diff options
Diffstat (limited to 'src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php')
| -rw-r--r-- | src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php index 05854525..7276f8e4 100644 --- a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php +++ b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php | |||
| @@ -174,4 +174,25 @@ class EntryControllerTest extends WallabagTestCase | |||
| 174 | 174 | ||
| 175 | $this->assertEquals($res->isDeleted(), true); | 175 | $this->assertEquals($res->isDeleted(), true); |
| 176 | } | 176 | } |
| 177 | |||
| 178 | public function testViewOtherUserEntry() | ||
| 179 | { | ||
| 180 | $this->logInAs('bob'); | ||
| 181 | $client = $this->getClient(); | ||
| 182 | |||
| 183 | $content = $client->getContainer() | ||
| 184 | ->get('doctrine.orm.entity_manager') | ||
| 185 | ->getRepository('WallabagCoreBundle:Entry') | ||
| 186 | ->createQueryBuilder('e') | ||
| 187 | ->select('e.id') | ||
| 188 | ->leftJoin('e.user', 'u') | ||
| 189 | ->where('u.username != :username')->setParameter('username', 'bob') | ||
| 190 | ->setMaxResults(1) | ||
| 191 | ->getQuery() | ||
| 192 | ->getSingleResult(AbstractQuery::HYDRATE_ARRAY); | ||
| 193 | |||
| 194 | $client->request('GET', '/view/'.$content['id']); | ||
| 195 | |||
| 196 | $this->assertEquals(403, $client->getResponse()->getStatusCode()); | ||
| 197 | } | ||
| 177 | } | 198 | } |