oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Enforce viewing permissions for search and keywords in the Wiki. Fixes bug #12027

Browse source
This commit is contained in:
Colin Kuskie 2011-01-20 11:21:51 -08:00
parent 8c2958b042
commit 973363b14c
4 changed files with 31 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

14
t/Asset/Wobject/WikiMaster.t
View file

@ -37,6 +37,7 @@ my $wiki
topLevelKeywords => 'criminals,inmates,staff',
url => 'testwiki',
title => 'testwiki',
groupIdView => '2',
}, @childCoda );
my $wikitag = WebGUI::VersionTag->getWorking( $session );
@ -61,7 +62,7 @@ WebGUI::Test->addToCleanup($tag_set1);
#----------------------------------------------------------------------------
# Tests
plan tests => 11; # Increment this number for each test you create
plan tests => 15; # Increment this number for each test you create
#----------------------------------------------------------------------------
#
@ -257,4 +258,15 @@ cmp_deeply(
$page_set{criminals}->update({keywords => 'red,andy,tommy'});
$session->user({userId => 3});
ok $wiki->canView(), 'checking permission handling in www_byKeyword: Admin can view the wiki';
$wiki->www_byKeyword;
is $session->http->getStatus, 201, '... HTTP status set to 201';
$session->user({userId => 1});
ok !$wiki->canView(), '... visitor cannot view the wiki';
$wiki->www_byKeyword;
is $session->http->getStatus, 401, '... HTTP status set to 401, no access';
#vim:ft=perl

14
t/Asset/Wobject/WikiMaster/search.t
View file

@ -38,6 +38,7 @@ my $wiki
= $import->addChild( {
className => 'WebGUI::Asset::Wobject::WikiMaster',
searchTemplateId => $templateId,
groupIdView => '2',
} );
WebGUI::Test->addToCleanup($wiki);
@ -45,12 +46,14 @@ WebGUI::Test->addToCleanup($wiki);
#----------------------------------------------------------------------------
# Tests
plan tests => 1; # Increment this number for each test you create
plan tests => 4; # Increment this number for each test you create
$session->request->setup_body({
query => 'Red&Andy',
});
$session->user({userId => 3});
{
WebGUI::Test->mockAssetId($templateId, $templateMock);
$wiki->www_search();
@ -61,6 +64,15 @@ is $templateVars->{addPageUrl},
$wiki->getUrl('func=add;class=WebGUI::Asset::WikiPage;title=Red%26Andy'),
'search encodes unsafe characters in addPageUrl';
$session->user({userId => 1});
ok !$wiki->canView(), 'checking permission handling in www_search: visitor cannot view the wiki';
$templateVars = {};
$wiki->www_search;
is_deeply $templateVars, {}, '... no template variables set';
is $session->http->getStatus, 401, '... HTTP status set to 401, no access';
#----------------------------------------------------------------------------
#