Skip to content

Commit

Permalink
HOTFIX: Fix Ids in GroupUser Response aswell as restrict adding users…
Browse files Browse the repository at this point in the history
… to groups twice
  • Loading branch information
Thiritin committed May 27, 2024
1 parent 008dc6f commit e8773d5
Show file tree
Hide file tree
Showing 4 changed files with 64 additions and 7 deletions.
13 changes: 13 additions & 0 deletions app/Http/Controllers/Api/v1/GroupUserController.php
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
use App\Models\Group;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Validation\ValidationException;
use Spatie\QueryBuilder\AllowedFilter;
use Spatie\QueryBuilder\QueryBuilder;

Expand All @@ -27,10 +28,22 @@ public function store(GroupUserStoreRequest $request, Group $group)
$this->authorize('create', [$group->users()->find($request->user()->id)->pivot]);

$useField = isset($request->validationData()['email']) ? 'email' : 'id';

$user = match ($useField) {
'email' => User::where('email', $request->validationData()['email'])->firstOrFail(),
'id' => User::findByHashidOrFail($request->validationData()['id']),
};

// validated email
if (!$user->hasVerifiedEmail()) {
throw ValidationException::withMessages(['email' => 'User has not verified their email']);
}

// ensure user does not already exist, if he does, throw validation error
if ($group->users->contains($user)) {
throw ValidationException::withMessages([$useField => 'User is already in the group']);
}

$group->users()->attach($user, ['level' => $request->validationData()['level']]);
return new GroupUserResource($group->users()->find($user->id));
}
Expand Down
6 changes: 3 additions & 3 deletions app/Http/Resources/V1/GroupUserResource.php
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,14 @@
class GroupUserResource extends JsonResource
{
/**
* @param Request $request
* @param Request $request
* @return array
*/
public function toArray($request)
{
return [
'group_id' => $this->pivot->group_id,
'user_id' => $this->pivot->user_id,
'group_id' => $this->pivot->group->hashid,
'user_id' => $this->pivot->user->hashid,
'level' => $this->pivot->level,
];
}
Expand Down
11 changes: 11 additions & 0 deletions app/Services/NextcloudService.php
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,17 @@ public static function setManageAcl(Group $group, User $user, bool $allow): void
])->throwIfServerError();
}

public static function getUsers()
{
$res = Http::nextcloud()->get("ocs/v2.php/cloud/users", [
'offset' => 0,
'limit' => 1000,
])->throw();
// Parse xml
$xml = simplexml_load_string($res->body());
return (array) $xml->data->users->element;
}

public static function createUser(User $user)
{
Http::nextcloud()->post("ocs/v2.php/cloud/users", [
Expand Down
41 changes: 37 additions & 4 deletions tests/Feature/Api/v1/GroupsTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -255,15 +255,48 @@
$request->assertSuccessful();
// verify response contains user_id, group_id and level
$request->assertJsonFragment([
"user_id" => $userToBeInvited->hashid,
"group_id" => $group->hashid,
"level" => "member",
]);
assertDatabaseHas('group_user', [
"user_id" => $userToBeInvited->id,
"group_id" => $group->id,
"level" => "member",
]);
});

// Add member twice should cause error via email
test('Adding the same email twice should cause an error', function () {
$group = Group::factory()->create();

$user = Sanctum::actingAs(
User::factory()->create(),
['groups.read', 'groups.update', 'groups.delete']
);
$userToBeInvited = User::factory()->create();
$data = [
"email" => $userToBeInvited->email,
"level" => "member",
];
$group->users()->sync([$user->id => ['level' => GroupUserLevel::Admin]]);

$request = post(route('api.v1.groups.users.store', $group), $data);
$request->assertSuccessful();
// verify response contains user_id, group_id and level
$request->assertJsonFragment([
"user_id" => $userToBeInvited->hashid,
"group_id" => $group->hashid,
"level" => "member",
]);
assertDatabaseHas('group_user', [
"user_id" => $userToBeInvited->id,
"group_id" => $group->id,
"level" => "member",
]);

$request = postJson(route('api.v1.groups.users.store', $group), $data, ['Accept' => 'application/json']);
$request->assertJsonValidationErrors(['email']);
});

test('Add member to group as admin via id', function () {
Expand All @@ -285,8 +318,8 @@
$request->assertSuccessful();
// verify response contains user_id, group_id and level
$request->assertJsonFragment([
"user_id" => $userToBeInvited->id,
"group_id" => $group->id,
"user_id" => $userToBeInvited->hashid,
"group_id" => $group->hashid,
"level" => "member",
]);
assertDatabaseHas('group_user', [
Expand Down Expand Up @@ -395,8 +428,8 @@
$request = get(route('api.v1.groups.users.index', ["group" => $group]));
$request->assertSuccessful();
$request->assertJsonFragment([
"user_id" => $user->id,
"group_id" => $group->id,
"user_id" => $user->hashid,
"group_id" => $group->hashid,
"level" => GroupUserLevel::Admin,
]);
});
Expand Down

0 comments on commit e8773d5

Please sign in to comment.