diff --git a/framework/core/tests/integration/api/users/ShowTest.php b/framework/core/tests/integration/api/users/ShowTest.php index fc7557ee8..c3bcefaee 100644 --- a/framework/core/tests/integration/api/users/ShowTest.php +++ b/framework/core/tests/integration/api/users/ShowTest.php @@ -30,6 +30,16 @@ class ShowTest extends TestCase ]); } + private function forbidGuestsFromSeeingForum() + { + $this->database()->table('group_permission')->where('permission', 'viewDiscussions')->where('group_id', 2)->delete(); + } + + private function forbidMembersFromSearchingUsers() + { + $this->database()->table('group_permission')->where('permission', 'viewUserList')->where('group_id', 3)->delete(); + } + /** * @test */ @@ -63,22 +73,52 @@ class ShowTest extends TestCase /** * @test */ - public function guest_cannot_see_user() + public function guest_can_see_user_by_default() { $response = $this->send( $this->request('GET', '/api/users/2') ); + $this->assertEquals(200, $response->getStatusCode()); + } + + /** + * @test + */ + public function guest_can_see_user_by_slug_by_default() + { + $response = $this->send( + $this->request('GET', '/api/users/normal')->withQueryParams([ + 'bySlug' => true + ]) + ); + + $this->assertEquals(200, $response->getStatusCode()); + } + + /** + * @test + */ + public function guest_cant_see_user_if_blocked() + { + $this->forbidGuestsFromSeeingForum(); + + $response = $this->send( + $this->request('GET', '/api/users/2') + ); + $this->assertEquals(404, $response->getStatusCode()); } /** * @test */ - public function guest_cannot_see_user_by_slug() + public function guest_cant_see_user_by_slug_if_blocked() { + $this->forbidGuestsFromSeeingForum(); + $response = $this->send( - $this->request('GET', '/api/users/2')->withQueryParams([ + $this->request('GET', '/api/users/normal')->withQueryParams([ 'bySlug' => true ]) ); @@ -119,7 +159,7 @@ class ShowTest extends TestCase /** * @test */ - public function user_cant_see_others_by_default() + public function user_can_see_others_by_default() { $response = $this->send( $this->request('GET', '/api/users/1', [ @@ -127,55 +167,31 @@ class ShowTest extends TestCase ]) ); - $this->assertEquals(404, $response->getStatusCode()); - } - - /** - * @test - */ - public function user_cant_see_others_by_default_via_slug() - { - $response = $this->send( - $this->request('GET', '/api/users/admin', [ - 'authenticatedAs' => 2, - ])->withQueryParams([ - 'bySlug' => true - ]) - ); - - $this->assertEquals(404, $response->getStatusCode()); - } - - /** - * @test - */ - public function user_can_see_others_if_allowed() - { - $this->prepareDatabase([ - 'group_permission' => [ - ['permission' => 'viewDiscussions', 'group_id' => 3], - ] - ]); - - $response = $this->send( - $this->request('GET', '/api/users/1', [ - 'authenticatedAs' => 2, - ]) - ); - $this->assertEquals(200, $response->getStatusCode()); } /** * @test */ - public function user_can_see_others_if_allowed_via_slug() + public function user_can_see_others_by_default_via_slug() { - $this->prepareDatabase([ - 'group_permission' => [ - ['permission' => 'viewDiscussions', 'group_id' => 3], - ] - ]); + $response = $this->send( + $this->request('GET', '/api/users/admin', [ + 'authenticatedAs' => 2, + ])->withQueryParams([ + 'bySlug' => true + ]) + ); + + $this->assertEquals(200, $response->getStatusCode()); + } + + /** + * @test + */ + public function user_can_still_see_others_via_slug_even_if_cant_search() + { + $this->forbidMembersFromSearchingUsers(); $response = $this->send( $this->request('GET', '/api/users/admin', [ diff --git a/framework/core/tests/integration/extenders/PolicyTest.php b/framework/core/tests/integration/extenders/PolicyTest.php index 978d0fff9..984885277 100644 --- a/framework/core/tests/integration/extenders/PolicyTest.php +++ b/framework/core/tests/integration/extenders/PolicyTest.php @@ -137,19 +137,19 @@ class PolicyTest extends TestCase /** * @test */ - public function regular_user_cant_start_discussions_by_default() + public function regular_user_can_start_discussions_by_default() { $this->app(); $user = User::find(2); - $this->assertEquals(false, $user->can('startDiscussion')); + $this->assertEquals(true, $user->can('startDiscussion')); } /** * @test */ - public function regular_user_can_start_discussions_if_granted_by_global_policy() + public function regular_user_cant_start_discussions_if_blocked_by_global_policy() { $this->extend( (new Extend\Policy) @@ -160,7 +160,7 @@ class PolicyTest extends TestCase $user = User::find(2); - $this->assertEquals(true, $user->can('startDiscussion')); + $this->assertEquals(false, $user->can('startDiscussion')); } /** @@ -177,7 +177,7 @@ class PolicyTest extends TestCase $user = User::find(2); - $this->assertEquals(false, $user->can('startDiscussion', Discussion::find(1))); + $this->assertEquals(true, $user->can('startDiscussion', Discussion::find(1))); } /** @@ -260,7 +260,7 @@ class GlobalStartDiscussionPolicy extends AbstractPolicy { protected function startDiscussion(User $user) { - return $this->allow(); + return $this->deny(); } }