Fix permission to settings page

author: Jeremy Benoist <jeremy.benoist@gmail.com> 2016-01-22 18:48:04 +0100
committer: Jeremy Benoist <jeremy.benoist@gmail.com> 2016-01-31 14:48:26 +0100
commit: 07c9b1c98a104a88f6bd0c97b54a8783444a2ac4 (patch)
tree: 6ed5f2b9fedcdd7fad81f7c6264c7694f30a0b16
parent: 1c7d66645b312ee41a392c1d154f49fb6a6ec389 (diff)
download: wallabag-07c9b1c98a104a88f6bd0c97b54a8783444a2ac4.tar.gz
wallabag-07c9b1c98a104a88f6bd0c97b54a8783444a2ac4.tar.zst
wallabag-07c9b1c98a104a88f6bd0c97b54a8783444a2ac4.zip
2 files changed, 33 insertions, 1 deletions
diff --git a/app/config/security.yml b/app/config/security.yml
index 6f20490b..7c10889f 100644
--- a/app/config/security.yml
+++ b/app/config/security.yml
@@ -57,5 +57,5 @@ security:
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: /(unread|starred|archive).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/, roles: ROLE_USER }
        - { path: ^/settings, roles: ROLE_SUPER_ADMIN }
+        - { path: ^/, roles: ROLE_USER }
diff --git a/src/Wallabag/CoreBundle/Tests/Controller/SettingsControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/SettingsControllerTest.php
new file mode 100644
index 00000000..354aedba
--- /dev/null
+++ b/src/Wallabag/CoreBundle/Tests/Controller/SettingsControllerTest.php
@@ -0,0 +1,32 @@
+<?php
+namespace Wallabag\CoreBundle\Tests\Controller;
+use Wallabag\CoreBundle\Tests\WallabagCoreTestCase;
+/**
+ * The controller `SettingsController` does not exist.
+ * This test cover security against the internal settings page managed by CraueConfigBundle
+ */
+class SettingsControllerTest extends WallabagCoreTestCase
+{
+    public function testSettingsWithAdmin()
+    {
+        $this->logInAs('admin');
+        $client = $this->getClient();
+        $crawler = $client->request('GET', '/settings');
+        $this->assertEquals(200, $client->getResponse()->getStatusCode());
+    }
+    public function testSettingsWithNormalUser()
+    {
+        $this->logInAs('bob');
+        $client = $this->getClient();
+        $crawler = $client->request('GET', '/settings');
+        $this->assertEquals(403, $client->getResponse()->getStatusCode());
+    }
+}
author	Jeremy Benoist <jeremy.benoist@gmail.com>	2016-01-22 18:48:04 +0100
committer	Jeremy Benoist <jeremy.benoist@gmail.com>	2016-01-31 14:48:26 +0100
commit	07c9b1c98a104a88f6bd0c97b54a8783444a2ac4 (patch)
tree	6ed5f2b9fedcdd7fad81f7c6264c7694f30a0b16
parent	1c7d66645b312ee41a392c1d154f49fb6a6ec389 (diff)
download	wallabag-07c9b1c98a104a88f6bd0c97b54a8783444a2ac4.tar.gz wallabag-07c9b1c98a104a88f6bd0c97b54a8783444a2ac4.tar.zst wallabag-07c9b1c98a104a88f6bd0c97b54a8783444a2ac4.zip

diff --git a/app/config/security.yml b/app/config/security.yml index 6f20490b..7c10889f 100644 --- a/app/config/security.yml +++ b/app/config/security.yml
@@ -57,5 +57,5 @@ security:
57	- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }	57	- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
58	- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }	58	- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
59	- { path: /(unread\|starred\|archive).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY }	59	- { path: /(unread\|starred\|archive).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
60	- { path: ^/, roles: ROLE_USER }
61	- { path: ^/settings, roles: ROLE_SUPER_ADMIN }	60	- { path: ^/settings, roles: ROLE_SUPER_ADMIN }
		61	- { path: ^/, roles: ROLE_USER }


diff --git a/src/Wallabag/CoreBundle/Tests/Controller/SettingsControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/SettingsControllerTest.php new file mode 100644 index 00000000..354aedba --- /dev/null +++ b/src/Wallabag/CoreBundle/Tests/Controller/SettingsControllerTest.php
@@ -0,0 +1,32 @@
		1	<?php
		2
		3	namespace Wallabag\CoreBundle\Tests\Controller;
		4
		5	use Wallabag\CoreBundle\Tests\WallabagCoreTestCase;
		6
		7	/**
		8	* The controller `SettingsController` does not exist.
		9	* This test cover security against the internal settings page managed by CraueConfigBundle
		10	*/
		11	class SettingsControllerTest extends WallabagCoreTestCase
		12	{
		13	public function testSettingsWithAdmin()
		14	{
		15	$this->logInAs('admin');
		16	$client = $this->getClient();
		17
		18	$crawler = $client->request('GET', '/settings');
		19
		20	$this->assertEquals(200, $client->getResponse()->getStatusCode());
		21	}
		22
		23	public function testSettingsWithNormalUser()
		24	{
		25	$this->logInAs('bob');
		26	$client = $this->getClient();
		27
		28	$crawler = $client->request('GET', '/settings');
		29
		30	$this->assertEquals(403, $client->getResponse()->getStatusCode());
		31	}
		32	}