diff --git a/src/LdcUserProfile/Controller/ProfileController.php b/src/LdcUserProfile/Controller/ProfileController.php index 96d3a0e..c724a31 100644 --- a/src/LdcUserProfile/Controller/ProfileController.php +++ b/src/LdcUserProfile/Controller/ProfileController.php @@ -46,6 +46,9 @@ public function indexAction() $fm = $this->flashMessenger()->setNamespace('ldc-user-profile'); + // Ensure that the user can't change the account ID during update + $prg['zfcuser']['id'] = $this->zfcUserAuthentication()->getIdentity()->getId(); + $form->setData($prg); if ( ! $form->isValid() ) { $fm->addErrorMessage('One or more of the values you provided is invalid.'); diff --git a/tests/LdcUserProfileTest/Controller/ProfileControllerTest.php b/tests/LdcUserProfileTest/Controller/ProfileControllerTest.php index 8d3bb26..9eb91f8 100644 --- a/tests/LdcUserProfileTest/Controller/ProfileControllerTest.php +++ b/tests/LdcUserProfileTest/Controller/ProfileControllerTest.php @@ -23,6 +23,7 @@ class ProfileControllerTest extends \PHPUnit_Framework_TestCase public function setUp() { $this->mockUserEntity = new \ZfcUser\Entity\User(); + $this->mockUserEntity->setId(42); $this->mockUserService = \Mockery::mock('ZfcUser\Service\User'); @@ -105,7 +106,8 @@ public function testControllerDispatchedWithValidFormDataWillCompleteAndRedirect $req = $this->controller->getRequest(); $req->setMethod(Request::METHOD_POST); - $req->getPost()->set('foo', 'bar'); + $req->getPost()->set('foo', ['bar' => 'baz']); + $req->getPost()->set('zfcuser', ['id' => 42]); $postData = $req->getPost()->toArray(); $mockResult = new \stdClass(); @@ -133,7 +135,8 @@ public function testControllerDispatchedWithInvalidFormDataWillRenderForm() $req = $this->controller->getRequest(); $req->setMethod(Request::METHOD_POST); - $req->getPost()->set('foo', 'bar'); + $req->getPost()->set('foo', ['bar' => 'baz']); + $req->getPost()->set('zfcuser', ['id' => 42]); $postData = $req->getPost()->toArray(); $mockResult = new \stdClass(); @@ -159,7 +162,8 @@ public function testControllerWillRenderFormWhenSaveCallFails() $req = $this->controller->getRequest(); $req->setMethod(Request::METHOD_POST); - $req->getPost()->set('foo', 'bar'); + $req->getPost()->set('foo', ['bar' => 'baz']); + $req->getPost()->set('zfcuser', ['id' => 42]); $postData = $req->getPost()->toArray(); $mockResult = new \stdClass();