Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

Adds access control tests for Router

Browse Source
This commit is contained in:
Vlad
2017-08-22 21:16:38 -04:00
parent 78429d8f91
commit e47c8bc701
3 changed files with 105 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
tests/unit/Router/Endpoints/ViewInBrowserTest.php
View File

@ -1,7 +1,9 @@
<?php <?php
namespace MailPoet\Test\Router\Endpoints; namespace MailPoet\Test\Router\Endpoints;
use Codeception\Util\Stub; use Codeception\Util\Stub;
use MailPoet\Config\AccessControl;
use MailPoet\Models\Newsletter; use MailPoet\Models\Newsletter;
use MailPoet\Models\SendingQueue; use MailPoet\Models\SendingQueue;
use MailPoet\Models\Subscriber; use MailPoet\Models\Subscriber;
@ -33,7 +35,7 @@ class ViewInBrowserTest extends \MailPoetTest {
'preview' => false 'preview' => false
); );
// instantiate class // instantiate class
$this->view_in_browser = new ViewInBrowser($this->browser_preview_data); $this->view_in_browser = new ViewInBrowser($this->browser_preview_data, new AccessControl());
} }
function testItAbortsWhenBrowserPreviewDataIsMissing() { function testItAbortsWhenBrowserPreviewDataIsMissing() {
@ -123,6 +125,7 @@ class ViewInBrowserTest extends \MailPoetTest {
} }
function testItDoesNotRequireWpAdministratorToBeOnProcessedListWhenPreviewIsEnabled() { function testItDoesNotRequireWpAdministratorToBeOnProcessedListWhenPreviewIsEnabled() {
$view_in_browser = $this->view_in_browser;
$data = (object)array_merge( $data = (object)array_merge(
$this->browser_preview_data, $this->browser_preview_data,
array( array(
@ -132,19 +135,25 @@ class ViewInBrowserTest extends \MailPoetTest {
) )
); );
$data->preview = true; $data->preview = true;
// when WP user is not logged, false should be returned // when WP user is not logged, false should be returned
expect($this->view_in_browser->_validateBrowserPreviewData($data))->false(); expect($view_in_browser->_validateBrowserPreviewData($data))->false();
// when WP user is logged in but does not have 'manage options' permission, false should be returned // when WP user is logged in but does not have 'manage options' permission, false should be returned
wp_set_current_user(1); wp_set_current_user(1);
$wp_user = wp_get_current_user(); $wp_user = wp_get_current_user();
$wp_user->remove_role('administrator'); $wp_user->remove_role('administrator');
$view_in_browser->access_control = new AccessControl();
expect($this->view_in_browser->_validateBrowserPreviewData($data))->false(); expect($this->view_in_browser->_validateBrowserPreviewData($data))->false();
// when WP user is logged and has 'manage options' permission, data should be returned // when WP user is logged and has 'manage options' permission, data should be returned
$wp_user->add_role('administrator'); $wp_user->add_role('administrator');
expect($this->view_in_browser->_validateBrowserPreviewData($data))->equals($data); $view_in_browser->access_control = new AccessControl();
expect($view_in_browser->_validateBrowserPreviewData($data))->equals($data);
} }
function testItSetsSubscriberToLoggedInWPUserWhenPreviewIsEnabled() { function testItSetsSubscriberToLoggedInWPUserWhenPreviewIsEnabled() {
$view_in_browser = $this->view_in_browser;
$data = (object)array_merge( $data = (object)array_merge(
$this->browser_preview_data, $this->browser_preview_data,
array( array(
@ -155,7 +164,8 @@ class ViewInBrowserTest extends \MailPoetTest {
); );
$data->preview = true; $data->preview = true;
wp_set_current_user(1); wp_set_current_user(1);
$result = $this->view_in_browser->_validateBrowserPreviewData($data); $view_in_browser->access_control = new AccessControl();
$result = $view_in_browser->_validateBrowserPreviewData($data);
expect($result->subscriber->id)->equals(1); expect($result->subscriber->id)->equals(1);
} }

88
tests/unit/Router/RouterTest.php
View File

@ -1,7 +1,9 @@
<?php <?php
namespace MailPoet\Test\Router; namespace MailPoet\Test\Router;
use Codeception\Util\Stub; use Codeception\Util\Stub;
use MailPoet\Config\AccessControl;
use MailPoet\Router\Router; use MailPoet\Router\Router;
require_once('RouterTestMockEndpoint.php'); require_once('RouterTestMockEndpoint.php');
@ -29,7 +31,7 @@ class RouterTest extends \MailPoetTest {
$router = new Router(); $router = new Router();
expect($router->api_request)->equals(true); expect($router->api_request)->equals(true);
expect($router->endpoint)->equals('viewInBrowser'); expect($router->endpoint)->equals('viewInBrowser');
expect($router->action)->equals('view'); expect($router->endpoint_action)->equals('view');
expect($router->data)->equals($data); expect($router->data)->equals($data);
} }
@ -92,6 +94,87 @@ class RouterTest extends \MailPoetTest {
); );
} }
function testItValidatesGlobalPermission() {
$access_control = new AccessControl();
$router = $this->router;
$permissions = array(
'global' => AccessControl::PERMISSION_MANAGE_SETTINGS,
);
$access_control->user_roles = array();
$router->access_control = $access_control;
expect($router->validatePermissions(null, $permissions))->false();
$access_control->user_roles = $access_control->permissions[AccessControl::PERMISSION_MANAGE_SETTINGS];
$router->access_control = $access_control;
expect($router->validatePermissions(null, $permissions))->true();
}
function testItValidatesEndpointActionPermission() {
$access_control = new AccessControl();
$router = $this->router;
$permissions = array(
'global' => null,
'actions' => array(
'test' => AccessControl::PERMISSION_MANAGE_SETTINGS
)
);
$access_control->user_roles = array();
$router->access_control = $access_control;
expect($router->validatePermissions('test', $permissions))->false();
$access_control->user_roles = $access_control->permissions[AccessControl::PERMISSION_MANAGE_SETTINGS];
$router->access_control = $access_control;
expect($router->validatePermissions('test', $permissions))->true();
}
function testItValidatesPermissionBeforeProcessingEndpointAction() {
$router = Stub::construct(
new Router(),
array($this->router_data),
array(
'validatePermissions' => function($action, $permissions) {
expect($action)->equals($this->router_data['action']);
expect($permissions)->equals(
array(
'global' => AccessControl::NO_ACCESS_RESTRICTION
)
);
return true;
}
)
);
$result = $router->init();
expect($result)->equals(
array('data' => 'dummy data')
);
}
function testItReturnsForbiddenResponseWhenPermissionFailsValidation() {
$router = Stub::construct(
new Router(),
array($this->router_data),
array(
'validatePermissions' => false,
'terminateRequest' => function($code, $error) {
return array(
$code,
$error
);
}
)
);
$result = $router->init();
expect($result)->equals(
array(
403,
'You do not have the required permissions.'
)
);
}
function testItCallsEndpointAction() { function testItCallsEndpointAction() {
$data = array('data' => 'dummy data'); $data = array('data' => 'dummy data');
$result = $this->router->init(); $result = $this->router->init();
@ -99,8 +182,7 @@ class RouterTest extends \MailPoetTest {
} }
function testItExecutesUrlParameterConflictResolverAction() { function testItExecutesUrlParameterConflictResolverAction() {
$data = array('data' => 'dummy data'); $this->router->init();
$result = $this->router->init();
expect((boolean)did_action('mailpoet_conflict_resolver_router_url_query_parameters'))->true(); expect((boolean)did_action('mailpoet_conflict_resolver_router_url_query_parameters'))->true();
} }

5
tests/unit/Router/RouterTestMockEndpoint.php
View File

@ -2,12 +2,17 @@
namespace MailPoet\Router\Endpoints; namespace MailPoet\Router\Endpoints;
use MailPoet\Config\AccessControl;
class RouterTestMockEndpoint { class RouterTestMockEndpoint {
const ACTION_TEST = 'test'; const ACTION_TEST = 'test';
public $allowed_actions = array( public $allowed_actions = array(
self::ACTION_TEST self::ACTION_TEST
); );
public $data; public $data;
public $permissions = array(
'global' => AccessControl::NO_ACCESS_RESTRICTION
);
function __construct($data) { function __construct($data) {
$this->data = $data; $this->data = $data;