diff options
author | Jeremy Benoist <jeremy.benoist@gmail.com> | 2016-01-22 18:48:04 +0100 |
---|---|---|
committer | Jeremy Benoist <jeremy.benoist@gmail.com> | 2016-01-31 14:48:26 +0100 |
commit | 07c9b1c98a104a88f6bd0c97b54a8783444a2ac4 (patch) | |
tree | 6ed5f2b9fedcdd7fad81f7c6264c7694f30a0b16 | |
parent | 1c7d66645b312ee41a392c1d154f49fb6a6ec389 (diff) | |
download | wallabag-07c9b1c98a104a88f6bd0c97b54a8783444a2ac4.tar.gz wallabag-07c9b1c98a104a88f6bd0c97b54a8783444a2ac4.tar.zst wallabag-07c9b1c98a104a88f6bd0c97b54a8783444a2ac4.zip |
Fix permission to settings page
-rw-r--r-- | app/config/security.yml | 2 | ||||
-rw-r--r-- | src/Wallabag/CoreBundle/Tests/Controller/SettingsControllerTest.php | 32 |
2 files changed, 33 insertions, 1 deletions
diff --git a/app/config/security.yml b/app/config/security.yml index 6f20490b..7c10889f 100644 --- a/app/config/security.yml +++ b/app/config/security.yml | |||
@@ -57,5 +57,5 @@ security: | |||
57 | - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } | 57 | - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } |
58 | - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } | 58 | - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } |
59 | - { path: /(unread|starred|archive).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } | 59 | - { path: /(unread|starred|archive).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } |
60 | - { path: ^/, roles: ROLE_USER } | ||
61 | - { path: ^/settings, roles: ROLE_SUPER_ADMIN } | 60 | - { path: ^/settings, roles: ROLE_SUPER_ADMIN } |
61 | - { path: ^/, roles: ROLE_USER } | ||
diff --git a/src/Wallabag/CoreBundle/Tests/Controller/SettingsControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/SettingsControllerTest.php new file mode 100644 index 00000000..354aedba --- /dev/null +++ b/src/Wallabag/CoreBundle/Tests/Controller/SettingsControllerTest.php | |||
@@ -0,0 +1,32 @@ | |||
1 | <?php | ||
2 | |||
3 | namespace Wallabag\CoreBundle\Tests\Controller; | ||
4 | |||
5 | use Wallabag\CoreBundle\Tests\WallabagCoreTestCase; | ||
6 | |||
7 | /** | ||
8 | * The controller `SettingsController` does not exist. | ||
9 | * This test cover security against the internal settings page managed by CraueConfigBundle | ||
10 | */ | ||
11 | class SettingsControllerTest extends WallabagCoreTestCase | ||
12 | { | ||
13 | public function testSettingsWithAdmin() | ||
14 | { | ||
15 | $this->logInAs('admin'); | ||
16 | $client = $this->getClient(); | ||
17 | |||
18 | $crawler = $client->request('GET', '/settings'); | ||
19 | |||
20 | $this->assertEquals(200, $client->getResponse()->getStatusCode()); | ||
21 | } | ||
22 | |||
23 | public function testSettingsWithNormalUser() | ||
24 | { | ||
25 | $this->logInAs('bob'); | ||
26 | $client = $this->getClient(); | ||
27 | |||
28 | $crawler = $client->request('GET', '/settings'); | ||
29 | |||
30 | $this->assertEquals(403, $client->getResponse()->getStatusCode()); | ||
31 | } | ||
32 | } | ||