From eb3bd7efb73f2e8500b6415e16438cea77aa4e9a Mon Sep 17 00:00:00 2001 From: Jeremy Date: Tue, 10 Feb 2015 22:32:42 +0100 Subject: Add more tests on Entry controller Also add more fixtures --- .../CoreBundle/DataFixtures/ORM/LoadEntryData.php | 23 +++++- .../CoreBundle/DataFixtures/ORM/LoadUserData.php | 15 +++- .../CoreBundle/Repository/EntryRepository.php | 1 - .../Tests/Controller/EntryControllerTest.php | 91 ++++++++++++++++++---- src/Wallabag/CoreBundle/Tests/WallabagTestCase.php | 4 +- 5 files changed, 114 insertions(+), 20 deletions(-) diff --git a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadEntryData.php b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadEntryData.php index fccd06be..520b44b8 100644 --- a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadEntryData.php +++ b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadEntryData.php @@ -16,13 +16,32 @@ class LoadEntryData extends AbstractFixture implements OrderedFixtureInterface { $entry1 = new Entry($this->getReference('admin-user')); $entry1->setUrl('http://0.0.0.0'); - $entry1->setTitle('test title'); + $entry1->setTitle('test title entry1'); $entry1->setContent('This is my content /o/'); $manager->persist($entry1); - $manager->flush(); $this->addReference('entry1', $entry1); + + $entry2 = new Entry($this->getReference('admin-user')); + $entry2->setUrl('http://0.0.0.0'); + $entry2->setTitle('test title entry2'); + $entry2->setContent('This is my content /o/'); + + $manager->persist($entry2); + + $this->addReference('entry2', $entry2); + + $entry3 = new Entry($this->getReference('bob-user')); + $entry3->setUrl('http://0.0.0.0'); + $entry3->setTitle('test title entry3'); + $entry3->setContent('This is my content /o/'); + + $manager->persist($entry3); + + $this->addReference('entry3', $entry3); + + $manager->flush(); } /** diff --git a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php index da788218..e4751f20 100644 --- a/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php +++ b/src/Wallabag/CoreBundle/DataFixtures/ORM/LoadUserData.php @@ -15,13 +15,26 @@ class LoadUserData extends AbstractFixture implements OrderedFixtureInterface public function load(ObjectManager $manager) { $userAdmin = new User(); + $userAdmin->setName('Big boss'); + $userAdmin->setEmail('bigboss@wallabag.org'); $userAdmin->setUsername('admin'); $userAdmin->setPassword('test'); $manager->persist($userAdmin); - $manager->flush(); $this->addReference('admin-user', $userAdmin); + + $bobUser = new User(); + $bobUser->setName('Bobby'); + $bobUser->setEmail('bobby@wallabag.org'); + $bobUser->setUsername('bob'); + $bobUser->setPassword('test'); + + $manager->persist($bobUser); + + $this->addReference('bob-user', $bobUser); + + $manager->flush(); } /** diff --git a/src/Wallabag/CoreBundle/Repository/EntryRepository.php b/src/Wallabag/CoreBundle/Repository/EntryRepository.php index b6f86707..bedc90d2 100644 --- a/src/Wallabag/CoreBundle/Repository/EntryRepository.php +++ b/src/Wallabag/CoreBundle/Repository/EntryRepository.php @@ -2,7 +2,6 @@ namespace Wallabag\CoreBundle\Repository; -use Doctrine\ORM\Query; use Doctrine\ORM\EntityRepository; use Doctrine\ORM\Tools\Pagination\Paginator; diff --git a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php index 5d8daea3..05854525 100644 --- a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php +++ b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php @@ -3,6 +3,7 @@ namespace Wallabag\CoreBundle\Tests\Controller; use Wallabag\CoreBundle\Tests\WallabagTestCase; +use Doctrine\ORM\AbstractQuery; class EntryControllerTest extends WallabagTestCase { @@ -10,7 +11,7 @@ class EntryControllerTest extends WallabagTestCase { $client = $this->getClient(); - $crawler = $client->request('GET', '/new'); + $client->request('GET', '/new'); $this->assertEquals(302, $client->getResponse()->getStatusCode()); $this->assertContains('login', $client->getResponse()->headers->get('location')); @@ -18,7 +19,7 @@ class EntryControllerTest extends WallabagTestCase public function testGetNew() { - $this->logIn(); + $this->logInAs('admin'); $client = $this->getClient(); $crawler = $client->request('GET', '/new'); @@ -31,7 +32,7 @@ class EntryControllerTest extends WallabagTestCase public function testPostNewEmpty() { - $this->logIn(); + $this->logInAs('admin'); $client = $this->getClient(); $crawler = $client->request('GET', '/new'); @@ -49,7 +50,7 @@ class EntryControllerTest extends WallabagTestCase public function testPostNewOk() { - $this->logIn(); + $this->logInAs('admin'); $client = $this->getClient(); $crawler = $client->request('GET', '/new'); @@ -74,27 +75,27 @@ class EntryControllerTest extends WallabagTestCase public function testArchive() { - $this->logIn(); + $this->logInAs('admin'); $client = $this->getClient(); - $crawler = $client->request('GET', '/archive'); + $client->request('GET', '/archive'); $this->assertEquals(200, $client->getResponse()->getStatusCode()); } public function testStarred() { - $this->logIn(); + $this->logInAs('admin'); $client = $this->getClient(); - $crawler = $client->request('GET', '/starred'); + $client->request('GET', '/starred'); $this->assertEquals(200, $client->getResponse()->getStatusCode()); } public function testView() { - $this->logIn(); + $this->logInAs('admin'); $client = $this->getClient(); $content = $client->getContainer() @@ -102,13 +103,75 @@ class EntryControllerTest extends WallabagTestCase ->getRepository('WallabagCoreBundle:Entry') ->findOneByIsArchived(false); - if (!$content) { - $this->markTestSkipped('No content found in db.'); - } - - $crawler = $client->request('GET', '/view/'.$content->getId()); + $client->request('GET', '/view/'.$content->getId()); $this->assertEquals(200, $client->getResponse()->getStatusCode()); $this->assertContains($content->getTitle(), $client->getResponse()->getContent()); } + + public function testToggleArchive() + { + $this->logInAs('admin'); + $client = $this->getClient(); + + $content = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneByIsArchived(false); + + $client->request('GET', '/archive/'.$content->getId()); + + $this->assertEquals(302, $client->getResponse()->getStatusCode()); + + $res = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneById($content->getId()); + + $this->assertEquals($res->isArchived(), true); + } + + public function testToggleStar() + { + $this->logInAs('admin'); + $client = $this->getClient(); + + $content = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneByIsStarred(false); + + $client->request('GET', '/star/'.$content->getId()); + + $this->assertEquals(302, $client->getResponse()->getStatusCode()); + + $res = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneById($content->getId()); + + $this->assertEquals($res->isStarred(), true); + } + + public function testDelete() + { + $this->logInAs('admin'); + $client = $this->getClient(); + + $content = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneByIsDeleted(false); + + $client->request('GET', '/delete/'.$content->getId()); + + $this->assertEquals(302, $client->getResponse()->getStatusCode()); + + $res = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneById($content->getId()); + + $this->assertEquals($res->isDeleted(), true); + } } diff --git a/src/Wallabag/CoreBundle/Tests/WallabagTestCase.php b/src/Wallabag/CoreBundle/Tests/WallabagTestCase.php index edc7d992..a80b8bac 100644 --- a/src/Wallabag/CoreBundle/Tests/WallabagTestCase.php +++ b/src/Wallabag/CoreBundle/Tests/WallabagTestCase.php @@ -18,12 +18,12 @@ class WallabagTestCase extends WebTestCase $this->client = static::createClient(); } - public function logIn() + public function logInAs($username) { $crawler = $this->client->request('GET', '/login'); $form = $crawler->filter('button[type=submit]')->form(); $data = array( - '_username' => 'admin', + '_username' => $username, '_password' => 'test', ); -- cgit v1.2.3 From 3d2b2d62be287075ca402f1d59a880687f18dfcd Mon Sep 17 00:00:00 2001 From: Jeremy Date: Tue, 10 Feb 2015 22:33:18 +0100 Subject: Avoid user to see other entries hehe :) --- .../CoreBundle/Controller/EntryController.php | 53 +++++++++++++++++----- .../Tests/Controller/EntryControllerTest.php | 21 +++++++++ 2 files changed, 63 insertions(+), 11 deletions(-) diff --git a/src/Wallabag/CoreBundle/Controller/EntryController.php b/src/Wallabag/CoreBundle/Controller/EntryController.php index 5378486a..89677bef 100644 --- a/src/Wallabag/CoreBundle/Controller/EntryController.php +++ b/src/Wallabag/CoreBundle/Controller/EntryController.php @@ -12,8 +12,10 @@ use Wallabag\CoreBundle\Helper\Url; class EntryController extends Controller { /** - * @param Request $request + * @param Request $request + * * @Route("/new", name="new_entry") + * * @return \Symfony\Component\HttpFoundation\Response */ public function addEntryAction(Request $request) @@ -54,6 +56,7 @@ class EntryController extends Controller * Shows unread entries for current user * * @Route("/unread", name="unread") + * * @return \Symfony\Component\HttpFoundation\Response */ public function showUnreadAction() @@ -73,6 +76,7 @@ class EntryController extends Controller * Shows read entries for current user * * @Route("/archive", name="archive") + * * @return \Symfony\Component\HttpFoundation\Response */ public function showArchiveAction() @@ -92,6 +96,7 @@ class EntryController extends Controller * Shows starred entries for current user * * @Route("/starred", name="starred") + * * @return \Symfony\Component\HttpFoundation\Response */ public function showStarredAction() @@ -110,12 +115,16 @@ class EntryController extends Controller /** * Shows entry content * - * @param Entry $entry + * @param Entry $entry + * * @Route("/view/{id}", requirements={"id" = "\d+"}, name="view") + * * @return \Symfony\Component\HttpFoundation\Response */ public function viewAction(Entry $entry) { + $this->checkUserAction($entry); + return $this->render( 'WallabagCoreBundle:Entry:entry.html.twig', array('entry' => $entry) @@ -125,13 +134,17 @@ class EntryController extends Controller /** * Changes read status for an entry * - * @param Request $request - * @param Entry $entry + * @param Request $request + * @param Entry $entry + * * @Route("/archive/{id}", requirements={"id" = "\d+"}, name="archive_entry") + * * @return \Symfony\Component\HttpFoundation\RedirectResponse */ public function toggleArchiveAction(Request $request, Entry $entry) { + $this->checkUserAction($entry); + $entry->toggleArchive(); $this->getDoctrine()->getManager()->flush(); @@ -146,13 +159,17 @@ class EntryController extends Controller /** * Changes favorite status for an entry * - * @param Request $request - * @param Entry $entry + * @param Request $request + * @param Entry $entry + * * @Route("/star/{id}", requirements={"id" = "\d+"}, name="star_entry") + * * @return \Symfony\Component\HttpFoundation\RedirectResponse */ public function toggleStarAction(Request $request, Entry $entry) { + $this->checkUserAction($entry); + $entry->toggleStar(); $this->getDoctrine()->getManager()->flush(); @@ -167,17 +184,19 @@ class EntryController extends Controller /** * Deletes entry * - * @param Request $request - * @param Entry $entry + * @param Request $request + * @param Entry $entry + * * @Route("/delete/{id}", requirements={"id" = "\d+"}, name="delete_entry") + * * @return \Symfony\Component\HttpFoundation\RedirectResponse */ public function deleteEntryAction(Request $request, Entry $entry) { - $em = $this->getDoctrine()->getManager(); + $this->checkUserAction($entry); + $entry->setDeleted(1); - $em->persist($entry); - $em->flush(); + $this->getDoctrine()->getManager()->flush(); $this->get('session')->getFlashBag()->add( 'notice', @@ -186,4 +205,16 @@ class EntryController extends Controller return $this->redirect($request->headers->get('referer')); } + + /** + * Check if the logged user can manage the given entry + * + * @param Entry $entry + */ + private function checkUserAction(Entry $entry) + { + if ($this->getUser()->getId() != $entry->getUser()->getId()) { + throw $this->createAccessDeniedException('You can not use this entry.'); + } + } } diff --git a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php index 05854525..7276f8e4 100644 --- a/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php +++ b/src/Wallabag/CoreBundle/Tests/Controller/EntryControllerTest.php @@ -174,4 +174,25 @@ class EntryControllerTest extends WallabagTestCase $this->assertEquals($res->isDeleted(), true); } + + public function testViewOtherUserEntry() + { + $this->logInAs('bob'); + $client = $this->getClient(); + + $content = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->createQueryBuilder('e') + ->select('e.id') + ->leftJoin('e.user', 'u') + ->where('u.username != :username')->setParameter('username', 'bob') + ->setMaxResults(1) + ->getQuery() + ->getSingleResult(AbstractQuery::HYDRATE_ARRAY); + + $client->request('GET', '/view/'.$content['id']); + + $this->assertEquals(403, $client->getResponse()->getStatusCode()); + } } -- cgit v1.2.3 From da93261a7d729084c4913e8dcc5052a781426ef7 Mon Sep 17 00:00:00 2001 From: Jeremy Date: Tue, 10 Feb 2015 22:34:11 +0100 Subject: Quick fix in build.xml We don't need to purge the database since it was just re-created --- app/build.xml | 1 - 1 file changed, 1 deletion(-) diff --git a/app/build.xml b/app/build.xml index a8e43f0d..bdc4b4d8 100644 --- a/app/build.xml +++ b/app/build.xml @@ -38,7 +38,6 @@ - -- cgit v1.2.3