|
| 1 | +<?php |
| 2 | + |
| 3 | +/* |
| 4 | + * UserFrosting (http://www.userfrosting.com) |
| 5 | + * |
| 6 | + * @link https://github.com/userfrosting/UserFrosting |
| 7 | + * @copyright Copyright (c) 2019 Alexander Weissman |
| 8 | + * @license https://github.com/userfrosting/UserFrosting/blob/master/LICENSE.md (MIT License) |
| 9 | + */ |
| 10 | + |
| 11 | +namespace UserFrosting\Sprinkle\Admin\Tests\Integration\Controller; |
| 12 | + |
| 13 | +use UserFrosting\Sprinkle\Account\Database\Models\Role; |
| 14 | +use UserFrosting\Sprinkle\Account\Database\Models\User; |
| 15 | +use UserFrosting\Sprinkle\Account\Tests\withTestUser; |
| 16 | +use UserFrosting\Sprinkle\Admin\Controller\RoleController; |
| 17 | +use UserFrosting\Sprinkle\Core\Tests\TestDatabase; |
| 18 | +use UserFrosting\Sprinkle\Core\Tests\withController; |
| 19 | +use UserFrosting\Support\Exception\BadRequestException; |
| 20 | +use UserFrosting\Support\Exception\ForbiddenException; |
| 21 | +use UserFrosting\Support\Exception\NotFoundException; |
| 22 | +use UserFrosting\Sprinkle\Core\Tests\RefreshDatabase; |
| 23 | +use UserFrosting\Tests\TestCase; |
| 24 | + |
| 25 | +/** |
| 26 | + * Tests RoleController |
| 27 | + */ |
| 28 | +class RoleControllerGuestTest extends TestCase |
| 29 | +{ |
| 30 | + use TestDatabase; |
| 31 | + use RefreshDatabase; |
| 32 | + use withTestUser; |
| 33 | + use withController; |
| 34 | + |
| 35 | + /** |
| 36 | + * @var bool DB is initialized for normal db |
| 37 | + */ |
| 38 | + protected static $initialized = false; |
| 39 | + |
| 40 | + /** |
| 41 | + * Setup test database for controller tests |
| 42 | + */ |
| 43 | + public function setUp() |
| 44 | + { |
| 45 | + parent::setUp(); |
| 46 | + $this->setupTestDatabase(); |
| 47 | + |
| 48 | + if ($this->usingInMemoryDatabase()) { |
| 49 | + |
| 50 | + // Setup database, then setup User & default role |
| 51 | + $this->refreshDatabase(); |
| 52 | + $this->setupUser(); |
| 53 | + |
| 54 | + } else if (!static::$initialized) { |
| 55 | + |
| 56 | + // Only refresh db once |
| 57 | + $this->refreshDatabase(); |
| 58 | + static::$initialized = true; |
| 59 | + } |
| 60 | + } |
| 61 | + |
| 62 | + /** |
| 63 | + */ |
| 64 | + public function testControllerConstructor() |
| 65 | + { |
| 66 | + $controller = $this->getController(); |
| 67 | + $this->assertInstanceOf(RoleController::class, $controller); |
| 68 | + } |
| 69 | + |
| 70 | + /** |
| 71 | + * @depends testControllerConstructor |
| 72 | + * @return RoleController |
| 73 | + */ |
| 74 | + public function testControllerConstructorWithUser() |
| 75 | + { |
| 76 | + // Skip user setup if using in-memory db |
| 77 | + if (!$this->usingInMemoryDatabase()) { |
| 78 | + $this->setupUser(); |
| 79 | + } |
| 80 | + |
| 81 | + $controller = $this->getController(); |
| 82 | + $this->assertInstanceOf(RoleController::class, $controller); |
| 83 | + |
| 84 | + return $controller; |
| 85 | + } |
| 86 | + |
| 87 | + /** |
| 88 | + * @depends testControllerConstructorWithUser |
| 89 | + * @param RoleController $controller |
| 90 | + */ |
| 91 | + public function testCreateWithNoPermission(RoleController $controller) |
| 92 | + { |
| 93 | + $this->expectException(ForbiddenException::class); |
| 94 | + $controller->create($this->getRequest(), $this->getResponse(), []); |
| 95 | + } |
| 96 | + |
| 97 | + /** |
| 98 | + * @depends testControllerConstructorWithUser |
| 99 | + * @todo test individual permissions too |
| 100 | + * @param RoleController $controller |
| 101 | + */ |
| 102 | + public function testDeleteWithNoPermission(RoleController $controller) |
| 103 | + { |
| 104 | + // Set expectations |
| 105 | + $this->expectException(ForbiddenException::class); |
| 106 | + |
| 107 | + // Execute. Foo has already been set by testCreate |
| 108 | + $controller->delete($this->getRequest(), $this->getResponse(), ['slug' => 'foo']); |
| 109 | + } |
| 110 | + |
| 111 | + /** |
| 112 | + * @depends testControllerConstructorWithUser |
| 113 | + * @param RoleController $controller |
| 114 | + */ |
| 115 | + public function testGetInfoWithGuestUser(RoleController $controller) |
| 116 | + { |
| 117 | + $this->expectException(ForbiddenException::class); |
| 118 | + $controller->getInfo($this->getRequest(), $this->getResponse(), []); |
| 119 | + } |
| 120 | + |
| 121 | + /** |
| 122 | + * @depends testControllerConstructorWithUser |
| 123 | + * @param RoleController $controller |
| 124 | + */ |
| 125 | + public function testGetListWithNoPermission(RoleController $controller) |
| 126 | + { |
| 127 | + $this->expectException(ForbiddenException::class); |
| 128 | + $controller->getList($this->getRequest(), $this->getResponse(), []); |
| 129 | + } |
| 130 | + |
| 131 | + /** |
| 132 | + * @depends testControllerConstructorWithUser |
| 133 | + * @param RoleController $controller |
| 134 | + */ |
| 135 | + public function testGetModalConfirmDeleteWithNoPermission(RoleController $controller) |
| 136 | + { |
| 137 | + $request = $this->getRequest()->withQueryParams([ |
| 138 | + 'slug' => 'foo' |
| 139 | + ]); |
| 140 | + |
| 141 | + $this->expectException(ForbiddenException::class); |
| 142 | + $controller->getModalConfirmDelete($request, $this->getResponse(), []); |
| 143 | + } |
| 144 | + |
| 145 | + /** |
| 146 | + * @depends testControllerConstructorWithUser |
| 147 | + * @param RoleController $controller |
| 148 | + */ |
| 149 | + public function testGetModalCreateWithNoPermission(RoleController $controller) |
| 150 | + { |
| 151 | + $this->expectException(ForbiddenException::class); |
| 152 | + $controller->getModalCreate($this->getRequest(), $this->getResponse(), []); |
| 153 | + } |
| 154 | + |
| 155 | + /** |
| 156 | + * @depends testControllerConstructorWithUser |
| 157 | + * @param RoleController $controller |
| 158 | + */ |
| 159 | + public function testGetModalEditWithNoPermission(RoleController $controller) |
| 160 | + { |
| 161 | + $request = $this->getRequest()->withQueryParams([ |
| 162 | + 'slug' => 'foo' |
| 163 | + ]); |
| 164 | + |
| 165 | + $this->expectException(ForbiddenException::class); |
| 166 | + $controller->getModalEdit($request, $this->getResponse(), []); |
| 167 | + } |
| 168 | + |
| 169 | + /** |
| 170 | + * @depends testControllerConstructorWithUser |
| 171 | + * @param RoleController $controller |
| 172 | + */ |
| 173 | + public function testGetUsersWithNoPermission(RoleController $controller) |
| 174 | + { |
| 175 | + $this->expectException(ForbiddenException::class); |
| 176 | + $controller->getUsers($this->getRequest(), $this->getResponse(), ['slug' => 'foo']); |
| 177 | + } |
| 178 | + |
| 179 | + /** |
| 180 | + * @depends testControllerConstructorWithUser |
| 181 | + * @param RoleController $controller |
| 182 | + */ |
| 183 | + public function testpageInfoWithNoPermission(RoleController $controller) |
| 184 | + { |
| 185 | + $this->expectException(ForbiddenException::class); |
| 186 | + $controller->pageInfo($this->getRequest(), $this->getResponse(), ['slug' => 'foo']); |
| 187 | + } |
| 188 | + |
| 189 | + /** |
| 190 | + * @depends testControllerConstructorWithUser |
| 191 | + * @param RoleController $controller |
| 192 | + */ |
| 193 | + public function testpageInfoWithPartialPermissions(RoleController $controller) |
| 194 | + { |
| 195 | + // Give user partial permissions |
| 196 | + $testUser = $this->createTestUser(false, true); |
| 197 | + $this->giveUserTestPermission($testUser, 'uri_role'); // Can view, but can't edit or delete |
| 198 | + |
| 199 | + // Get a new controller with this user |
| 200 | + $controller = $this->getController(); |
| 201 | + |
| 202 | + // Get controller stuff |
| 203 | + $result = $controller->pageInfo($this->getRequest(), $this->getResponse(), ['slug' => 'foo']); |
| 204 | + $this->assertSame($result->getStatusCode(), 200); |
| 205 | + $this->assertNotSame('', (string) $result->getBody()); |
| 206 | + |
| 207 | + // Can't test edit / delete button not displayed ? |
| 208 | + } |
| 209 | + |
| 210 | + /** |
| 211 | + * @depends testControllerConstructorWithUser |
| 212 | + * @param RoleController $controller |
| 213 | + */ |
| 214 | + public function testpageListWithNoPermission(RoleController $controller) |
| 215 | + { |
| 216 | + $this->expectException(ForbiddenException::class); |
| 217 | + $controller->pageList($this->getRequest(), $this->getResponse(), []); |
| 218 | + } |
| 219 | + |
| 220 | + /** |
| 221 | + * @depends testControllerConstructorWithUser |
| 222 | + * @param RoleController $controller |
| 223 | + */ |
| 224 | + public function testUpdateInfoWithNoPermission(RoleController $controller) |
| 225 | + { |
| 226 | + // Set post data |
| 227 | + $data = [ |
| 228 | + 'name' => 'foo', |
| 229 | + 'slug' => 'foo' |
| 230 | + ]; |
| 231 | + $request = $this->getRequest()->withParsedBody($data); |
| 232 | + |
| 233 | + // Set expectations |
| 234 | + $this->expectException(ForbiddenException::class); |
| 235 | + |
| 236 | + // Execute |
| 237 | + $controller->updateInfo($request, $this->getResponse(), ['slug' => 'foo']); |
| 238 | + } |
| 239 | + |
| 240 | + /** |
| 241 | + * @depends testControllerConstructorWithUser |
| 242 | + * @param RoleController $controller |
| 243 | + */ |
| 244 | + public function testUpdateInfoWithNoRole(RoleController $controller) |
| 245 | + { |
| 246 | + $this->expectException(NotFoundException::class); |
| 247 | + $controller->updateInfo($this->getRequest(), $this->getResponse(), ['slug' => 'blah']); |
| 248 | + } |
| 249 | + |
| 250 | + /** |
| 251 | + * @return RoleController |
| 252 | + */ |
| 253 | + private function getController() |
| 254 | + { |
| 255 | + return new RoleController($this->ci); |
| 256 | + } |
| 257 | + |
| 258 | + /** |
| 259 | + */ |
| 260 | + private function setupUser() |
| 261 | + { |
| 262 | + // Guest user, won't have any access |
| 263 | + $testUser = $this->createTestUser(false, true); |
| 264 | + |
| 265 | + // Create test role |
| 266 | + $fm = $this->ci->factory; |
| 267 | + $role = $fm->create('UserFrosting\Sprinkle\Account\Database\Models\Role', [ |
| 268 | + 'slug' => 'foo', |
| 269 | + 'name' => 'bar' |
| 270 | + ]); |
| 271 | + } |
| 272 | +} |
0 commit comments