[UserBundle] Add message and status code to event when user try to delete currently logged user

[API] Test if currentry logged in user will be not  deleted
This commit is contained in:
tuka217 2017-03-09 11:09:21 +01:00
parent 0a5228d677
commit 4080094de9
4 changed files with 37 additions and 8 deletions

View file

@ -11,8 +11,9 @@
namespace Sylius\Bundle\UserBundle\EventListener;
use Sylius\Bundle\ResourceBundle\Event\ResourceControllerEvent;
use Sylius\Component\User\Model\UserInterface;
use Symfony\Component\EventDispatcher\GenericEvent;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Session\SessionInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Webmozart\Assert\Assert;
@ -45,11 +46,11 @@ class UserDeleteListener
}
/**
* @param GenericEvent $event
* @param ResourceControllerEvent $event
*
* @throws \InvalidArgumentException
*/
public function deleteUser(GenericEvent $event)
public function deleteUser(ResourceControllerEvent $event)
{
$user = $event->getSubject();
Assert::isInstanceOf($user, UserInterface::class);
@ -58,6 +59,9 @@ class UserDeleteListener
if ((null !== $token) && ($loggedUser = $token->getUser()) && ($loggedUser->getId() === $user->getId())) {
$event->stopPropagation();
$event->setErrorCode(Response::HTTP_UNPROCESSABLE_ENTITY);
$event->setMessage('Cannot remove currently logged in user.');
$this->session->getBag('flashes')->add('error', 'Cannot remove currently logged in user.');
}
}

View file

@ -13,9 +13,10 @@ namespace spec\Sylius\Bundle\UserBundle\EventListener;
use PhpSpec\ObjectBehavior;
use Prophecy\Argument;
use Sylius\Bundle\ResourceBundle\Event\ResourceControllerEvent;
use Sylius\Bundle\UserBundle\EventListener\UserDeleteListener;
use Sylius\Component\User\Model\UserInterface;
use Symfony\Component\EventDispatcher\GenericEvent;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Session\Flash\FlashBagInterface;
use Symfony\Component\HttpFoundation\Session\SessionInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
@ -42,7 +43,7 @@ final class UserDeleteListenerSpec extends ObjectBehavior
function it_deletes_user_if_it_is_different_than_currently_logged_one(
TokenStorageInterface $tokenStorage,
FlashBagInterface $flashBag,
GenericEvent $event,
ResourceControllerEvent $event,
UserInterface $userToBeDeleted,
UserInterface $currentlyLoggedUser,
TokenInterface $tokenInterface
@ -63,7 +64,7 @@ final class UserDeleteListenerSpec extends ObjectBehavior
function it_deletes_user_if_no_user_is_logged_in(
TokenStorageInterface $tokenStorage,
FlashBagInterface $flashBag,
GenericEvent $event,
ResourceControllerEvent $event,
UserInterface $userToBeDeleted,
TokenInterface $tokenInterface
) {
@ -74,6 +75,8 @@ final class UserDeleteListenerSpec extends ObjectBehavior
$tokenInterface->getUser()->willReturn(null);
$event->stopPropagation()->shouldNotBeCalled();
$event->setErrorCode(Argument::any())->shouldNotBeCalled();
$event->setMessage(Argument::any())->shouldNotBeCalled();
$flashBag->add('error', Argument::any())->shouldNotBeCalled();
$this->deleteUser($event);
@ -82,7 +85,7 @@ final class UserDeleteListenerSpec extends ObjectBehavior
function it_deletes_user_if_there_is_no_token(
TokenStorageInterface $tokenStorage,
FlashBagInterface $flashBag,
GenericEvent $event,
ResourceControllerEvent $event,
UserInterface $userToBeDeleted
) {
$event->getSubject()->willReturn($userToBeDeleted);
@ -91,12 +94,14 @@ final class UserDeleteListenerSpec extends ObjectBehavior
$tokenStorage->getToken()->willReturn(null);
$event->stopPropagation()->shouldNotBeCalled();
$event->setErrorCode(Argument::any())->shouldNotBeCalled();
$event->setMessage(Argument::any())->shouldNotBeCalled();
$flashBag->add('error', Argument::any())->shouldNotBeCalled();
$this->deleteUser($event);
}
function it_does_not_allow_to_delete_currently_logged_user(GenericEvent $event, UserInterface $userToBeDeleted, UserInterface $currentlyLoggedInUser, $tokenStorage, $flashBag, TokenInterface $token)
function it_does_not_allow_to_delete_currently_logged_user(ResourceControllerEvent $event, UserInterface $userToBeDeleted, UserInterface $currentlyLoggedInUser, $tokenStorage, $flashBag, TokenInterface $token)
{
$event->getSubject()->willReturn($userToBeDeleted);
$userToBeDeleted->getId()->willReturn(1);
@ -105,6 +110,8 @@ final class UserDeleteListenerSpec extends ObjectBehavior
$token->getUser()->willReturn($currentlyLoggedInUser);
$event->stopPropagation()->shouldBeCalled();
$event->setErrorCode(Response::HTTP_UNPROCESSABLE_ENTITY)->shouldBeCalled();
$event->setMessage('Cannot remove currently logged in user.')->shouldBeCalled();
$flashBag->add('error', 'Cannot remove currently logged in user.')->shouldBeCalled();
$this->deleteUser($event);

View file

@ -329,6 +329,20 @@ EOT;
$this->assertResponse($response, 'error/not_found_response', Response::HTTP_NOT_FOUND);
}
/**
* @test
*/
public function it_does_not_allow_to_delete_current_logged_admin_user()
{
$user = $this->loadFixturesFromFile('authentication/api_administrator.yml');
$this->loadFixturesFromFile('resources/admin_users.yml');
$this->client->request('DELETE', $this->getAdminUserUrl($user['admin']), [], [], static::$authorizedHeaderWithContentType);
$response = $this->client->getResponse();
$this->assertResponse($response, 'admin_user/deletion_fail_response', Response::HTTP_UNPROCESSABLE_ENTITY);
}
/**
* @param AdminUserInterface $user
*

View file

@ -0,0 +1,4 @@
{
"code": 422,
"message": "Cannot remove currently logged in user."
}