MySpeedPuzzling
diff --git a/‎src/Api/V1/PlayerResultsResponseProvider.php‎
Lines changed: 13 additions & 0 deletions b/‎src/Api/V1/PlayerResultsResponseProvider.php‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎src/Api/V1/PlayerStatisticsResponseProvider.php‎
Lines changed: 19 additions & 0 deletions b/‎src/Api/V1/PlayerStatisticsResponseProvider.php‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎src/Controller/Api/V0/GetPlayerResultsController.php‎
Lines changed: 12 additions & 0 deletions b/‎src/Controller/Api/V0/GetPlayerResultsController.php‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎tests/Controller/Api/V0/GetPlayerResultsControllerTest.php‎
Lines changed: 49 additions & 0 deletions b/‎tests/Controller/Api/V0/GetPlayerResultsControllerTest.php‎
Lines changed: 49 additions & 0 deletions
diff --git a/‎tests/Controller/Api/V1/CurrentUserEndpointTest.php‎
Lines changed: 105 additions & 0 deletions b/‎tests/Controller/Api/V1/CurrentUserEndpointTest.php‎
Lines changed: 105 additions & 0 deletions
@@ -6,6 +6,7 @@
 
 use ApiPlatform\Metadata\Operation;
 use ApiPlatform\State\ProviderInterface;
+use SpeedPuzzling\Web\Query\GetPlayerProfile;
 use SpeedPuzzling\Web\Query\GetPlayerSolvedPuzzles;
 use SpeedPuzzling\Web\Results\SolvedPuzzle;
 use Symfony\Component\HttpFoundation\RequestStack;
@@ -18,6 +19,7 @@
     public function __construct(
         private GetPlayerSolvedPuzzles $getPlayerSolvedPuzzles,
         private RequestStack $requestStack,
+        private GetPlayerProfile $getPlayerProfile,
     ) {
     }
 
@@ -26,9 +28,20 @@ public function provide(Operation $operation, array $uriVariables = [], array $c
         /** @var string $playerId */
         $playerId = $uriVariables['playerId'];
 
+        $profile = $this->getPlayerProfile->byId($playerId);
+
         $request = $this->requestStack->getCurrentRequest();
         $type = $request?->query->getString('type', 'solo') ?? 'solo';
 
+        if ($profile->isPrivate) {
+            return new PlayerResultsResponse(
+                player_id: $playerId,
+                type: $type,
+                count: 0,
+                results: [],
+            );
+        }
+
         $results = match ($type) {
             'duo' => $this->getPlayerSolvedPuzzles->duoByPlayerId($playerId),
             'team' => $this->getPlayerSolvedPuzzles->teamByPlayerId($playerId),
 
@@ -6,6 +6,7 @@
 
 use ApiPlatform\Metadata\Operation;
 use ApiPlatform\State\ProviderInterface;
+use SpeedPuzzling\Web\Query\GetPlayerProfile;
 use SpeedPuzzling\Web\Query\GetPlayerStatistics;
 use SpeedPuzzling\Web\Results\PlayerStatistics;
 
@@ -16,6 +17,7 @@
 {
     public function __construct(
         private GetPlayerStatistics $getPlayerStatistics,
+        private GetPlayerProfile $getPlayerProfile,
     ) {
     }
 
@@ -24,6 +26,23 @@ public function provide(Operation $operation, array $uriVariables = [], array $c
         /** @var string $playerId */
         $playerId = $uriVariables['playerId'];
 
+        $profile = $this->getPlayerProfile->byId($playerId);
+
+        $emptyStats = new StatisticsGroupResponse(
+            total_seconds: 0,
+            total_pieces: 0,
+            solved_puzzles_count: 0,
+        );
+
+        if ($profile->isPrivate) {
+            return new PlayerStatisticsResponse(
+                player_id: $playerId,
+                solo: $emptyStats,
+                duo: $emptyStats,
+                team: $emptyStats,
+            );
+        }
+
         $solo = $this->getPlayerStatistics->solo($playerId);
         $duo = $this->getPlayerStatistics->duo($playerId);
         $team = $this->getPlayerStatistics->team($playerId);
 
@@ -5,6 +5,7 @@
 namespace SpeedPuzzling\Web\Controller\Api\V0;
 
 use SpeedPuzzling\Web\Exceptions\PlayerNotFound;
+use SpeedPuzzling\Web\Query\GetPlayerProfile;
 use SpeedPuzzling\Web\Query\GetPlayerSolvedPuzzles;
 use SpeedPuzzling\Web\Results\SolvedPuzzle;
 use SpeedPuzzling\Web\Services\PuzzlingTimeFormatter;
@@ -22,6 +23,7 @@ public function __construct(
         readonly private GetPlayerSolvedPuzzles $getPlayerSolvedPuzzles,
         readonly private PuzzlingTimeFormatter $puzzlingTimeFormatter,
         readonly private RelativeTimeFormatter $relativeTimeFormatter,
+        readonly private GetPlayerProfile $getPlayerProfile,
     ) {
     }
 
@@ -35,6 +37,16 @@ public function __invoke(
         }
 
         try {
+            $profile = $this->getPlayerProfile->byId($playerId);
+
+            if ($profile->isPrivate) {
+                return $this->json([
+                    'solo' => [],
+                    'duo' => [],
+                    'team' => [],
+                ]);
+            }
+
             $soloResults = array_map(
                 fn (SolvedPuzzle $result): array => $this->resultToApiShape($result),
                 $this->getPlayerSolvedPuzzles->soloByPlayerId($playerId),
 
@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SpeedPuzzling\Web\Tests\Controller\Api\V0;
+
+use SpeedPuzzling\Web\Tests\DataFixtures\PlayerFixture;
+use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+
+final class GetPlayerResultsControllerTest extends WebTestCase
+{
+    public function testPrivatePlayerReturnsEmptyResults(): void
+    {
+        $browser = self::createClient();
+
+        $browser->request('GET', '/api/v0/players/' . PlayerFixture::PLAYER_PRIVATE . '/results?token=any');
+
+        $this->assertResponseIsSuccessful();
+
+        $responseContent = $browser->getResponse()->getContent();
+        $this->assertIsString($responseContent);
+
+        /** @var array{solo: array<mixed>, duo: array<mixed>, team: array<mixed>} $response */
+        $response = json_decode($responseContent, true, 512, JSON_THROW_ON_ERROR);
+
+        $this->assertSame([], $response['solo']);
+        $this->assertSame([], $response['duo']);
+        $this->assertSame([], $response['team']);
+    }
+
+    public function testPublicPlayerReturnsResults(): void
+    {
+        $browser = self::createClient();
+
+        $browser->request('GET', '/api/v0/players/' . PlayerFixture::PLAYER_REGULAR . '/results?token=any');
+
+        $this->assertResponseIsSuccessful();
+
+        $responseContent = $browser->getResponse()->getContent();
+        $this->assertIsString($responseContent);
+
+        /** @var array<string, mixed> $response */
+        $response = json_decode($responseContent, true, 512, JSON_THROW_ON_ERROR);
+
+        $this->assertArrayHasKey('solo', $response);
+        $this->assertArrayHasKey('duo', $response);
+        $this->assertArrayHasKey('team', $response);
+    }
+}
@@ -0,0 +1,105 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SpeedPuzzling\Web\Tests\Controller\Api\V1;
+
+use SpeedPuzzling\Web\Tests\DataFixtures\OAuth2ClientFixture;
+use SpeedPuzzling\Web\Tests\DataFixtures\PlayerFixture;
+use SpeedPuzzling\Web\Tests\OAuth2TestHelper;
+use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+use Symfony\Component\HttpFoundation\Response;
+
+final class CurrentUserEndpointTest extends WebTestCase
+{
+    public function testWithoutTokenReturnsUnauthorized(): void
+    {
+        $browser = self::createClient();
+
+        $browser->request('GET', '/api/v1/me');
+
+        $this->assertResponseStatusCodeSame(Response::HTTP_UNAUTHORIZED);
+    }
+
+    public function testWithInvalidTokenReturnsUnauthorized(): void
+    {
+        $browser = self::createClient();
+
+        OAuth2TestHelper::addBearerToken($browser, 'invalid-token');
+        $browser->request('GET', '/api/v1/me');
+
+        $this->assertResponseStatusCodeSame(Response::HTTP_UNAUTHORIZED);
+    }
+
+    public function testWithValidTokenReturnsUserProfile(): void
+    {
+        $browser = self::createClient();
+
+        $token = OAuth2TestHelper::createAccessToken(
+            $browser,
+            OAuth2ClientFixture::CONFIDENTIAL_CLIENT_ID,
+            PlayerFixture::PLAYER_REGULAR,
+            ['profile:read'],
+        );
+
+        OAuth2TestHelper::addBearerToken($browser, $token);
+        $browser->request('GET', '/api/v1/me');
+
+        $this->assertResponseIsSuccessful();
+
+        $responseContent = $browser->getResponse()->getContent();
+        $this->assertIsString($responseContent);
+
+        /** @var array{id: string, name: string, code?: string, avatar?: string, country?: string} $response */
+        $response = json_decode($responseContent, true, 512, JSON_THROW_ON_ERROR);
+
+        $this->assertSame(PlayerFixture::PLAYER_REGULAR, $response['id']);
+        $this->assertSame(PlayerFixture::PLAYER_REGULAR_NAME, $response['name']);
+        $this->assertArrayHasKey('code', $response);
+        $this->assertArrayHasKey('avatar', $response);
+        $this->assertArrayHasKey('country', $response);
+    }
+
+    public function testWithoutRequiredScopeReturnsForbidden(): void
+    {
+        $browser = self::createClient();
+
+        $token = OAuth2TestHelper::createAccessToken(
+            $browser,
+            OAuth2ClientFixture::CONFIDENTIAL_CLIENT_ID,
+            PlayerFixture::PLAYER_REGULAR,
+            ['results:read'], // Wrong scope
+        );
+
+        OAuth2TestHelper::addBearerToken($browser, $token);
+        $browser->request('GET', '/api/v1/me');
+
+        $this->assertResponseStatusCodeSame(Response::HTTP_FORBIDDEN);
+    }
+
+    public function testWorksForPrivatePlayer(): void
+    {
+        $browser = self::createClient();
+
+        $token = OAuth2TestHelper::createAccessToken(
+            $browser,
+            OAuth2ClientFixture::CONFIDENTIAL_CLIENT_ID,
+            PlayerFixture::PLAYER_PRIVATE,
+            ['profile:read'],
+        );
+
+        OAuth2TestHelper::addBearerToken($browser, $token);
+        $browser->request('GET', '/api/v1/me');
+
+        $this->assertResponseIsSuccessful();
+
+        $responseContent = $browser->getResponse()->getContent();
+        $this->assertIsString($responseContent);
+
+        /** @var array{id: string, name: string, is_private: bool} $response */
+        $response = json_decode($responseContent, true, 512, JSON_THROW_ON_ERROR);
+
+        $this->assertSame(PlayerFixture::PLAYER_PRIVATE, $response['id']);
+        $this->assertTrue($response['is_private']);
+    }
+}