mirror of
https://github.com/shlinkio/shlink.git
synced 2024-12-22 15:13:59 -06:00
Created API tests to cover deletion and renaming of tags with non-admin API keys
This commit is contained in:
parent
2be0050f3d
commit
34bb023b7d
35
module/Rest/test-api/Action/DeleteTagsTest.php
Normal file
35
module/Rest/test-api/Action/DeleteTagsTest.php
Normal file
@ -0,0 +1,35 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace ShlinkioApiTest\Shlink\Rest\Action;
|
||||
|
||||
use GuzzleHttp\RequestOptions;
|
||||
use Shlinkio\Shlink\TestUtils\ApiTest\ApiTestCase;
|
||||
|
||||
class DeleteTagsTest extends ApiTestCase
|
||||
{
|
||||
/**
|
||||
* @test
|
||||
* @dataProvider provideNonAdminApiKeys
|
||||
*/
|
||||
public function anErrorIsReturnedWithNonAdminApiKeys(string $apiKey): void
|
||||
{
|
||||
$resp = $this->callApiWithKey(self::METHOD_DELETE, '/tags', [
|
||||
RequestOptions::QUERY => ['tags' => ['foo']],
|
||||
], $apiKey);
|
||||
$payload = $this->getJsonResponsePayload($resp);
|
||||
|
||||
self::assertEquals(self::STATUS_FORBIDDEN, $resp->getStatusCode());
|
||||
self::assertEquals(self::STATUS_FORBIDDEN, $payload['status']);
|
||||
self::assertEquals('FORBIDDEN_OPERATION', $payload['type']);
|
||||
self::assertEquals('You are not allowed to delete tags', $payload['detail']);
|
||||
self::assertEquals('Forbidden tag operation', $payload['title']);
|
||||
}
|
||||
|
||||
public function provideNonAdminApiKeys(): iterable
|
||||
{
|
||||
yield 'author' => ['author_api_key'];
|
||||
yield 'domain' => ['domain_api_key'];
|
||||
}
|
||||
}
|
38
module/Rest/test-api/Action/RenameTagTest.php
Normal file
38
module/Rest/test-api/Action/RenameTagTest.php
Normal file
@ -0,0 +1,38 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace ShlinkioApiTest\Shlink\Rest\Action;
|
||||
|
||||
use GuzzleHttp\RequestOptions;
|
||||
use Shlinkio\Shlink\TestUtils\ApiTest\ApiTestCase;
|
||||
|
||||
class RenameTagTest extends ApiTestCase
|
||||
{
|
||||
/**
|
||||
* @test
|
||||
* @dataProvider provideNonAdminApiKeys
|
||||
*/
|
||||
public function anErrorIsReturnedWithNonAdminApiKeys(string $apiKey): void
|
||||
{
|
||||
$resp = $this->callApiWithKey(self::METHOD_PUT, '/tags', [
|
||||
RequestOptions::JSON => [
|
||||
'oldName' => 'foo',
|
||||
'newName' => 'foo_renamed',
|
||||
],
|
||||
], $apiKey);
|
||||
$payload = $this->getJsonResponsePayload($resp);
|
||||
|
||||
self::assertEquals(self::STATUS_FORBIDDEN, $resp->getStatusCode());
|
||||
self::assertEquals(self::STATUS_FORBIDDEN, $payload['status']);
|
||||
self::assertEquals('FORBIDDEN_OPERATION', $payload['type']);
|
||||
self::assertEquals('You are not allowed to rename tags', $payload['detail']);
|
||||
self::assertEquals('Forbidden tag operation', $payload['title']);
|
||||
}
|
||||
|
||||
public function provideNonAdminApiKeys(): iterable
|
||||
{
|
||||
yield 'author' => ['author_api_key'];
|
||||
yield 'domain' => ['domain_api_key'];
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user