From ec55bc4aa4e84bf34cad8f9bd6552649df9e0e13 Mon Sep 17 00:00:00 2001
From: "florian.azizian" <florian.azizian@maarch.org>
Date: Wed, 26 Jun 2019 17:22:04 +0100
Subject: [PATCH] FIX #10733 TIME 0:45 refactor admin group routes

---
 rest/index.php                                 |  4 ++--
 src/app/group/controllers/GroupController.php  | 11 ++++++-----
 .../app/group/GroupControllerTest.php          | 18 +++++++++++++++---
 3 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/rest/index.php b/rest/index.php
index 675d471afd..db291fb26e 100755
--- a/rest/index.php
+++ b/rest/index.php
@@ -92,8 +92,8 @@ $app->get('/groups/{id}', \Group\controllers\GroupController::class . ':getById'
 $app->delete('/groups/{id}', \Group\controllers\GroupController::class . ':delete');
 $app->put('/groups/{id}', \Group\controllers\GroupController::class . ':update');
 $app->put('/groups/{id}/privilege/{privilegeId}', \Group\controllers\GroupController::class . ':updateGroupPrivilege');
-$app->post('/groups/{id}/user/{userId}', \Group\controllers\GroupController::class . ':addUser');
-$app->delete('/groups/{id}/user/{userId}', \Group\controllers\GroupController::class . ':removeUser');
+$app->put('/groups/{id}/users', \Group\controllers\GroupController::class . ':addUser');
+$app->delete('/groups/{id}/users/{userId}', \Group\controllers\GroupController::class . ':removeUser');
 
 //Users
 $app->post('/users', \User\controllers\UserController::class . ':create');
diff --git a/src/app/group/controllers/GroupController.php b/src/app/group/controllers/GroupController.php
index 457e0b16f5..c26bbf103d 100755
--- a/src/app/group/controllers/GroupController.php
+++ b/src/app/group/controllers/GroupController.php
@@ -211,26 +211,27 @@ class GroupController
             return $response->withStatus(403)->withJson(['errors' => 'Privilege forbidden']);
         }
 
+        $body = $request->getParsedBody();
         if (!Validator::intVal()->notEmpty()->validate($aArgs['id'])) {
             return $response->withStatus(400)->withJson(['errors' => 'Id must be an integer']);
-        } elseif (!Validator::intVal()->notEmpty()->validate($aArgs['userId'])) {
+        } elseif (!Validator::intVal()->notEmpty()->validate($body['userId'])) {
             return $response->withStatus(400)->withJson(['errors' => 'userId must be an integer']);
         }
 
         $group = GroupModel::getById(['id' => $aArgs['id']]);
-        $user  = UserModel::getById(['id' => $aArgs['userId'], 'select' => ['firstname', 'lastname']]);
+        $user  = UserModel::getById(['id' => $body['userId'], 'select' => ['firstname', 'lastname']]);
         
         if (empty($group)) {
             return $response->withStatus(400)->withJson(['errors' => 'Group not found']);
         } elseif (empty($user)) {
             return $response->withStatus(400)->withJson(['errors' => 'User not found']);
-        } elseif (UserGroupModel::hasGroup(['groupId' => $aArgs['id'], 'userId' => $aArgs['userId']])) {
+        } elseif (UserGroupModel::hasGroup(['groupId' => $aArgs['id'], 'userId' => $body['userId']])) {
             return $response->withStatus(400)->withJson(['errors' => 'This user already has this group']);
         }
 
         UserGroupModel::addUser([
             'groupId' => $aArgs['id'],
-            'userId'  => $aArgs['userId']
+            'userId'  => $body['userId']
         ]);
 
         HistoryController::add([
@@ -244,7 +245,7 @@ class GroupController
         HistoryController::add([
             'code'          => 'OK',
             'objectType'    => 'users',
-            'objectId'      => $aArgs['userId'],
+            'objectId'      => $body['userId'],
             'type'          => 'MODIFICATION',
             'message'       => "{groupAdded} : {$group['label']}"
         ]);
diff --git a/test/unitTests/app/group/GroupControllerTest.php b/test/unitTests/app/group/GroupControllerTest.php
index 4fa537c2da..49000f1e9b 100755
--- a/test/unitTests/app/group/GroupControllerTest.php
+++ b/test/unitTests/app/group/GroupControllerTest.php
@@ -80,13 +80,25 @@ class GroupControllerTest extends TestCase
         $environment    = \Slim\Http\Environment::mock(['REQUEST_METHOD' => 'POST']);
         $request        = \Slim\Http\Request::createFromEnvironment($environment);
 
-        $response     = $groupController->addUser($request, new \Slim\Http\Response(), ['id' => self::$groupId, 'userId' => 1]);
+        $aArgs = [
+            'userId' => 1
+        ];
+
+        $fullRequest = \httpRequestCustom::addContentInBody($aArgs, $request);
+
+        $response     = $groupController->addUser($fullRequest, new \Slim\Http\Response(), ['id' => self::$groupId]);
         $responseBody = json_decode((string)$response->getBody());
 
         $this->assertEmpty($responseBody);
 
         //Fail
-        $response     = $groupController->addUser($request, new \Slim\Http\Response(), ['id' => self::$groupId, 'userId' => 12456789]);
+
+        $aArgs = [
+            'userId' => 12456789
+        ];
+
+        $fullRequest = \httpRequestCustom::addContentInBody($aArgs, $request);
+        $response     = $groupController->addUser($fullRequest, new \Slim\Http\Response(), ['id' => self::$groupId]);
         $responseBody = json_decode((string)$response->getBody());
 
         $this->assertSame('User not found', $responseBody->errors);
@@ -125,7 +137,7 @@ class GroupControllerTest extends TestCase
         $this->assertEmpty($responseBody);
 
         //Fail
-        $response     = $groupController->addUser($request, new \Slim\Http\Response(), ['id' => self::$groupId, 'userId' => 12456789]);
+        $response     = $groupController->removeUser($request, new \Slim\Http\Response(), ['id' => self::$groupId, 'userId' => 12456789]);
         $responseBody = json_decode((string)$response->getBody());
 
         $this->assertSame('User not found', $responseBody->errors);
-- 
GitLab