mirror of
https://github.com/Sylius/Sylius.git
synced 2026-07-14 17:10:53 +00:00
feature #11517 [Api] Add test for checking access (Tomanhez)
This PR was merged into the 1.8-dev branch.
Discussion
----------
| Q | A
| --------------- | -----
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| License | MIT
Api paths:
- [x] GET `/new-api/shipping-methods`
- [x] POST `/new-api/shipping-methods`
- [x] GET `/new-api/shipping-methods/{id}`
- [x] PUT `/new-api/shipping-methods/{id}`
- [x] DELETE `/new-api/shipping-methods/{id}`
- [x] PATCH `/new-api/shipping-methods/{id}/archive`
- [x] PATH `/new-api/shipping-methods/{id}/restore`
Commits
-------
9e04dc83c8 Modify ResponseChecker and ApiPlartformCilent
ab17f34d21 Add tests
d5372e087c Add new step for creating shipping method
This commit is contained in:
commit
fd01be59eb
5 changed files with 133 additions and 15 deletions
|
|
@ -0,0 +1,50 @@
|
|||
@managing_shipping_methods
|
||||
Feature: Denying access to shipping methods for unauthorized users
|
||||
In order to denies access for unauthorized users
|
||||
As an Visitor
|
||||
I don't want to access to manage shipping methods
|
||||
|
||||
Background:
|
||||
Given the store operates on a channel named "Web-US" in "USD" currency
|
||||
And the store is available in "English (United States)"
|
||||
And the store has a zone "United States" with code "US"
|
||||
And the store allows shipping with "UPS Carrier" identified by "UPS_CARRIER"
|
||||
|
||||
@api
|
||||
Scenario: Trying to add a new shipping method as a unauthorized user
|
||||
When I try to create a new shipping method with valid data
|
||||
And I try to add it
|
||||
Then I should be notified that my access has been denied
|
||||
|
||||
@api
|
||||
Scenario: Trying to rename the shipping method
|
||||
Given I try to modify a shipping method "UPS Carrier"
|
||||
When I rename it to "UPS Transport" in "English (United States)"
|
||||
And I try to save my changes
|
||||
Then I should be notified that my access has been denied
|
||||
|
||||
@api
|
||||
Scenario: Trying to browse shipping methods
|
||||
When I try to browse shipping methods
|
||||
Then I should be notified that my access has been denied
|
||||
|
||||
@api
|
||||
Scenario: Trying to show shipping method
|
||||
When I try to show "UPS Carrier" shipping method
|
||||
Then I should be notified that my access has been denied
|
||||
|
||||
@api
|
||||
Scenario: Trying to archive a shipping method
|
||||
When I try to archive the "UPS Carrier" shipping method
|
||||
Then I should be notified that my access has been denied
|
||||
|
||||
@api
|
||||
Scenario: Trying to restore a shipping method
|
||||
Given the shipping method "UPS Carrier" is archival
|
||||
When I try to restore the "UPS Carrier" shipping method
|
||||
Then I should be notified that my access has been denied
|
||||
|
||||
@api
|
||||
Scenario: Trying to delete shipping method
|
||||
When I try to delete shipping method "UPS Carrier"
|
||||
Then I should be notified that my access has been denied
|
||||
|
|
@ -42,7 +42,7 @@ final class ApiPlatformClient implements ApiClientInterface
|
|||
|
||||
public function index(): Response
|
||||
{
|
||||
$this->request = Request::index($this->resource, $this->sharedStorage->get('token'));
|
||||
$this->request = Request::index($this->resource, $this->getToken());
|
||||
|
||||
return $this->request($this->request);
|
||||
}
|
||||
|
|
@ -50,7 +50,7 @@ final class ApiPlatformClient implements ApiClientInterface
|
|||
public function showByIri(string $iri): Response
|
||||
{
|
||||
$request = Request::custom($iri, HttpRequest::METHOD_GET);
|
||||
$request->authorize($this->sharedStorage->get('token'));
|
||||
$request->authorize($this->getToken());
|
||||
|
||||
return $this->request($request);
|
||||
}
|
||||
|
|
@ -58,14 +58,14 @@ final class ApiPlatformClient implements ApiClientInterface
|
|||
public function subResourceIndex(string $subResource, string $id): Response
|
||||
{
|
||||
$request = Request::subResourceIndex($this->resource, $id, $subResource);
|
||||
$request->authorize($this->sharedStorage->get('token'));
|
||||
$request->authorize($this->getToken());
|
||||
|
||||
return $this->request($request);
|
||||
}
|
||||
|
||||
public function show(string $id): Response
|
||||
{
|
||||
return $this->request(Request::show($this->resource, $id, $this->sharedStorage->get('token')));
|
||||
return $this->request(Request::show($this->resource, $id, $this->getToken()));
|
||||
}
|
||||
|
||||
public function create(?RequestInterface $request = null): Response
|
||||
|
|
@ -80,7 +80,7 @@ final class ApiPlatformClient implements ApiClientInterface
|
|||
|
||||
public function delete(string $id): Response
|
||||
{
|
||||
return $this->request(Request::delete($this->resource, $id, $this->sharedStorage->get('token')));
|
||||
return $this->request(Request::delete($this->resource, $id, $this->getToken()));
|
||||
}
|
||||
|
||||
public function filter(): Response
|
||||
|
|
@ -98,7 +98,7 @@ final class ApiPlatformClient implements ApiClientInterface
|
|||
public function applyTransition(string $id, string $transition, array $content = []): Response
|
||||
{
|
||||
$request = Request::transition($this->resource, $id, $transition);
|
||||
$request->authorize($this->sharedStorage->get('token'));
|
||||
$request->authorize($this->getToken());
|
||||
$request->setContent($content);
|
||||
|
||||
return $this->request($request);
|
||||
|
|
@ -107,7 +107,7 @@ final class ApiPlatformClient implements ApiClientInterface
|
|||
public function customItemAction(string $id, string $type, string $action): Response
|
||||
{
|
||||
$request = Request::customItemAction($this->resource, $id, $type, $action);
|
||||
$request->authorize($this->sharedStorage->get('token'));
|
||||
$request->authorize($this->getToken());
|
||||
|
||||
return $this->request($request);
|
||||
}
|
||||
|
|
@ -117,9 +117,8 @@ final class ApiPlatformClient implements ApiClientInterface
|
|||
$request = Request::custom($url, $method);
|
||||
|
||||
if ($this->sharedStorage->has('token')) {
|
||||
$request->authorize($this->sharedStorage->get('token'));
|
||||
$request->authorize($this->getToken());
|
||||
}
|
||||
|
||||
return $this->request($request);
|
||||
}
|
||||
|
||||
|
|
@ -136,20 +135,21 @@ final class ApiPlatformClient implements ApiClientInterface
|
|||
public function buildCreateRequest(): void
|
||||
{
|
||||
$this->request = Request::create($this->resource);
|
||||
$this->request->authorize($this->sharedStorage->get('token'));
|
||||
$this->request->authorize($this->getToken());
|
||||
}
|
||||
|
||||
public function buildUpdateRequest(string $id): void
|
||||
{
|
||||
$this->show($id);
|
||||
|
||||
$this->request = Request::update($this->resource, $id, $this->sharedStorage->get('token'));
|
||||
$this->request->setContent(json_decode($this->client->getResponse()->getContent(), true));
|
||||
$this->request = Request::update($this->resource, $id, $this->getToken());
|
||||
if ($this->sharedStorage->has('token')) {
|
||||
$this->show($id);
|
||||
$this->request->setContent(json_decode($this->client->getResponse()->getContent(), true));
|
||||
}
|
||||
}
|
||||
|
||||
public function buildUploadRequest(): void
|
||||
{
|
||||
$this->request = Request::upload($this->resource, $this->sharedStorage->get('token'));
|
||||
$this->request = Request::upload($this->resource, $this->getToken());
|
||||
}
|
||||
|
||||
/** @param string|int $value */
|
||||
|
|
@ -212,4 +212,9 @@ final class ApiPlatformClient implements ApiClientInterface
|
|||
|
||||
return $this->getLastResponse();
|
||||
}
|
||||
|
||||
private function getToken(): string
|
||||
{
|
||||
return $this->sharedStorage->has('token') ? $this->sharedStorage->get('token') : '';
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -67,6 +67,14 @@ final class ResponseChecker implements ResponseCheckerInterface
|
|||
return $response->getStatusCode() === Response::HTTP_NO_CONTENT;
|
||||
}
|
||||
|
||||
public function hasAccessDenied(Response $response): bool
|
||||
{
|
||||
return
|
||||
$response->getMessage() === 'JWT Token not found' &&
|
||||
$response->getStatusCode() === Response::HTTP_UNAUTHORIZED
|
||||
;
|
||||
}
|
||||
|
||||
public function isUpdateSuccessful(Response $response): bool
|
||||
{
|
||||
return $response->getStatusCode() === Response::HTTP_OK;
|
||||
|
|
|
|||
|
|
@ -35,6 +35,8 @@ interface ResponseCheckerInterface
|
|||
|
||||
public function isDeletionSuccessful(Response $response): bool;
|
||||
|
||||
public function hasAccessDenied(Response $response): bool;
|
||||
|
||||
/** @param string|int $value */
|
||||
public function hasValue(Response $response, string $key, $value): bool;
|
||||
|
||||
|
|
|
|||
|
|
@ -85,6 +85,7 @@ final class ManagingShippingMethodsContext implements Context
|
|||
/**
|
||||
* @When I am browsing shipping methods
|
||||
* @When I want to browse shipping methods
|
||||
* @When I try to browse shipping methods
|
||||
* @When I browse shipping methods
|
||||
*/
|
||||
public function iBrowseShippingMethods(): void
|
||||
|
|
@ -102,12 +103,39 @@ final class ManagingShippingMethodsContext implements Context
|
|||
|
||||
/**
|
||||
* @When I want to create a new shipping method
|
||||
* @When I try to create a new shipping method
|
||||
*/
|
||||
public function iWantToCreateANewShippingMethod(): void
|
||||
{
|
||||
$this->client->buildCreateRequest();
|
||||
}
|
||||
|
||||
/**
|
||||
* @When I try to create a new shipping method with valid data
|
||||
*/
|
||||
public function iTryToCreateANewShippingMethodWithValidData(): void
|
||||
{
|
||||
$this->client->buildCreateRequest();
|
||||
$this->client->addRequestData('code', 'FED_EX_CARRIER');
|
||||
$this->client->addRequestData('position', 0);
|
||||
$this->client->updateRequestData(
|
||||
['translations' => ['en_US' => ['name' => 'FedEx Carrier', 'locale' => 'en_US']]]
|
||||
);
|
||||
$this->client->addRequestData('zone', $this->iriConverter->getIriFromItem($this->sharedStorage->get('zone')));
|
||||
$this->client->addRequestData('calculator', 'Flat rate per shipment');
|
||||
$this->client->addRequestData(
|
||||
'configuration', [$this->sharedStorage->get('channel')->getCode() => ['amount' => 50]]
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @When I try to show :shippingMethod shipping method
|
||||
*/
|
||||
public function iTryToShowShippingMethod(ShippingMethodInterface $shippingMethod): void
|
||||
{
|
||||
$this->client->show($shippingMethod->getCode());
|
||||
}
|
||||
|
||||
/**
|
||||
* @When I add it
|
||||
* @When I try to add it
|
||||
|
|
@ -208,6 +236,22 @@ final class ManagingShippingMethodsContext implements Context
|
|||
$this->client->index();
|
||||
}
|
||||
|
||||
/**
|
||||
* @When I try to archive the :shippingMethod shipping method
|
||||
*/
|
||||
public function iTryToArchiveTheShippingMethod(ShippingMethodInterface $shippingMethod): void
|
||||
{
|
||||
$this->client->customItemAction($shippingMethod->getCode(), HttpRequest::METHOD_PATCH, 'archive');
|
||||
}
|
||||
|
||||
/**
|
||||
* @When I try to restore the :shippingMethod shipping method
|
||||
*/
|
||||
public function iTryToRestoreTheShippingMethod(ShippingMethodInterface $shippingMethod): void
|
||||
{
|
||||
$this->client->customItemAction($shippingMethod->getCode(), HttpRequest::METHOD_PATCH, 'restore');
|
||||
}
|
||||
|
||||
/**
|
||||
* @When I restore the :shippingMethod shipping method
|
||||
*/
|
||||
|
|
@ -227,6 +271,7 @@ final class ManagingShippingMethodsContext implements Context
|
|||
|
||||
/**
|
||||
* @When I want to modify a shipping method :shippingMethod
|
||||
* @When I try to modify a shipping method :shippingMethod
|
||||
* @When /^I want to modify (this shipping method)$/
|
||||
*/
|
||||
public function iWantToModifyShippingMethod(ShippingMethodInterface $shippingMethod): void
|
||||
|
|
@ -358,6 +403,14 @@ final class ManagingShippingMethodsContext implements Context
|
|||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @Then I should be notified that my access has been denied
|
||||
*/
|
||||
public function iShouldBeNotifiedThatMyAccessHasBeenDenied(): void
|
||||
{
|
||||
Assert::true($this->responseChecker->hasAccessDenied($this->client->getLastResponse()));
|
||||
}
|
||||
|
||||
/**
|
||||
* @Then the shipping method :shippingMethod should be available in channel :channel
|
||||
*/
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue