diff --git a/tests/CourseBundle/Repository/CDocumentRepositoryTest.php b/tests/CourseBundle/Repository/CDocumentRepositoryTest.php index 9b944ca0e8..9120bd8f39 100644 --- a/tests/CourseBundle/Repository/CDocumentRepositoryTest.php +++ b/tests/CourseBundle/Repository/CDocumentRepositoryTest.php @@ -189,14 +189,6 @@ class CDocumentRepositoryTest extends AbstractApiTest // Test access with another user. He cannot see the file, no cid is pass as a parameter. $this->createUser('another'); - $token = $this->getUserToken( - [ - 'username' => 'another', - 'password' => 'another', - ], - true - ); - $client = $this->getClientWithGuiCredentials('another', 'another'); $client->request( 'GET', @@ -207,14 +199,14 @@ class CDocumentRepositoryTest extends AbstractApiTest ); $this->assertResponseStatusCodeSame(403); // Unauthorized - $this->createClientWithCredentials($token)->request('GET', '/api/documents', [ + $client->request('GET', '/api/documents', [ 'query' => [ 'loadNode' => 1, 'resourceNode.parent' => $course->getResourceNode()->getId(), 'cid' => $courseId, ], ]); - $this->assertResponseStatusCodeSame(403); // Unauthorized + $this->assertResponseStatusCodeSame(200); // Test access with another user. He CAN see the file, the cid is pass as a parameter // and the course is open to the world by default. @@ -248,6 +240,15 @@ class CDocumentRepositoryTest extends AbstractApiTest ); $this->assertResponseStatusCodeSame(403); + $client->request('GET', '/api/documents', [ + 'query' => [ + 'loadNode' => 1, + 'resourceNode.parent' => $course->getResourceNode()->getId(), + 'cid' => $courseId, + ], + ]); + $this->assertResponseStatusCodeSame(403); + // Update course visibility to CLOSED $courseRepo = self::getContainer()->get(CourseRepository::class); $course = $courseRepo->find($courseId);