Skip to content

Commit

Permalink
Update the controllers to respect only the owner's permission, right …
Browse files Browse the repository at this point in the history 
…now sharing is read only. Update Spork to whitelist core feature. Fix tests
  • Loading branch information
@austinkregel
austinkregel committed Oct 17, 2022
1 parent 42711c0 commit 1eb494c
Show file tree
Hide file tree
Showing 6 changed files with 63 additions and 19 deletions.
15 changes: 13 additions & 2 deletions src/Http/Controllers/FeatureListController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,10 @@
use Spork\Core\Events\FeatureUpdated;
use Spork\Core\Http\Requests\ShareRequest;
use Spork\Core\Http\Requests\StoreRequest;
use Spork\Core\Http\Requests\UpdateRequest;
use Spork\Core\Models\FeatureList;
use Spork\Core\Spork;
use Illuminate\Http\Request;

class FeatureListController
{
Expand Down Expand Up @@ -55,16 +57,25 @@ public function store(StoreRequest $request)
return response()->json($createdFeature, 201);
}

public function update(StoreRequest $request, FeatureList $featureList)
public function update(UpdateRequest $request, $featureList)
{
$featureList = FeatureList::findOrFail($featureList);

abort_unless($featureList->user_id === $request->user()->id, 401);

$featureList->update($request->validated());

event(new FeatureUpdated($featureList));

return response()->json($featureList, 200);
}

public function destroy(FeatureList $featureList)
public function destroy(Request $request, $featureList)
{
$featureList = FeatureList::findOrFail($featureList);

abort_unless($featureList->user_id === $request->user()->id, 401);

$featureList->delete();
event(new FeatureDeleted($featureList));

Expand Down
27 changes: 27 additions & 0 deletions src/Http/Requests/UpdateRequest.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
<?php

namespace Spork\Core\Http\Requests;

use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule;
use Spork\Core\Spork;

class UpdateRequest extends FormRequest
{
public function authorize()
{
return true;
}

public function rules()
{
return [
'name' => 'string',
'feature' => [
'string',
Rule::in(Spork::provides()),
],
'settings' => 'nullable|array',
];
}
}
2 changes: 1 addition & 1 deletion src/Spork.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,6 @@ public static function provides(): array
{
return array_reduce(static::$features, function ($provides, $feature) {
return array_merge($provides, $feature['provides'] ?? []);
}, []);
}, ['core']);
}
}
1 change: 1 addition & 0 deletions src/SporkServiceProvider.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

namespace Spork\Core;

use Spork\Core\Models\FeatureList;
use Illuminate\Foundation\Support\Providers\RouteServiceProvider;
use Illuminate\Support\Facades\Route;

Expand Down
11 changes: 8 additions & 3 deletions tests/Integration/FeatureListTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,17 +29,22 @@ public function testFeatureCreatedEventIsLaunched()
Event::fake();
$user = TestUser::factory()->create();

$this->actingAs($user)->postJson('/api/core/feature-list', [
$response = $this->actingAs($user)->postJson('/api/core/feature-list', [
'name' => 'Test feature',
'feature' => 'core',
'settings' => [],
]);

$this->actingAs($user)->putJson('/api/core/feature-list/1', [
$response->assertStatus(201);
$featureId = $response->getData()->id;
$response2 = $this->actingAs($user)->putJson('/api/core/feature-list/' . $featureId, [
'name' => 'A feature',
]);
$response2->assertStatus(200);

$this->actingAs($user)->deleteJson('/api/core/feature-list/1');
$this->withoutExceptionHandling();
$response3 = $this->actingAs($user)->deleteJson('/api/core/feature-list/' . $featureId);
$response3->assertStatus(204);

Event::assertDispatched(FeatureCreated::class);
Event::assertDispatched(FeatureUpdated::class);
Expand Down
26 changes: 13 additions & 13 deletions tests/Unit/SporkTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,16 +20,16 @@ public function setUp(): void
public function testAddFeatureFiresFeatureRegisteredEvent()
{
Event::fake();
Config::set('spork.core.enabled', true);
Config::set('spork.cores.enabled', true);

Spork::addFeature('core', 'icon', '/path', 'default', []);
Spork::addFeature('cores', 'icon', '/path', 'default', []);

Event::assertDispatched(FeatureRegistered::class);

$this->assertSame([
'core' => [
'name' => 'Core',
'slug' => 'core',
'cores' => [
'name' => 'Cores',
'slug' => 'cores',
'icon' => 'icon',
'path' => '/path',
'enabled' => true,
Expand All @@ -38,24 +38,24 @@ public function testAddFeatureFiresFeatureRegisteredEvent()
],
], Spork::$features);

$this->assertSame([], Spork::provides());
$this->assertSame(['core'], Spork::provides());

$this->assertTrue(Spork::hasFeature('core'));
$this->assertTrue(Spork::hasFeature('cores'));
}

public function testDoesntMakeFeatureAvailable()
{
Event::fake();
Config::set('spork.core.enabled', false);

Spork::addFeature('core', 'icon', '/path', 'default', []);
Spork::addFeature('cores', 'icon', '/path', 'default', []);

Event::assertDispatched(FeatureRegistered::class);

$this->assertSame([
'core' => [
'name' => 'Core',
'slug' => 'core',
'cores' => [
'name' => 'Cores',
'slug' => 'cores',
'icon' => 'icon',
'path' => '/path',
'enabled' => false,
Expand All @@ -64,9 +64,9 @@ public function testDoesntMakeFeatureAvailable()
],
], Spork::$features);

$this->assertSame([], Spork::provides());
$this->assertSame(['core'], Spork::provides());

$this->assertFalse(Spork::hasFeature('core'));
$this->assertFalse(Spork::hasFeature('cores'));
}

public function testLoadWithAddsAsitGetsCalledAndWontDuplicateValues()
Expand Down

0 comments on commit 1eb494c

Please sign in to comment.