Skip to content

Commit 201710b

Browse files
iansltxiansltx
authored
Merge pull request #622 from iansltx/disallow-self-deletion
Disallow users from deleting themselves
2 parents ff3e4b2 + ab054a8 commit 201710b

File tree

2 files changed

+6
-6
lines changed

2 files changed

+6
-6
lines changed

src/controllers/UsersController.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -393,7 +393,7 @@ public function deleteUser(Request $request, PDO $db)
393393

394394
$user_mapper = $this->getUserMapper($db, $request);
395395

396-
$is_admin = $user_mapper->thisUserHasAdminOn($user_id);
396+
$is_admin = $user_mapper->isSiteAdmin($user_id);
397397
if (! $is_admin) {
398398
throw new Exception("You do not have permission to do that", 403);
399399
}

tests/controllers/UsersControllerTest.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ public function testDeleteUserWithNonAdminIdThrowsException()
5050

5151
$userMapper
5252
->expects($this->once())
53-
->method('thisUserHasAdminOn')
53+
->method('isSiteAdmin')
5454
->will($this->returnValue(false));
5555

5656
$usersController->setUserMapper($userMapper);
@@ -67,7 +67,7 @@ public function testDeleteUserWithNonAdminIdThrowsException()
6767
* @expectedException \Exception
6868
* @expectedExceptionMessage There was a problem trying to delete the user
6969
*/
70-
public function testDeleteUserWithAdminAccessThowsExceptionOnFailedDelete()
70+
public function testDeleteUserWithAdminAccessThrowsExceptionOnFailedDelete()
7171
{
7272
$request = new \Request([], ['REQUEST_URI' => "http://api.dev.joind.in/v2.1/users/3", 'REQUEST_METHOD' => 'DELETE']);
7373
$request->user_id = 1;
@@ -82,7 +82,7 @@ public function testDeleteUserWithAdminAccessThowsExceptionOnFailedDelete()
8282

8383
$userMapper
8484
->expects($this->once())
85-
->method('thisUserHasAdminOn')
85+
->method('isSiteAdmin')
8686
->will($this->returnValue(true));
8787

8888
$userMapper
@@ -101,7 +101,7 @@ public function testDeleteUserWithAdminAccessThowsExceptionOnFailedDelete()
101101
*
102102
* @return void
103103
*/
104-
public function testDeleteUserWithAdminAccessDeletesSuccesfully()
104+
public function testDeleteUserWithAdminAccessDeletesSuccessfully()
105105
{
106106
$request = new \Request([], ['REQUEST_URI' => "http://api.dev.joind.in/v2.1/users/3", 'REQUEST_METHOD' => 'DELETE']);
107107
$request->user_id = 1;
@@ -116,7 +116,7 @@ public function testDeleteUserWithAdminAccessDeletesSuccesfully()
116116

117117
$userMapper
118118
->expects($this->once())
119-
->method('thisUserHasAdminOn')
119+
->method('isSiteAdmin')
120120
->will($this->returnValue(true));
121121

122122
$userMapper

0 commit comments

Comments
 (0)