Replace group page with api

userfrosting · Oct 11, 2024 · bedc7d4 · bedc7d4
1 parent c4699b7
commit bedc7d4
Show file tree

Hide file tree

Showing 8 changed files with 121 additions and 138 deletions.
diff --git a/.vscode/tasks.json b/.vscode/tasks.json
@@ -12,8 +12,8 @@
                 }
             },
             "command": "printf '\\33c\\e[3J' && vendor/bin/phpunit --stop-on-error --stop-on-failure",
-            // "command": "printf '\\33c\\e[3J' && vendor/bin/phpunit --filter UserRedirectedToDashboardTest --stop-on-error --stop-on-failure",
-           "problemMatcher": [],
+            // "command": "printf '\\33c\\e[3J' && vendor/bin/phpunit --filter GroupApiTest --stop-on-error --stop-on-failure",
+            "problemMatcher": [],
             "group": {
                 "kind": "build",
                 "isDefault": true

diff --git a/.../Controller/Dashboard/DashboardAction.php → ...src/Controller/Dashboard/DashboardApi.php b/.../Controller/Dashboard/DashboardAction.php → ...src/Controller/Dashboard/DashboardApi.php
@@ -29,7 +29,7 @@
 /**
  * Api for /dashboard URL. Handles admin-related activities.
  */
-class DashboardAction
+class DashboardApi
 {
     /**
      * Inject dependencies.

diff --git a/app/src/Controller/Group/GroupApi.php b/app/src/Controller/Group/GroupApi.php
@@ -0,0 +1,82 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * UserFrosting Admin Sprinkle (http://www.userfrosting.com)
+ *
+ * @link      https://github.com/userfrosting/sprinkle-admin
+ * @copyright Copyright (c) 2013-2024 Alexander Weissman & Louis Charette
+ * @license   https://github.com/userfrosting/sprinkle-admin/blob/master/LICENSE.md (MIT License)
+ */
+
+namespace UserFrosting\Sprinkle\Admin\Controller\Group;
+
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use UserFrosting\Sprinkle\Account\Authenticate\Authenticator;
+use UserFrosting\Sprinkle\Account\Database\Models\Interfaces\GroupInterface;
+use UserFrosting\Sprinkle\Account\Exceptions\ForbiddenException;
+
+/**
+ * Returns the group as an JSON endpoint.
+ *
+ * This checks that the currently logged-in user has permission to view the requested group's info.
+ * This page requires authentication.
+ *
+ * Request type: GET
+ */
+class GroupApi
+{
+    /**
+     * Inject dependencies.
+     */
+    public function __construct(
+        protected Authenticator $authenticator,
+    ) {
+    }
+
+    /**
+     * Receive the request, dispatch to the handler, and return the payload to
+     * the response.
+     *
+     * @param GroupInterface $group    The group to display, injected by the middleware.
+     * @param Response       $response
+     */
+    public function __invoke(GroupInterface $group, Response $response): Response
+    {
+        $this->validateAccess($group);
+        $payload = json_encode($group, JSON_THROW_ON_ERROR);
+        $response->getBody()->write($payload);
+
+        return $response->withHeader('Content-Type', 'application/json');
+    }
+
+    /**
+     * Validate access to the page.
+     *
+     * @throws ForbiddenException
+     */
+    protected function validateAccess(GroupInterface $group): void
+    {
+        // TODO : Change access to "api.group" or similar
+        if (!$this->authenticator->checkAccess('uri_group', [
+            'group' => $group,
+        ])) {
+            throw new ForbiddenException();
+        }
+
+        // Determine fields that currentUser is authorized to view
+        // TODO : Deprecated this properly,
+        // TODO : Handle view_group_field_own
+        /*$fieldNames = ['name', 'slug', 'icon', 'description'];
+        foreach ($fieldNames as $field) {
+            if (!$this->authenticator->checkAccess('view_group_field', [
+                'group'    => $group,
+                'property' => $field,
+            ])) {
+                throw new ForbiddenException();
+            }
+        }*/
+    }
+}
diff --git a/app/src/Controller/Group/GroupPageAction.php b/app/src/Controller/Group/GroupPageAction.php
diff --git a/app/src/Routes/DashboardRoutes.php b/app/src/Routes/DashboardRoutes.php
@@ -16,7 +16,7 @@
 use UserFrosting\Routes\RouteDefinitionInterface;
 use UserFrosting\Sprinkle\Account\Authenticate\AuthGuard;
 use UserFrosting\Sprinkle\Admin\Controller\Dashboard\CacheApiAction;
-use UserFrosting\Sprinkle\Admin\Controller\Dashboard\DashboardAction;
+use UserFrosting\Sprinkle\Admin\Controller\Dashboard\DashboardApi;
 use UserFrosting\Sprinkle\Core\Middlewares\NoCache;
 
 /*
@@ -26,7 +26,7 @@ class DashboardRoutes implements RouteDefinitionInterface
 {
     public function register(App $app): void
     {
-        $app->get('/api/dashboard', DashboardAction::class)
+        $app->get('/api/dashboard', DashboardApi::class)
             ->setName('dashboard')
             ->add(NoCache::class);
 

diff --git a/app/src/Routes/GroupsRoute.php b/app/src/Routes/GroupsRoute.php
@@ -16,10 +16,10 @@
 use Slim\Routing\RouteCollectorProxy;
 use UserFrosting\Routes\RouteDefinitionInterface;
 use UserFrosting\Sprinkle\Account\Authenticate\AuthGuard;
+use UserFrosting\Sprinkle\Admin\Controller\Group\GroupApi;
 use UserFrosting\Sprinkle\Admin\Controller\Group\GroupCreateAction;
 use UserFrosting\Sprinkle\Admin\Controller\Group\GroupDeleteAction;
 use UserFrosting\Sprinkle\Admin\Controller\Group\GroupEditAction;
-use UserFrosting\Sprinkle\Admin\Controller\Group\GroupPageAction;
 use UserFrosting\Sprinkle\Admin\Controller\Group\GroupsSprunjeAction as GroupsSprunje;
 use UserFrosting\Sprinkle\Admin\Controller\Group\GroupUsersSprunje;
 use UserFrosting\Sprinkle\Admin\Middlewares\GroupInjector;
@@ -35,7 +35,7 @@ public function register(App $app): void
         $app->group('/api/groups', function (RouteCollectorProxy $group) {
             $group->get('', GroupsSprunje::class)
                   ->setName('api_groups');
-            $group->get('/g/{slug}', GroupPageAction::class)
+            $group->get('/g/{slug}', GroupApi::class)
                   ->add(GroupInjector::class)
                   ->setName('api_group');
             $group->delete('/g/{slug}', GroupDeleteAction::class)

diff --git a/app/tests/Controller/Dashboard/DashboardActionTest.php b/app/tests/Controller/Dashboard/DashboardActionTest.php
@@ -17,7 +17,7 @@
 use Mockery\Adapter\Phpunit\MockeryPHPUnitIntegration;
 use UserFrosting\Sprinkle\Account\Database\Models\User;
 use UserFrosting\Sprinkle\Account\Testing\WithTestUser;
-use UserFrosting\Sprinkle\Admin\Controller\Dashboard\DashboardAction;
+use UserFrosting\Sprinkle\Admin\Controller\Dashboard\DashboardApi;
 use UserFrosting\Sprinkle\Admin\Tests\AdminTestCase;
 use UserFrosting\Sprinkle\Core\Testing\RefreshDatabase;
 
@@ -93,10 +93,10 @@ public function testPageDashboardWithPDOException(): void
             ->getMock();
 
         // Create fake controller, inject mocked connection and set it in container
-        $controller = $this->ci->make(DashboardAction::class, [
+        $controller = $this->ci->make(DashboardApi::class, [
             'dbConnection' => $connection,
         ]);
-        $this->ci->set(DashboardAction::class, $controller);
+        $this->ci->set(DashboardApi::class, $controller);
 
         /** @var User */
         $user = User::factory()->create();

diff --git a/.../Controller/Group/GroupPageActionTest.php → app/tests/Controller/Group/GroupApiTest.php b/.../Controller/Group/GroupPageActionTest.php → app/tests/Controller/Group/GroupApiTest.php
@@ -19,7 +19,7 @@
 use UserFrosting\Sprinkle\Admin\Tests\AdminTestCase;
 use UserFrosting\Sprinkle\Core\Testing\RefreshDatabase;
 
-class GroupPageActionTest extends AdminTestCase
+class GroupApiTest extends AdminTestCase
 {
     use RefreshDatabase;
     use WithTestUser;
@@ -34,7 +34,7 @@ public function setUp(): void
         $this->refreshDatabase();
     }
 
-    public function testPageForGuestUser(): void
+    public function testForGuestUser(): void
     {
         // Create request with method and url and fetch response
         $request = $this->createJsonRequest('GET', '/api/groups/g/foo');
@@ -45,7 +45,7 @@ public function testPageForGuestUser(): void
         $this->assertResponseStatus(400, $response);
     }
 
-    public function testPageForForbiddenException(): void
+    public function testForForbiddenException(): void
     {
         /** @var User */
         $user = User::factory()->create();
@@ -63,7 +63,7 @@ public function testPageForForbiddenException(): void
         $this->assertResponseStatus(403, $response);
     }
 
-    public function testPageForNotFound(): void
+    public function testForNotFound(): void
     {
         /** @var User */
         $user = User::factory()->create();
@@ -77,4 +77,29 @@ public function testPageForNotFound(): void
         $this->assertJsonResponse('Group not found', $response, 'description');
         $this->assertResponseStatus(404, $response);
     }
+
+    public function testApi(): void
+    {
+        /** @var User */
+        $user = User::factory()->create();
+        $this->actAsUser($user, permissions: ['uri_group']);
+
+        /** @var Group */
+        $group = Group::factory()->create();
+
+        // Create request with method and url and fetch response
+        $request = $this->createJsonRequest('GET', '/api/groups/g/' . $group->slug);
+        $response = $this->handleRequest($request);
+
+        // Assert response status & body
+        $this->assertJsonStructure([
+            'id',
+            'slug',
+            'name',
+            'description',
+            'icon',
+            'created_at',
+            'updated_at'
+        ], $response);
+    }
 }