Add permission check to www_viewSchedule for the EMS. fixes bug #10987
This commit is contained in:
Colin Kuskie
parent
94c64218d4
commit
bcaff3b9eb
3 changed files with 145 additions and 127 deletions
|
|
@ -41,6 +41,7 @@
|
||||||
- fixed #10885: Code Editor breaks Javascript comments
|
- fixed #10885: Code Editor breaks Javascript comments
|
||||||
- fixed #10991: Calendar: bug in Display tab
|
- fixed #10991: Calendar: bug in Display tab
|
||||||
- added direct value access in DataForm list view
|
- added direct value access in DataForm list view
|
||||||
|
- fixed #10987: EMS Schedule -- No Permission Check
|
||||||
|
|
||||||
7.7.19
|
7.7.19
|
||||||
- fixed #10838: Forwarded forum post email to new CS adds reply to original thread
|
- fixed #10838: Forwarded forum post email to new CS adds reply to original thread
|
||||||
|
|
|
||||||
|
|
@ -2058,13 +2058,14 @@ view the schedule table
|
||||||
=cut
|
=cut
|
||||||
|
|
||||||
sub www_viewSchedule {
|
sub www_viewSchedule {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
my $db = $self->session->db;
|
return $self->session->privilege->insufficient() unless $self->canView;
|
||||||
my $rowsPerPage = 25;
|
my $db = $self->session->db;
|
||||||
|
my $rowsPerPage = 25;
|
||||||
my $locationsPerPage = $self->get('scheduleColumnsPerPage');
|
my $locationsPerPage = $self->get('scheduleColumnsPerPage');
|
||||||
|
|
||||||
my @columnNames = map { "'col" . $_ . "'" } ( 1..$locationsPerPage );
|
my @columnNames = map { "'col" . $_ . "'" } ( 1..$locationsPerPage );
|
||||||
my $fieldList = join ',', @columnNames;
|
my $fieldList = join ',', @columnNames;
|
||||||
my $dataColumns = join ",\n", map {
|
my $dataColumns = join ",\n", map {
|
||||||
'{key:' . $_ . ',sortable:false,label:"",formatter:formatViewScheduleItem}'
|
'{key:' . $_ . ',sortable:false,label:"",formatter:formatViewScheduleItem}'
|
||||||
} @columnNames;
|
} @columnNames;
|
||||||
|
|
|
||||||
|
|
@ -30,10 +30,14 @@ use Test::Deep;
|
||||||
my $session = WebGUI::Test->session;
|
my $session = WebGUI::Test->session;
|
||||||
|
|
||||||
my $registrar = WebGUI::User->create($session);
|
my $registrar = WebGUI::User->create($session);
|
||||||
WebGUI::Test->usersToDelete($registrar);
|
my $attender = WebGUI::User->create($session);
|
||||||
|
my $crasher = WebGUI::User->create($session);
|
||||||
|
WebGUI::Test->usersToDelete($registrar, $attender, $crasher);
|
||||||
my $registrars = WebGUI::Group->new($session, 'new');
|
my $registrars = WebGUI::Group->new($session, 'new');
|
||||||
WebGUI::Test->groupsToDelete($registrars);
|
my $attendees = WebGUI::Group->new($session, 'new');
|
||||||
|
WebGUI::Test->groupsToDelete($registrars, $attendees);
|
||||||
$registrars->addUsers([$registrar->getId]);
|
$registrars->addUsers([$registrar->getId]);
|
||||||
|
$attendees->addUsers([$attender->getId]);
|
||||||
|
|
||||||
|
|
||||||
# Do our work in the import node
|
# Do our work in the import node
|
||||||
|
|
@ -46,7 +50,7 @@ $versionTag->set({name=>"EventManagementSystem Test"});
|
||||||
#----------------------------------------------------------------------------
|
#----------------------------------------------------------------------------
|
||||||
# Tests
|
# Tests
|
||||||
|
|
||||||
plan tests => 30 ; # Increment this number for each test you create
|
plan tests => 32 ; # Increment this number for each test you create
|
||||||
|
|
||||||
#----------------------------------------------------------------------------
|
#----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
@ -59,12 +63,13 @@ use_ok('WebGUI::Asset::Sku::EMSToken');
|
||||||
|
|
||||||
# Add an EMS asset
|
# Add an EMS asset
|
||||||
my $ems = $node->addChild({
|
my $ems = $node->addChild({
|
||||||
className=>'WebGUI::Asset::Wobject::EventManagementSystem',
|
className =>'WebGUI::Asset::Wobject::EventManagementSystem',
|
||||||
title => 'Test EMS',
|
title => 'Test EMS',
|
||||||
description => 'This is a test ems',
|
description => 'This is a test ems',
|
||||||
url => '/test-ems',
|
url => '/test-ems',
|
||||||
workflowIdCommit => 'pbworkflow000000000003', # Commit Content Immediately
|
workflowIdCommit => 'pbworkflow000000000003', # Commit Content Immediately
|
||||||
registrationStaffGroupId => $registrars->getId,
|
registrationStaffGroupId => $registrars->getId,
|
||||||
|
groupIdView => $attendees->getId
|
||||||
});
|
});
|
||||||
$versionTag->commit;
|
$versionTag->commit;
|
||||||
WebGUI::Test->tagsToRollback($versionTag);
|
WebGUI::Test->tagsToRollback($versionTag);
|
||||||
|
|
@ -74,7 +79,7 @@ isa_ok($ems, 'WebGUI::Asset::Wobject::EventManagementSystem');
|
||||||
|
|
||||||
# Test to see if we can set new values
|
# Test to see if we can set new values
|
||||||
my $newEMSSettings = {
|
my $newEMSSettings = {
|
||||||
timezone => 'America/New York',
|
timezone => 'America/New York',
|
||||||
};
|
};
|
||||||
|
|
||||||
# update the new values for this instance
|
# update the new values for this instance
|
||||||
|
|
@ -82,7 +87,7 @@ $ems->update($newEMSSettings);
|
||||||
|
|
||||||
# Let's check our updated values
|
# Let's check our updated values
|
||||||
foreach my $newSetting (keys %{$newEMSSettings}) {
|
foreach my $newSetting (keys %{$newEMSSettings}) {
|
||||||
is ($ems->get($newSetting), $newEMSSettings->{$newSetting}, "updated $newSetting is ".$newEMSSettings->{$newSetting});
|
is ($ems->get($newSetting), $newEMSSettings->{$newSetting}, "updated $newSetting is ".$newEMSSettings->{$newSetting});
|
||||||
}
|
}
|
||||||
|
|
||||||
my $preparedView = $ems->prepareView();
|
my $preparedView = $ems->prepareView();
|
||||||
|
|
@ -98,22 +103,23 @@ ok($ems->isRegistrationStaff == 0, 'Visitor is not part of registration staff');
|
||||||
$session->user({ userId => $registrar->getId });
|
$session->user({ userId => $registrar->getId });
|
||||||
ok($ems->isRegistrationStaff == 1, 'User is part of registration staff');
|
ok($ems->isRegistrationStaff == 1, 'User is part of registration staff');
|
||||||
|
|
||||||
|
$session->user({ userId => 3 });
|
||||||
# Add two badges, using addChild instead of Mech
|
# Add two badges, using addChild instead of Mech
|
||||||
my @badges;
|
my @badges;
|
||||||
push(@badges, $ems->addChild({
|
push(@badges, $ems->addChild({
|
||||||
className=>'WebGUI::Asset::Sku::EMSBadge',
|
className=>'WebGUI::Asset::Sku::EMSBadge',
|
||||||
title => 'title',
|
title => 'title',
|
||||||
description => 'desc',
|
description => 'desc',
|
||||||
}));
|
}));
|
||||||
|
|
||||||
push(@badges, $ems->addChild({
|
push(@badges, $ems->addChild({
|
||||||
className=>'WebGUI::Asset::Sku::EMSBadge',
|
className=>'WebGUI::Asset::Sku::EMSBadge',
|
||||||
title => 'title',
|
title => 'title',
|
||||||
description => 'desc',
|
description => 'desc',
|
||||||
}));
|
}));
|
||||||
|
|
||||||
foreach my $badge(@badges) {
|
foreach my $badge(@badges) {
|
||||||
ok(ref($badge) eq 'WebGUI::Asset::Sku::EMSBadge', 'Badge added');
|
ok(ref($badge) eq 'WebGUI::Asset::Sku::EMSBadge', 'Badge added');
|
||||||
}
|
}
|
||||||
|
|
||||||
# Check that both badges exists
|
# Check that both badges exists
|
||||||
|
|
@ -124,15 +130,15 @@ ok(scalar(@$badges) == 2, 'Two Badges exist');
|
||||||
my @tickets;
|
my @tickets;
|
||||||
push(@tickets, $ems->addChild({
|
push(@tickets, $ems->addChild({
|
||||||
className=>'WebGUI::Asset::Sku::EMSTicket',
|
className=>'WebGUI::Asset::Sku::EMSTicket',
|
||||||
startDate => '2009-01-01 14:00:00',
|
startDate => '2009-01-01 14:00:00',
|
||||||
}));
|
}));
|
||||||
push(@tickets, $ems->addChild({
|
push(@tickets, $ems->addChild({
|
||||||
className=>'WebGUI::Asset::Sku::EMSTicket',
|
className=>'WebGUI::Asset::Sku::EMSTicket',
|
||||||
startDate => '2009-01-01 14:00:00',
|
startDate => '2009-01-01 14:00:00',
|
||||||
}));
|
}));
|
||||||
|
|
||||||
foreach my $ticket(@tickets) {
|
foreach my $ticket(@tickets) {
|
||||||
ok(ref($ticket) eq 'WebGUI::Asset::Sku::EMSTicket', 'Ticket added');
|
ok(ref($ticket) eq 'WebGUI::Asset::Sku::EMSTicket', 'Ticket added');
|
||||||
}
|
}
|
||||||
|
|
||||||
ok($ems->can('getTickets'), 'Can get tickets');
|
ok($ems->can('getTickets'), 'Can get tickets');
|
||||||
|
|
@ -145,7 +151,7 @@ push(@ribbons, $ems->addChild({className=>'WebGUI::Asset::Sku::EMSRibbon'}));
|
||||||
push(@ribbons, $ems->addChild({className=>'WebGUI::Asset::Sku::EMSRibbon'}));
|
push(@ribbons, $ems->addChild({className=>'WebGUI::Asset::Sku::EMSRibbon'}));
|
||||||
|
|
||||||
foreach my $ribbon(@ribbons) {
|
foreach my $ribbon(@ribbons) {
|
||||||
ok(ref($ribbon) eq 'WebGUI::Asset::Sku::EMSRibbon', 'Ribbon added');
|
ok(ref($ribbon) eq 'WebGUI::Asset::Sku::EMSRibbon', 'Ribbon added');
|
||||||
}
|
}
|
||||||
|
|
||||||
ok($ems->can('getRibbons'), 'Can get ribbons');
|
ok($ems->can('getRibbons'), 'Can get ribbons');
|
||||||
|
|
@ -154,10 +160,20 @@ ok(scalar(@$ribbons) == 2, 'Two ribbons exist');
|
||||||
|
|
||||||
ok( $ems->can('www_getScheduleDataJSON'), 'Can call get Schedule data' );
|
ok( $ems->can('www_getScheduleDataJSON'), 'Can call get Schedule data' );
|
||||||
ok( $ems->can('www_viewSchedule'), 'Can call view Schedule' );
|
ok( $ems->can('www_viewSchedule'), 'Can call view Schedule' );
|
||||||
|
|
||||||
|
$session->user({userId => $crasher->getId});
|
||||||
|
my $data = $ems->www_viewSchedule();
|
||||||
|
is($session->http->getStatus, 401, 'www_viewSchedule: visitor may not see the schedule');
|
||||||
|
$session->http->setStatus(201);
|
||||||
|
|
||||||
|
$session->user({userId => $attender->getId});
|
||||||
|
my $data = $ems->www_viewSchedule();
|
||||||
|
is($session->http->getStatus, 201, 'attender user may see the schedule');
|
||||||
|
|
||||||
my $html = $ems->www_viewSchedule();
|
my $html = $ems->www_viewSchedule();
|
||||||
ok( $html !~ /REPLACE/, 'tags were successfully replaced');
|
ok( $html !~ /REPLACE/, 'tags were successfully replaced');
|
||||||
# print 'html={', $html, "}\n";
|
# print 'html={', $html, "}\n";
|
||||||
my $data = $ems->www_getScheduleDataJSON();
|
$data = $ems->www_getScheduleDataJSON();
|
||||||
cmp_deeply( JSON::from_json($data),
|
cmp_deeply( JSON::from_json($data),
|
||||||
{
|
{
|
||||||
records => [],
|
records => [],
|
||||||
|
|
@ -177,88 +193,88 @@ cmp_deeply( JSON::from_json($data),
|
||||||
|
|
||||||
my @tickets= (
|
my @tickets= (
|
||||||
$ems->addChild({
|
$ems->addChild({
|
||||||
className => "WebGUI::Asset::Sku::EMSTicket",
|
className => "WebGUI::Asset::Sku::EMSTicket",
|
||||||
title => 'lecture 1 room a 10 am',
|
title => 'lecture 1 room a 10 am',
|
||||||
eventNumber => 1,
|
eventNumber => 1,
|
||||||
startDate => '2009-01-01 10:00:00',
|
startDate => '2009-01-01 10:00:00',
|
||||||
location => 'a',
|
location => 'a',
|
||||||
}),
|
}),
|
||||||
$ems->addChild({
|
$ems->addChild({
|
||||||
className => "WebGUI::Asset::Sku::EMSTicket",
|
className => "WebGUI::Asset::Sku::EMSTicket",
|
||||||
title => 'lecture 2 room b 10 am',
|
title => 'lecture 2 room b 10 am',
|
||||||
eventNumber => 2,
|
eventNumber => 2,
|
||||||
startDate => '2009-01-01 10:00:00',
|
startDate => '2009-01-01 10:00:00',
|
||||||
location => 'b',
|
location => 'b',
|
||||||
}),
|
}),
|
||||||
$ems->addChild({
|
$ems->addChild({
|
||||||
className => "WebGUI::Asset::Sku::EMSTicket",
|
className => "WebGUI::Asset::Sku::EMSTicket",
|
||||||
title => 'lecture 3 room c 10 am',
|
title => 'lecture 3 room c 10 am',
|
||||||
eventNumber => 3,
|
eventNumber => 3,
|
||||||
startDate => '2009-01-01 10:00:00',
|
startDate => '2009-01-01 10:00:00',
|
||||||
location => 'c',
|
location => 'c',
|
||||||
}),
|
}),
|
||||||
$ems->addChild({
|
$ems->addChild({
|
||||||
className => "WebGUI::Asset::Sku::EMSTicket",
|
className => "WebGUI::Asset::Sku::EMSTicket",
|
||||||
title => 'lecture 4 room a 11 am',
|
title => 'lecture 4 room a 11 am',
|
||||||
eventNumber => 4,
|
eventNumber => 4,
|
||||||
startDate => '2009-01-01 11:00:00',
|
startDate => '2009-01-01 11:00:00',
|
||||||
location => 'a',
|
location => 'a',
|
||||||
}),
|
}),
|
||||||
$ems->addChild({
|
$ems->addChild({
|
||||||
className => "WebGUI::Asset::Sku::EMSTicket",
|
className => "WebGUI::Asset::Sku::EMSTicket",
|
||||||
title => 'lecture 5 room b 11 am',
|
title => 'lecture 5 room b 11 am',
|
||||||
eventNumber => 5,
|
eventNumber => 5,
|
||||||
startDate => '2009-01-01 11:00:00',
|
startDate => '2009-01-01 11:00:00',
|
||||||
location => 'b',
|
location => 'b',
|
||||||
}),
|
}),
|
||||||
$ems->addChild({
|
$ems->addChild({
|
||||||
className => "WebGUI::Asset::Sku::EMSTicket",
|
className => "WebGUI::Asset::Sku::EMSTicket",
|
||||||
title => 'lecture 6 room c 11 am',
|
title => 'lecture 6 room c 11 am',
|
||||||
eventNumber => 6,
|
eventNumber => 6,
|
||||||
startDate => '2009-01-01 11:00:00',
|
startDate => '2009-01-01 11:00:00',
|
||||||
location => 'c',
|
location => 'c',
|
||||||
}),
|
}),
|
||||||
$ems->addChild({
|
$ems->addChild({
|
||||||
className => "WebGUI::Asset::Sku::EMSTicket",
|
className => "WebGUI::Asset::Sku::EMSTicket",
|
||||||
title => 'lecture 7 room d 12 am',
|
title => 'lecture 7 room d 12 am',
|
||||||
eventNumber => 7,
|
eventNumber => 7,
|
||||||
startDate => '2009-01-01 12:00:00',
|
startDate => '2009-01-01 12:00:00',
|
||||||
location => 'd',
|
location => 'd',
|
||||||
}),
|
}),
|
||||||
$ems->addChild({
|
$ems->addChild({
|
||||||
className => "WebGUI::Asset::Sku::EMSTicket",
|
className => "WebGUI::Asset::Sku::EMSTicket",
|
||||||
title => 'lecture 8 room a 1 pm',
|
title => 'lecture 8 room a 1 pm',
|
||||||
eventNumber => 8,
|
eventNumber => 8,
|
||||||
startDate => '2009-01-01 13:00:00',
|
startDate => '2009-01-01 13:00:00',
|
||||||
location => 'a',
|
location => 'a',
|
||||||
}),
|
}),
|
||||||
$ems->addChild({
|
$ems->addChild({
|
||||||
className => "WebGUI::Asset::Sku::EMSTicket",
|
className => "WebGUI::Asset::Sku::EMSTicket",
|
||||||
title => 'lecture 9 room b 1 pm',
|
title => 'lecture 9 room b 1 pm',
|
||||||
eventNumber => 9,
|
eventNumber => 9,
|
||||||
startDate => '2009-01-01 13:00:00',
|
startDate => '2009-01-01 13:00:00',
|
||||||
location => 'b',
|
location => 'b',
|
||||||
}),
|
}),
|
||||||
$ems->addChild({
|
$ems->addChild({
|
||||||
className => "WebGUI::Asset::Sku::EMSTicket",
|
className => "WebGUI::Asset::Sku::EMSTicket",
|
||||||
title => 'lecture 10 room c 1 pm',
|
title => 'lecture 10 room c 1 pm',
|
||||||
eventNumber => 10,
|
eventNumber => 10,
|
||||||
startDate => '2009-01-01 13:00:00',
|
startDate => '2009-01-01 13:00:00',
|
||||||
location => 'c',
|
location => 'c',
|
||||||
}),
|
}),
|
||||||
$ems->addChild({
|
$ems->addChild({
|
||||||
className => "WebGUI::Asset::Sku::EMSTicket",
|
className => "WebGUI::Asset::Sku::EMSTicket",
|
||||||
title => 'lecture 11 room e 2 pm',
|
title => 'lecture 11 room e 2 pm',
|
||||||
eventNumber => 11,
|
eventNumber => 11,
|
||||||
startDate => '2009-01-01 14:00:00',
|
startDate => '2009-01-01 14:00:00',
|
||||||
location => 'e',
|
location => 'e',
|
||||||
}),
|
}),
|
||||||
$ems->addChild({
|
$ems->addChild({
|
||||||
className => "WebGUI::Asset::Sku::EMSTicket",
|
className => "WebGUI::Asset::Sku::EMSTicket",
|
||||||
title => 'lecture 12 room f 2 pm',
|
title => 'lecture 12 room f 2 pm',
|
||||||
eventNumber => 12,
|
eventNumber => 12,
|
||||||
startDate => '2009-01-01 14:00:00',
|
startDate => '2009-01-01 14:00:00',
|
||||||
location => 'f',
|
location => 'f',
|
||||||
}),
|
}),
|
||||||
);
|
);
|
||||||
is( scalar(@tickets), 12, 'created tickets for ems');
|
is( scalar(@tickets), 12, 'created tickets for ems');
|
||||||
|
|
@ -280,50 +296,50 @@ sub ticketInfo { my $tk = shift; return {
|
||||||
}; }
|
}; }
|
||||||
cmp_deeply( JSON::from_json($data), {
|
cmp_deeply( JSON::from_json($data), {
|
||||||
records => [
|
records => [
|
||||||
{ colDate => '',
|
{ colDate => '',
|
||||||
col1 => { type => 'label', title => 'a' },
|
col1 => { type => 'label', title => 'a' },
|
||||||
col2 => { type => 'label', title => 'b' },
|
col2 => { type => 'label', title => 'b' },
|
||||||
col3 => { type => 'label', title => 'c' },
|
col3 => { type => 'label', title => 'c' },
|
||||||
col4 => { type => 'label', title => 'd' },
|
col4 => { type => 'label', title => 'd' },
|
||||||
col5 => { type => 'label', title => 'e' },
|
col5 => { type => 'label', title => 'e' },
|
||||||
},
|
},
|
||||||
{ colDate => $tickets[0]->get('startDate'),
|
{ colDate => $tickets[0]->get('startDate'),
|
||||||
col1 => ticketInfo( $tickets[0] ),
|
col1 => ticketInfo( $tickets[0] ),
|
||||||
col2 => ticketInfo( $tickets[1] ),
|
col2 => ticketInfo( $tickets[1] ),
|
||||||
col3 => ticketInfo( $tickets[2] ),
|
col3 => ticketInfo( $tickets[2] ),
|
||||||
col4 => { type => 'empty' },
|
col4 => { type => 'empty' },
|
||||||
col5 => { type => 'empty' },
|
col5 => { type => 'empty' },
|
||||||
},
|
},
|
||||||
{ colDate => $tickets[3]->get('startDate'),
|
{ colDate => $tickets[3]->get('startDate'),
|
||||||
col1 => ticketInfo( $tickets[3] ),
|
col1 => ticketInfo( $tickets[3] ),
|
||||||
col2 => ticketInfo( $tickets[4] ),
|
col2 => ticketInfo( $tickets[4] ),
|
||||||
col3 => ticketInfo( $tickets[5] ),
|
col3 => ticketInfo( $tickets[5] ),
|
||||||
col4 => { type => 'empty' },
|
col4 => { type => 'empty' },
|
||||||
col5 => { type => 'empty' },
|
col5 => { type => 'empty' },
|
||||||
},
|
},
|
||||||
{ colDate => $tickets[6]->get('startDate'),
|
{ colDate => $tickets[6]->get('startDate'),
|
||||||
col1 => { type => 'empty' },
|
col1 => { type => 'empty' },
|
||||||
col2 => { type => 'empty' },
|
col2 => { type => 'empty' },
|
||||||
col3 => { type => 'empty' },
|
col3 => { type => 'empty' },
|
||||||
col4 => ticketInfo( $tickets[6] ),
|
col4 => ticketInfo( $tickets[6] ),
|
||||||
col5 => { type => 'empty' },
|
col5 => { type => 'empty' },
|
||||||
},
|
},
|
||||||
{ colDate => $tickets[7]->get('startDate'),
|
{ colDate => $tickets[7]->get('startDate'),
|
||||||
col1 => ticketInfo( $tickets[7] ),
|
col1 => ticketInfo( $tickets[7] ),
|
||||||
col2 => ticketInfo( $tickets[8] ),
|
col2 => ticketInfo( $tickets[8] ),
|
||||||
col3 => ticketInfo( $tickets[9] ),
|
col3 => ticketInfo( $tickets[9] ),
|
||||||
col4 => { type => 'empty' },
|
col4 => { type => 'empty' },
|
||||||
col5 => { type => 'empty' },
|
col5 => { type => 'empty' },
|
||||||
},
|
},
|
||||||
{ colDate => $tickets[10]->get('startDate'),
|
{ colDate => $tickets[10]->get('startDate'),
|
||||||
col1 => { type => 'empty' },
|
col1 => { type => 'empty' },
|
||||||
col2 => { type => 'empty' },
|
col2 => { type => 'empty' },
|
||||||
col3 => { type => 'empty' },
|
col3 => { type => 'empty' },
|
||||||
col4 => { type => 'empty' },
|
col4 => { type => 'empty' },
|
||||||
col5 => ticketInfo( $tickets[10] ),
|
col5 => ticketInfo( $tickets[10] ),
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
totalRecords => 6,
|
totalRecords => 6,
|
||||||
recordsReturned => 6,
|
recordsReturned => 6,
|
||||||
startIndex => 0,
|
startIndex => 0,
|
||||||
sort => undef,
|
sort => undef,
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue