diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php index 139de4c84..b148ea649 100644 --- a/app/controllers/api/teams.php +++ b/app/controllers/api/teams.php @@ -403,7 +403,7 @@ $utopia->post('/v1/teams/:teamId/memberships') $utopia->patch('/v1/teams/:teamId/memberships/:inviteId/status') ->desc('Update Team Membership Status') - ->label('scope', 'auth') + ->label('scope', 'public') ->label('sdk.namespace', 'teams') ->label('sdk.method', 'updateTeamMembershipStatus') ->label('sdk.description', '/docs/references/teams/update-team-membership-status.md') @@ -420,11 +420,15 @@ $utopia->patch('/v1/teams/:teamId/memberships/:inviteId/status') throw new Exception('Invite not found', 404); } - if ($membership->getAttribute('teamId')->getUid() !== $teamId) { + if ($membership->getAttribute('teamId') !== $teamId) { throw new Exception('Team IDs don\'t match', 404); } + Authorization::disable(); + $team = $projectDB->getDocument($teamId); + + Authorization::enable(); if (empty($team->getUid()) || Database::SYSTEM_COLLECTION_TEAMS != $team->getCollection()) { throw new Exception('Team not found', 404); @@ -485,10 +489,14 @@ $utopia->patch('/v1/teams/:teamId/memberships/:inviteId/status') throw new Exception('Failed saving user to DB', 500); } + Authorization::disable(); + $team = $projectDB->updateDocument(array_merge($team->getArrayCopy(), [ 'sum' => $team->getAttribute('sum', 0) + 1, ])); + Authorization::enable(); + if (false === $team) { throw new Exception('Failed saving team to DB', 500); } diff --git a/tests/e2e/Services/Teams/TeamsBase.php b/tests/e2e/Services/Teams/TeamsBase.php index f85c36d21..a2f292bc2 100644 --- a/tests/e2e/Services/Teams/TeamsBase.php +++ b/tests/e2e/Services/Teams/TeamsBase.php @@ -26,6 +26,7 @@ trait TeamsBase $this->assertIsInt($response1['body']['dateCreated']); $teamUid = $response1['body']['$uid']; + $teamName = $response1['body']['name']; $response2 = $this->client->call(Client::METHOD_POST, '/teams', array_merge([ 'content-type' => 'application/json', @@ -66,7 +67,7 @@ trait TeamsBase $this->assertEquals(400, $response['headers']['status-code']); - return ['teamUid' => $teamUid]; + return ['teamUid' => $teamUid, 'teamName' => $teamName]; } /** diff --git a/tests/e2e/Services/Teams/TeamsBaseClient.php b/tests/e2e/Services/Teams/TeamsBaseClient.php index c10062be0..4c7f14df3 100644 --- a/tests/e2e/Services/Teams/TeamsBaseClient.php +++ b/tests/e2e/Services/Teams/TeamsBaseClient.php @@ -11,12 +11,12 @@ trait TeamsBaseClient */ public function testGetTeamMembers($data):array { - $uid = (isset($data['teamUid'])) ? $data['teamUid'] : ''; + $teamUid = (isset($data['teamUid'])) ? $data['teamUid'] : ''; /** * Test for SUCCESS */ - $response = $this->client->call(Client::METHOD_GET, '/teams/'.$uid.'/members', array_merge([ + $response = $this->client->call(Client::METHOD_GET, '/teams/'.$teamUid.'/members', array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$uid'], ], $this->getHeaders())); @@ -32,7 +32,7 @@ trait TeamsBaseClient * Test for FAILURE */ - return []; + return $data; } /** @@ -40,13 +40,14 @@ trait TeamsBaseClient */ public function testCreateTeamMembership($data):array { - $uid = (isset($data['teamUid'])) ? $data['teamUid'] : ''; + $teamUid = (isset($data['teamUid'])) ? $data['teamUid'] : ''; + $teamName = (isset($data['teamName'])) ? $data['teamName'] : ''; $email = uniqid().'friend@localhost.test'; /** * Test for SUCCESS */ - $response = $this->client->call(Client::METHOD_POST, '/teams/'.$uid.'/memberships', array_merge([ + $response = $this->client->call(Client::METHOD_POST, '/teams/'.$teamUid.'/memberships', array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$uid'], ], $this->getHeaders()), [ @@ -64,11 +65,20 @@ trait TeamsBaseClient $this->assertIsInt($response['body']['joined']); $this->assertEquals(false, $response['body']['confirm']); + $lastEmail = $this->getLastEmail(); + + $this->assertEquals($email, $lastEmail['to'][0]['address']); + $this->assertEquals('Friend User', $lastEmail['to'][0]['name']); + $this->assertEquals('Invitation to '.$teamName.' Team at '.$this->getProject()['name'], $lastEmail['subject']); + + $secret = substr($lastEmail['text'], strpos($lastEmail['text'], '&secret=', 0) + 8, 256); + $inviteUid = substr($lastEmail['text'], strpos($lastEmail['text'], '?inviteId=', 0) + 10, 13); + $userUid = substr($lastEmail['text'], strpos($lastEmail['text'], '&userId=', 0) + 8, 13); + /** * Test for FAILURE */ - - $response = $this->client->call(Client::METHOD_POST, '/teams/'.$uid.'/memberships', array_merge([ + $response = $this->client->call(Client::METHOD_POST, '/teams/'.$teamUid.'/memberships', array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$uid'], ], $this->getHeaders()), [ @@ -80,6 +90,115 @@ trait TeamsBaseClient $this->assertEquals(400, $response['headers']['status-code']); + $response = $this->client->call(Client::METHOD_POST, '/teams/'.$teamUid.'/memberships', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$uid'], + ], $this->getHeaders()), [ + 'email' => $email, + 'name' => 'Friend User', + 'roles' => 'bad string', + 'url' => 'http://localhost:5000/join-us#title' + ]); + + $this->assertEquals(400, $response['headers']['status-code']); + + $response = $this->client->call(Client::METHOD_POST, '/teams/'.$teamUid.'/memberships', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$uid'], + ], $this->getHeaders()), [ + 'email' => $email, + 'name' => 'Friend User', + 'roles' => ['admin', 'editor'], + 'url' => 'http://example.com/join-us#title' // bad url + ]); + + $this->assertEquals(400, $response['headers']['status-code']); + + return [ + 'teamUid' => $teamUid, + 'secret' => $secret, + 'inviteUid' => $inviteUid, + 'userUid' => $userUid, + ]; + } + + /** + * @depends testCreateTeamMembership + */ + public function testUpdateTeamMembership($data):array + { + $teamUid = (isset($data['teamUid'])) ? $data['teamUid'] : ''; + $secret = (isset($data['secret'])) ? $data['secret'] : ''; + $inviteUid = (isset($data['inviteUid'])) ? $data['inviteUid'] : ''; + $userUid = (isset($data['userUid'])) ? $data['userUid'] : ''; + + /** + * Test for SUCCESS + */ + $response = $this->client->call(Client::METHOD_PATCH, '/teams/'.$teamUid.'/memberships/'.$inviteUid.'/status', array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$uid'], + ]), [ + 'secret' => $secret, + 'userId' => $userUid, + ]); + + $this->assertEquals(200, $response['headers']['status-code']); + $this->assertNotEmpty($response['body']['$uid']); + $this->assertNotEmpty($response['body']['userId']); + $this->assertNotEmpty($response['body']['teamId']); + $this->assertCount(2, $response['body']['roles']); + $this->assertIsInt($response['body']['joined']); + $this->assertEquals(true, $response['body']['confirm']); + + /** + * Test for FAILURE + */ + $response = $this->client->call(Client::METHOD_PATCH, '/teams/'.$teamUid.'/memberships/'.$inviteUid.'/status', array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$uid'], + ]), [ + 'secret' => 'sdasdasd', + 'userId' => $userUid, + ]); + + $this->assertEquals(401, $response['headers']['status-code']); + + $response = $this->client->call(Client::METHOD_PATCH, '/teams/'.$teamUid.'/memberships/'.$inviteUid.'/status', array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$uid'], + ]), [ + 'secret' => '', + 'userId' => $userUid, + ]); + + $this->assertEquals(400, $response['headers']['status-code']); + + $response = $this->client->call(Client::METHOD_PATCH, '/teams/'.$teamUid.'/memberships/'.$inviteUid.'/status', array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$uid'], + ]), [ + 'secret' => $secret, + 'userId' => 'sdasd', + ]); + + $this->assertEquals(401, $response['headers']['status-code']); + + $response = $this->client->call(Client::METHOD_PATCH, '/teams/'.$teamUid.'/memberships/'.$inviteUid.'/status', array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$uid'], + ]), [ + 'secret' => $secret, + 'userId' => '', + ]); + + $this->assertEquals(400, $response['headers']['status-code']); + return []; } } \ No newline at end of file