Skip to content

Commit 442c7a3

Browse files
committed
Do not check privileges for dashboard analytics
1 parent 2ceb34c commit 442c7a3

2 files changed

Lines changed: 13 additions & 19 deletions

File tree

src/Statistics/Controller/AnalyticsController.php

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -495,18 +495,15 @@ public function getTopLocalParts(Request $request): JsonResponse
495495
)
496496
),
497497
new OA\Response(
498-
response: 403,
499-
description: 'Unauthorized',
498+
response: 401,
499+
description: 'Not authenticated',
500500
content: new OA\JsonContent(ref: '#/components/schemas/UnauthorizedResponse')
501501
)
502502
]
503503
)]
504504
public function getDashboardStatistics(Request $request): JsonResponse
505505
{
506-
$authUser = $this->requireAuthentication($request);
507-
if (!$authUser->getPrivileges()->has(PrivilegeFlag::Statistics)) {
508-
throw $this->createAccessDeniedException('You are not allowed to access statistics.');
509-
}
506+
$this->requireAuthentication($request);
510507

511508
$response = [
512509
'summary_statistics' => $this->analyticsService->getSummaryStatistics(),

tests/Unit/Statistics/Controller/AnalyticsControllerTest.php

Lines changed: 10 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -40,13 +40,13 @@ protected function setUp(): void
4040
$viewOpensStatisticsNormalizer = new ViewOpensStatisticsNormalizer();
4141
$topDomainsNormalizer = new TopDomainsNormalizer();
4242
$this->controller = new DummyAnalyticsController(
43-
$this->authentication,
44-
$validator,
45-
$this->analyticsService,
46-
$campaignStatisticsNormalizer,
47-
$viewOpensStatisticsNormalizer,
48-
$topDomainsNormalizer,
49-
new TopLocalPartsNormalizer()
43+
authentication: $this->authentication,
44+
validator: $validator,
45+
analyticsService: $this->analyticsService,
46+
campaignStatsNormalizer: $campaignStatisticsNormalizer,
47+
viewOpensStatsNormalizer: $viewOpensStatisticsNormalizer,
48+
topDomainsNormalizer: $topDomainsNormalizer,
49+
topLocalPartsNormalizer: new TopLocalPartsNormalizer()
5050
);
5151

5252
$this->privileges = $this->createMock(Privileges::class);
@@ -443,7 +443,7 @@ public function testGetTopLocalPartsReturnsJsonResponse(): void
443443
], json_decode($response->getContent(), true));
444444
}
445445

446-
public function testGetDashboardStatisticsWithoutStatisticsPrivilegeThrowsException(): void
446+
public function testGetDashboardStatisticsWithoutStatisticsPrivilegeDoesNotThrowException(): void
447447
{
448448
$request = new Request();
449449

@@ -454,14 +454,11 @@ public function testGetDashboardStatisticsWithoutStatisticsPrivilegeThrowsExcept
454454
->willReturn($this->administrator);
455455

456456
$this->privileges
457-
->expects(self::once())
457+
->expects(self::never())
458458
->method('has')
459459
->with(PrivilegeFlag::Statistics)
460460
->willReturn(false);
461461

462-
$this->expectException(AccessDeniedException::class);
463-
$this->expectExceptionMessage('You are not allowed to access statistics.');
464-
465462
$this->controller->getDashboardStatistics($request);
466463
}
467464

@@ -476,7 +473,7 @@ public function testGetDashboardStatisticsReturnsJsonResponse(): void
476473
->willReturn($this->administrator);
477474

478475
$this->privileges
479-
->expects(self::once())
476+
->expects(self::never())
480477
->method('has')
481478
->with(PrivilegeFlag::Statistics)
482479
->willReturn(true);

0 commit comments

Comments
 (0)