Source of file SubsiteAdminFunctionalTest.php
Size: 5,810 Bytes - Last Modified: 2021-12-23T10:04:53+00:00
/var/www/docs.ssmods.com/process/src/tests/SubsiteAdminFunctionalTest.php
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150 | <?php namespace AirNZ\SimpleSubsites\Tests; use SilverStripe\Control\Session; use SilverStripe\Core\Config\Config; use SilverStripe\Dev\FunctionalTest; use SilverStripe\Security\Member; use AirNZ\SimpleSubsites\Model\Subsite; use AirNZ\SimpleSubsites\Tests\SubsiteTest_Page; class SubsiteAdminFunctionalTest extends FunctionalTest { public static $fixture_file = 'simplesubsites/tests/SubsiteTest.yml'; public static $use_draft_site = true; protected $autoFollowRedirection = false; public function setUp() { parent::setUp(); // parent::setUp disables subsite filter by default to not impact other module's tests Subsite::disable_subsite_filter(false); } /** * Helper: FunctionalTest is only able to follow redirection once, we want to go all the way. */ public function getAndFollowAll($url) { $response = $this->get($url); while ($location = $response->getHeader('Location')) { $response = $this->mainSession->followRedirection(); } echo $response->getHeader('Location'); return $response; } /** * Anonymous user cannot access anything. */ public function testAnonymousIsForbiddenAdminAccess() { $response = $this->getAndFollowAll('admin/pages/?SubsiteID=0'); $this->assertRegExp('#^Security/login.*#', $this->mainSession->lastUrl(), 'Admin is disallowed'); $subsite1 = $this->objFromFixture(Subsite::class, 'subsite1'); $response = $this->getAndFollowAll("admin/pages/?SubsiteID={$subsite1->ID}"); $this->assertRegExp('#^Security/login.*#', $this->mainSession->lastUrl(), 'Admin is disallowed'); $response = $this->getAndFollowAll('SubsiteXHRController'); $this->assertRegExp( '#^Security/login.*#', $this->mainSession->lastUrl(), 'SubsiteXHRController is disallowed' ); } /** * Admin should be able to access all subsites and the main site */ public function testAdminCanAccessAllSubsites() { $member = $this->objFromFixture(Member::class, 'admin'); $this->logInAs($member->ID); $subsite1 = $this->objFromFixture(Subsite::class, 'subsite1'); $this->getAndFollowAll("admin/pages/?SubsiteID={$subsite1->ID}"); $this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Can access other subsite.'); $this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section'); $response = $this->getAndFollowAll('SubsiteXHRController'); $this->assertNotRegExp( '#^Security/login.*#', $this->mainSession->lastUrl(), 'SubsiteXHRController is reachable' ); } public function testAdminIsRedirectedToObjectsSubsite() { $member = $this->objFromFixture(Member::class, 'admin'); $this->logInAs($member->ID); $subsite1Home = $this->objFromFixture(SubsiteTest_Page::class, 'subsite1_home'); $subsite2 = $this->objFromFixture(Subsite::class, 'subsite2'); Subsite::changeSubsite($subsite2->ID); $this->getAndFollowAll("admin/pages/edit/show/$subsite1Home->ID"); $this->assertEquals(Subsite::currentSubsiteID(), $subsite1Home->SubsiteID, 'Loading an object switches the subsite'); $this->assertRegExp("#^admin/pages.*#", $this->mainSession->lastUrl(), 'Lands on the correct section'); } /** * User which has AccessAllSubsites set to 1 should be able to access all subsites and main site, * even though he does not have the ADMIN permission. */ public function testEditorCanAccessAllSubsites() { $member = $this->objFromFixture(Member::class, 'editor'); $this->logInAs($member->ID); $subsite1 = $this->objFromFixture(Subsite::class, 'subsite1'); $this->getAndFollowAll("admin/pages/?SubsiteID={$subsite1->ID}"); $this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Can access other subsite.'); $this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section'); $response = $this->getAndFollowAll('SubsiteXHRController'); $this->assertNotRegExp( '#^Security/login.*#', $this->mainSession->lastUrl(), 'SubsiteXHRController is reachable' ); } /** * Test a member who only has access to one subsite (subsite1) and only some sections (pages and security). */ public function testSubsiteAdmin() { $member = $this->objFromFixture(Member::class, 'subsite1member'); $this->logInAs($member->ID); $subsite1 = $this->objFromFixture(Subsite::class, 'subsite1'); // Check allowed URL. $this->getAndFollowAll("admin/pages/?SubsiteID={$subsite1->ID}"); $this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Can access own subsite.'); $this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Can access permitted section.'); // Check forbidden section in allowed subsite. $this->getAndFollowAll("admin/assets/?SubsiteID={$subsite1->ID}"); $this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Is redirected within subsite.'); $this->assertNotRegExp( '#^admin/assets/.*#', $this->mainSession->lastUrl(), 'Is redirected away from forbidden section' ); // Check the standalone XHR controller. $response = $this->getAndFollowAll('SubsiteXHRController'); $this->assertNotRegExp( '#^Security/login.*#', $this->mainSession->lastUrl(), 'SubsiteXHRController is reachable' ); } } |