github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2025-06-29 23:51:21 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
1.x
framework/extensions/suspend/tests/integration/api/users/RemoveAvatarTest.php
IanM 3a45ebc716
Some checks failed
Akismet PHP / run (push) Has been cancelled
Details
Approval PHP / run (push) Has been cancelled
Details
Core PHP / run (push) Has been cancelled
Details
Embed PHP / run (push) Has been cancelled
Details
Emoji PHP / run (push) Has been cancelled
Details
Extension Manager PHP / run (push) Has been cancelled
Details
Flags PHP / run (push) Has been cancelled
Details
Likes PHP / run (push) Has been cancelled
Details
Lock PHP / run (push) Has been cancelled
Details
Markdown PHP / run (push) Has been cancelled
Details
Mentions PHP / run (push) Has been cancelled
Details
Nicknames PHP / run (push) Has been cancelled
Details
Pusher PHP / run (push) Has been cancelled
Details
Statistics PHP / run (push) Has been cancelled
Details
Sticky PHP / run (push) Has been cancelled
Details
Subscriptions PHP / run (push) Has been cancelled
Details
Suspend PHP / run (push) Has been cancelled
Details
Tags PHP / run (push) Has been cancelled
Details
Framework JS / run (push) Has been cancelled
Details
Framework PHP / run (push) Has been cancelled
Details
[1.x] [suspend] fix: previously suspended admin users cannot remove their avatar after suspension (#4071) 
* [1.x][suspend] fix: formally suspended admin users cannot remove their avatar after suspension

* Apply fixes from StyleCI

---------

Co-authored-by: StyleCI Bot <bot@styleci.io>
2024-10-15 12:10:55 +01:00

102 lines
4.0 KiB
PHP
Raw Permalink Blame History

<?php
/*
* This file is part of Flarum.
*
* For detailed copyright and license information, please view the
* LICENSE file that was distributed with this source code.
*/
namespace Flarum\Suspend\Tests\integration\api\users;
use Carbon\Carbon;
use Flarum\Testing\integration\RetrievesAuthorizedUsers;
use Flarum\Testing\integration\TestCase;
use Psr\Http\Message\ResponseInterface;
class RemoveAvatarTest extends TestCase
{
use RetrievesAuthorizedUsers;
public function setUp(): void
{
parent::setUp();
$this->extension('flarum-suspend');
$this->prepareDatabase([
'users' => [
['id' => 1, 'username' => 'Muralf', 'email' => 'muralf@machine.local', 'is_email_confirmed' => 1],
$this->normalUser(),
['id' => 3, 'username' => 'acme', 'email' => 'acme@machine.local', 'is_email_confirmed' => 1, 'suspended_until' => Carbon::now()->addDay(), 'suspend_message' => 'You have been suspended.', 'suspend_reason' => 'Suspended for acme reasons.'],
['id' => 4, 'username' => 'acme4', 'email' => 'acme4@machine.local', 'is_email_confirmed' => 1],
['id' => 5, 'username' => 'acme5', 'email' => 'acme5@machine.local', 'is_email_confirmed' => 1, 'suspended_until' => Carbon::now()->subDay(), 'suspend_message' => 'You have been suspended.', 'suspend_reason' => 'Suspended for acme reasons.'],
['id' => 6, 'username' => 'acme6', 'email' => 'acme6@machine.local', 'is_email_confirmed' => 1, 'suspended_until' => Carbon::now()->subWeek(), 'suspend_message' => 'You have been suspended.', 'suspend_reason' => 'Suspended for acme reasons.'],
],
'groups' => [
['id' => 5, 'name_singular' => 'can_edit_users', 'name_plural' => 'can_edit_users', 'is_hidden' => 0]
],
'group_user' => [
['user_id' => 2, 'group_id' => 5],
['user_id' => 6, 'group_id' => 1],
],
'group_permission' => [
['permission' => 'user.edit', 'group_id' => 5],
]
]);
}
/**
* @test
* @dataProvider allowedToRemoveAvatar
*/
public function can_remove_avatar_if_allowed(?int $authenticatedAs, int $targetUserId)
{
$response = $this->sendRemoveAvatarRequest($authenticatedAs, $targetUserId);
$this->assertEquals(200, $response->getStatusCode(), $response->getBody()->getContents());
}
/**
* @test
* @dataProvider notAllowedToRemoveAvatar
*/
public function cannot_remove_avatar_if_not_allowed(?int $authenticatedAs, int $targetUserId)
{
$response = $this->sendRemoveAvatarRequest($authenticatedAs, $targetUserId);
$this->assertEquals(403, $response->getStatusCode(), $response->getBody()->getContents());
}
public function allowedToRemoveAvatar(): array
{
return [
[1, 4, 'Admin can remove avatar of normal user'],
[4, 4, 'Normal user can remove their own avatar'],
[1, 3, 'Admin can remove avatar of suspended user'],
[2, 3, 'Normal user with permission can remove avatar of suspended user'],
[1, 6, 'Admin can remove avatar of expired suspended user'],
[2, 6, 'Normal user with permission can remove avatar of expired suspended user'],
[6, 6, 'Admin user can remove avatar if they have an expired suspension'],
];
}
public function notAllowedToRemoveAvatar(): array
{
return [
[4, 2, 'Normal user cannot remove avatar of another user'],
[4, 3, 'Normal user cannot remove avatar of suspended user'],
[3, 3, 'Suspended user cannot remove their own avatar'],
];
}
protected function sendRemoveAvatarRequest(?int $authenticatedAs, int $targetUserId): ResponseInterface
{
return $this->send(
$this->request('DELETE', "/api/users/$targetUserId/avatar", [
'authenticatedAs' => $authenticatedAs,
])
);
}
}
Reference in New Issue View Git Blame Copy Permalink