|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
/** |
|
6
|
|
|
* Saito - The Threaded Web Forum |
|
7
|
|
|
* |
|
8
|
|
|
* @copyright Copyright (c) the Saito Project Developers |
|
9
|
|
|
* @link https://github.com/Schlaefer/Saito |
|
10
|
|
|
* @license http://opensource.org/licenses/MIT |
|
11
|
|
|
*/ |
|
12
|
|
|
|
|
13
|
|
|
namespace App\Test\TestCase\Controller\Admin; |
|
14
|
|
|
|
|
15
|
|
|
use Cake\Http\Exception\ForbiddenException; |
|
16
|
|
|
use Cake\ORM\TableRegistry; |
|
17
|
|
|
use Saito\Test\IntegrationTestCase; |
|
18
|
|
|
|
|
19
|
|
|
/** |
|
20
|
|
|
* Class CategoriesControllerTest |
|
21
|
|
|
* |
|
22
|
|
|
* @package App\Test\TestCase\Controller\Admin |
|
23
|
|
|
* @group App\Test\TestCase\Controller\Admin |
|
24
|
|
|
*/ |
|
25
|
|
|
class UsersControllerTest extends IntegrationTestCase |
|
26
|
|
|
{ |
|
27
|
|
|
|
|
28
|
|
|
public $fixtures = [ |
|
29
|
|
|
'app.Category', |
|
30
|
|
|
'app.Draft', |
|
31
|
|
|
'app.Entry', |
|
32
|
|
|
'app.Setting', |
|
33
|
|
|
'app.User', |
|
34
|
|
|
'app.UserBlock', |
|
35
|
|
|
'app.UserIgnore', |
|
36
|
|
|
'app.UserRead', |
|
37
|
|
|
'app.UserOnline', |
|
38
|
|
|
'plugin.Bookmarks.Bookmark', |
|
39
|
|
|
'plugin.ImageUploader.Uploads', |
|
40
|
|
|
]; |
|
41
|
|
|
|
|
42
|
|
|
public function setUp() |
|
43
|
|
|
{ |
|
44
|
|
|
parent::setUp(); |
|
45
|
|
|
foreach (['Users'] as $table) { |
|
46
|
|
|
$this->$table = TableRegistry::get($table); |
|
|
|
|
|
|
47
|
|
|
} |
|
48
|
|
|
} |
|
49
|
|
|
|
|
50
|
|
|
public function testUsersIndexAccess() |
|
51
|
|
|
{ |
|
52
|
|
|
$this->assertRouteForRole('/admin/users/block', 'admin'); |
|
53
|
|
|
} |
|
54
|
|
|
|
|
55
|
|
|
public function testNotAuthenticatedCantDelete() |
|
56
|
|
|
{ |
|
57
|
|
|
$this->mockSecurity(); |
|
58
|
|
|
|
|
59
|
|
|
$this->expectException(ForbiddenException::class); |
|
60
|
|
|
$url = '/admin/users/delete/3'; |
|
61
|
|
|
$this->get($url); |
|
62
|
|
|
} |
|
63
|
|
|
|
|
64
|
|
|
public function testAuthorizationUsersCantDelete() |
|
65
|
|
|
{ |
|
66
|
|
|
$this->mockSecurity(); |
|
67
|
|
|
|
|
68
|
|
|
$this->expectException(ForbiddenException::class); |
|
69
|
|
|
$this->_loginUser(3); |
|
70
|
|
|
$url = '/admin/users/delete/4'; |
|
71
|
|
|
$this->get($url); |
|
72
|
|
|
} |
|
73
|
|
|
|
|
74
|
|
|
public function testDelete() |
|
75
|
|
|
{ |
|
76
|
|
|
$this->mockSecurity(); |
|
77
|
|
|
|
|
78
|
|
|
/* |
|
79
|
|
|
* mod can access delete ui |
|
80
|
|
|
*/ |
|
81
|
|
|
$this->_loginUser(2); |
|
82
|
|
|
$this->get('/admin/users/delete/4'); |
|
83
|
|
|
$this->assertNoRedirect(); |
|
84
|
|
|
|
|
85
|
|
|
/* |
|
86
|
|
|
* admin can access delete ui |
|
87
|
|
|
*/ |
|
88
|
|
|
$this->_loginUser(6); |
|
89
|
|
|
$this->get('/admin/users/delete/4'); |
|
90
|
|
|
$this->assertNoRedirect(); |
|
91
|
|
|
|
|
92
|
|
|
/* |
|
93
|
|
|
* you can't delete non existing users |
|
94
|
|
|
*/ |
|
95
|
|
|
$countBeforeDelete = $this->_controller->Users->find('all')->count(); |
|
96
|
|
|
$data = ['modeDelete' => 1]; |
|
97
|
|
|
$this->_loginUser(6); |
|
98
|
|
|
$this->post('/admin/users/delete/9999', $data); |
|
99
|
|
|
$countAfterDelete = $this->_controller->Users->find('all')->count(); |
|
100
|
|
|
$this->assertEquals($countBeforeDelete, $countAfterDelete); |
|
101
|
|
|
$this->assertRedirect('/'); |
|
102
|
|
|
|
|
103
|
|
|
/* |
|
104
|
|
|
* you can't delete yourself |
|
105
|
|
|
*/ |
|
106
|
|
|
$data = ['modeDelete' => 1]; |
|
107
|
|
|
$this->_loginUser(6); |
|
108
|
|
|
$this->post('/admin/users/delete/6', $data); |
|
109
|
|
|
$this->assertTrue($this->_controller->Users->exists(6)); |
|
110
|
|
|
|
|
111
|
|
|
/* |
|
112
|
|
|
* you can't delete the root user |
|
113
|
|
|
*/ |
|
114
|
|
|
$this->_loginUser(6); |
|
115
|
|
|
$this->post('/admin/users/delete/1', $data); |
|
116
|
|
|
$this->assertTrue($this->_controller->Users->exists(1)); |
|
117
|
|
|
|
|
118
|
|
|
/* |
|
119
|
|
|
* mods can't delete admin |
|
120
|
|
|
*/ |
|
121
|
|
|
$this->_loginUser(2); |
|
122
|
|
|
$this->post('/admin/users/delete/6', $data); |
|
123
|
|
|
$this->assertTrue($this->_controller->Users->exists(6)); |
|
124
|
|
|
} |
|
125
|
|
|
|
|
126
|
|
|
public function testDeleteAdminDeletesUserSuccess() |
|
127
|
|
|
{ |
|
128
|
|
|
$this->mockSecurity(); |
|
129
|
|
|
$this->_loginUser(6); |
|
130
|
|
|
$data = ['modeDelete' => 1]; |
|
131
|
|
|
|
|
132
|
|
|
$this->post('/admin/users/delete/5', $data); |
|
133
|
|
|
|
|
134
|
|
|
$this->assertFalse($this->_controller->Users->exists(5)); |
|
135
|
|
|
$this->assertRedirect('/'); |
|
136
|
|
|
} |
|
137
|
|
|
} |
|
138
|
|
|
|
Schlaefer /
Saito
This method has been deprecated. The supplier of the class has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead.