feature #11517 [Api] Add test for checking access (Tomanhez)

This PR was merged into the 1.8-dev branch.

Discussion
----------

| Q               | A
| --------------- | -----
| Branch?         | master
| Bug fix?        | no
| New feature?    | yes
| BC breaks?      | no
| Deprecations?   | no
| License         | MIT

Api paths:

- [x] GET `/new-api/shipping-methods`
- [x] POST `/new-api/shipping-methods`
- [x] GET `/new-api/shipping-methods/{id}`
- [x] PUT `/new-api/shipping-methods/{id}`
- [x] DELETE `/new-api/shipping-methods/{id}`
- [x] PATCH `/new-api/shipping-methods/{id}/archive`
- [x] PATH `/new-api/shipping-methods/{id}/restore`

Commits
-------

9e04dc83c8 Modify ResponseChecker and ApiPlartformCilent
ab17f34d21 Add tests
d5372e087c Add new step for creating shipping method
This commit is contained in:
Łukasz Chruściel 2020-06-10 08:45:10 +02:00 committed by GitHub
commit fd01be59eb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 133 additions and 15 deletions

View file

@ -0,0 +1,50 @@
@managing_shipping_methods
Feature: Denying access to shipping methods for unauthorized users
In order to denies access for unauthorized users
As an Visitor
I don't want to access to manage shipping methods
Background:
Given the store operates on a channel named "Web-US" in "USD" currency
And the store is available in "English (United States)"
And the store has a zone "United States" with code "US"
And the store allows shipping with "UPS Carrier" identified by "UPS_CARRIER"
@api
Scenario: Trying to add a new shipping method as a unauthorized user
When I try to create a new shipping method with valid data
And I try to add it
Then I should be notified that my access has been denied
@api
Scenario: Trying to rename the shipping method
Given I try to modify a shipping method "UPS Carrier"
When I rename it to "UPS Transport" in "English (United States)"
And I try to save my changes
Then I should be notified that my access has been denied
@api
Scenario: Trying to browse shipping methods
When I try to browse shipping methods
Then I should be notified that my access has been denied
@api
Scenario: Trying to show shipping method
When I try to show "UPS Carrier" shipping method
Then I should be notified that my access has been denied
@api
Scenario: Trying to archive a shipping method
When I try to archive the "UPS Carrier" shipping method
Then I should be notified that my access has been denied
@api
Scenario: Trying to restore a shipping method
Given the shipping method "UPS Carrier" is archival
When I try to restore the "UPS Carrier" shipping method
Then I should be notified that my access has been denied
@api
Scenario: Trying to delete shipping method
When I try to delete shipping method "UPS Carrier"
Then I should be notified that my access has been denied

View file

@ -42,7 +42,7 @@ final class ApiPlatformClient implements ApiClientInterface
public function index(): Response
{
$this->request = Request::index($this->resource, $this->sharedStorage->get('token'));
$this->request = Request::index($this->resource, $this->getToken());
return $this->request($this->request);
}
@ -50,7 +50,7 @@ final class ApiPlatformClient implements ApiClientInterface
public function showByIri(string $iri): Response
{
$request = Request::custom($iri, HttpRequest::METHOD_GET);
$request->authorize($this->sharedStorage->get('token'));
$request->authorize($this->getToken());
return $this->request($request);
}
@ -58,14 +58,14 @@ final class ApiPlatformClient implements ApiClientInterface
public function subResourceIndex(string $subResource, string $id): Response
{
$request = Request::subResourceIndex($this->resource, $id, $subResource);
$request->authorize($this->sharedStorage->get('token'));
$request->authorize($this->getToken());
return $this->request($request);
}
public function show(string $id): Response
{
return $this->request(Request::show($this->resource, $id, $this->sharedStorage->get('token')));
return $this->request(Request::show($this->resource, $id, $this->getToken()));
}
public function create(?RequestInterface $request = null): Response
@ -80,7 +80,7 @@ final class ApiPlatformClient implements ApiClientInterface
public function delete(string $id): Response
{
return $this->request(Request::delete($this->resource, $id, $this->sharedStorage->get('token')));
return $this->request(Request::delete($this->resource, $id, $this->getToken()));
}
public function filter(): Response
@ -98,7 +98,7 @@ final class ApiPlatformClient implements ApiClientInterface
public function applyTransition(string $id, string $transition, array $content = []): Response
{
$request = Request::transition($this->resource, $id, $transition);
$request->authorize($this->sharedStorage->get('token'));
$request->authorize($this->getToken());
$request->setContent($content);
return $this->request($request);
@ -107,7 +107,7 @@ final class ApiPlatformClient implements ApiClientInterface
public function customItemAction(string $id, string $type, string $action): Response
{
$request = Request::customItemAction($this->resource, $id, $type, $action);
$request->authorize($this->sharedStorage->get('token'));
$request->authorize($this->getToken());
return $this->request($request);
}
@ -117,9 +117,8 @@ final class ApiPlatformClient implements ApiClientInterface
$request = Request::custom($url, $method);
if ($this->sharedStorage->has('token')) {
$request->authorize($this->sharedStorage->get('token'));
$request->authorize($this->getToken());
}
return $this->request($request);
}
@ -136,20 +135,21 @@ final class ApiPlatformClient implements ApiClientInterface
public function buildCreateRequest(): void
{
$this->request = Request::create($this->resource);
$this->request->authorize($this->sharedStorage->get('token'));
$this->request->authorize($this->getToken());
}
public function buildUpdateRequest(string $id): void
{
$this->show($id);
$this->request = Request::update($this->resource, $id, $this->sharedStorage->get('token'));
$this->request->setContent(json_decode($this->client->getResponse()->getContent(), true));
$this->request = Request::update($this->resource, $id, $this->getToken());
if ($this->sharedStorage->has('token')) {
$this->show($id);
$this->request->setContent(json_decode($this->client->getResponse()->getContent(), true));
}
}
public function buildUploadRequest(): void
{
$this->request = Request::upload($this->resource, $this->sharedStorage->get('token'));
$this->request = Request::upload($this->resource, $this->getToken());
}
/** @param string|int $value */
@ -212,4 +212,9 @@ final class ApiPlatformClient implements ApiClientInterface
return $this->getLastResponse();
}
private function getToken(): string
{
return $this->sharedStorage->has('token') ? $this->sharedStorage->get('token') : '';
}
}

View file

@ -67,6 +67,14 @@ final class ResponseChecker implements ResponseCheckerInterface
return $response->getStatusCode() === Response::HTTP_NO_CONTENT;
}
public function hasAccessDenied(Response $response): bool
{
return
$response->getMessage() === 'JWT Token not found' &&
$response->getStatusCode() === Response::HTTP_UNAUTHORIZED
;
}
public function isUpdateSuccessful(Response $response): bool
{
return $response->getStatusCode() === Response::HTTP_OK;

View file

@ -35,6 +35,8 @@ interface ResponseCheckerInterface
public function isDeletionSuccessful(Response $response): bool;
public function hasAccessDenied(Response $response): bool;
/** @param string|int $value */
public function hasValue(Response $response, string $key, $value): bool;

View file

@ -85,6 +85,7 @@ final class ManagingShippingMethodsContext implements Context
/**
* @When I am browsing shipping methods
* @When I want to browse shipping methods
* @When I try to browse shipping methods
* @When I browse shipping methods
*/
public function iBrowseShippingMethods(): void
@ -102,12 +103,39 @@ final class ManagingShippingMethodsContext implements Context
/**
* @When I want to create a new shipping method
* @When I try to create a new shipping method
*/
public function iWantToCreateANewShippingMethod(): void
{
$this->client->buildCreateRequest();
}
/**
* @When I try to create a new shipping method with valid data
*/
public function iTryToCreateANewShippingMethodWithValidData(): void
{
$this->client->buildCreateRequest();
$this->client->addRequestData('code', 'FED_EX_CARRIER');
$this->client->addRequestData('position', 0);
$this->client->updateRequestData(
['translations' => ['en_US' => ['name' => 'FedEx Carrier', 'locale' => 'en_US']]]
);
$this->client->addRequestData('zone', $this->iriConverter->getIriFromItem($this->sharedStorage->get('zone')));
$this->client->addRequestData('calculator', 'Flat rate per shipment');
$this->client->addRequestData(
'configuration', [$this->sharedStorage->get('channel')->getCode() => ['amount' => 50]]
);
}
/**
* @When I try to show :shippingMethod shipping method
*/
public function iTryToShowShippingMethod(ShippingMethodInterface $shippingMethod): void
{
$this->client->show($shippingMethod->getCode());
}
/**
* @When I add it
* @When I try to add it
@ -208,6 +236,22 @@ final class ManagingShippingMethodsContext implements Context
$this->client->index();
}
/**
* @When I try to archive the :shippingMethod shipping method
*/
public function iTryToArchiveTheShippingMethod(ShippingMethodInterface $shippingMethod): void
{
$this->client->customItemAction($shippingMethod->getCode(), HttpRequest::METHOD_PATCH, 'archive');
}
/**
* @When I try to restore the :shippingMethod shipping method
*/
public function iTryToRestoreTheShippingMethod(ShippingMethodInterface $shippingMethod): void
{
$this->client->customItemAction($shippingMethod->getCode(), HttpRequest::METHOD_PATCH, 'restore');
}
/**
* @When I restore the :shippingMethod shipping method
*/
@ -227,6 +271,7 @@ final class ManagingShippingMethodsContext implements Context
/**
* @When I want to modify a shipping method :shippingMethod
* @When I try to modify a shipping method :shippingMethod
* @When /^I want to modify (this shipping method)$/
*/
public function iWantToModifyShippingMethod(ShippingMethodInterface $shippingMethod): void
@ -358,6 +403,14 @@ final class ManagingShippingMethodsContext implements Context
);
}
/**
* @Then I should be notified that my access has been denied
*/
public function iShouldBeNotifiedThatMyAccessHasBeenDenied(): void
{
Assert::true($this->responseChecker->hasAccessDenied($this->client->getLastResponse()));
}
/**
* @Then the shipping method :shippingMethod should be available in channel :channel
*/