Restrict Simbrief to user who generated it (#1064)
* Restrict simbrief to user * Style fixes * Add tests * Style fix
This commit is contained in:
Nabeel S
GitHub
parent
b3af50ac5a
commit
950c7788be
@ -106,7 +106,8 @@ class UserController extends Controller
|
||||
*/
|
||||
public function bids(Request $request)
|
||||
{
|
||||
$user = $this->userSvc->getUser($this->getUserId($request));
|
||||
$user_id = $this->getUserId($request);
|
||||
$user = $this->userSvc->getUser($user_id);
|
||||
|
||||
// Add a bid
|
||||
if ($request->isMethod('PUT') || $request->isMethod('POST')) {
|
||||
|
||||
@ -106,7 +106,13 @@ class FlightController extends Controller
|
||||
}
|
||||
|
||||
$flights = $this->flightRepo->searchCriteria($request)
|
||||
->with(['dpt_airport', 'arr_airport', 'airline'])
|
||||
->with([
|
||||
'dpt_airport',
|
||||
'arr_airport',
|
||||
'airline',
|
||||
'simbrief' => function ($query) use ($user) {
|
||||
$query->where('user_id', $user->id);
|
||||
}, ])
|
||||
->orderBy('flight_number', 'asc')
|
||||
->orderBy('route_leg', 'asc')
|
||||
->paginate();
|
||||
@ -115,6 +121,7 @@ class FlightController extends Controller
|
||||
->pluck('flight_id')->toArray();
|
||||
|
||||
return view('flights.index', [
|
||||
'user' => $user,
|
||||
'airlines' => $this->airlineRepo->selectBoxList(true),
|
||||
'airports' => $this->airportRepo->selectBoxList(true),
|
||||
'flights' => $flights,
|
||||
@ -158,6 +165,7 @@ class FlightController extends Controller
|
||||
}
|
||||
|
||||
return view('flights.bids', [
|
||||
'user' => $user,
|
||||
'airlines' => $this->airlineRepo->selectBoxList(true),
|
||||
'airports' => $this->airportRepo->selectBoxList(true),
|
||||
'flights' => $flights,
|
||||
|
||||
@ -50,7 +50,9 @@ class BidService extends Service
|
||||
$bids = Bid::with([
|
||||
'flight',
|
||||
'flight.fares',
|
||||
'flight.simbrief',
|
||||
'flight.simbrief' => function ($query) use ($user) {
|
||||
$query->where('user_id', $user->id);
|
||||
},
|
||||
'flight.simbrief.aircraft',
|
||||
'flight.subfleets',
|
||||
'flight.subfleets.aircraft',
|
||||
|
||||
@ -82,7 +82,7 @@
|
||||
@endif
|
||||
|
||||
<!-- If this flight has a briefing, show the link to view it-->
|
||||
@if ($flight->simbrief)
|
||||
@if ($flight->simbrief && $flight->simbrief->user_id === $user->id)
|
||||
<a href="{{ route('frontend.simbrief.briefing', $flight->simbrief->id) }}"
|
||||
class="btn btn-sm btn-outline-primary">
|
||||
View Simbrief Flight Plan
|
||||
|
||||
@ -51,18 +51,38 @@ class SimBriefTest extends TestCase
|
||||
* @param \App\Models\User $user
|
||||
* @param \App\Models\Aircraft|null $aircraft
|
||||
* @param array $fares
|
||||
* @param string|null $flight_id
|
||||
*
|
||||
* @return \App\Models\SimBrief
|
||||
*/
|
||||
protected function loadSimBrief(User $user, Aircraft $aircraft, $fares = []): SimBrief
|
||||
protected function loadSimBrief(User $user, Aircraft $aircraft, $fares = [], $flight_id = null): SimBrief
|
||||
{
|
||||
if (empty($flight_id)) {
|
||||
$flight_id = self::$simbrief_flight_id;
|
||||
}
|
||||
|
||||
/** @var \App\Models\Flight $flight */
|
||||
$flight = factory(Flight::class)->create([
|
||||
'id' => self::$simbrief_flight_id,
|
||||
'id' => $flight_id,
|
||||
'dpt_airport_id' => 'OMAA',
|
||||
'arr_airport_id' => 'OMDB',
|
||||
]);
|
||||
|
||||
return $this->downloadOfp($user, $flight, $aircraft, $fares);
|
||||
}
|
||||
|
||||
/**
|
||||
* Download an OFP file
|
||||
*
|
||||
* @param $user
|
||||
* @param $flight
|
||||
* @param $aircraft
|
||||
* @param $fares
|
||||
*
|
||||
* @return \App\Models\SimBrief|null
|
||||
*/
|
||||
protected function downloadOfp($user, $flight, $aircraft, $fares)
|
||||
{
|
||||
$this->mockXmlResponse([
|
||||
'simbrief/briefing.xml',
|
||||
'simbrief/acars_briefing.xml',
|
||||
@ -194,6 +214,62 @@ class SimBriefTest extends TestCase
|
||||
$this->assertEquals($fares[0]['count'], $subfleet['fares'][0]['count']);
|
||||
}
|
||||
|
||||
/**
|
||||
* Make sure that the bids/simbrief created for the same flight by two different
|
||||
* users doesn't leak across users
|
||||
*
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function testUserBidSimbriefDoesntLeak()
|
||||
{
|
||||
$this->updateSetting('bids.disable_flight_on_bid', false);
|
||||
$fares = [
|
||||
[
|
||||
'id' => 100,
|
||||
'code' => 'F',
|
||||
'name' => 'Test Fare',
|
||||
'type' => FareType::PASSENGER,
|
||||
'capacity' => 100,
|
||||
'count' => 99,
|
||||
],
|
||||
];
|
||||
|
||||
/** @var \App\Models\Flight $flight */
|
||||
$flight = factory(Flight::class)->create();
|
||||
|
||||
// Create two briefings and make sure it doesn't leak
|
||||
$userinfo2 = $this->createUserData();
|
||||
$user2 = $userinfo2['user'];
|
||||
$this->downloadOfp($user2, $flight, $userinfo2['aircraft']->first(), $fares);
|
||||
|
||||
$userinfo = $this->createUserData();
|
||||
$user = $userinfo['user'];
|
||||
$briefing = $this->downloadOfp($user, $flight, $userinfo['aircraft']->first(), $fares);
|
||||
|
||||
// Add the flight to the user's bids
|
||||
$uri = '/api/user/bids';
|
||||
$data = ['flight_id' => $flight->id];
|
||||
|
||||
// add for both users
|
||||
$body = $this->put($uri, $data, [], $user2)->json('data');
|
||||
$this->assertNotEmpty($body);
|
||||
|
||||
$body = $this->put($uri, $data, [], $user)->json('data');
|
||||
$this->assertNotEmpty($body);
|
||||
|
||||
$body = $this->get('/api/user/bids', [], $user);
|
||||
$body = $body->json('data')[0];
|
||||
|
||||
// Make sure Simbrief is there
|
||||
$this->assertNotNull($body['flight']['simbrief']['id']);
|
||||
$this->assertNotNull($body['flight']['simbrief']['subfleet']['fares']);
|
||||
$this->assertEquals($body['flight']['simbrief']['id'], $briefing->id);
|
||||
|
||||
$subfleet = $body['flight']['simbrief']['subfleet'];
|
||||
$this->assertEquals($fares[0]['id'], $subfleet['fares'][0]['id']);
|
||||
$this->assertEquals($fares[0]['count'], $subfleet['fares'][0]['count']);
|
||||
}
|
||||
|
||||
public function testAttachToPirep()
|
||||
{
|
||||
$userinfo = $this->createUserData();
|
||||
|
||||
Loading…
Reference in New Issue
Block a user