAVED:user_id2  |
+      | pwg_token |                 |
+    When I send a GET request to "pwg.permissions.getList" with values:
+      | cat_id | SAVED:album_id2 |
+    Then the response has property "result/categories" with size 1
+    Then the response has property "result/categories/0/users" with size 1
+    Then the response has property "result/categories/0/users/0" equals to "SAVED:user_id2"
+
+  Scenario: add permissions for a group for an album
+    Given I am authenticated for api as "user1" with password "pass1"
+    When I send a POST request to "pwg.permissions.add" with values:
+      | cat_id    | SAVED:album_id2 |
+      | group_id  | SAVED:group_id  |
+      | pwg_token |                 |
+    Then the response has property "result/categories" with size 1
+    Then the response has property "result/categories/0/users" with size 1
+    Then the response has property "result/categories/0/users_indirect" with size 1
+    Then the response has property "result/categories/0/users/0" equals to "SAVED:user_id2"
+    Then the response has property "result/categories/0/users_indirect/0" equals to "SAVED:user_id1"
+
diff --git a/features/api/pwg.permissions.getList.feature b/features/api/pwg.permissions.getList.feature
@@ -0,0 +1,79 @@
+@api
+Feature: API
+  In order to manage my gallery
+  As a developer
+  I need to be able to use the api
+
+  Background: init
+    Given a user:
+      | username | password | status    |
+      | user1    | pass1    | webmaster |
+    Then save "user_id1"
+    Given a user:
+      | username | password | status |
+      | user2    | pass2    | normal |
+    Then save "user_id2"
+    And albums:
+      | name    | status  |
+      | album 1 | private |
+    Then save "album_id1"
+    And albums:
+      | name    | status  |
+      | album 2 | private |
+    Then save "album_id2"
+    And albums:
+      | name    | status  |
+      | album 3 | private |
+    Then save "album_id3"
+    And a group:
+      | name   |
+      | group1 |
+    Then save "group_id"
+    And users "SAVED:user_id1,SAVED:user_id2" belong to group "SAVED:group_id"
+    And user "user1" can access "album 1"
+    And user "user1" can access "album 3"
+    And user "user2" can access "album 2"
+    And user "user2" can access "album 3"
+    And group "group1" can access "album 2"
+
+  Scenario: list permissions
+    Given I am authenticated for api as "user1" with password "pass1"
+    When I send a GET request to "pwg.permissions.getList"
+    Then the response has property "result/categories/0/users/0" equals to "SAVED:user_id1"
+
+  Scenario: multiple permissions filter by category
+    Given I am authenticated for api as "user1" with password "pass1"
+    When I send a GET request to "pwg.permissions.getList" with values:
+      | cat_id | SAVED:album_id2 |
+    Then the response has property "result/categories/0/users" with size 1
+    Then the response has property "result/categories/0/users/0" equals to "SAVED:user_id2"
+
+  Scenario: multiple permissions filter by category
+    Given I am authenticated for api as "user1" with password "pass1"
+    When I send a GET request to "pwg.permissions.getList" with values:
+      | cat_id | SAVED:album_id3 |
+    Then the response has property "result/categories" with size 1
+    Then the response has property "result/categories/0/users" with size 2
+    Then the response has property "result/categories/0/users/0" equals to "SAVED:user_id1"
+    Then the response has property "result/categories/0/users/1" equals to "SAVED:user_id2"
+
+  Scenario: multiple permissions filter by user
+    Given I am authenticated for api as "user1" with password "pass1"
+    When I send a GET request to "pwg.permissions.getList" with values:
+      | user_id | SAVED:user_id2 |
+    Then the response has property "result/categories" with size 2
+    Then the response has property "result/categories/0/users" with size 2
+    Then the response has property "result/categories/0/users/0" equals to "SAVED:user_id1"
+    Then the response has property "result/categories/0/users/1" equals to "SAVED:user_id2"
+    Then the response has property "result/categories/1/users/0" equals to "SAVED:user_id2"
+
+  Scenario: access album by group
+    Given I am authenticated for api as "user1" with password "pass1"
+    When I send a GET request to "pwg.permissions.getList" with values:
+      | cat_id | SAVED:album_id2 |
+    Then the response has property "result/categories/0/users" with size 1
+    Then the response has property "result/categories/0/users/0" equals to "SAVED:user_id2"
+    Then the response has property "result/categories/0/users_indirect" with size 2
+    Then the response has property "result/categories/0/users_indirect/0" equals to "SAVED:user_id1"
+    Then the response has property "result/categories/0/users_indirect/1" equals to "SAVED:user_id2"
+    Then the response has property "result/categories/0/groups/0" equals to "SAVED:group_id"
diff --git a/features/bootstrap/ApiContext.php b/features/bootstrap/ApiContext.php
@@ -198,7 +198,7 @@ public function theResponseHasProperty($property) {
     public function theResponseHasPropertyEqualsTo($property, $value) {
         $data = $this->getJson();
         $value = preg_replace_callback(
-            '`SAVED:([a-zA-z_-]*)`',
+            '`SAVED:([a-zA-Z0-9_-]*)`',
             function($matches) {
                 return $this->getMainContext()->getSubcontext('db')->getSaved($matches[1]);
             },

diff --git a/features/bootstrap/DbContext.php b/features/bootstrap/DbContext.php
@@ -44,6 +44,15 @@ public function aUser(TableNode $table) {
         }
     }
 
+    /**
+     * @Given /^a group:$/
+     */
+    public function aGroup(TableNode $table) {
+        foreach ($table->getHash() as $group) {
+            $this->last_id = $this->addGroup($group);
+        }
+    }
+
     /**
      * @Given /^an image:$/
      * @Given /^images:$/
@@ -106,19 +115,49 @@ public function aCommentOnBy($comment, $image_name, $username) {
     }
 
     /**
-     * @Given /^"([^"]*)" can access "([^"]*)"$/
+     * @Given /^users "([^"]*)" belong to group "([^"]*)"$/
+     */
+    public function usersBelongToGroup($users, $group) {
+        $user_ids = explode(',', $users);
+        $group_id = preg_replace_callback(
+            '`SAVED:(.*)`',
+            function($matches) {
+                return $this->getSaved($matches[1]);
+            },
+            $group
+        );
+        foreach ($user_ids as $user) {
+            $user_id = preg_replace_callback(
+                '`SAVED:(.*)`',
+                function($matches) {
+                    return $this->getSaved($matches[1]);
+                },
+                $user
+            );
+            $this->addUserToGroup($user_id, $group_id);
+        }
+    }
+
+    /**
+     * @Given /^user "([^"]*)" can access "([^"]*)"$/
      */
-    public function canAccess($username, $album_name) {
-        $this->manageAccess($username, $album_name);
+    public function userCanAccess($username, $album_name) {
+        $this->userAccess($username, $album_name);
     }
 
     /**
-     * @Given /^"([^"]*)" cannot access "([^"]*)"$/
+     * @Given /^user "([^"]*)" cannot access "([^"]*)"$/
      */
-    public function cannotAccess($username, $album_name) {
-        $this->manageAccess($username, $album_name, $remove=true);
+    public function userCannotAccess($username, $album_name) {
+        $this->userAccess($username, $album_name, $remove=true);
     }
 
+    /**
+     * @Given /^group "([^"]*)" can access "([^"]*)"$/
+     */
+    public function groupCanAccess($groupname, $album_name) {
+        $this->groupAccess($groupname, $album_name);
+    }
 
     /**
      * @Given /^config for "([^"]*)" equals to "([^"]*)"$/
@@ -257,6 +296,8 @@ private static function configDb($parameters) {
                 self::$prefix.'user_infos' => 'user_id',
                 self::$prefix.'image_category' => array('image_id', 'category_id'),
                 self::$prefix.'user_access' => array('user_id', 'cat_id'),
+                self::$prefix.'group_access' => array('group_id', 'cat_id'),
+                self::$prefix.'user_group' => array('user_id', 'group_id'),
                 self::$prefix.'image_tag' => array('image_id', 'tag_id'),
                 self::$prefix.'config' => 'param',
             )
@@ -303,6 +344,22 @@ private function addUser(array $params) {
         return $user->id;
     }
 
+    private function addGroup(array $params) {
+        if (empty($params['name'])) {
+            throw new Exception('Name for group is mandatory'."\n");
+        }
+        if (!self::$conf_loaded) {
+            self::configDB($this->parameters);
+        }
+        $group = ORM::for_table(self::$prefix.'groups')->where('name', $params['name'])->find_one();
+        if (!$group) {
+            $group = ORM::for_table(self::$prefix.'groups')->create();
+            $group->name = $params['name'];
+            $group->save();
+        }
+        return $group->id;
+    }
+
     private function addImage(array $params) {
         if (empty($params['album']) || empty($params['name'])) {
             throw new Exception('Album name and image name are mandatory'."\n");
@@ -392,8 +449,31 @@ private function addAlbum(array $params) {
         return $album->id;
     }
 
+    private function addUserToGroup($user_id, $group_id) {
+        if (!self::$conf_loaded) {
+            self::configDB($this->parameters);
+        }
+        $user = ORM::for_table(self::$prefix.'users')->where('id', $user_id);
+        if (!$user) {
+            throw new Exception('User with id "'.$user_id.'" does not exist'."\n");
+        }
+        $group = ORM::for_table(self::$prefix.'groups')->where('id', $group_id);
+        if (!$group) {
+            throw new Exception('Group with id "'.$group_id.'" does not exist'."\n");
+        }
+        $user_group = ORM::for_table(self::$prefix.'user_group')
+            ->where('user_id', $user->id)
+            ->where('group_id', $group->id)
+            ->find_one();
+        if (!$user_group) {
+            $user_group = ORM::for_table(self::$prefix.'user_group')->create();
+            $user_group->user_id = $user_id;
+            $user_group->group_id = $group_id;
+            $user_group->save();
+        }
+    }
 
-    private function manageAccess($username, $album_name, $remove=false) {
+    private function userAccess($username, $album_name, $remove=false) {
         if (!self::$conf_loaded) {
             self::configDB($this->parameters);
         }
@@ -433,6 +513,33 @@ private function manageAccess($username, $album_name, $remove=false) {
             ->delete_many();
     }
 
+    private function groupAccess($groupname, $album_name) {
+        if (!self::$conf_loaded) {
+            self::configDB($this->parameters);
+        }
+
+        $album = ORM::for_table(self::$prefix.'categories')->where('name', $album_name)->find_one();
+        if (!$album) {
+            throw new Exception('Album with name '.$album_name.' does not exist'."\n");
+        }
+
+        $group = ORM::for_table(self::$prefix.'groups')->where('name', $groupname)->find_one();
+        if (!$group) {
+            throw new Exception('Group with name '.$groupname.' does not exist'."\n");
+        }
+
+        $access = ORM::for_table(self::$prefix.'group_access')
+            ->where('group_id', $group->id)
+            ->where('cat_id', $album->id)
+            ->find_one();
+        if (!$access) {
+            $access = ORM::for_table(self::$prefix.'group_access')->create();
+            $access->group_id = $group->id;
+            $access->cat_id = $album->id;
+            $access->save();
+        }
+    }
+
     private function addComment($content, $photo_name, $username) {
         if (!self::$conf_loaded) {
             self::configDB($this->parameters);