commit 975250a0ed9a9e61bc6e6ca6b442f7e086daa6c8
parent 2ddee3dfd8255e4c89f8b57c190a97f0275ec9d9
Author: Felicitus <felicitus@felicitus.org>
Date: Wed, 9 Dec 2015 17:35:32 +0100
Implemented user deletion prevention if the user is protected
Diffstat:
3 files changed, 66 insertions(+), 0 deletions(-)
diff --git a/src/PartKeepr/AuthBundle/Action/DeleteUserAction.php b/src/PartKeepr/AuthBundle/Action/DeleteUserAction.php
@@ -0,0 +1,56 @@
+<?php
+namespace PartKeepr\AuthBundle\Action;
+
+use Dunglas\ApiBundle\Action\ActionUtilTrait;
+use Dunglas\ApiBundle\Exception\RuntimeException;
+use Dunglas\ApiBundle\Model\DataProviderInterface;
+use PartKeepr\AuthBundle\Entity\User;
+use PartKeepr\AuthBundle\Exceptions\UserProtectedException;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+
+/**
+ * Custom API action deleting an user
+ */
+class DeleteUserAction
+{
+ use ActionUtilTrait;
+
+ /**
+ * @var DataProviderInterface
+ */
+ private $dataProvider;
+
+ public function __construct(DataProviderInterface $dataProvider)
+ {
+ $this->dataProvider = $dataProvider;
+ }
+
+ /**
+ * Returns an item to delete.
+ *
+ * @param Request $request
+ * @param string|int $id
+ *
+ * @return mixed
+ *
+ * @throws NotFoundHttpException
+ * @throws RuntimeException
+ * @throws UserProtectedException
+ */
+ public function __invoke(Request $request, $id)
+ {
+ list($resourceType) = $this->extractAttributes($request);
+
+ /**
+ * @var User $item
+ */
+ $item = $this->getItem($this->dataProvider, $resourceType, $id);
+
+ if ($item->isProtected()) {
+ throw new UserProtectedException();
+ }
+
+ return $item;
+ }
+}
diff --git a/src/PartKeepr/AuthBundle/Resources/config/actions.xml b/src/PartKeepr/AuthBundle/Resources/config/actions.xml
@@ -31,6 +31,9 @@
<argument type="service" id="api.serializer"/>
<argument type="service" id="partkeepr.userservice"/>
</service>
+ <service id="partkeepr.user.delete" class="PartKeepr\AuthBundle\Action\DeleteUserAction">
+ <argument type="service" id="api.data_provider"/>
+ </service>
<service id="partkeepr.auth.login" class="PartKeepr\AuthBundle\Action\LoginAction">
<argument type="service" id="partkeepr.userservice"/>
<argument type="service" id="api.serializer"/>
diff --git a/src/PartKeepr/AuthBundle/Tests/UserTest.php b/src/PartKeepr/AuthBundle/Tests/UserTest.php
@@ -167,6 +167,13 @@ class UserTest extends WebTestCase
$this->assertEquals(500, $client->getResponse()->getStatusCode());
$this->assertObjectHasAttribute("hydra:description", $response);
$this->assertEquals($exception->getMessageKey(), $response->{"hydra:description"});
+
+ $client->request("DELETE", $iri);
+
+ $response = json_decode($client->getResponse()->getContent());
+ $this->assertEquals(500, $client->getResponse()->getStatusCode());
+ $this->assertObjectHasAttribute("hydra:description", $response);
+ $this->assertEquals($exception->getMessageKey(), $response->{"hydra:description"});
}
public function testUserUnprotect()