Avoid user to see other entries

hehe :)
author: Jeremy <jeremy.benoist@gmail.com> 2015-02-10 22:33:18 +0100
committer: Jeremy <jeremy.benoist@gmail.com> 2015-02-10 22:56:44 +0100
commit: 3d2b2d62be287075ca402f1d59a880687f18dfcd (patch)
tree: 3c99ab6fc3a396541b4aa26802f881b18252109c /src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
parent: eb3bd7efb73f2e8500b6415e16438cea77aa4e9a (diff)
download: wallabag-3d2b2d62be287075ca402f1d59a880687f18dfcd.tar.gz
wallabag-3d2b2d62be287075ca402f1d59a880687f18dfcd.tar.zst
wallabag-3d2b2d62be287075ca402f1d59a880687f18dfcd.zip
1 files changed, 21 insertions, 0 deletions
diff --git a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
index 05854525..7276f8e4 100644
--- a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
+++ b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
@@ -174,4 +174,25 @@ class EntryControllerTest extends WallabagTestCase
        $this->assertEquals($res->isDeleted(), true);
    }
+    public function testViewOtherUserEntry()
+    {
+        $this->logInAs('bob');
+        $client = $this->getClient();
+        $content = $client->getContainer()
+            ->get('doctrine.orm.entity_manager')
+            ->getRepository('WallabagCoreBundle:Entry')
+            ->createQueryBuilder('e')
+            ->select('e.id')
+            ->leftJoin('e.user', 'u')
+            ->where('u.username != :username')->setParameter('username', 'bob')
+            ->setMaxResults(1)
+            ->getQuery()
+            ->getSingleResult(AbstractQuery::HYDRATE_ARRAY);
+        $client->request('GET', '/view/'.$content['id']);
+        $this->assertEquals(403, $client->getResponse()->getStatusCode());
+    }
 }
author	Jeremy <jeremy.benoist@gmail.com>	2015-02-10 22:33:18 +0100
committer	Jeremy <jeremy.benoist@gmail.com>	2015-02-10 22:56:44 +0100
commit	3d2b2d62be287075ca402f1d59a880687f18dfcd (patch)
tree	3c99ab6fc3a396541b4aa26802f881b18252109c /src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
parent	eb3bd7efb73f2e8500b6415e16438cea77aa4e9a (diff)
download	wallabag-3d2b2d62be287075ca402f1d59a880687f18dfcd.tar.gz wallabag-3d2b2d62be287075ca402f1d59a880687f18dfcd.tar.zst wallabag-3d2b2d62be287075ca402f1d59a880687f18dfcd.zip

diff --git a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php index 05854525..7276f8e4 100644 --- a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php +++ b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php
@@ -174,4 +174,25 @@ class EntryControllerTest extends WallabagTestCase
174		174
175	$this->assertEquals($res->isDeleted(), true);	175	$this->assertEquals($res->isDeleted(), true);
176	}	176	}
		177
		178	public function testViewOtherUserEntry()
		179	{
		180	$this->logInAs('bob');
		181	$client = $this->getClient();
		182
		183	$content = $client->getContainer()
		184	->get('doctrine.orm.entity_manager')
		185	->getRepository('WallabagCoreBundle:Entry')
		186	->createQueryBuilder('e')
		187	->select('e.id')
		188	->leftJoin('e.user', 'u')
		189	->where('u.username != :username')->setParameter('username', 'bob')
		190	->setMaxResults(1)
		191	->getQuery()
		192	->getSingleResult(AbstractQuery::HYDRATE_ARRAY);
		193
		194	$client->request('GET', '/view/'.$content['id']);
		195
		196	$this->assertEquals(403, $client->getResponse()->getStatusCode());
		197	}
177	}	198	}