From 39f49fc53923eadccae4b949d07ff2bb44ae5aba Mon Sep 17 00:00:00 2001 From: Marcin Kurczewski Date: Fri, 9 May 2014 20:23:12 +0200 Subject: [PATCH] Fixed post score validation --- src/Models/UserModel.php | 2 + tests/JobTests/ScorePostJobTest.php | 122 ++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+) create mode 100644 tests/JobTests/ScorePostJobTest.php diff --git a/src/Models/UserModel.php b/src/Models/UserModel.php index b9a5758e..9216f796 100644 --- a/src/Models/UserModel.php +++ b/src/Models/UserModel.php @@ -144,6 +144,8 @@ final class UserModel extends AbstractCrudModel ->add(new Sql\EqualsFunctor('user_id', new Sql\Binding($user->getId())))); Database::exec($stmt); $score = intval($score); + if (abs($score) > 1) + throw new SimpleException('Invalid score'); if ($score != 0) { $stmt = new Sql\InsertStatement(); diff --git a/tests/JobTests/ScorePostJobTest.php b/tests/JobTests/ScorePostJobTest.php new file mode 100644 index 00000000..60543118 --- /dev/null +++ b/tests/JobTests/ScorePostJobTest.php @@ -0,0 +1,122 @@ +grantAccess('scorePost'); + $this->login($this->mockUser()); + $post = $this->mockPost(Auth::getCurrentUser()); + + $this->assert->areEqual(0, $post->getScore()); + + $post = $this->assert->doesNotThrow(function() use ($post) + { + return Api::run( + new ScorePostJob(), + [ + ScorePostJob::POST_ID => $post->getId(), + ScorePostJob::SCORE => 1, + ]); + }); + + $this->assert->areEqual(1, $post->getScore()); + } + + public function testNegativeScore() + { + $this->grantAccess('scorePost'); + $this->login($this->mockUser()); + $post = $this->mockPost(Auth::getCurrentUser()); + + $post = $this->assert->doesNotThrow(function() use ($post) + { + return Api::run( + new ScorePostJob(), + [ + ScorePostJob::POST_ID => $post->getId(), + ScorePostJob::SCORE => -1, + ]); + }); + + $this->assert->areEqual(-1, $post->getScore()); + } + + public function testInvalidScore() + { + $this->grantAccess('scorePost'); + $this->login($this->mockUser()); + $post = $this->mockPost(Auth::getCurrentUser()); + + $this->assert->throws(function() use ($post) + { + Api::run( + new ScorePostJob(), + [ + ScorePostJob::POST_ID => $post->getId(), + ScorePostJob::SCORE => 2, + ]); + }, 'Invalid score'); + + $this->assert->areEqual(0, $post->getScore()); + } + + public function testScoreOverwriting() + { + $this->grantAccess('scorePost'); + $this->login($this->mockUser()); + $post = $this->mockPost(Auth::getCurrentUser()); + + $post = $this->assert->doesNotThrow(function() use ($post) + { + return Api::run( + new ScorePostJob(), + [ + ScorePostJob::POST_ID => $post->getId(), + ScorePostJob::SCORE => -1, + ]); + }); + + $post = $this->assert->doesNotThrow(function() use ($post) + { + return Api::run( + new ScorePostJob(), + [ + ScorePostJob::POST_ID => $post->getId(), + ScorePostJob::SCORE => 1, + ]); + }); + + $this->assert->areEqual(1, $post->getScore()); + } + + public function testScoreTwoPeople() + { + $this->grantAccess('scorePost'); + $this->login($this->mockUser()); + $post = $this->mockPost(Auth::getCurrentUser()); + + $post = $this->assert->doesNotThrow(function() use ($post) + { + return Api::run( + new ScorePostJob(), + [ + ScorePostJob::POST_ID => $post->getId(), + ScorePostJob::SCORE => 1, + ]); + }); + + $this->login($this->mockUser()); + + $post = $this->assert->doesNotThrow(function() use ($post) + { + return Api::run( + new ScorePostJob(), + [ + ScorePostJob::POST_ID => $post->getId(), + ScorePostJob::SCORE => 1, + ]); + }); + + $this->assert->areEqual(2, $post->getScore()); + } +}