Skip to content

Commit 912b96d

Browse files
shyimpweyck
authored andcommitted
NEXT-15681 - Improve product review validation
1 parent b9f330e commit 912b96d

File tree

2 files changed

+35
-0
lines changed

2 files changed

+35
-0
lines changed

Diff for: src/Core/Content/Product/SalesChannel/Review/ProductReviewSaveRoute.php

+1
Original file line numberDiff line numberDiff line change
@@ -185,6 +185,7 @@ private function validate(DataBag $data, Context $context): void
185185
$definition->add('id', new EntityExists([
186186
'entity' => 'product_review',
187187
'context' => $context,
188+
'criteria' => $criteria,
188189
]));
189190
} else {
190191
$criteria = new Criteria();

Diff for: src/Core/Content/Test/Product/SalesChannel/Review/ProductReviewSaveRouteTest.php

+34
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
use Shopware\Core\Framework\Test\TestCaseBase\SalesChannelApiTestBehaviour;
1313
use Shopware\Core\Framework\Test\TestDataCollection;
1414
use Shopware\Core\Framework\Uuid\Uuid;
15+
use Symfony\Component\HttpFoundation\Response;
1516

1617
/**
1718
* @group store-api
@@ -120,6 +121,39 @@ public function testValidation(): void
120121
static::assertEquals($response['errors'][1]['source']['pointer'], '/content');
121122
}
122123

124+
public function testCustomerValidation(): void
125+
{
126+
$this->login();
127+
128+
$this->assertReviewCount(0);
129+
130+
$id = Uuid::randomHex();
131+
132+
// Create review
133+
$this->browser->request('POST', $this->getUrl(), [
134+
'id' => $id,
135+
'title' => 'Lorem ipsum dolor sit amet',
136+
'content' => 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna',
137+
]);
138+
139+
// Re-login as another user
140+
$this->login();
141+
142+
// Try to use the id from previous review which is not attached to this customer
143+
$this->browser->request('POST', $this->getUrl(), [
144+
'id' => $id,
145+
'title' => 'Lorem ipsum dolor sit amet',
146+
'content' => 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna',
147+
]);
148+
149+
$response = $this->browser->getResponse();
150+
151+
static::assertSame(Response::HTTP_BAD_REQUEST, $response->getStatusCode());
152+
$content = json_decode($response->getContent(), true);
153+
154+
static::assertSame('VIOLATION::ENTITY_DOES_NOT_EXISTS', $content['errors'][0]['code']);
155+
}
156+
123157
private function assertReviewCount(int $expected): void
124158
{
125159
$count = $this->getContainer()

0 commit comments

Comments
 (0)