diff --git a/src/Access/PollPolicy.php b/src/Access/PollPolicy.php index 9026689c..395b2d18 100644 --- a/src/Access/PollPolicy.php +++ b/src/Access/PollPolicy.php @@ -65,6 +65,10 @@ public function changeVote(User $actor, Poll $poll) if (!$poll->allow_change_vote) { return $this->deny(); } + + if ($poll->allow_change_vote) { + return $this->allow(); + } } public function edit(User $actor, Poll $poll) diff --git a/tests/integration/api/ChangeVoteTest.php b/tests/integration/api/ChangeVoteTest.php index a227a981..f8d5ad49 100644 --- a/tests/integration/api/ChangeVoteTest.php +++ b/tests/integration/api/ChangeVoteTest.php @@ -40,10 +40,13 @@ public function setUp(): void ], 'polls' => [ ['id' => 1, 'question' => 'Testing Poll--Global', 'subtitle' => 'Testing subtitle', 'image' => 'pollimage-abcdef.png', 'image_alt' => 'test alt', 'post_id' => null, 'user_id' => 1, 'public_poll' => 0, 'end_date' => null, 'created_at' => '2021-01-01 00:00:00', 'updated_at' => '2021-01-01 00:00:00', 'vote_count' => 0, 'allow_multiple_votes' => 0, 'max_votes' => 0, 'settings' => '{"max_votes": 0,"hide_votes": false,"public_poll": false,"allow_change_vote": false,"allow_multiple_votes": false}'], + ['id' => 2, 'question' => 'Testing Poll--Global 2', 'subtitle' => 'Testing subtitle', 'image' => 'pollimage-abcdef.png', 'image_alt' => 'test alt', 'post_id' => null, 'user_id' => 1, 'public_poll' => 0, 'end_date' => null, 'created_at' => '2021-01-01 00:00:00', 'updated_at' => '2021-01-01 00:00:00', 'vote_count' => 0, 'allow_multiple_votes' => 0, 'max_votes' => 0, 'settings' => '{"max_votes": 0,"hide_votes": false,"public_poll": false,"allow_change_vote": true,"allow_multiple_votes": false}'], ], 'poll_options' => [ ['id' => 1, 'answer' => 'Option 1', 'poll_id' => 1, 'vote_count' => 0, 'image_url' => 'pollimage-hijklm.png', 'created_at' => '2021-01-01 00:00:00', 'updated_at' => '2021-01-01 00:00:00'], ['id' => 2, 'answer' => 'Option 2', 'poll_id' => 1, 'vote_count' => 0, 'image_url' => 'pollimage-nopqrs.png', 'created_at' => '2021-01-01 00:00:00', 'updated_at' => '2021-01-01 00:00:00'], + ['id' => 3, 'answer' => 'Option 3', 'poll_id' => 2, 'vote_count' => 0, 'image_url' => 'pollimage-hijklm.png', 'created_at' => '2021-01-01 00:00:00', 'updated_at' => '2021-01-01 00:00:00'], + ['id' => 4, 'answer' => 'Option 4', 'poll_id' => 2, 'vote_count' => 0, 'image_url' => 'pollimage-nopqrs.png', 'created_at' => '2021-01-01 00:00:00', 'updated_at' => '2021-01-01 00:00:00'], ], 'group_user' => [ ['user_id' => 4, 'group_id' => 4], @@ -58,6 +61,9 @@ public function setUp(): void ['id' => 1, 'poll_id' => 1, 'option_id' => 1, 'user_id' => 1, 'created_at' => Carbon::now(), 'updated_at' => Carbon::now()], ['id' => 2, 'poll_id' => 1, 'option_id' => 1, 'user_id' => 2, 'created_at' => Carbon::now(), 'updated_at' => Carbon::now()], ['id' => 3, 'poll_id' => 1, 'option_id' => 1, 'user_id' => 4, 'created_at' => Carbon::now(), 'updated_at' => Carbon::now()], + ['id' => 4, 'poll_id' => 2, 'option_id' => 3, 'user_id' => 1, 'created_at' => Carbon::now(), 'updated_at' => Carbon::now()], + ['id' => 5, 'poll_id' => 2, 'option_id' => 3, 'user_id' => 2, 'created_at' => Carbon::now(), 'updated_at' => Carbon::now()], + ['id' => 6, 'poll_id' => 2, 'option_id' => 3, 'user_id' => 4, 'created_at' => Carbon::now(), 'updated_at' => Carbon::now()], ], ]); } @@ -95,7 +101,7 @@ public function validation_error_when_no_data_is_passed() * * @dataProvider usersWhoCanChangeVote */ - public function user_with_permission_can_change_vote(int $userId) + public function user_with_permission_can_change_vote_on_no_change_poll(int $userId) { $response = $this->send( $this->request('PATCH', '/api/fof/polls/1/votes', [ @@ -120,7 +126,7 @@ public function user_with_permission_can_change_vote(int $userId) /** * @test */ - public function user_without_permission_cannot_change_vote() + public function user_without_permission_cannot_change_vote_on_no_change_poll() { $response = $this->send( $this->request('PATCH', '/api/fof/polls/1/votes', [ @@ -141,4 +147,56 @@ public function user_without_permission_cannot_change_vote() $this->assertEquals(1, $vote->option_id); } + + /** + * @test + * + * @dataProvider usersWhoCanChangeVote + */ + public function user_with_permission_can_change_vote_on_change_poll(int $userId) + { + $response = $this->send( + $this->request('PATCH', '/api/fof/polls/2/votes', [ + 'authenticatedAs' => $userId, + 'json' => [ + 'data' => [ + 'optionIds' => [ + 4, + ], + ], + ], + ]) + ); + + $this->assertEquals(200, $response->getStatusCode()); + + $vote = PollVote::where('user_id', $userId)->where('poll_id', 2)->first(); + + $this->assertEquals(4, $vote->option_id); + } + + /** + * @test + */ + public function user_without_permission_can_change_vote_on_change_poll() + { + $response = $this->send( + $this->request('PATCH', '/api/fof/polls/2/votes', [ + 'authenticatedAs' => 2, + 'json' => [ + 'data' => [ + 'optionIds' => [ + 4, + ], + ], + ], + ]) + ); + + $this->assertEquals(200, $response->getStatusCode()); + + $vote = PollVote::where('user_id', 2)->where('poll_id', 2)->first(); + + $this->assertEquals(4, $vote->option_id); + } }