aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJeremy Benoist <jeremy.benoist@gmail.com>2016-01-22 18:48:04 +0100
committerJeremy Benoist <jeremy.benoist@gmail.com>2016-01-31 14:48:26 +0100
commit07c9b1c98a104a88f6bd0c97b54a8783444a2ac4 (patch)
tree6ed5f2b9fedcdd7fad81f7c6264c7694f30a0b16
parent1c7d66645b312ee41a392c1d154f49fb6a6ec389 (diff)
downloadwallabag-07c9b1c98a104a88f6bd0c97b54a8783444a2ac4.tar.gz
wallabag-07c9b1c98a104a88f6bd0c97b54a8783444a2ac4.tar.zst
wallabag-07c9b1c98a104a88f6bd0c97b54a8783444a2ac4.zip
Fix permission to settings page
-rw-r--r--app/config/security.yml2
-rw-r--r--src/Wallabag/CoreBundle/Tests/Controller/SettingsControllerTest.php32
2 files changed, 33 insertions, 1 deletions
diff --git a/app/config/security.yml b/app/config/security.yml
index 6f20490b..7c10889f 100644
--- a/app/config/security.yml
+++ b/app/config/security.yml
@@ -57,5 +57,5 @@ security:
57 - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } 57 - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
58 - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } 58 - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
59 - { path: /(unread|starred|archive).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } 59 - { path: /(unread|starred|archive).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
60 - { path: ^/, roles: ROLE_USER }
61 - { path: ^/settings, roles: ROLE_SUPER_ADMIN } 60 - { path: ^/settings, roles: ROLE_SUPER_ADMIN }
61 - { path: ^/, roles: ROLE_USER }
diff --git a/src/Wallabag/CoreBundle/Tests/Controller/SettingsControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/SettingsControllerTest.php
new file mode 100644
index 00000000..354aedba
--- /dev/null
+++ b/src/Wallabag/CoreBundle/Tests/Controller/SettingsControllerTest.php
@@ -0,0 +1,32 @@
1<?php
2
3namespace Wallabag\CoreBundle\Tests\Controller;
4
5use Wallabag\CoreBundle\Tests\WallabagCoreTestCase;
6
7/**
8 * The controller `SettingsController` does not exist.
9 * This test cover security against the internal settings page managed by CraueConfigBundle
10 */
11class SettingsControllerTest extends WallabagCoreTestCase
12{
13 public function testSettingsWithAdmin()
14 {
15 $this->logInAs('admin');
16 $client = $this->getClient();
17
18 $crawler = $client->request('GET', '/settings');
19
20 $this->assertEquals(200, $client->getResponse()->getStatusCode());
21 }
22
23 public function testSettingsWithNormalUser()
24 {
25 $this->logInAs('bob');
26 $client = $this->getClient();
27
28 $crawler = $client->request('GET', '/settings');
29
30 $this->assertEquals(403, $client->getResponse()->getStatusCode());
31 }
32}