oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add: Calendar can now choose workflow for Events

Browse source 
fix: Event now saves ownerUserId correctly
add: GalleryAlbum now shows link to add a Photo
added a test skeleton for Test::WWW::Mechanize tests
This commit is contained in:
Doug Bell 2008-04-16 23:32:12 +00:00
parent 684ce5a7ca
commit 7668f68980
13 changed files with 533 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

3
docs/changelog/7.x.x.txt
View file

@ -2,10 +2,13 @@
- fix: template variable isUncommitted is not documented in the help
- Cleaned the pollution from the forms system.
- fix: Event is no longer editable by anyone who can add events
- fix: Event now sets ownerUserId correctly
- add: Calendar can now select which workflow to use for committing Events
- fixed: Package search is slow for large websites
- fixed: rich editor image picker displays incorrectly in IE
- fixed: the export system was largely incomprehensible. rewritten.
- the new export system now needs Path::Class
- add: GalleryAlbum now shows link to add Photo
7.5.10
- fix: Syntax error in GetCsMail

16
docs/gotcha.txt
View file

@ -7,13 +7,27 @@ upgrading from one version to the next, or even between multiple
versions. Be sure to heed the warnings contained herein as they will
save you many hours of grief.
7.5.11
--------------------------------------------------------------------
* The exporting system before this release was largely incomprehensible and
difficult to understand. It has been rewritten, and now requires Path::Class to
function.
* WebGUI versions since 7.3.0 (when the new Calendar was added)
have allowed users to post Events to Calendars, but the owner of
the Event has been saved as Admin (user ID 3). Also, anyone who
was allowed to add an Event was allowed to edit any Event in the
Calendar.
The permissions have now been fixed, but it is not possible to
fix the owner of Events posted by individual users. Users are
not allowed to edit the owner of an Event from the web interface
as a security measure.
The new permissions are:
* Users who post an Event are allowed to edit and delete the
Events they post
* Users who can edit the Calendar are allowed to add, edit,
and delete all Events
7.5.9
--------------------------------------------------------------------
* WebGUI 7.5.6 uses a Unicode database connection, but this can cause problems

1
docs/upgrades/_upgrade.skeleton
View file

@ -28,6 +28,7 @@ finish($session); # this line required
#----------------------------------------------------------------------------
# Describe what our function does
#sub exampleFunction {
# my $session = shift;
# print "\tWe're doing some stuff here that you should know about... " unless $quiet;

21
docs/upgrades/upgrade_7.5.10-7.5.11.pl
View file

@ -23,11 +23,13 @@ my $quiet; # this line required
my $session = start(); # this line required
# upgrade functions go here
addCalendarEventWorkflow( $session );
finish($session); # this line required
#----------------------------------------------------------------------------
# Describe what our function does
#sub exampleFunction {
# my $session = shift;
# print "\tWe're doing some stuff here that you should know about... " unless $quiet;
@ -35,6 +37,25 @@ finish($session); # this line required
# print "DONE!\n" unless $quiet;
#}
#----------------------------------------------------------------------------
# Add the database column to select the workflow to approve Calendar Events
sub addCalendarEventWorkflow {
my $session = shift;
print "\tAdding Calendar Event Workflow field..." unless $quiet;
$session->db->write(
qq{ ALTER TABLE Calendar ADD COLUMN workflowIdCommit VARCHAR(22) BINARY },
);
# Add a nice default value
$session->db->write(
qq{ UPDATE Calendar SET workflowIdCommit = ? },
[ $session->setting->get('defaultVersionTagWorkflow') ],
);
print "DONE!\n" unless $quiet;
}
# -------------- DO NOT EDIT BELOW THIS LINE --------------------------------

17
lib/WebGUI/Asset/Event.pm
View file

@ -298,7 +298,8 @@ By specifying this method, you activate this feature.
sub getAutoCommitWorkflowId {
my $self = shift;
return "pbworkflow000000000003";
return $self->getParent->get('workflowIdCommit')
|| $self->session->setting->get('defaultVersionTagWorkflow');
}
@ -1916,7 +1917,12 @@ sub www_edit {
. WebGUI::Form::hidden($self->session, {
name => "class",
value => $self->session->form->process("class","className"),
});
})
. WebGUI::Form::hidden( $self->session, {
name => 'ownerUserId',
value => $self->session->user->userId,
} )
;
}
else {
$var->{"formHeader"}
@ -1926,7 +1932,12 @@ sub www_edit {
. WebGUI::Form::hidden($self->session, {
name => "sequenceNumber",
value => $self->get("sequenceNumber"),
});
})
. WebGUI::Form::hidden( $self->session, {
name => 'ownerUserId',
value => $self->session->user->userId,
} )
;
}
$var->{"formHeader"}

18
lib/WebGUI/Asset/Wobject/Calendar.pm
View file

@ -263,14 +263,14 @@ sub definition {
unitsAvailable => [ qw( days weeks months years ) ],
},
# This doesn't function currently
#subscriberNotifyOffset => {
# fieldType => "integer",
# defaultValue => "2",
# tab => "properties",
# hoverHelp => $i18n->get('subscriberNotifyOffset description'),
# label => $i18n->get('subscriberNotifyOffset label'),
#},
workflowIdCommit => {
fieldType => "workflow",
defaultValue => $session->setting->get('defaultVersionTagWorkflow'),
tab => 'security',
label => $i18n->get('editForm workflowIdCommit label'),
hoverHelp => $i18n->get('editForm workflowIdCommit description'),
type => 'WebGUI::VersionTag',
},
);
push @{$definition}, {
@ -432,7 +432,7 @@ sub canAddEvent {
);
return 1 if (
$user->isInGroup($self->get("groupIdEventEdit"))
$user->isInGroup( $self->get("groupIdEventEdit") )
);
}

15
lib/WebGUI/Asset/Wobject/Gallery.pm
View file

@ -617,6 +617,21 @@ sub getAssetClassForFile {
#----------------------------------------------------------------------------
=head2 getGalleryFileClassesAvailable ( )
Returns an array reference of the Asset classes available to be added to this
Gallery.
=cut
sub getGalleryFileClassesAvailable {
my $self = shift;
return [ 'WebGUI::Asset::File::GalleryFile::Photo' ];
}
#----------------------------------------------------------------------------
=head2 getImageResolutions ( )
Gets an array reference of the image resolutions to create for image-type

7
lib/WebGUI/Asset/Wobject/GalleryAlbum.pm
View file

@ -972,7 +972,12 @@ sub www_showConfirmation {
my $self = shift;
my $i18n = __PACKAGE__->i18n( $self->session );
my $output = sprintf $i18n->get('save message'), $self->getUrl;
my $output = '<p>' . sprintf( $i18n->get('save message'), $self->getUrl ) . '</p>'
. '<p>' . $i18n->get('what next') . '</p>'
. '<ul>'
. sprintf( '<li><a href="%s">Add Photo</a></li>', $self->getUrl('func=add;class=WebGUI::Asset::File::GalleryFile::Photo') )
. '</ul>'
;
return $self->processStyle(
$output

6
lib/WebGUI/i18n/English/Asset_GalleryAlbum.pm
View file

@ -459,6 +459,12 @@ our $I18N = {
lastUpdated => 0,
context => q{Label for button to confirm the delete},
},
'what next' => {
message => q{What Next?},
lastUpdated => 0,
context => 'Title for the list of actions a user can take after saving a Gallery Album',
},
};
1;

193
t/Asset/Event/edit.t Normal file
View file

@ -0,0 +1,193 @@
# vim:syntax=perl
#-------------------------------------------------------------------
# WebGUI is Copyright 2001-2008 Plain Black Corporation.
#-------------------------------------------------------------------
# Please read the legal notices (docs/legal.txt) and the license
# (docs/license.txt) that came with this distribution before using
# this software.
#------------------------------------------------------------------
# http://www.plainblack.com info@plainblack.com
#------------------------------------------------------------------
# This script uses Test::WWW::Mechanize to test adding and editing Event
# assets.
#
use FindBin;
use strict;
use lib "$FindBin::Bin/../../lib";
use Test::More;
use Test::Deep;
use WebGUI::Test; # Must use this before any other WebGUI modules
use WebGUI::Asset;
use WebGUI::VersionTag;
use WebGUI::Session;
#----------------------------------------------------------------------------
# Init
my $session = WebGUI::Test->session;
my $node = WebGUI::Asset->getImportNode( $session );
my @versionTags = ( WebGUI::VersionTag->getWorking( $session ) );
# Override some settings to make things easier to test
my %oldSettings;
# userFunctionStyleId
$oldSettings{ userFunctionStyleId } = $session->setting->get( 'userFunctionStyleId' );
$session->setting->set( 'userFunctionStyleId', 'PBtmpl0000000000000132' );
# Create a user for testing purposes
my $user = WebGUI::User->new( $session, "new" );
$user->username( 'dufresne' . time );
my $identifier = 'ritahayworth';
my $auth = WebGUI::Operation::Auth::getInstance( $session, $user->authMethod, $user->userId );
$auth->saveParams( $user->userId, $user->authMethod, {
'identifier' => Digest::MD5::md5_base64( $identifier ),
});
my ( $mech );
# Get the site's base URL
my $baseUrl = 'http://' . $session->config->get('sitename')->[0];
# Create a Calendar to add Events to
my $calendar = $node->addChild( {
className => 'WebGUI::Asset::Wobject::Calendar',
groupIdEventEdit => '2', # Registered Users
groupIdEdit => '3', # Admins
workflowIdCommit => 'realtimeworkflow-00001', # Commit content immediately
} );
# Remember this event url when we want to edit it later
my $eventUrl;
$versionTags[-1]->commit;
#----------------------------------------------------------------------------
# Tests
plan tests => 9; # Increment this number for each test you create
use_ok( 'Test::WWW::Mechanize' ) or BAIL_OUT("Cannot continue without Test::WWW::Mechanize");
#----------------------------------------------------------------------------
# Add event: Users without permission are not shown form
$mech = Test::WWW::Mechanize->new;
$mech->get( $baseUrl . $calendar->getUrl('func=add;class=WebGUI::Asset::Event') );
$mech->content_lacks( q{value="editSave"} );
#----------------------------------------------------------------------------
# Add event: Users with permission are shown form to add event
$mech = getMechLogin( $baseUrl, $user, $identifier );
# Properties given to the form
my $properties = {
title => 'Event Title',
menuTitle => 'Event Menu Title',
};
$mech->get_ok( $baseUrl . $calendar->getUrl('func=add;class=WebGUI::Asset::Event') );
$mech->submit_form_ok(
{
with_fields => $properties,
},
'Event add form'
);
# Form gets saved correctly
my $event
= $calendar->getLineage( ['children'], {
returnObjects => 1,
orderByClause => "creationDate DESC",
} )->[0];
# Add properties that should be set to default
$properties = {
%{ $properties },
ownerUserId => $user->userId,
createdBy => $user->userId,
};
cmp_deeply( $event->get, superhashof( $properties ), 'Event properties saved correctly' );
# Save the event URL for later
$eventUrl = $event->getUrl;
#----------------------------------------------------------------------------
# Edit Event: Users without permission are not shown form
$mech = Test::WWW::Mechanize->new;
$mech->get( $baseUrl . $eventUrl . '?func=edit' );
$mech->content_lacks( q{value="editSave"} );
#----------------------------------------------------------------------------
# Edit Event: User with permission is shown form to edit event
$mech = getMechLogin( $baseUrl, $user, $identifier );
$mech->get_ok( $baseUrl . $eventUrl . '?func=edit' );
my $properties = {
title => "Event Title" . time,
menuTitle => "Event Menu Title" . time,
description => "Event Description" . time,
};
$mech->submit_form_ok(
{
with_fields => $properties,
},
'Event edit form'
);
# Form gets saved correctly
my $event
= $calendar->getLineage( ['children'], {
returnObjects => 1,
orderByClause => "creationDate DESC",
} )->[0];
# Add defaults that should not get set from the form
$properties = {
%{ $properties },
ownerUserId => $user->userId,
createdBy => $user->userId,
};
cmp_deeply( $event->get, superhashof( $properties ), 'Events properties saved correctly' );
#----------------------------------------------------------------------------
# Cleanup
END {
for my $tag ( @versionTags ) {
$tag->rollback;
}
$user->delete;
for my $key ( keys %oldSettings ) {
$session->setting->set( $key, $oldSettings{ $key } );
}
}
#----------------------------------------------------------------------------
# getMechLogin( baseUrl, WebGUI::User, "identifier" )
# Returns a Test::WWW::Mechanize session after logging in the given user using
# the given identifier (password)
# baseUrl is a fully-qualified URL to the site to login to
sub getMechLogin {
my $baseUrl = shift;
my $user = shift;
my $identifier = shift;
my $mech = Test::WWW::Mechanize->new;
$mech->get( $baseUrl . '?op=auth;method=displayLogin' );
$mech->submit_form(
with_fields => {
username => $user->username,
identifier => $identifier,
},
);
return $mech;
}

2
t/Asset/Redirect/mech.t
View file

@ -36,7 +36,7 @@ $session->setting->set( 'userFunctionStyleId', 'PBtmpl0000000000000132' );
# Create a user for testing purposes
my $user = WebGUI::User->new( $session, "new" );
$user->username( 'dufresne' );
$user->username( 'dufresne' . time );
my $identifier = 'ritahayworth';
my $auth = WebGUI::Operation::Auth::getInstance( $session, $user->authMethod, $user->userId );
$auth->saveParams( $user->userId, $user->authMethod, {

138
t/Asset/Wobject/GalleryAlbum/edit.t Normal file
View file

@ -0,0 +1,138 @@
# vim:syntax=perl
#-------------------------------------------------------------------
# WebGUI is Copyright 2001-2008 Plain Black Corporation.
#-------------------------------------------------------------------
# Please read the legal notices (docs/legal.txt) and the license
# (docs/license.txt) that came with this distribution before using
# this software.
#------------------------------------------------------------------
# http://www.plainblack.com info@plainblack.com
#------------------------------------------------------------------
# Test editing a GalleryAlbum from the web interface
#
#
use FindBin;
use strict;
use lib "$FindBin::Bin/../../../lib";
use Test::More;
use WebGUI::Test; # Must use this before any other WebGUI modules
use WebGUI::Session;
use Test::Deep;
use Test::WWW::Mechanize;
#----------------------------------------------------------------------------
# Init
my $session = WebGUI::Test->session;
my $node = WebGUI::Asset->getImportNode( $session );
my @versionTags = ( WebGUI::VersionTag->getWorking( $session ) );
# Override some settings to make things easier to test
my %oldSettings;
# userFunctionStyleId
$oldSettings{ userFunctionStyleId } = $session->setting->get( 'userFunctionStyleId' );
$session->setting->set( 'userFunctionStyleId', 'PBtmpl0000000000000132' );
# Create a user for testing purposes
my $user = WebGUI::User->new( $session, "new" );
$user->username( 'dufresne' . time );
my $identifier = 'ritahayworth';
my $auth = WebGUI::Operation::Auth::getInstance( $session, $user->authMethod, $user->userId );
$auth->saveParams( $user->userId, $user->authMethod, {
'identifier' => Digest::MD5::md5_base64( $identifier ),
});
my ($mech, $redirect, $response);
# Get the site's base URL
my $baseUrl = 'http://' . $session->config->get('sitename')->[0];
my $i18n = WebGUI::International->new( $session, 'Asset_GalleryAlbum' );
my $gallery
= $node->addChild( {
className => 'WebGUI::Asset::Wobject::Gallery',
groupIdAddFile => '2', # Registered Users
workflowIdCommit => 'realtimeworkflow-00001', # Commit Content Immediately
} );
$versionTags[-1]->commit;
#----------------------------------------------------------------------------
# Tests
plan tests => 6; # Increment this number for each test you create
#----------------------------------------------------------------------------
# Visitor user cannot add albums
$mech = Test::WWW::Mechanize->new;
$mech->get( $baseUrl . $gallery->getUrl('func=add;class=WebGUI::Asset::Wobject::GalleryAlbum') );
# Should contain the Log In form
$mech->content_contains( "Permission Denied" );
#----------------------------------------------------------------------------
# Registered User can add albums
$mech = getMechLogin( $baseUrl, $user, $identifier );
# Complete the GalleryAlbum edit form
my $properties = {
title => 'Gallery Album',
description => 'This is a new Gallery Album',
};
$mech->get_ok( $baseUrl . $gallery->getUrl('func=add;class=WebGUI::Asset::Wobject::GalleryAlbum') );
$mech->submit_form_ok( {
with_fields => $properties,
}, 'Sent GalleryAlbum edit form' );
# Shows the confirmation page
$mech->content_contains(
$i18n->get( 'what next' ),
'Shows message about what next',
);
$mech->content_contains(
q{func=add;class=WebGUI::Asset::File::GalleryFile::Photo},
'Shows link to add a Photo',
);
# Creates the album with the appropriate properties
my $album = WebGUI::Asset->newByDynamicClass( $session, $gallery->getAlbumIds->[0] );
cmp_deeply( $properties, subhashof( $album->get ), "Properties from edit form are set correctly" );
#----------------------------------------------------------------------------
# Cleanup
END {
for my $tag ( @versionTags ) {
$tag->rollback;
}
$user->delete;
for my $key ( keys %oldSettings ) {
$session->setting->set( $key, $oldSettings{ $key } );
}
}
#----------------------------------------------------------------------------
# getMechLogin( baseUrl, WebGUI::User, "identifier" )
# Returns a Test::WWW::Mechanize session after logging in the given user using
# the given identifier (password)
# baseUrl is a fully-qualified URL to the site to login to
sub getMechLogin {
my $baseUrl = shift;
my $user = shift;
my $identifier = shift;
my $mech = Test::WWW::Mechanize->new;
$mech->get( $baseUrl . '?op=auth;method=displayLogin' );
$mech->submit_form(
with_fields => {
username => $user->username,
identifier => $identifier,
},
);
return $mech;
}

111
t/_test.skeleton.mech Normal file
View file

@ -0,0 +1,111 @@
# vim:syntax=perl
#-------------------------------------------------------------------
# WebGUI is Copyright 2001-2008 Plain Black Corporation.
#-------------------------------------------------------------------
# Please read the legal notices (docs/legal.txt) and the license
# (docs/license.txt) that came with this distribution before using
# this software.
#------------------------------------------------------------------
# http://www.plainblack.com info@plainblack.com
#------------------------------------------------------------------
# This script uses Test::WWW::Mechanize to test the operation of something
# This skeleton sets up some things for you, such as a user to use for
# testing.
# Note: In order to test properly, you will probably have to commit your
# version tags as they are created. By adding your version tags to
# @versionTags, they will get cleaned up in the END block
# Note 2: Test::WWW::Mechanize should not be used to test permissions,
# or any API methods.
# This is best used to test forms, do they have the required fields, do
# they get saved properly?
use FindBin;
use strict;
use lib "$FindBin::Bin/lib";
use Test::More;
use WebGUI::Test; # Must use this before any other WebGUI modules
use WebGUI::Asset;
use WebGUI::VersionTag;
use WebGUI::Session;
#----------------------------------------------------------------------------
# Init
my $session = WebGUI::Test->session;
my $node = WebGUI::Asset->getImportNode( $session );
my @versionTags = ( WebGUI::VersionTag->getWorking( $session ) );
# Override some settings to make things easier to test
my %oldSettings;
# userFunctionStyleId
$oldSettings{ userFunctionStyleId } = $session->setting->get( 'userFunctionStyleId' );
$session->setting->set( 'userFunctionStyleId', 'PBtmpl0000000000000132' );
# Create a user for testing purposes
my $user = WebGUI::User->new( $session, "new" );
$user->username( 'dufresne' . time );
my $identifier = 'ritahayworth';
my $auth = WebGUI::Operation::Auth::getInstance( $session, $user->authMethod, $user->userId );
$auth->saveParams( $user->userId, $user->authMethod, {
'identifier' => Digest::MD5::md5_base64( $identifier ),
});
my ( $mech );
# Get the site's base URL
my $baseUrl = 'http://' . $session->config->get('sitename')->[0];
#----------------------------------------------------------------------------
# Tests
plan tests => 1; # Increment this number for each test you create
use_ok( 'Test::WWW::Mechanize' ) or BAIL_OUT( "Cannot continue without Test::WWW::Mechanize" );
#----------------------------------------------------------------------------
# put your tests here
# example
#$mech = Test::WWW::Mechanize->new;
#$mech->get_ok( $baseUrl . "?op=adminConsole" );
#$mech = getMechLogin( $baseUrl, $user, $identifier );
#----------------------------------------------------------------------------
# Cleanup
END {
for my $tag ( @versionTags ) {
$tag->rollback;
}
$user->delete;
for my $key ( keys %oldSettings ) {
$session->setting->set( $key, $oldSettings{ $key } );
}
}
#----------------------------------------------------------------------------
# getMechLogin( baseUrl, WebGUI::User, "identifier" )
# Returns a Test::WWW::Mechanize session after logging in the given user using
# the given identifier (password)
# baseUrl is a fully-qualified URL to the site to login to
sub getMechLogin {
my $baseUrl = shift;
my $user = shift;
my $identifier = shift;
my $mech = Test::WWW::Mechanize->new;
$mech->get( $baseUrl . '?op=auth;method=displayLogin' );
$mech->submit_form(
with_fields => {
username => $user->username,
identifier => $identifier,
},
);
return $mech;
}