Source of file UserDefinedFormAdminTest.php
Size: 20,386 Bytes - Last Modified: 2021-12-23T10:35:40+00:00
/var/www/docs.ssmods.com/process/src/tests/php/Control/UserDefinedFormAdminTest.php
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477 | <?php namespace SilverStripe\UserForms\Tests\Control; use SilverStripe\Assets\Dev\TestAssetStore; use SilverStripe\Assets\File; use SilverStripe\Assets\Folder; use SilverStripe\Assets\Storage\AssetStore; use SilverStripe\Assets\Upload_Validator; use InvalidArgumentException; use SilverStripe\Control\HTTPRequest; use SilverStripe\Control\HTTPResponse; use SilverStripe\Control\Session; use SilverStripe\Core\Config\Config; use SilverStripe\Core\Injector\Injector; use SilverStripe\Dev\CSSContentParser; use SilverStripe\Dev\FunctionalTest; use SilverStripe\Forms\FieldList; use SilverStripe\Forms\FormAction; use SilverStripe\ORM\DataObject; use SilverStripe\Security\InheritedPermissions; use SilverStripe\Security\Security; use SilverStripe\UserForms\Control\UserDefinedFormAdmin; use SilverStripe\UserForms\Control\UserDefinedFormController; use SilverStripe\UserForms\Model\EditableFormField; use SilverStripe\UserForms\Model\EditableFormField\EditableFileField; use SilverStripe\UserForms\Model\EditableFormField\EditableTextField; use SilverStripe\UserForms\Model\Recipient\EmailRecipient; use SilverStripe\UserForms\Model\Submission\SubmittedFormField; use SilverStripe\UserForms\Model\UserDefinedForm; use SilverStripe\View\ArrayData; use SilverStripe\View\SSViewer; /** * @package userforms */ class UserDefinedFormAdminTest extends FunctionalTest { protected static $fixture_file = '../UserFormsTest.yml'; protected function setUp(): void { parent::setUp(); $submissionFolder = Folder::find('Form-submissions'); if ($submissionFolder) { $submissionFolder->delete(); } foreach (Folder::get() as $folder) { $folder->publishSingle(); } } public function testConfirmfolderformInvalidRequest() { $this->logInWithPermission(['CMS_ACCESS_CMSMain']); $url = 'admin/user-forms/confirmfolderformschema?'; $fieldID = $this->idFromFixture(EditableFileField::class, 'file-field-1'); $response = $this->get($url); $this->assertEquals(400, $response->getStatusCode(), 'Request without ID parameter is invalid'); $response = $this->get($url . http_build_query(['ID' => -1])); $this->assertEquals(400, $response->getStatusCode(), 'Request with unknown ID and known UserFormID is invalid'); } public function testConfirmfolderformAccessControl() { $url = 'admin/user-forms/confirmfolderformschema?'; $fieldID = $this->idFromFixture(EditableFileField::class, 'file-field-1'); $restrictedFieldID = $this->idFromFixture(EditableFileField::class, 'file-field-2'); $this->logInWithPermission(['CMS_ACCESS_CMSMain']); $response = $this->get($url . http_build_query(['ID' => $fieldID])); $this->assertEquals(200, $response->getStatusCode(), 'CMS editors can access confirm folder form '); $response = $this->get($url . http_build_query(['ID' => $restrictedFieldID])); $this->assertEquals( 403, $response->getStatusCode(), 'CMS editors can\'t access confirm folder form for restricted form' ); $this->logInWithPermission('ADMIN'); $response = $this->get($url . http_build_query(['ID' => $restrictedFieldID])); $this->assertEquals( 200, $response->getStatusCode(), 'Admins can access confirm folder form for restricted form' ); } public function testConfirmfolderformFields() { $url = 'admin/user-forms/confirmfolderformschema?'; $fieldID = $this->idFromFixture(EditableFileField::class, 'file-field-1'); $folderID = $this->idFromFixture(Folder::class, 'unrestricted'); $this->logInWithPermission('ADMIN'); $response = $this->get( $url . http_build_query(['ID' => $fieldID]), null, ['X-FormSchema-Request' => 'auto,schema,state,errors'] ); $schemaData = json_decode($response->getBody(), true); $this->assertEquals('ConfirmFolderForm', $schemaData['schema']['name']); $this->assertField($schemaData, 'FolderOptions', ['component' => 'OptionsetField']); $this->assertField($schemaData, 'FolderID', ['component' => 'TreeDropdownField']); $this->assertField($schemaData, 'ID', ['schemaType' =>'Hidden']); $this->assertStateValue($schemaData, ['ID' => $fieldID, 'FolderID' => $folderID]); } public function testConfirmfolderformDefaultFolder() { $url = 'admin/user-forms/confirmfolderformschema?'; $fieldID = $this->idFromFixture(EditableFileField::class, 'file-field-2'); $this->logInWithPermission('ADMIN'); $response = $this->get( $url . http_build_query(['ID' => $fieldID]), null, ['X-FormSchema-Request' => 'auto,schema,state,errors'] ); $schemaData = json_decode($response->getBody(), true); $this->assertEquals('ConfirmFolderForm', $schemaData['schema']['name']); $this->assertField($schemaData, 'FolderOptions', ['component' => 'OptionsetField']); $this->assertField($schemaData, 'FolderID', ['component' => 'TreeDropdownField']); $this->assertField($schemaData, 'ID', ['schemaType' =>'Hidden']); $folder = Folder::find('Form-submissions'); $this->assertNotEmpty($folder, 'Default submission folder has been created'); $this->assertStateValue($schemaData, ['ID' => $fieldID, 'FolderID' => $folder->ID]); $this->logOut(); $this->assertFalse($folder->canView(), 'Default submission folder is protected'); } public function testConfirmfolderInvalidRequest() { $this->logInWithPermission(['CMS_ACCESS_CMSMain', 'CMS_ACCESS_AssetAdmin']); $url = 'admin/user-forms/ConfirmFolderForm'; $response = $this->post($url, ['ID' => -1]); $this->assertEquals(400, $response->getStatusCode(), 'Request without ID parameter is invalid'); } public function testConfirmfolderAccessControl() { $url = 'admin/user-forms/ConfirmFolderForm'; $fieldID = $this->idFromFixture(EditableFileField::class, 'file-field-1'); $restrictedFieldID = $this->idFromFixture(EditableFileField::class, 'file-field-2'); $this->logInWithPermission(['CMS_ACCESS_CMSMain']); $response = $this->post($url, ['ID' => $fieldID]); $this->assertEquals( 403, $response->getStatusCode(), 'Users without CMS_ACCESS_AssetAdmin can\'t confirm folder' ); $this->logInWithPermission(['CMS_ACCESS_CMSMain', 'CMS_ACCESS_AssetAdmin']); $response = $this->post($url, ['ID' => $fieldID]); $this->assertEquals(200, $response->getStatusCode(), 'CMS editors can access confirm folder form '); $response = $this->post($url, ['ID' => $restrictedFieldID]); $this->assertEquals( 403, $response->getStatusCode(), 'CMS editors can\'t confirm folder form for restricted form' ); $this->logInWithPermission('ADMIN'); $response = $this->post($url, ['ID' => $restrictedFieldID]); $this->assertEquals( 200, $response->getStatusCode(), 'Admins can confirm folder form for restricted form' ); } public function testConfirmfolderExistingFolder() { $this->logInWithPermission(['CMS_ACCESS_CMSMain', 'CMS_ACCESS_AssetAdmin']); $url = 'admin/user-forms/ConfirmFolderForm'; $fieldID = $this->idFromFixture(EditableFileField::class, 'file-field-1'); $folderID = $this->idFromFixture(Folder::class, 'restricted'); $response = $this->post($url, ['ID' => $fieldID, 'FolderOptions' => 'existing', 'FolderID' => $folderID]); $this->assertEquals(200, $response->getStatusCode(), 'Valid request to confirm an existing folder is successful'); $this->assertEquals( $folderID, EditableFileField::get()->byID($fieldID)->FolderID, 'FileField points to restricted folder' ); } public function testConfirmfolderInexistingFolder() { $this->logInWithPermission(['CMS_ACCESS_CMSMain', 'CMS_ACCESS_AssetAdmin']); $url = 'admin/user-forms/ConfirmFolderForm'; $fieldID = $this->idFromFixture(EditableFileField::class, 'file-field-1'); $response = $this->post($url, ['ID' => $fieldID, 'FolderOptions' => 'existing', 'FolderID' => -1]); $this->assertEquals(400, $response->getStatusCode(), 'Confirm a non-existant folder fails with 400'); } public function testConfirmfolderRootFolder() { $this->logInWithPermission(['CMS_ACCESS_CMSMain', 'CMS_ACCESS_AssetAdmin']); $url = 'admin/user-forms/ConfirmFolderForm'; $fieldID = $this->idFromFixture(EditableFileField::class, 'file-field-1'); $response = $this->post($url, ['ID' => $fieldID, 'FolderOptions' => 'existing', 'FolderID' => 0]); $this->assertEquals(200, $response->getStatusCode(), 'Valid request to confirm an root folder is successful'); $this->assertEquals(0, EditableFileField::get()->byID($fieldID)->FolderID, 'FileField points to root folder'); } public function testConfirmfolderNewFolder() { $this->logInWithPermission(['CMS_ACCESS_CMSMain', 'CMS_ACCESS_AssetAdmin']); $url = 'admin/user-forms/ConfirmFolderForm'; $fieldID = $this->idFromFixture(EditableFileField::class, 'file-field-1'); $response = $this->post($url, ['ID' => $fieldID, 'FolderOptions' => 'new']); $this->assertEquals(200, $response->getStatusCode(), 'Valid request to confirm folder by creating a new one is valid'); $folder = Folder::find('Form-submissions/Form-with-upload-field'); $this->assertNotEmpty($folder, 'New folder has been created based on the UserFormPage\'s title'); $this->logOut(); $this->assertFalse($folder->canView(), 'New folder is restricted'); } public function testConfirmfolderNewFolderWithSpecificName() { $this->logInWithPermission(['CMS_ACCESS_CMSMain', 'CMS_ACCESS_AssetAdmin']); $url = 'admin/user-forms/ConfirmFolderForm'; $fieldID = $this->idFromFixture(EditableFileField::class, 'file-field-1'); $response = $this->post( $url, ['ID' => $fieldID, 'FolderOptions' => 'new', 'CreateFolder' => 'My-Custom-Folder->\'Pow'] ); $this->assertEquals(200, $response->getStatusCode(), 'Valid request to confirm folder by creating a new one is valid'); $folder = Folder::find('Form-submissions/My-Custom-Folder-Pow'); $this->assertNotEmpty($folder, 'New folder has been created based the provided CreateFolder value'); $this->logOut(); $this->assertFalse($folder->canView(), 'New folder is restricted'); } public function testConfirmfolderWithFieldTypeConversion() { $this->logInWithPermission('ADMIN'); $url = 'admin/user-forms/ConfirmFolderForm?'; $fieldID = $this->idFromFixture(EditableTextField::class, 'become-file-upload'); $response = $this->post($url, ['ID' => $fieldID, 'FolderOptions' => 'new']); $this->assertEquals(200, $response->getStatusCode(), 'Valid request to confirm folder by creating a new one is valid'); $folder = Folder::find('Form-submissions/Form-editable-only-by-admin'); $this->assertNotEmpty($folder, 'New folder has been created based on the UserFormPage\'s title'); $this->logOut(); $this->assertFalse($folder->canView(), 'New folder is restricted'); $field = EditableFormField::get()->byID($fieldID); $this->assertEquals( EditableFileField::class, $field->ClassName, 'EditableTextField has been converted to EditableFileField' ); } public function testPreserveSubmissionFolderPermission() { $folder = Folder::find_or_make('Form-submissions'); $folder->CanViewType = InheritedPermissions::ANYONE; $folder->write(); $this->logInWithPermission(['CMS_ACCESS_CMSMain', 'CMS_ACCESS_AssetAdmin']); $url = 'admin/user-forms/ConfirmFolderForm?'; $fieldID = $this->idFromFixture(EditableFileField::class, 'file-field-1'); $this->post($url, ['ID' => $fieldID, 'FolderOptions' => 'new']); $folder = Folder::find('Form-submissions'); $this->assertEquals( InheritedPermissions::ANYONE, $folder->CanViewType, 'Submission folder permissions are preserved' ); } /** * Assert that a field with the provided attribute exists in $schema. * * @param array $schema * @param string $name * @param string $component * @param $value * @param string $message */ private function assertField(array $schema, string $name, array $attributes, $message = '') { $message = $message ?: sprintf('A %s field exists with %s', $name, var_export($attributes, true)); $fields = $schema['schema']['fields']; $state = $schema['state']['fields']; $this->assertNotEmpty($fields, $message); $foundField = false; foreach ($fields as $field) { if ($field['name'] === $name) { $foundField = true; foreach ($attributes as $attr => $expectedValue) { $this->assertEquals($expectedValue, $field[$attr]); } break; } } $this->assertTrue($foundField, $message); } private function assertStateValue(array $schema, $values) { $fields = $schema['state']['fields']; $this->assertNotEmpty($fields); $foundField = false; foreach ($fields as $field) { $key = $field['name']; if (isset($values[$key])) { $this->assertEquals($values[$key], $field['value'], sprintf('%s is %s', $key, $values[$key])); } } } public function testGetFolderPermissionAccessControl() { $this->logOut(); $url = 'admin/user-forms/getfoldergrouppermissions?'; $this->logInWithPermission(['CMS_ACCESS_CMSMain', 'CMS_ACCESS_AssetAdmin']); $adminOnlyFolder = Folder::find('admin-only'); $response = $this->get($url . http_build_query(['FolderID' => $adminOnlyFolder->ID])); $this->assertEquals( 403, $response->getStatusCode(), 'Access denied for getting permission of Folder user does not have read access on' ); $this->logInWithPermission('ADMIN'); $adminOnlyFolder = Folder::find('admin-only'); $response = $this->get($url . http_build_query(['FolderID' => $adminOnlyFolder->ID])); $this->assertEquals( 200, $response->getStatusCode(), 'Access denied for getting permission of Folder user does not have read access on' ); } public function testGetFolderPermissionNonExistentFolder() { $this->logInWithPermission(['CMS_ACCESS_CMSMain', 'CMS_ACCESS_AssetAdmin']); $url = 'admin/user-forms/getfoldergrouppermissions?'; $response = $this->get($url . http_build_query(['FolderID' => -1])); $this->assertEquals( 400, $response->getStatusCode(), 'Non existent folder should fail' ); } public function testGetFolderPermissionValidRequest() { $url = 'admin/user-forms/getfoldergrouppermissions?'; $this->logInWithPermission(['CMS_ACCESS_CMSMain', 'CMS_ACCESS_AssetAdmin']); $folder = Folder::find('unrestricted'); $response = $this->get($url . http_build_query(['FolderID' => $folder->ID])); $this->assertEquals( 200, $response->getStatusCode(), 'Valid request is successfull' ); $this->assertStringContainsString('Unrestricted access, uploads will be visible to anyone', $response->getBody()); $folder = Folder::find('restricted-folder'); $response = $this->get($url . http_build_query(['FolderID' => 0])); $this->assertEquals( 200, $response->getStatusCode(), 'Valid request for root folder is successful' ); $this->assertStringContainsString('Unrestricted access, uploads will be visible to anyone', $response->getBody()); $folder = Folder::find('restricted-folder'); $response = $this->get($url . http_build_query(['FolderID' => $folder->ID])); $this->assertEquals( 200, $response->getStatusCode(), 'Valid request for root folder is successful' ); $this->assertStringContainsString('Restricted access, uploads will be visible to logged-in users ', $response->getBody()); $this->logInWithPermission('ADMIN'); $adminOnlyFolder = Folder::find('admin-only'); $response = $this->get($url . http_build_query(['FolderID' => $adminOnlyFolder->ID])); $this->assertEquals( 200, $response->getStatusCode(), 'Valid request for folder restricted to group is successful' ); $this->assertStringContainsString('Restricted access, uploads will be visible to the following groups: Administrators', $response->getBody()); } public function testGetFormSubmissionFolder() { $submissionFolder = Folder::find('Form-submissions'); $this->assertEmpty($submissionFolder, 'Submission folder does not exists initially.'); // No parameters $submissionFolder = UserDefinedFormAdmin::getFormSubmissionFolder(); $this->assertNotEmpty($submissionFolder, 'Submission folder exists after getFormSubmissionFolder call'); $this->assertEquals('Form-submissions/', $submissionFolder->getFilename(), 'Submission folder got created under correct name'); $this->assertEquals(InheritedPermissions::ONLY_THESE_USERS, $submissionFolder->CanViewType, 'Submission folder has correct permissions'); $this->assertNotEmpty($submissionFolder->ViewerGroups()->find('Code', 'administrators'), 'Submission folder is limited to administrators'); // subfolder name $submissionSubFolder = UserDefinedFormAdmin::getFormSubmissionFolder('test-form'); $this->assertNotEmpty($submissionSubFolder, 'Submission subfolder has been created'); $this->assertEquals('Form-submissions/test-form/', $submissionSubFolder->getFilename(), 'Submission sub folder got created under correct name'); $this->assertEquals(InheritedPermissions::INHERIT, $submissionSubFolder->CanViewType, 'Submission sub folder inherit permission from parent'); // make sure parent folder permission don't get overridden $submissionFolder = Folder::find('Form-submissions'); $submissionFolder->CanViewType = InheritedPermissions::INHERIT; $submissionFolder->write(); $submissionSubFolder = UserDefinedFormAdmin::getFormSubmissionFolder('test-form-2'); $submissionFolder = Folder::find('Form-submissions'); $this->assertEquals(InheritedPermissions::INHERIT, $submissionFolder->CanViewType, 'Submission sub folder inherit permission from parent'); // Submission folder get recreated $submissionFolder->delete(); $submissionFolder = Folder::find('Form-submissions'); $this->assertEmpty($submissionFolder, 'Submission folder does has been deleted.'); $submissionSubFolder = UserDefinedFormAdmin::getFormSubmissionFolder('test-form-3'); $submissionFolder = Folder::find('Form-submissions'); $this->assertNotEmpty($submissionFolder, 'Submission folder got recreated'); $this->assertEquals('Form-submissions/', $submissionFolder->getFilename(), 'Submission folder got recreated under correct name'); $this->assertEquals(InheritedPermissions::ONLY_THESE_USERS, $submissionFolder->CanViewType, 'Submission folder has correct permissions'); $this->assertNotEmpty($submissionFolder->ViewerGroups()->find('Code', 'administrators'), 'Submission folder is limited to administrators'); } } |