Merge pull request #1095 from wallabag/v2-config

[github/wallabag/wallabag.git] / src / Wallabag / CoreBundle / Tests / Controller / EntryControllerTest.php

diff --git a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
index 05854525048d0d15c7414c0ef2a5a82c628b3b6d..2634141e504aa832945942252d3d46801a469f7f 100644 (file)
--- a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
+++ b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
@@ -60,7 +60,7 @@ class EntryControllerTest extends WallabagTestCase
         $form = $crawler->filter('button[type=submit]')->form();
 
         $data = array(
-            'form[url]' => 'https://www.mailjet.com/blog/mailjet-zapier-integrations-made-easy/',
+            'entry[url]' => 'https://www.mailjet.com/blog/mailjet-zapier-integrations-made-easy/',
         );
 
         $client->submit($form, $data);
@@ -174,4 +174,25 @@ class EntryControllerTest extends WallabagTestCase
 
         $this->assertEquals($res->isDeleted(), true);
     }
+
+    public function testViewOtherUserEntry()
+    {
+        $this->logInAs('bob');
+        $client = $this->getClient();
+
+        $content = $client->getContainer()
+            ->get('doctrine.orm.entity_manager')
+            ->getRepository('WallabagCoreBundle:Entry')
+            ->createQueryBuilder('e')
+            ->select('e.id')
+            ->leftJoin('e.user', 'u')
+            ->where('u.username != :username')->setParameter('username', 'bob')
+            ->setMaxResults(1)
+            ->getQuery()
+            ->getSingleResult(AbstractQuery::HYDRATE_ARRAY);
+
+        $client->request('GET', '/view/'.$content['id']);
+
+        $this->assertEquals(403, $client->getResponse()->getStatusCode());
+    }
 }