Change most APIs to require API key #173

CHANGELOG.md

@@ -1,8 +1,23 @@
 # Changelog
 
-## [Unreleased]
+## Alpha 2
 
-## 7.0.0-alpha1
+!! Please do a full reinstall, with recreating the database
 
-### Added
+- Bump minimum PHP version to 7.1, since 7.0 is already deprecated - [#166](https://github.com/nabeelio/phpvms/issues/166)
-- Initial release
+- Add a `SKIN_NAME` template variable to reference the current skin, vs hardcoding the skin name in the templates
+- PIREP hours can't be changed after it's no longer in a pending state
+- DB: `airport.tz` to `airport.timezone`
+- API: Most calls, with exception of ACARS, are now private and require an API key to access
+- API: Allow a `fields` object to set custom PIREP fields, also returns the current values
+
+### Fixes
+
+- PIREP fields being set when filing manually is working
+- Field for the rank's image changed to string input
+
+***
+
+## Alpha 1 (2018-02-04, v7.0.0-alpha1)
+
+- Initial Release

app/Database/migrations/2018_01_03_014930_create_stats_table.php

@@ -23,13 +23,10 @@ class CreateStatsTable extends Migration
             $table->timestamps();
         });
 
-        $this->addCounterGroups([
+        /*$this->addCounterGroups([
             'flights' => 1,
         ]);
 
-        /**
-         * Initial default settings
-         */
         $stats = [
             [
                 'id' => $this->formatSettingId('flights.total_flights'),
@@ -47,7 +44,7 @@ class CreateStatsTable extends Migration
             ],
         ];
 
-        $this->addData('stats', $stats);
+        $this->addData('stats', $stats);*/
     }
 
     /**

app/Routes/api.php

@@ -1,12 +1,22 @@
 <?php
 
 /**
- * public routes
+ * Public routes
  */
 Route::group([], function()
 {
     Route::get('acars', 'AcarsController@index');
+    Route::get('pireps/{pirep_id}/acars/geojson', 'PirepController@acars_geojson');
 
+    Route::get('status', 'StatusController@status');
+    Route::get('version', 'StatusController@status');
+});
+
+/**
+ * these need to be authenticated with a user's API key
+ */
+Route::group(['middleware' => ['api.auth']], function ()
+{
     Route::get('airlines', 'AirlineController@index');
     Route::get('airlines/{id}', 'AirlineController@get');
 
@@ -23,32 +33,24 @@ Route::group([], function()
     Route::get('flights/{id}', 'FlightController@get');
 
     Route::get('pireps/{pirep_id}', 'PirepController@get');
-    Route::get('pireps/{pirep_id}/route', 'PirepController@route_get');
-    Route::get('pireps/{pirep_id}/comments', 'PirepController@comments_get');
-    Route::get('pireps/{pirep_id}/acars/position', 'PirepController@acars_get');
-    Route::get('pireps/{pirep_id}/acars/geojson', 'PirepController@acars_geojson');
-
-    Route::get('status', 'StatusController@status');
-    Route::get('version', 'StatusController@status');
-});
-
-/**
- * these need to be authenticated with a user's API key
- */
-Route::group(['middleware' => ['api.auth']], function ()
-{
-    Route::post('pireps/prefile', 'PirepController@prefile');
-
     Route::put('pireps/{pirep_id}', 'PirepController@update');
-    Route::post('pireps/{pirep_id}/update', 'PirepController@update');
 
+    /*
+     * ACARS related
+     */
+    Route::post('pireps/prefile', 'PirepController@prefile');
+    Route::post('pireps/{pirep_id}/update', 'PirepController@update');
     Route::post('pireps/{pirep_id}/file', 'PirepController@file');
     Route::post('pireps/{pirep_id}/comments', 'PirepController@comments_post');
     Route::delete('pireps/{pirep_id}/cancel', 'PirepController@cancel');
 
+    Route::get('pireps/{pirep_id}/route', 'PirepController@route_get');
     Route::post('pireps/{pirep_id}/route', 'PirepController@route_post');
     Route::delete('pireps/{pirep_id}/route', 'PirepController@route_delete');
 
+    Route::get('pireps/{pirep_id}/comments', 'PirepController@comments_get');
+
+    Route::get('pireps/{pirep_id}/acars/position', 'PirepController@acars_get');
     Route::post('pireps/{pirep_id}/acars/position', 'PirepController@acars_store');
     Route::post('pireps/{pirep_id}/acars/positions', 'PirepController@acars_store');
 
@@ -64,4 +66,5 @@ Route::group(['middleware' => ['api.auth']], function ()
     Route::get('users/{id}', 'UserController@get');
     Route::get('users/{id}/bids', 'UserController@bids');
     Route::get('users/{id}/fleet', 'UserController@fleet');
+
 });

tests/ApiTest.php

@@ -103,6 +103,7 @@ class ApiTest extends TestCase
      */
     public function testGetAllAirports()
     {
+        $this->user = factory(App\Models\User::class)->create();
         factory(App\Models\Airport::class, 70)->create();
 
         $response = $this->get('/api/airports/')
@@ -121,6 +122,7 @@ class ApiTest extends TestCase
 
     public function testGetAllAirportsHubs()
     {
+        $this->user = factory(App\Models\User::class)->create();
         factory(App\Models\Airport::class, 10)->create();
         factory(App\Models\Airport::class)->create(['hub' => 1]);
 
@@ -134,8 +136,15 @@ class ApiTest extends TestCase
      */
     public function testGetSubfleets()
     {
-        $subfleetA = factory(App\Models\Subfleet::class)->create();
+        $this->user = factory(App\Models\User::class)->create();
-        $subfleetB = factory(App\Models\Subfleet::class)->create();
+
+        $subfleetA = factory(App\Models\Subfleet::class)->create([
+            'airline_id' => $this->user->airline_id,
+        ]);
+
+        $subfleetB = factory(App\Models\Subfleet::class)->create([
+            'airline_id' => $this->user->airline_id,
+        ]);
 
         $subfleetA_size = \random_int(2, 10);
         $subfleetB_size = \random_int(2, 10);
@@ -167,9 +176,14 @@ class ApiTest extends TestCase
      */
     public function testGetAircraft()
     {
+        $this->user = factory(App\Models\User::class)->create();
+
         $fare_svc = app(FareService::class);
 
-        $subfleet = factory(App\Models\Subfleet::class)->create();
+        $subfleet = factory(App\Models\Subfleet::class)->create([
+            'airline_id' => $this->user->airline_id
+        ]);
+
         $fare = factory(App\Models\Fare::class)->create();
 
         $fare_svc->setForSubfleet($subfleet, $fare);

tests/FlightTest.php

@@ -15,11 +15,16 @@ class FlightTest extends TestCase
         $this->flightSvc = app(FlightService::class);
     }
 
-    public function addFlight()
+    public function addFlight($user)
     {
-        $flight = factory(App\Models\Flight::class)->create();
+        $flight = factory(App\Models\Flight::class)->create([
+            'airline_id' => $user->airline_id
+        ]);
+
         $flight->subfleets()->syncWithoutDetaching([
-            factory(App\Models\Subfleet::class)->create()->id
+            factory(App\Models\Subfleet::class)->create([
+                'airline_id' => $user->airline_id
+            ])->id
         ]);
 
         return $flight;
@@ -27,7 +32,8 @@ class FlightTest extends TestCase
 
     public function testGetFlight()
     {
-        $flight = $this->addFlight();
+        $this->user = factory(App\Models\User::class)->create();
+        $flight = $this->addFlight($this->user);
 
         $req = $this->get('/api/flights/' . $flight->id);
         $req->assertStatus(200);
@@ -46,7 +52,8 @@ class FlightTest extends TestCase
      */
     public function testSearchFlight()
     {
-        $flight = $this->addFlight();
+        $this->user = factory(App\Models\User::class)->create();
+        $flight = $this->addFlight($this->user);
 
         # search specifically for a flight ID
         $query = 'flight_id=' . $flight->id;
@@ -59,7 +66,11 @@ class FlightTest extends TestCase
      */
     public function testFindAllFlights()
     {
-        factory(App\Models\Flight::class, 70)->create();
+        $this->user = factory(App\Models\User::class)->create();
+        factory(App\Models\Flight::class, 70)->create([
+            'airline_id' => $this->user->airline_id
+        ]);
+
         $res = $this->get('/api/flights');
 
         $body = $res->json();
@@ -71,7 +82,11 @@ class FlightTest extends TestCase
 
     public function testFlightSearchApi()
     {
-        $flights = factory(App\Models\Flight::class, 20)->create();
+        $this->user = factory(App\Models\User::class)->create();
+        $flights = factory(App\Models\Flight::class, 20)->create([
+            'airline_id' => $this->user->airline_id
+        ]);
+
         $flight = $flights->random();
 
         $query = 'flight_number=' . $flight->flight_number;
@@ -90,7 +105,7 @@ class FlightTest extends TestCase
         $user = factory(User::class)->create();
         $headers = $this->headers($user);
 
-        $flight = $this->addFlight();
+        $flight = $this->addFlight($user);
 
         $bid = $this->flightSvc->addBid($flight, $user);
         $this->assertEquals($user->id, $bid->user_id);
@@ -155,10 +170,12 @@ class FlightTest extends TestCase
     {
         setting('bids.disable_flight_on_bid', true);
 
-        $user1 = factory(User::class)->create();;
+        $user1 = factory(User::class)->create();
-        $user2 = factory(User::class)->create();
+        $user2 = factory(User::class)->create([
+            'airline_id' => $user1->airline_id
+        ]);
 
-        $flight = $this->addFlight();
+        $flight = $this->addFlight($user1);
 
         # Put bid on the flight to block it off
         $bid = $this->flightSvc->addBid($flight, $user1);
@@ -175,7 +192,7 @@ class FlightTest extends TestCase
         $user = factory(User::class)->create();
         $headers = $this->headers($user);
 
-        $flight = $this->addFlight();
+        $flight = $this->addFlight($user);
 
         $bid = $this->flightSvc->addBid($flight, $user);
         $this->assertEquals($user->id, $bid->user_id);
@@ -207,4 +224,11 @@ class FlightTest extends TestCase
         $body = $req->json();
         $this->assertEquals(0, sizeof($body));
     }
+
+    public function testRestrictedFlights()
+    {
+        setting('bids.disable_flight_on_bid', true);
+
+
+    }
 }