From a0499e7c719a86ed53e2661e9eef11434c15dfde Mon Sep 17 00:00:00 2001
From: Tobias Gross-Vogt <tgros@tugraz.at>
Date: Wed, 2 Mar 2022 09:55:08 +0100
Subject: [PATCH] path: courses -> base/courses

---
 src/Entity/CourseAttendee.php |  1 +
 tests/ApiTest.php             | 25 +++++++++++++++++++++++--
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/src/Entity/CourseAttendee.php b/src/Entity/CourseAttendee.php
index a2eb29c..b29e3b3 100644
--- a/src/Entity/CourseAttendee.php
+++ b/src/Entity/CourseAttendee.php
@@ -23,6 +23,7 @@ use Symfony\Component\Serializer\Annotation\Groups;
  *         "get_bycourse" = {
  *             "method" = "GET",
  *             "path" = "/base/courses/{identifier}/attendees",
+ *             "security" = "is_granted('IS_AUTHENTICATED_FULLY')",
  *             "controller" = GetAttendeesByCourse::class,
  *             "read" = false,
  *             "normalization_context" = {
diff --git a/tests/ApiTest.php b/tests/ApiTest.php
index d0feae7..0a70225 100644
--- a/tests/ApiTest.php
+++ b/tests/ApiTest.php
@@ -12,14 +12,35 @@ class ApiTest extends ApiTestCase
     public function testCoursesNoAuth()
     {
         $client = self::createClient();
-        $response = $client->request('GET', '/courses');
+        $response = $client->request('GET', '/base/courses');
         $this->assertSame(Response::HTTP_UNAUTHORIZED, $response->getStatusCode());
     }
 
     public function testCourseNoAuth()
     {
         $client = self::createClient();
-        $response = $client->request('GET', '/courses/123');
+        $response = $client->request('GET', '/base/courses/123');
+        $this->assertSame(Response::HTTP_UNAUTHORIZED, $response->getStatusCode());
+    }
+
+    public function testAttendeesByCourseNoAuth()
+    {
+        $client = self::createClient();
+        $response = $client->request('GET', '/base/courses/123/attendees');
+        $this->assertSame(Response::HTTP_UNAUTHORIZED, $response->getStatusCode());
+    }
+
+    public function testCoursesByOrganizationNoAuth()
+    {
+        $client = self::createClient();
+        $response = $client->request('GET', '/base/organizations/123/courses');
+        $this->assertSame(Response::HTTP_UNAUTHORIZED, $response->getStatusCode());
+    }
+
+    public function testCoursesByPersonNoAuth()
+    {
+        $client = self::createClient();
+        $response = $client->request('GET', '/base/people/123/courses');
         $this->assertSame(Response::HTTP_UNAUTHORIZED, $response->getStatusCode());
     }
 }
-- 
GitLab