oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add permission check to www_viewSchedule for the EMS. fixes bug #10987

Browse source
This commit is contained in:
Colin Kuskie 2009-09-15 18:38:28 -07:00
parent 94c64218d4
commit bcaff3b9eb
3 changed files with 145 additions and 127 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/changelog/7.x.x.txt
View file

@ -41,6 +41,7 @@
- fixed #10885: Code Editor breaks Javascript comments
- fixed #10991: Calendar: bug in Display tab
- added direct value access in DataForm list view
- fixed #10987: EMS Schedule -- No Permission Check
7.7.19
- fixed #10838: Forwarded forum post email to new CS adds reply to original thread

9
lib/WebGUI/Asset/Wobject/EventManagementSystem.pm
View file

@ -2058,13 +2058,14 @@ view the schedule table
=cut
sub www_viewSchedule {
my $self = shift;
my $db = $self->session->db;
my $rowsPerPage = 25;
my $self = shift;
return $self->session->privilege->insufficient() unless $self->canView;
my $db = $self->session->db;
my $rowsPerPage = 25;
my $locationsPerPage = $self->get('scheduleColumnsPerPage');
my @columnNames = map { "'col" . $_ . "'" } ( 1..$locationsPerPage );
my $fieldList = join ',', @columnNames;
my $fieldList = join ',', @columnNames;
my $dataColumns = join ",\n", map {
'{key:' . $_ . ',sortable:false,label:"",formatter:formatViewScheduleItem}'
} @columnNames;

262
t/Asset/Wobject/EventManagementSystem.t
View file

@ -30,10 +30,14 @@ use Test::Deep;
my $session = WebGUI::Test->session;
my $registrar = WebGUI::User->create($session);
WebGUI::Test->usersToDelete($registrar);
my $attender = WebGUI::User->create($session);
my $crasher = WebGUI::User->create($session);
WebGUI::Test->usersToDelete($registrar, $attender, $crasher);
my $registrars = WebGUI::Group->new($session, 'new');
WebGUI::Test->groupsToDelete($registrars);
my $attendees = WebGUI::Group->new($session, 'new');
WebGUI::Test->groupsToDelete($registrars, $attendees);
$registrars->addUsers([$registrar->getId]);
$attendees->addUsers([$attender->getId]);
# Do our work in the import node
@ -46,7 +50,7 @@ $versionTag->set({name=>"EventManagementSystem Test"});
#----------------------------------------------------------------------------
# Tests
plan tests => 30 ; # Increment this number for each test you create
plan tests => 32 ; # Increment this number for each test you create
#----------------------------------------------------------------------------
@ -59,12 +63,13 @@ use_ok('WebGUI::Asset::Sku::EMSToken');
# Add an EMS asset
my $ems = $node->addChild({
className=>'WebGUI::Asset::Wobject::EventManagementSystem',
title => 'Test EMS',
description => 'This is a test ems',
url => '/test-ems',
workflowIdCommit => 'pbworkflow000000000003', # Commit Content Immediately
className =>'WebGUI::Asset::Wobject::EventManagementSystem',
title => 'Test EMS',
description => 'This is a test ems',
url => '/test-ems',
workflowIdCommit => 'pbworkflow000000000003', # Commit Content Immediately
registrationStaffGroupId => $registrars->getId,
groupIdView => $attendees->getId
});
$versionTag->commit;
WebGUI::Test->tagsToRollback($versionTag);
@ -74,7 +79,7 @@ isa_ok($ems, 'WebGUI::Asset::Wobject::EventManagementSystem');
# Test to see if we can set new values
my $newEMSSettings = {
timezone => 'America/New York',
timezone => 'America/New York',
};
# update the new values for this instance
@ -82,7 +87,7 @@ $ems->update($newEMSSettings);
# Let's check our updated values
foreach my $newSetting (keys %{$newEMSSettings}) {
is ($ems->get($newSetting), $newEMSSettings->{$newSetting}, "updated $newSetting is ".$newEMSSettings->{$newSetting});
is ($ems->get($newSetting), $newEMSSettings->{$newSetting}, "updated $newSetting is ".$newEMSSettings->{$newSetting});
}
my $preparedView = $ems->prepareView();
@ -98,22 +103,23 @@ ok($ems->isRegistrationStaff == 0, 'Visitor is not part of registration staff');
$session->user({ userId => $registrar->getId });
ok($ems->isRegistrationStaff == 1, 'User is part of registration staff');
$session->user({ userId => 3 });
# Add two badges, using addChild instead of Mech
my @badges;
push(@badges, $ems->addChild({
className=>'WebGUI::Asset::Sku::EMSBadge',
className=>'WebGUI::Asset::Sku::EMSBadge',
title => 'title',
description => 'desc',
}));
push(@badges, $ems->addChild({
className=>'WebGUI::Asset::Sku::EMSBadge',
className=>'WebGUI::Asset::Sku::EMSBadge',
title => 'title',
description => 'desc',
}));
foreach my $badge(@badges) {
ok(ref($badge) eq 'WebGUI::Asset::Sku::EMSBadge', 'Badge added');
ok(ref($badge) eq 'WebGUI::Asset::Sku::EMSBadge', 'Badge added');
}
# Check that both badges exists
@ -124,15 +130,15 @@ ok(scalar(@$badges) == 2, 'Two Badges exist');
my @tickets;
push(@tickets, $ems->addChild({
className=>'WebGUI::Asset::Sku::EMSTicket',
startDate => '2009-01-01 14:00:00',
startDate => '2009-01-01 14:00:00',
}));
push(@tickets, $ems->addChild({
className=>'WebGUI::Asset::Sku::EMSTicket',
startDate => '2009-01-01 14:00:00',
className=>'WebGUI::Asset::Sku::EMSTicket',
startDate => '2009-01-01 14:00:00',
}));
foreach my $ticket(@tickets) {
ok(ref($ticket) eq 'WebGUI::Asset::Sku::EMSTicket', 'Ticket added');
ok(ref($ticket) eq 'WebGUI::Asset::Sku::EMSTicket', 'Ticket added');
}
ok($ems->can('getTickets'), 'Can get tickets');
@ -145,7 +151,7 @@ push(@ribbons, $ems->addChild({className=>'WebGUI::Asset::Sku::EMSRibbon'}));
push(@ribbons, $ems->addChild({className=>'WebGUI::Asset::Sku::EMSRibbon'}));
foreach my $ribbon(@ribbons) {
ok(ref($ribbon) eq 'WebGUI::Asset::Sku::EMSRibbon', 'Ribbon added');
ok(ref($ribbon) eq 'WebGUI::Asset::Sku::EMSRibbon', 'Ribbon added');
}
ok($ems->can('getRibbons'), 'Can get ribbons');
@ -154,10 +160,20 @@ ok(scalar(@$ribbons) == 2, 'Two ribbons exist');
ok( $ems->can('www_getScheduleDataJSON'), 'Can call get Schedule data' );
ok( $ems->can('www_viewSchedule'), 'Can call view Schedule' );
$session->user({userId => $crasher->getId});
my $data = $ems->www_viewSchedule();
is($session->http->getStatus, 401, 'www_viewSchedule: visitor may not see the schedule');
$session->http->setStatus(201);
$session->user({userId => $attender->getId});
my $data = $ems->www_viewSchedule();
is($session->http->getStatus, 201, 'attender user may see the schedule');
my $html = $ems->www_viewSchedule();
ok( $html !~ /REPLACE/, 'tags were successfully replaced');
# print 'html={', $html, "}\n";
my $data = $ems->www_getScheduleDataJSON();
$data = $ems->www_getScheduleDataJSON();
cmp_deeply( JSON::from_json($data),
{
records => [],
@ -177,88 +193,88 @@ cmp_deeply( JSON::from_json($data),
my @tickets= (
$ems->addChild({
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 1 room a 10 am',
eventNumber => 1,
startDate => '2009-01-01 10:00:00',
location => 'a',
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 1 room a 10 am',
eventNumber => 1,
startDate => '2009-01-01 10:00:00',
location => 'a',
}),
$ems->addChild({
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 2 room b 10 am',
eventNumber => 2,
startDate => '2009-01-01 10:00:00',
location => 'b',
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 2 room b 10 am',
eventNumber => 2,
startDate => '2009-01-01 10:00:00',
location => 'b',
}),
$ems->addChild({
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 3 room c 10 am',
eventNumber => 3,
startDate => '2009-01-01 10:00:00',
location => 'c',
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 3 room c 10 am',
eventNumber => 3,
startDate => '2009-01-01 10:00:00',
location => 'c',
}),
$ems->addChild({
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 4 room a 11 am',
eventNumber => 4,
startDate => '2009-01-01 11:00:00',
location => 'a',
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 4 room a 11 am',
eventNumber => 4,
startDate => '2009-01-01 11:00:00',
location => 'a',
}),
$ems->addChild({
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 5 room b 11 am',
eventNumber => 5,
startDate => '2009-01-01 11:00:00',
location => 'b',
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 5 room b 11 am',
eventNumber => 5,
startDate => '2009-01-01 11:00:00',
location => 'b',
}),
$ems->addChild({
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 6 room c 11 am',
eventNumber => 6,
startDate => '2009-01-01 11:00:00',
location => 'c',
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 6 room c 11 am',
eventNumber => 6,
startDate => '2009-01-01 11:00:00',
location => 'c',
}),
$ems->addChild({
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 7 room d 12 am',
eventNumber => 7,
startDate => '2009-01-01 12:00:00',
location => 'd',
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 7 room d 12 am',
eventNumber => 7,
startDate => '2009-01-01 12:00:00',
location => 'd',
}),
$ems->addChild({
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 8 room a 1 pm',
eventNumber => 8,
startDate => '2009-01-01 13:00:00',
location => 'a',
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 8 room a 1 pm',
eventNumber => 8,
startDate => '2009-01-01 13:00:00',
location => 'a',
}),
$ems->addChild({
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 9 room b 1 pm',
eventNumber => 9,
startDate => '2009-01-01 13:00:00',
location => 'b',
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 9 room b 1 pm',
eventNumber => 9,
startDate => '2009-01-01 13:00:00',
location => 'b',
}),
$ems->addChild({
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 10 room c 1 pm',
eventNumber => 10,
startDate => '2009-01-01 13:00:00',
location => 'c',
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 10 room c 1 pm',
eventNumber => 10,
startDate => '2009-01-01 13:00:00',
location => 'c',
}),
$ems->addChild({
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 11 room e 2 pm',
eventNumber => 11,
startDate => '2009-01-01 14:00:00',
location => 'e',
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 11 room e 2 pm',
eventNumber => 11,
startDate => '2009-01-01 14:00:00',
location => 'e',
}),
$ems->addChild({
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 12 room f 2 pm',
eventNumber => 12,
startDate => '2009-01-01 14:00:00',
location => 'f',
className => "WebGUI::Asset::Sku::EMSTicket",
title => 'lecture 12 room f 2 pm',
eventNumber => 12,
startDate => '2009-01-01 14:00:00',
location => 'f',
}),
);
is( scalar(@tickets), 12, 'created tickets for ems');
@ -280,50 +296,50 @@ sub ticketInfo { my $tk = shift; return {
}; }
cmp_deeply( JSON::from_json($data), {
records => [
{ colDate => '',
col1 => { type => 'label', title => 'a' },
col2 => { type => 'label', title => 'b' },
col3 => { type => 'label', title => 'c' },
col4 => { type => 'label', title => 'd' },
col5 => { type => 'label', title => 'e' },
},
{ colDate => $tickets[0]->get('startDate'),
col1 => ticketInfo( $tickets[0] ),
col2 => ticketInfo( $tickets[1] ),
col3 => ticketInfo( $tickets[2] ),
col4 => { type => 'empty' },
col5 => { type => 'empty' },
},
{ colDate => $tickets[3]->get('startDate'),
col1 => ticketInfo( $tickets[3] ),
col2 => ticketInfo( $tickets[4] ),
col3 => ticketInfo( $tickets[5] ),
col4 => { type => 'empty' },
col5 => { type => 'empty' },
},
{ colDate => $tickets[6]->get('startDate'),
col1 => { type => 'empty' },
col2 => { type => 'empty' },
col3 => { type => 'empty' },
col4 => ticketInfo( $tickets[6] ),
col5 => { type => 'empty' },
},
{ colDate => $tickets[7]->get('startDate'),
col1 => ticketInfo( $tickets[7] ),
col2 => ticketInfo( $tickets[8] ),
col3 => ticketInfo( $tickets[9] ),
col4 => { type => 'empty' },
col5 => { type => 'empty' },
},
{ colDate => $tickets[10]->get('startDate'),
col1 => { type => 'empty' },
col2 => { type => 'empty' },
col3 => { type => 'empty' },
col4 => { type => 'empty' },
col5 => ticketInfo( $tickets[10] ),
},
],
totalRecords => 6,
{ colDate => '',
col1 => { type => 'label', title => 'a' },
col2 => { type => 'label', title => 'b' },
col3 => { type => 'label', title => 'c' },
col4 => { type => 'label', title => 'd' },
col5 => { type => 'label', title => 'e' },
},
{ colDate => $tickets[0]->get('startDate'),
col1 => ticketInfo( $tickets[0] ),
col2 => ticketInfo( $tickets[1] ),
col3 => ticketInfo( $tickets[2] ),
col4 => { type => 'empty' },
col5 => { type => 'empty' },
},
{ colDate => $tickets[3]->get('startDate'),
col1 => ticketInfo( $tickets[3] ),
col2 => ticketInfo( $tickets[4] ),
col3 => ticketInfo( $tickets[5] ),
col4 => { type => 'empty' },
col5 => { type => 'empty' },
},
{ colDate => $tickets[6]->get('startDate'),
col1 => { type => 'empty' },
col2 => { type => 'empty' },
col3 => { type => 'empty' },
col4 => ticketInfo( $tickets[6] ),
col5 => { type => 'empty' },
},
{ colDate => $tickets[7]->get('startDate'),
col1 => ticketInfo( $tickets[7] ),
col2 => ticketInfo( $tickets[8] ),
col3 => ticketInfo( $tickets[9] ),
col4 => { type => 'empty' },
col5 => { type => 'empty' },
},
{ colDate => $tickets[10]->get('startDate'),
col1 => { type => 'empty' },
col2 => { type => 'empty' },
col3 => { type => 'empty' },
col4 => { type => 'empty' },
col5 => ticketInfo( $tickets[10] ),
},
],
totalRecords => 6,
recordsReturned => 6,
startIndex => 0,
sort => undef,