framework/tests/integration/api/users/ShowTest.php

<?php

/*
 * This file is part of Flarum.
 *
 * For detailed copyright and license information, please view the
 * LICENSE file that was distributed with this source code.
 */

namespace Flarum\Tests\integration\api\users;

use Flarum\Tests\integration\RetrievesAuthorizedUsers;
use Flarum\Tests\integration\TestCase;

class ShowTest extends TestCase
{
    use RetrievesAuthorizedUsers;

    /**
     * @inheritDoc
     */
    protected function setUp(): void
    {
        parent::setUp();

        $this->prepareDatabase([
            'users' => [
                $this->normalUser(),
            ],
        ]);
    }

    private function forbidGuestsFromSeeingForum()
    {
        $this->database()->table('group_permission')->where('permission', 'viewDiscussions')->where('group_id', 2)->delete();
    }

    private function forbidMembersFromSearchingUsers()
    {
        $this->database()->table('group_permission')->where('permission', 'viewUserList')->where('group_id', 3)->delete();
    }

    /**
     * @test
     */
    public function admin_can_see_user()
    {
        $response = $this->send(
            $this->request('GET', '/api/users/2', [
                'authenticatedAs' => 1,
            ])
        );

        $this->assertEquals(200, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function admin_can_see_user_via_slug()
    {
        $response = $this->send(
            $this->request('GET', '/api/users/normal', [
                'authenticatedAs' => 1,
            ])->withQueryParams([
                'bySlug' => true
            ])
        );

        $this->assertEquals(200, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function guest_can_see_user_by_default()
    {
        $response = $this->send(
            $this->request('GET', '/api/users/2')
        );

        $this->assertEquals(200, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function guest_can_see_user_by_slug_by_default()
    {
        $response = $this->send(
            $this->request('GET', '/api/users/normal')->withQueryParams([
                'bySlug' => true
            ])
        );

        $this->assertEquals(200, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function guest_cant_see_user_if_blocked()
    {
        $this->forbidGuestsFromSeeingForum();

        $response = $this->send(
            $this->request('GET', '/api/users/2')
        );

        $this->assertEquals(404, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function guest_cant_see_user_by_slug_if_blocked()
    {
        $this->forbidGuestsFromSeeingForum();

        $response = $this->send(
            $this->request('GET', '/api/users/normal')->withQueryParams([
                'bySlug' => true
            ])
        );

        $this->assertEquals(404, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function user_can_see_themselves()
    {
        $response = $this->send(
            $this->request('GET', '/api/users/2', [
                'authenticatedAs' => 2,
            ])
        );

        $this->assertEquals(200, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function user_can_see_themselves_via_slug()
    {
        $response = $this->send(
            $this->request('GET', '/api/users/normal', [
                'authenticatedAs' => 2,
            ])->withQueryParams([
                'bySlug' => true
            ])
        );

        $this->assertEquals(200, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function user_can_see_others_by_default()
    {
        $response = $this->send(
            $this->request('GET', '/api/users/1', [
                'authenticatedAs' => 2,
            ])
        );

        $this->assertEquals(200, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function user_can_see_others_by_default_via_slug()
    {
        $response = $this->send(
            $this->request('GET', '/api/users/admin', [
                'authenticatedAs' => 2,
            ])->withQueryParams([
                'bySlug' => true
            ])
        );

        $this->assertEquals(200, $response->getStatusCode());
    }

    /**
     * @test
     */
    public function user_can_still_see_others_via_slug_even_if_cant_search()
    {
        $this->forbidMembersFromSearchingUsers();

        $response = $this->send(
            $this->request('GET', '/api/users/admin', [
                'authenticatedAs' => 2,
            ])->withQueryParams([
                'bySlug' => true
            ])
        );

        $this->assertEquals(200, $response->getStatusCode());
    }
}
Slug Driver Support (#2456) - Support slug drivers for core's sluggable models, easily extends to other models - Add automated testing for affected single-model API routes - Fix nickname selection UI - Serialize slugs as `slug` attribute - Make min search length a constant 2020-12-08 02:33:42 +08:00			`<?php`

			`/*`
			`* This file is part of Flarum.`
			`*`
			`* For detailed copyright and license information, please view the`
			`* LICENSE file that was distributed with this source code.`
			`*/`

			`namespace Flarum\Tests\integration\api\users;`

			`use Flarum\Tests\integration\RetrievesAuthorizedUsers;`
			`use Flarum\Tests\integration\TestCase;`

			`class ShowTest extends TestCase`
			`{`
			`use RetrievesAuthorizedUsers;`

Add @inheritDoc to all setUp and tearDown methods 2021-01-07 11:16:26 +08:00			`/**`
			`* @inheritDoc`
			`*/`
Slug Driver Support (#2456) - Support slug drivers for core's sluggable models, easily extends to other models - Add automated testing for affected single-model API routes - Fix nickname selection UI - Serialize slugs as `slug` attribute - Make min search length a constant 2020-12-08 02:33:42 +08:00			`protected function setUp(): void`
			`{`
			`parent::setUp();`

			`$this->prepareDatabase([`
			`'users' => [`
			`$this->normalUser(),`
			`],`
			`]);`
			`}`

Tests: Comply with default permissions Before transactions, each test class would need to explicitly state starting state for permissions, which made the initial permission configuration somewhat arbitrary. Now, we might as well use the initial state of the default installation. One of the User show_test tests has been commented out until 2021-01-08 00:24:52 +08:00			`private function forbidGuestsFromSeeingForum()`
			`{`
			`$this->database()->table('group_permission')->where('permission', 'viewDiscussions')->where('group_id', 2)->delete();`
			`}`

			`private function forbidMembersFromSearchingUsers()`
			`{`
			`$this->database()->table('group_permission')->where('permission', 'viewUserList')->where('group_id', 3)->delete();`
			`}`

Slug Driver Support (#2456) - Support slug drivers for core's sluggable models, easily extends to other models - Add automated testing for affected single-model API routes - Fix nickname selection UI - Serialize slugs as `slug` attribute - Make min search length a constant 2020-12-08 02:33:42 +08:00			`/**`
			`* @test`
			`*/`
			`public function admin_can_see_user()`
			`{`
			`$response = $this->send(`
			`$this->request('GET', '/api/users/2', [`
			`'authenticatedAs' => 1,`
			`])`
			`);`

			`$this->assertEquals(200, $response->getStatusCode());`
			`}`

			`/**`
			`* @test`
			`*/`
			`public function admin_can_see_user_via_slug()`
			`{`
			`$response = $this->send(`
			`$this->request('GET', '/api/users/normal', [`
			`'authenticatedAs' => 1,`
			`])->withQueryParams([`
			`'bySlug' => true`
			`])`
			`);`

			`$this->assertEquals(200, $response->getStatusCode());`
			`}`

			`/**`
			`* @test`
			`*/`
Tests: Comply with default permissions Before transactions, each test class would need to explicitly state starting state for permissions, which made the initial permission configuration somewhat arbitrary. Now, we might as well use the initial state of the default installation. One of the User show_test tests has been commented out until 2021-01-08 00:24:52 +08:00			`public function guest_can_see_user_by_default()`
Slug Driver Support (#2456) - Support slug drivers for core's sluggable models, easily extends to other models - Add automated testing for affected single-model API routes - Fix nickname selection UI - Serialize slugs as `slug` attribute - Make min search length a constant 2020-12-08 02:33:42 +08:00			`{`
			`$response = $this->send(`
			`$this->request('GET', '/api/users/2')`
			`);`

Tests: Comply with default permissions Before transactions, each test class would need to explicitly state starting state for permissions, which made the initial permission configuration somewhat arbitrary. Now, we might as well use the initial state of the default installation. One of the User show_test tests has been commented out until 2021-01-08 00:24:52 +08:00			`$this->assertEquals(200, $response->getStatusCode());`
			`}`

			`/**`
			`* @test`
			`*/`
			`public function guest_can_see_user_by_slug_by_default()`
			`{`
			`$response = $this->send(`
			`$this->request('GET', '/api/users/normal')->withQueryParams([`
			`'bySlug' => true`
			`])`
			`);`

			`$this->assertEquals(200, $response->getStatusCode());`
			`}`

			`/**`
			`* @test`
			`*/`
			`public function guest_cant_see_user_if_blocked()`
			`{`
			`$this->forbidGuestsFromSeeingForum();`

			`$response = $this->send(`
			`$this->request('GET', '/api/users/2')`
			`);`

Slug Driver Support (#2456) - Support slug drivers for core's sluggable models, easily extends to other models - Add automated testing for affected single-model API routes - Fix nickname selection UI - Serialize slugs as `slug` attribute - Make min search length a constant 2020-12-08 02:33:42 +08:00			`$this->assertEquals(404, $response->getStatusCode());`
			`}`

			`/**`
			`* @test`
			`*/`
Tests: Comply with default permissions Before transactions, each test class would need to explicitly state starting state for permissions, which made the initial permission configuration somewhat arbitrary. Now, we might as well use the initial state of the default installation. One of the User show_test tests has been commented out until 2021-01-08 00:24:52 +08:00			`public function guest_cant_see_user_by_slug_if_blocked()`
Slug Driver Support (#2456) - Support slug drivers for core's sluggable models, easily extends to other models - Add automated testing for affected single-model API routes - Fix nickname selection UI - Serialize slugs as `slug` attribute - Make min search length a constant 2020-12-08 02:33:42 +08:00			`{`
Tests: Comply with default permissions Before transactions, each test class would need to explicitly state starting state for permissions, which made the initial permission configuration somewhat arbitrary. Now, we might as well use the initial state of the default installation. One of the User show_test tests has been commented out until 2021-01-08 00:24:52 +08:00			`$this->forbidGuestsFromSeeingForum();`

Slug Driver Support (#2456) - Support slug drivers for core's sluggable models, easily extends to other models - Add automated testing for affected single-model API routes - Fix nickname selection UI - Serialize slugs as `slug` attribute - Make min search length a constant 2020-12-08 02:33:42 +08:00			`$response = $this->send(`
Tests: Comply with default permissions Before transactions, each test class would need to explicitly state starting state for permissions, which made the initial permission configuration somewhat arbitrary. Now, we might as well use the initial state of the default installation. One of the User show_test tests has been commented out until 2021-01-08 00:24:52 +08:00			`$this->request('GET', '/api/users/normal')->withQueryParams([`
Slug Driver Support (#2456) - Support slug drivers for core's sluggable models, easily extends to other models - Add automated testing for affected single-model API routes - Fix nickname selection UI - Serialize slugs as `slug` attribute - Make min search length a constant 2020-12-08 02:33:42 +08:00			`'bySlug' => true`
			`])`
			`);`

			`$this->assertEquals(404, $response->getStatusCode());`
			`}`

			`/**`
			`* @test`
			`*/`
			`public function user_can_see_themselves()`
			`{`
			`$response = $this->send(`
			`$this->request('GET', '/api/users/2', [`
			`'authenticatedAs' => 2,`
			`])`
			`);`

			`$this->assertEquals(200, $response->getStatusCode());`
			`}`

			`/**`
			`* @test`
			`*/`
			`public function user_can_see_themselves_via_slug()`
			`{`
			`$response = $this->send(`
			`$this->request('GET', '/api/users/normal', [`
			`'authenticatedAs' => 2,`
			`])->withQueryParams([`
			`'bySlug' => true`
			`])`
			`);`

			`$this->assertEquals(200, $response->getStatusCode());`
			`}`

			`/**`
			`* @test`
			`*/`
Tests: Comply with default permissions Before transactions, each test class would need to explicitly state starting state for permissions, which made the initial permission configuration somewhat arbitrary. Now, we might as well use the initial state of the default installation. One of the User show_test tests has been commented out until 2021-01-08 00:24:52 +08:00			`public function user_can_see_others_by_default()`
Slug Driver Support (#2456) - Support slug drivers for core's sluggable models, easily extends to other models - Add automated testing for affected single-model API routes - Fix nickname selection UI - Serialize slugs as `slug` attribute - Make min search length a constant 2020-12-08 02:33:42 +08:00			`{`
			`$response = $this->send(`
			`$this->request('GET', '/api/users/1', [`
			`'authenticatedAs' => 2,`
			`])`
			`);`

Tests: Comply with default permissions Before transactions, each test class would need to explicitly state starting state for permissions, which made the initial permission configuration somewhat arbitrary. Now, we might as well use the initial state of the default installation. One of the User show_test tests has been commented out until 2021-01-08 00:24:52 +08:00			`$this->assertEquals(200, $response->getStatusCode());`
Slug Driver Support (#2456) - Support slug drivers for core's sluggable models, easily extends to other models - Add automated testing for affected single-model API routes - Fix nickname selection UI - Serialize slugs as `slug` attribute - Make min search length a constant 2020-12-08 02:33:42 +08:00			`}`

			`/**`
			`* @test`
			`*/`
Tests: Comply with default permissions Before transactions, each test class would need to explicitly state starting state for permissions, which made the initial permission configuration somewhat arbitrary. Now, we might as well use the initial state of the default installation. One of the User show_test tests has been commented out until 2021-01-08 00:24:52 +08:00			`public function user_can_see_others_by_default_via_slug()`
Slug Driver Support (#2456) - Support slug drivers for core's sluggable models, easily extends to other models - Add automated testing for affected single-model API routes - Fix nickname selection UI - Serialize slugs as `slug` attribute - Make min search length a constant 2020-12-08 02:33:42 +08:00			`{`
			`$response = $this->send(`
			`$this->request('GET', '/api/users/admin', [`
			`'authenticatedAs' => 2,`
			`])->withQueryParams([`
			`'bySlug' => true`
			`])`
			`);`

			`$this->assertEquals(200, $response->getStatusCode());`
			`}`

			`/**`
			`* @test`
			`*/`
Tests: Comply with default permissions Before transactions, each test class would need to explicitly state starting state for permissions, which made the initial permission configuration somewhat arbitrary. Now, we might as well use the initial state of the default installation. One of the User show_test tests has been commented out until 2021-01-08 00:24:52 +08:00			`public function user_can_still_see_others_via_slug_even_if_cant_search()`
Slug Driver Support (#2456) - Support slug drivers for core's sluggable models, easily extends to other models - Add automated testing for affected single-model API routes - Fix nickname selection UI - Serialize slugs as `slug` attribute - Make min search length a constant 2020-12-08 02:33:42 +08:00			`{`
Tests: Comply with default permissions Before transactions, each test class would need to explicitly state starting state for permissions, which made the initial permission configuration somewhat arbitrary. Now, we might as well use the initial state of the default installation. One of the User show_test tests has been commented out until 2021-01-08 00:24:52 +08:00			`$this->forbidMembersFromSearchingUsers();`
Slug Driver Support (#2456) - Support slug drivers for core's sluggable models, easily extends to other models - Add automated testing for affected single-model API routes - Fix nickname selection UI - Serialize slugs as `slug` attribute - Make min search length a constant 2020-12-08 02:33:42 +08:00
			`$response = $this->send(`
			`$this->request('GET', '/api/users/admin', [`
			`'authenticatedAs' => 2,`
			`])->withQueryParams([`
			`'bySlug' => true`
			`])`
			`);`

			`$this->assertEquals(200, $response->getStatusCode());`
			`}`
			`}`