Slug Driver Support (#2456)

- Support slug drivers for core's sluggable models, easily extends to other models - Add automated testing for affected single-model API routes - Fix nickname selection UI - Serialize slugs as `slug` attribute - Make min search length a constant
2025-07-30 21:20:24 +02:00 · 2020-12-07 13:33:42 -05:00
parent ef4bf8128e
commit 4679448300
27 changed files with 671 additions and 58 deletions
--- a/tests/integration/api/users/CreateTest.php
+++ b/tests/integration/api/users/CreateTest.php
@@ -25,9 +25,10 @@ class CreateTest extends TestCase
        $this->prepareDatabase([
            'users' => [
                $this->adminUser(),
+                $this->normalUser(),
            ],
            'groups' => [
-                $this->adminGroup(),
+                $this->adminGroup()
            ],
            'group_user' => [
                ['user_id' => 1, 'group_id' => 1],
--- a/tests/integration/api/users/ShowTest.php
+++ b/tests/integration/api/users/ShowTest.php
@@ -0,0 +1,197 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Tests\integration\api\users;
+
+use Flarum\Tests\integration\RetrievesAuthorizedUsers;
+use Flarum\Tests\integration\TestCase;
+
+class ShowTest extends TestCase
+{
+    use RetrievesAuthorizedUsers;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->prepareDatabase([
+            'users' => [
+                $this->adminUser(),
+                $this->normalUser(),
+            ],
+            'groups' => [
+                $this->adminGroup()
+            ],
+            'group_user' => [
+                ['user_id' => 1, 'group_id' => 1],
+            ],
+            'settings' => [
+                ['key' => 'mail_driver', 'value' => 'log'],
+            ],
+        ]);
+    }
+
+    /**
+     * @test
+     */
+    public function admin_can_see_user()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/users/2', [
+                'authenticatedAs' => 1,
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+    }
+
+    /**
+     * @test
+     */
+    public function admin_can_see_user_via_slug()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/users/normal', [
+                'authenticatedAs' => 1,
+            ])->withQueryParams([
+                'bySlug' => true
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+    }
+
+    /**
+     * @test
+     */
+    public function guest_cannot_see_user()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/users/2')
+        );
+
+        $this->assertEquals(404, $response->getStatusCode());
+    }
+
+    /**
+     * @test
+     */
+    public function guest_cannot_see_user_by_slug()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/users/2')->withQueryParams([
+                'bySlug' => true
+            ])
+        );
+
+        $this->assertEquals(404, $response->getStatusCode());
+    }
+
+    /**
+     * @test
+     */
+    public function user_can_see_themselves()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/users/2', [
+                'authenticatedAs' => 2,
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+    }
+
+    /**
+     * @test
+     */
+    public function user_can_see_themselves_via_slug()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/users/normal', [
+                'authenticatedAs' => 2,
+            ])->withQueryParams([
+                'bySlug' => true
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+    }
+
+    /**
+     * @test
+     */
+    public function user_cant_see_others_by_default()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/users/1', [
+                'authenticatedAs' => 2,
+            ])
+        );
+
+        $this->assertEquals(404, $response->getStatusCode());
+    }
+
+    /**
+     * @test
+     */
+    public function user_cant_see_others_by_default_via_slug()
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/users/admin', [
+                'authenticatedAs' => 2,
+            ])->withQueryParams([
+                'bySlug' => true
+            ])
+        );
+
+        $this->assertEquals(404, $response->getStatusCode());
+    }
+
+    /**
+     * @test
+     */
+    public function user_can_see_others_if_allowed()
+    {
+        $this->prepareDatabase([
+            'group_permission' => [
+                ['permission' => 'viewDiscussions', 'group_id' => 3],
+            ]
+        ]);
+
+        $response = $this->send(
+            $this->request('GET', '/api/users/1', [
+                'authenticatedAs' => 2,
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+    }
+
+    /**
+     * @test
+     */
+    public function user_can_see_others_if_allowed_via_slug()
+    {
+        $this->prepareDatabase([
+            'group_permission' => [
+                ['permission' => 'viewDiscussions', 'group_id' => 3],
+            ]
+        ]);
+
+        $response = $this->send(
+            $this->request('GET', '/api/users/admin', [
+                'authenticatedAs' => 2,
+            ])->withQueryParams([
+                'bySlug' => true
+            ])
+        );
+
+        $this->assertEquals(200, $response->getStatusCode());
+    }
+}