fix(category permissions) role must match for child and parent (#2486)

* fix(category permissions) role must match for child and parent * fix(Tag) tag role must match parent role * fix(Tag) use entities to check for role
ushahidi · Feb 21, 2018 · a5c1549 · a5c1549
1 parent 70e91c9
commit a5c1549
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 13 deletions.
diff --git a/application/classes/Ushahidi/Repository/Tag.php b/application/classes/Ushahidi/Repository/Tag.php
@@ -174,12 +174,13 @@ public function deleteTag($id)
 	public function isRoleValid(Validation $validation, $fullData)
 	{
 		$valid = true;
-		$isChild = $fullData['parent_id'];
-		$hasRole = !!$fullData['role'];
-		$parent = null;
-		if ($hasRole && $isChild) {
-			$parent = $this->selectOne(['id' => $fullData['parent_id']]);
-			$valid = $parent['role'] !== $fullData['role'];
+		$entityFullData = $this->getEntity($fullData);
+		$isChild = !!$entityFullData->parent_id;
+		$hasRole = !!$entityFullData->role;
+		$parent = $isChild ? $this->selectOne(['id' => $entityFullData->parent_id]) : null;
+		if ($hasRole && $isChild && $parent) {
+			$parent = $this->getEntity($parent);
+			$valid = $parent->role == $entityFullData->role;
 		}
 		if (!$valid) {
 			$validation->error('role', 'tag.role');

diff --git a/tests/datasets/ushahidi/Base.yml b/tests/datasets/ushahidi/Base.yml
@@ -1085,6 +1085,7 @@ tags:
     slug: "test-tag"
     priority: 0
     type: 'category'
+    role: '["admin", "user"]'
   -
     id: 2
     parent_id:

diff --git a/tests/integration/tags.feature b/tests/integration/tags.feature
@@ -13,11 +13,7 @@ Feature: Testing the Tags API
                 "type":"category",
                 "priority":1,
                 "color":"00ff00",
-                "role":
-                    [
-                        "user",
-                        "admin"
-                    ]
+                "role": ["admin", "user"]
             }
             """
         When I request "/tags"
@@ -31,7 +27,6 @@ Feature: Testing the Tags API
         And the "priority" property equals "1"
         And the "type" property equals "category"
         And the response has a "role" property
-        And the type of the "role" property is "array"
         And the "parent.id" property equals "1"
         Then the guzzle status code should be 200
 
@@ -314,7 +309,7 @@ Feature: Testing the Tags API
                 "type":"category",
                 "priority":1,
                 "color":"00ff00",
-                "role":"admin"
+                "role": "admin"
             }
             """
         When I request "/tags"