mirror of
https://github.com/Sylius/Sylius.git
synced 2026-07-14 09:02:12 +00:00
[UserBundle] Add message and status code to event when user try to delete currently logged user
[API] Test if currentry logged in user will be not deleted
This commit is contained in:
parent
0a5228d677
commit
4080094de9
4 changed files with 37 additions and 8 deletions
|
|
@ -11,8 +11,9 @@
|
|||
|
||||
namespace Sylius\Bundle\UserBundle\EventListener;
|
||||
|
||||
use Sylius\Bundle\ResourceBundle\Event\ResourceControllerEvent;
|
||||
use Sylius\Component\User\Model\UserInterface;
|
||||
use Symfony\Component\EventDispatcher\GenericEvent;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\HttpFoundation\Session\SessionInterface;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
|
||||
use Webmozart\Assert\Assert;
|
||||
|
|
@ -45,11 +46,11 @@ class UserDeleteListener
|
|||
}
|
||||
|
||||
/**
|
||||
* @param GenericEvent $event
|
||||
* @param ResourceControllerEvent $event
|
||||
*
|
||||
* @throws \InvalidArgumentException
|
||||
*/
|
||||
public function deleteUser(GenericEvent $event)
|
||||
public function deleteUser(ResourceControllerEvent $event)
|
||||
{
|
||||
$user = $event->getSubject();
|
||||
Assert::isInstanceOf($user, UserInterface::class);
|
||||
|
|
@ -58,6 +59,9 @@ class UserDeleteListener
|
|||
|
||||
if ((null !== $token) && ($loggedUser = $token->getUser()) && ($loggedUser->getId() === $user->getId())) {
|
||||
$event->stopPropagation();
|
||||
$event->setErrorCode(Response::HTTP_UNPROCESSABLE_ENTITY);
|
||||
$event->setMessage('Cannot remove currently logged in user.');
|
||||
|
||||
$this->session->getBag('flashes')->add('error', 'Cannot remove currently logged in user.');
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,9 +13,10 @@ namespace spec\Sylius\Bundle\UserBundle\EventListener;
|
|||
|
||||
use PhpSpec\ObjectBehavior;
|
||||
use Prophecy\Argument;
|
||||
use Sylius\Bundle\ResourceBundle\Event\ResourceControllerEvent;
|
||||
use Sylius\Bundle\UserBundle\EventListener\UserDeleteListener;
|
||||
use Sylius\Component\User\Model\UserInterface;
|
||||
use Symfony\Component\EventDispatcher\GenericEvent;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\HttpFoundation\Session\Flash\FlashBagInterface;
|
||||
use Symfony\Component\HttpFoundation\Session\SessionInterface;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
|
||||
|
|
@ -42,7 +43,7 @@ final class UserDeleteListenerSpec extends ObjectBehavior
|
|||
function it_deletes_user_if_it_is_different_than_currently_logged_one(
|
||||
TokenStorageInterface $tokenStorage,
|
||||
FlashBagInterface $flashBag,
|
||||
GenericEvent $event,
|
||||
ResourceControllerEvent $event,
|
||||
UserInterface $userToBeDeleted,
|
||||
UserInterface $currentlyLoggedUser,
|
||||
TokenInterface $tokenInterface
|
||||
|
|
@ -63,7 +64,7 @@ final class UserDeleteListenerSpec extends ObjectBehavior
|
|||
function it_deletes_user_if_no_user_is_logged_in(
|
||||
TokenStorageInterface $tokenStorage,
|
||||
FlashBagInterface $flashBag,
|
||||
GenericEvent $event,
|
||||
ResourceControllerEvent $event,
|
||||
UserInterface $userToBeDeleted,
|
||||
TokenInterface $tokenInterface
|
||||
) {
|
||||
|
|
@ -74,6 +75,8 @@ final class UserDeleteListenerSpec extends ObjectBehavior
|
|||
$tokenInterface->getUser()->willReturn(null);
|
||||
|
||||
$event->stopPropagation()->shouldNotBeCalled();
|
||||
$event->setErrorCode(Argument::any())->shouldNotBeCalled();
|
||||
$event->setMessage(Argument::any())->shouldNotBeCalled();
|
||||
$flashBag->add('error', Argument::any())->shouldNotBeCalled();
|
||||
|
||||
$this->deleteUser($event);
|
||||
|
|
@ -82,7 +85,7 @@ final class UserDeleteListenerSpec extends ObjectBehavior
|
|||
function it_deletes_user_if_there_is_no_token(
|
||||
TokenStorageInterface $tokenStorage,
|
||||
FlashBagInterface $flashBag,
|
||||
GenericEvent $event,
|
||||
ResourceControllerEvent $event,
|
||||
UserInterface $userToBeDeleted
|
||||
) {
|
||||
$event->getSubject()->willReturn($userToBeDeleted);
|
||||
|
|
@ -91,12 +94,14 @@ final class UserDeleteListenerSpec extends ObjectBehavior
|
|||
$tokenStorage->getToken()->willReturn(null);
|
||||
|
||||
$event->stopPropagation()->shouldNotBeCalled();
|
||||
$event->setErrorCode(Argument::any())->shouldNotBeCalled();
|
||||
$event->setMessage(Argument::any())->shouldNotBeCalled();
|
||||
$flashBag->add('error', Argument::any())->shouldNotBeCalled();
|
||||
|
||||
$this->deleteUser($event);
|
||||
}
|
||||
|
||||
function it_does_not_allow_to_delete_currently_logged_user(GenericEvent $event, UserInterface $userToBeDeleted, UserInterface $currentlyLoggedInUser, $tokenStorage, $flashBag, TokenInterface $token)
|
||||
function it_does_not_allow_to_delete_currently_logged_user(ResourceControllerEvent $event, UserInterface $userToBeDeleted, UserInterface $currentlyLoggedInUser, $tokenStorage, $flashBag, TokenInterface $token)
|
||||
{
|
||||
$event->getSubject()->willReturn($userToBeDeleted);
|
||||
$userToBeDeleted->getId()->willReturn(1);
|
||||
|
|
@ -105,6 +110,8 @@ final class UserDeleteListenerSpec extends ObjectBehavior
|
|||
$token->getUser()->willReturn($currentlyLoggedInUser);
|
||||
|
||||
$event->stopPropagation()->shouldBeCalled();
|
||||
$event->setErrorCode(Response::HTTP_UNPROCESSABLE_ENTITY)->shouldBeCalled();
|
||||
$event->setMessage('Cannot remove currently logged in user.')->shouldBeCalled();
|
||||
$flashBag->add('error', 'Cannot remove currently logged in user.')->shouldBeCalled();
|
||||
|
||||
$this->deleteUser($event);
|
||||
|
|
|
|||
|
|
@ -329,6 +329,20 @@ EOT;
|
|||
$this->assertResponse($response, 'error/not_found_response', Response::HTTP_NOT_FOUND);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function it_does_not_allow_to_delete_current_logged_admin_user()
|
||||
{
|
||||
$user = $this->loadFixturesFromFile('authentication/api_administrator.yml');
|
||||
$this->loadFixturesFromFile('resources/admin_users.yml');
|
||||
|
||||
$this->client->request('DELETE', $this->getAdminUserUrl($user['admin']), [], [], static::$authorizedHeaderWithContentType);
|
||||
|
||||
$response = $this->client->getResponse();
|
||||
$this->assertResponse($response, 'admin_user/deletion_fail_response', Response::HTTP_UNPROCESSABLE_ENTITY);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param AdminUserInterface $user
|
||||
*
|
||||
|
|
|
|||
|
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"code": 422,
|
||||
"message": "Cannot remove currently logged in user."
|
||||
}
|
||||
Loading…
Add table
Reference in a new issue