Added DELTE /records/{recordId}/credentials/{credentialId}
This commit is contained in:
parent
b9a6e5d7f9
commit
877e7c9e02
|
@ -81,4 +81,28 @@ class Credentials
|
|||
return $res->withJson(['error' => 'The provided key is invalid.'], 400);
|
||||
}
|
||||
}
|
||||
|
||||
public function delete(Request $req, Response $res, array $args)
|
||||
{
|
||||
$userId = $req->getAttribute('userId');
|
||||
$recordId = intval($args['recordId']);
|
||||
$credentialId = intval($args['credentialId']);
|
||||
|
||||
$ac = new \Operations\AccessControl($this->c);
|
||||
if (!$ac->canAccessRecord($userId, $recordId)) {
|
||||
$this->logger->info('User tries to delete credential without permissions.');
|
||||
return $res->withJson(['error' => 'You have no permission for this record'], 403);
|
||||
}
|
||||
|
||||
$credentials = new \Operations\Credentials($this->c);
|
||||
|
||||
try {
|
||||
$credentials->deleteCredential($recordId, $credentialId);
|
||||
|
||||
$this->logger->info('Deleted credential', ['id' => $credentialId]);
|
||||
return $res->withStatus(204);
|
||||
} catch (\Exceptions\NotFoundException $e) {
|
||||
return $res->withJson(['error' => 'No credential found for id ' . $credentialId], 404);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -111,6 +111,39 @@ class Credentials
|
|||
unset($record['security']);
|
||||
}
|
||||
|
||||
$this->db->commit();
|
||||
|
||||
return $record;
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete credential
|
||||
*
|
||||
* @param $recordId Id of the record
|
||||
* @param $credentialId Id of the credential to delete
|
||||
*
|
||||
* @return void
|
||||
*
|
||||
* @throws NotFoundException if credential does not exist
|
||||
*/
|
||||
public function deleteCredential(int $recordId, int $credentialId) : void
|
||||
{
|
||||
$this->db->beginTransaction();
|
||||
|
||||
$query = $this->db->prepare('SELECT id FROM remote WHERE id=:id AND record=:record');
|
||||
$query->bindValue(':id', $credentialId, \PDO::PARAM_INT);
|
||||
$query->bindValue(':record', $recordId, \PDO::PARAM_INT);
|
||||
$query->execute();
|
||||
|
||||
if ($query->fetch() === false) { //Credential does not exist
|
||||
$this->db->rollBack();
|
||||
throw new \Exceptions\NotFoundException();
|
||||
}
|
||||
|
||||
$query = $this->db->prepare('DELETE FROM remote WHERE id=:id');
|
||||
$query->bindValue(':id', $id, \PDO::PARAM_INT);
|
||||
$query->execute();
|
||||
|
||||
$this->db->commit();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -194,6 +194,8 @@ class Domains
|
|||
$query = $this->db->prepare('DELETE FROM records WHERE domain_id=:id');
|
||||
$query->bindValue(':id', $id, \PDO::PARAM_INT);
|
||||
$query->execute();
|
||||
|
||||
$this->db->commit();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -214,6 +214,8 @@ class Records
|
|||
$query = $this->db->prepare('DELETE FROM records WHERE id=:id');
|
||||
$query->bindValue(':id', $id, \PDO::PARAM_INT);
|
||||
$query->execute();
|
||||
|
||||
$this->db->commit();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -44,6 +44,7 @@ $app->group('/v1', function () {
|
|||
|
||||
$this->get('/records/{recordId}/credentials', '\Controllers\Credentials:getList');
|
||||
$this->post('/records/{recordId}/credentials', '\Controllers\Credentials:postNew');
|
||||
$this->delete('/records/{recordId}/credentials/{credentialId}', '\Controllers\Credentials:delete');
|
||||
})->add('\Middlewares\Authentication');
|
||||
});
|
||||
|
||||
|
|
|
@ -99,6 +99,29 @@ test.run(async function () {
|
|||
type: 'password',
|
||||
}, 'Adding credential data fail.');
|
||||
|
||||
//Delete entry
|
||||
var res = await req({
|
||||
url: '/records/1/credentials/4',
|
||||
method: 'delete'
|
||||
});
|
||||
|
||||
assert.equal(res.status, 204, 'Deletion of entry should succeed.');
|
||||
|
||||
//Delete not existing entry
|
||||
var res = await req({
|
||||
url: '/records/1/credentials/100',
|
||||
method: 'delete'
|
||||
});
|
||||
|
||||
assert.equal(res.status, 404, 'Deletion of not existing entry should fail.');
|
||||
|
||||
//Delete entry via wrong record
|
||||
var res = await req({
|
||||
url: '/records/4/credentials/5',
|
||||
method: 'delete'
|
||||
});
|
||||
|
||||
assert.equal(res.status, 404, 'Deletion of entry via wrong record should fail.');
|
||||
|
||||
});
|
||||
|
||||
|
@ -133,5 +156,21 @@ test.run(async function () {
|
|||
description: 'Test Password',
|
||||
type: 'password',
|
||||
}, 'Adding credential data fail.');
|
||||
|
||||
//Delete entry
|
||||
var res = await req({
|
||||
url: '/records/1/credentials/6',
|
||||
method: 'delete'
|
||||
});
|
||||
|
||||
assert.equal(res.status, 204, 'Deletion of entry should succeed for user.');
|
||||
|
||||
//Delete entry without permission
|
||||
var res = await req({
|
||||
url: '/records/4/credentials/2',
|
||||
method: 'delete'
|
||||
});
|
||||
|
||||
assert.equal(res.status, 403, 'Deletion of entry without permission should fail.');
|
||||
});
|
||||
});
|
|
@ -205,11 +205,11 @@ test.run(async function () {
|
|||
|
||||
//Delete existing domain
|
||||
var res = await req({
|
||||
url: '/domains/1',
|
||||
url: '/domains/8',
|
||||
method: 'delete'
|
||||
});
|
||||
|
||||
assert.equal(res.status, 204, 'Deletion of domain 1 should be successfull.');
|
||||
assert.equal(res.status, 204, 'Deletion of domain 8 should be successfull.');
|
||||
});
|
||||
|
||||
await test('user', async function (assert, req) {
|
||||
|
|
Loading…
Reference in a new issue