public function testModifyValidCsrf()
{
// Now we mock the CSRF token to validate
$csrf = $this->getMockCsrfTokenManager();
$csrf->expects($this->any())->method('isTokenValid')->will($this->returnValue(true));
$this->setService('csrf', $csrf);
$currentuser = $this->getService('users')->getUser(1);
$this->setSessionUser(new Entity\Users($currentuser));
// This request should fail because the user doesnt exist.
$this->setRequest(Request::create('/bolt/user/disable/2'));
$response = $this->controller()->modify('disable', 42);
$this->assertEquals('/bolt/users', $response->getTargetUrl());
$err = $this->getFlashBag()->get('error');
$this->assertRegExp('/No such user/', $err[0]);
// This check will fail because we are operating on the current user
$this->setRequest(Request::create('/bolt/user/disable/1'));
$response = $this->controller()->modify('disable', 1);
$this->assertEquals('/bolt/users', $response->getTargetUrl());
$err = $this->getFlashBag()->get('error');
$this->assertRegExp('/yourself/', $err[0]);
// We add a new user that isn't the current user and now perform operations.
$this->addNewUser($this->getApp(), 'editor', 'Editor', 'editor');
$editor = $this->getService('users')->getUser('editor');
// And retry the operation that will work now
$this->setRequest(Request::create('/bolt/user/disable/2'));
$response = $this->controller()->modify('disable', $editor['id']);
$info = $this->getFlashBag()->get('info');
$this->assertRegExp('/is disabled/', $info[0]);
$this->assertEquals('/bolt/users', $response->getTargetUrl());
// Now try to enable the user
$this->setRequest(Request::create('/bolt/user/enable/2'));
$response = $this->controller()->modify('enable', $editor['id']);
$info = $this->getFlashBag()->get('info');
$this->assertRegExp('/is enabled/', $info[0]);
$this->assertEquals('/bolt/users', $response->getTargetUrl());
// Try a non-existent action, make sure we get an error
$this->setRequest(Request::create('/bolt/user/enhance/2'));
$response = $this->controller()->modify('enhance', $editor['id']);
$info = $this->getFlashBag()->get('error');
$this->assertRegExp('/No such action/', $info[0]);
$this->assertEquals('/bolt/users', $response->getTargetUrl());
// Now we run a delete action
$this->setRequest(Request::create('/bolt/user/delete/2'));
$response = $this->controller()->modify('delete', $editor['id']);
$info = $this->getFlashBag()->get('info');
$this->assertRegExp('/is deleted/', $info[0]);
$this->assertEquals('/bolt/users', $response->getTargetUrl());
// Finally we mock the permsission check to return false and check
// we get a priileges error.
$this->addNewUser($this->getApp(), 'editor', 'Editor', 'editor');
$editor = $this->getService('users')->getUser('editor');
$perms = $this->getMockPermissions();
$perms->expects($this->any())->method('isAllowedToManipulate')->will($this->returnValue(false));
$this->setService('permissions', $perms);
$this->setRequest(Request::create('/bolt/user/disable/' . $editor['id']));
$response = $this->controller()->modify('disable', $editor['id']);
$this->assertEquals('/bolt/users', $response->getTargetUrl());
$err = $this->getFlashBag()->get('error');
$this->assertRegExp('/right privileges/', $err[0]);
}