From cf4398ad8ad5653d97e2971746afe01d536dac61 Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nnes.com@googlemail.com>
Date: Thu, 25 Apr 2024 22:53:57 +0000
Subject: [PATCH] fix tests

---
 Controller/ApiController.php                  | 28 ++++++++++++++++++-
 .../Api/ApiControllerSettingsTrait.php        |  2 +-
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/Controller/ApiController.php b/Controller/ApiController.php
index 74b7f03..441ec54 100755
--- a/Controller/ApiController.php
+++ b/Controller/ApiController.php
@@ -905,6 +905,25 @@ final class ApiController extends Controller
         return [];
     }
 
+    /**
+     * Validate password update request
+     *
+     * @param RequestAbstract $request Request
+     *
+     * @return array<string, bool>
+     *
+     * @since 1.0.0
+     */
+    private function validateLocalizationUpdate(RequestAbstract $request) : array
+    {
+        $val = [];
+        if (($val['id'] = !$request->hasData('id'))) {
+            return $val;
+        }
+
+        return [];
+    }
+
     /**
      * Api method for modifying account localization
      *
@@ -920,6 +939,13 @@ final class ApiController extends Controller
      */
     public function apiSettingsAccountLocalizationSet(RequestAbstract $request, ResponseAbstract $response, array $data = []) : void
     {
+        if (!empty($val = $this->validateLocalizationUpdate($request))) {
+            $response->header->status = RequestStatusCode::R_400;
+            $this->createInvalidUpdateResponse($request, $response, $val);
+
+            return;
+        }
+
         /** @var \Modules\Admin\Models\Account $account */
         $account = AccountMapper::get()
             ->with('l11n')
@@ -929,7 +955,7 @@ final class ApiController extends Controller
         $requestAccount = $request->header->account;
         if ($account->id !== 0
             && $requestAccount !== $account->id
-            && !$this->app->accountManager->get($account->id)->hasPermission(
+            && !$this->app->accountManager->get($requestAccount)->hasPermission(
                 PermissionType::MODIFY,
                 $this->app->unitId,
                 $this->app->appId,
diff --git a/tests/Controller/Api/ApiControllerSettingsTrait.php b/tests/Controller/Api/ApiControllerSettingsTrait.php
index 223fd49..c6b8905 100755
--- a/tests/Controller/Api/ApiControllerSettingsTrait.php
+++ b/tests/Controller/Api/ApiControllerSettingsTrait.php
@@ -118,7 +118,7 @@ trait ApiControllerSettingsTrait
         $response = new HttpResponse();
         $request  = new HttpRequest();
 
-        $request->header->account = 2;
+        $request->header->account = 3;
         $request->setData('id', 1);
         $this->module->apiSettingsAccountLocalizationSet($request, $response);