GridFieldDeleteActionTest::testActionsRequireCSRF() - Code Metrics - Inspection of "API Refactor bootstrap, request handling" - silverstripe/silverstripe-framework - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 4ad6bd...3873e4 )

by Ingo

created 2017-06-22 10:53 UTC

testActionsRequireCSRF() A

↳ Parent: GridFieldDeleteActionTest

Complexity

Conditions	1
Paths	1

Size

Total Lines	23
Code Lines	18

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	18
nc	1
nop	0
dl	0
loc	23
rs	9.0856
c	0
b	0
f	0

<?php

namespace SilverStripe\Forms\Tests\GridField;

use SilverStripe\Control\Controller;
use SilverStripe\Control\HTTPRequest;
use SilverStripe\Control\HTTPResponse_Exception;
use SilverStripe\Control\Session;
use SilverStripe\Dev\CSSContentParser;
use SilverStripe\Dev\SapphireTest;
use SilverStripe\Forms\FieldList;
use SilverStripe\Forms\Form;
use SilverStripe\Forms\GridField\GridField;
use SilverStripe\Forms\GridField\GridFieldConfig;
use SilverStripe\Forms\GridField\GridFieldDeleteAction;
use SilverStripe\Forms\Tests\GridField\GridFieldTest\Cheerleader;
use SilverStripe\Forms\Tests\GridField\GridFieldTest\Permissions;
use SilverStripe\Forms\Tests\GridField\GridFieldTest\Player;
use SilverStripe\Forms\Tests\GridField\GridFieldTest\Team;
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\DataList;
use SilverStripe\ORM\ValidationException;
use SilverStripe\Security\Security;
use SilverStripe\Security\SecurityToken;

class GridFieldDeleteActionTest extends SapphireTest
{

    /**
     * @var ArrayList
     */
    protected $list;

    /**
     * @var GridField
     */
    protected $gridField;

    /**
     * @var Form
     */
    protected $form;

    /**
     * @var string
     */
    protected static $fixture_file = 'GridFieldActionTest.yml';

    /**
     * @var array
     */
    protected static $extra_dataobjects = [
        Team::class,
        Cheerleader::class,
        Player::class,
        Permissions::class,
    ];

    protected function setUp()
    {
        parent::setUp();
        $this->list = new DataList(Team::class);

        $config = GridFieldConfig::create()->addComponent(new GridFieldDeleteAction());
        $this->gridField = new GridField('testfield', 'testfield', $this->list, $config);
        $this->form = new Form(null, 'mockform', new FieldList(array($this->gridField)), new FieldList());
    }

    public function testDontShowDeleteButtons()
    {
        if (Security::getCurrentUser()) {
            Security::setCurrentUser(null);
        }
        $content = new CSSContentParser($this->gridField->FieldHolder());
        // Check that there are content
        $this->assertEquals(4, count($content->getBySelector('.ss-gridfield-item')));
        // Make sure that there are no delete buttons
        $this->assertEquals(
            0,
            count($content->getBySelector('.gridfield-button-delete')),
            'Delete buttons should not show when not logged in.'
        );
    }

    public function testShowDeleteButtonsWithAdminPermission()
    {
        $this->logInWithPermission('ADMIN');
        $content = new CSSContentParser($this->gridField->FieldHolder());
        $deleteButtons = $content->getBySelector('.gridfield-button-delete');
        $this->assertEquals(3, count($deleteButtons), 'Delete buttons should show when logged in.');
    }

    public function testActionsRequireCSRF()
    {
        $this->logInWithPermission('ADMIN');
        $this->expectException(HTTPResponse_Exception::class);
        $this->expectExceptionMessage(_t(
            "SilverStripe\\Forms\\Form.CSRF_FAILED_MESSAGE",
            "There seems to have been a technical problem. Please click the back button, ".
            "refresh your browser, and try again."
        ));
        $this->expectExceptionCode(400);
        $stateID = 'testGridStateActionField';
        $request = new HTTPRequest(
            'POST',
            'url',
            array(),
            array(
                'action_gridFieldAlterAction?StateID='.$stateID,
                'SecurityID' => null,
            )
        );
        $request->setSession(new Session([]));
        $this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
    }

    public function testDeleteActionWithoutCorrectPermission()
    {
        if (Security::getCurrentUser()) {
            Security::setCurrentUser(null);
        }
        $this->expectException(ValidationException::class);

        $stateID = 'testGridStateActionField';
        $session = Controller::curr()->getRequest()->getSession();
        $session->set(
            $stateID,
            array(
                'grid' => '',
                'actionName' => 'deleterecord',
                'args' => array(
                    'RecordID' => $this->idFromFixture(Team::class, 'team1')
                )
            )
        );
        $token = SecurityToken::inst();
        $request = new HTTPRequest(
            'POST',
            'url',
            array(),
            array(
                'action_gridFieldAlterAction?StateID='.$stateID => true,
                $token->getName() => $token->getValue(),
            )
        );
        $request->setSession($session);
        $this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
        $this->assertEquals(
            3,
            $this->list->count(),
            'User should\'t be able to delete records without correct permissions.'
        );
    }

    public function testDeleteActionWithAdminPermission()
    {
        $this->logInWithPermission('ADMIN');
        $stateID = 'testGridStateActionField';
        $session = Controller::curr()->getRequest()->getSession();
        $session->set(
            $stateID,
            array(
                'grid'=>'',
                'actionName'=>'deleterecord',
                'args' => array(
                    'RecordID' => $this->idFromFixture(Team::class, 'team1')
                )
            )
        );
        $token = SecurityToken::inst();
        $request = new HTTPRequest(
            'POST',
            'url',
            array(),
            array(
                'action_gridFieldAlterAction?StateID='.$stateID=>true,
                $token->getName() => $token->getValue(),
            )
        );
        $request->setSession($session);
        $this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
        $this->assertEquals(2, $this->list->count(), 'User should be able to delete records with ADMIN permission.');
    }

    public function testDeleteActionRemoveRelation()
    {
        $this->logInWithPermission('ADMIN');

        $config = GridFieldConfig::create()->addComponent(new GridFieldDeleteAction(true));

        $session = Controller::curr()->getRequest()->getSession();
        $gridField = new GridField('testfield', 'testfield', $this->list, $config);
        new Form(null, 'mockform', new FieldList(array($gridField)), new FieldList());
        $stateID = 'testGridStateActionField';
        $session->set(
            $stateID,
            array(
                'grid'=>'',
                'actionName'=>'deleterecord',
                'args' => array(
                    'RecordID' => $this->idFromFixture(Team::class, 'team1')
                )
            )
        );
        $token = SecurityToken::inst();
        $request = new HTTPRequest(
            'POST',
            'url',
            array(),
            array(
                'action_gridFieldAlterAction?StateID='.$stateID=>true,
                $token->getName() => $token->getValue(),
            )
        );
        $request->setSession($session);
        $gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
        $this->assertEquals(2, $this->list->count(), 'User should be able to delete records with ADMIN permission.');
    }
}


1			<?php
2
3			namespace SilverStripe\Forms\Tests\GridField;
4
5			use SilverStripe\Control\Controller;
6			use SilverStripe\Control\HTTPRequest;
7			use SilverStripe\Control\HTTPResponse_Exception;
8			use SilverStripe\Control\Session;
9			use SilverStripe\Dev\CSSContentParser;
10			use SilverStripe\Dev\SapphireTest;
11			use SilverStripe\Forms\FieldList;
12			use SilverStripe\Forms\Form;
13			use SilverStripe\Forms\GridField\GridField;
14			use SilverStripe\Forms\GridField\GridFieldConfig;
15			use SilverStripe\Forms\GridField\GridFieldDeleteAction;
16			use SilverStripe\Forms\Tests\GridField\GridFieldTest\Cheerleader;
17			use SilverStripe\Forms\Tests\GridField\GridFieldTest\Permissions;
18			use SilverStripe\Forms\Tests\GridField\GridFieldTest\Player;
19			use SilverStripe\Forms\Tests\GridField\GridFieldTest\Team;
20			use SilverStripe\ORM\ArrayList;
21			use SilverStripe\ORM\DataList;
22			use SilverStripe\ORM\ValidationException;
23			use SilverStripe\Security\Security;
24			use SilverStripe\Security\SecurityToken;
25
26			class GridFieldDeleteActionTest extends SapphireTest
27			{
28
29			/**
30			* @var ArrayList
31			*/
32			protected $list;
33
34			/**
35			* @var GridField
36			*/
37			protected $gridField;
38
39			/**
40			* @var Form
41			*/
42			protected $form;
43
44			/**
45			* @var string
46			*/
47			protected static $fixture_file = 'GridFieldActionTest.yml';
48
49			/**
50			* @var array
51			*/
52			protected static $extra_dataobjects = [
53			Team::class,
54			Cheerleader::class,
55			Player::class,
56			Permissions::class,
57			];
58
59			protected function setUp()
60			{
61			parent::setUp();
62			$this->list = new DataList(Team::class);
			0 ignored issues – show Documentation Bug introduced 2016-11-15 05:42 UTC by Report Bug Copy Issue Report It seems like `new \SilverStripe\ORM\Da...dFieldTest\Team::class)` of type `object<SilverStripe\ORM\DataList>` is incompatible with the declared type `object<SilverStripe\ORM\ArrayList>` of property `$list`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
63			$config = GridFieldConfig::create()->addComponent(new GridFieldDeleteAction());
64			$this->gridField = new GridField('testfield', 'testfield', $this->list, $config);
65			$this->form = new Form(null, 'mockform', new FieldList(array($this->gridField)), new FieldList());
66			}
67
68			public function testDontShowDeleteButtons()
69			{
70			if (Security::getCurrentUser()) {
71			Security::setCurrentUser(null);
72			}
73			$content = new CSSContentParser($this->gridField->FieldHolder());
74			// Check that there are content
75			$this->assertEquals(4, count($content->getBySelector('.ss-gridfield-item')));
76			// Make sure that there are no delete buttons
77			$this->assertEquals(
78			0,
79			count($content->getBySelector('.gridfield-button-delete')),
80			'Delete buttons should not show when not logged in.'
81			);
82			}
83
84			public function testShowDeleteButtonsWithAdminPermission()
85			{
86			$this->logInWithPermission('ADMIN');
87			$content = new CSSContentParser($this->gridField->FieldHolder());
88			$deleteButtons = $content->getBySelector('.gridfield-button-delete');
89			$this->assertEquals(3, count($deleteButtons), 'Delete buttons should show when logged in.');
90			}
91
92			public function testActionsRequireCSRF()
93			{
94			$this->logInWithPermission('ADMIN');
95			$this->expectException(HTTPResponse_Exception::class);
96			$this->expectExceptionMessage(_t(
97			"SilverStripe\\Forms\\Form.CSRF_FAILED_MESSAGE",
98			"There seems to have been a technical problem. Please click the back button, ".
99			"refresh your browser, and try again."
100			));
101			$this->expectExceptionCode(400);
102			$stateID = 'testGridStateActionField';
103			$request = new HTTPRequest(
104			'POST',
105			'url',
106			array(),
107			array(
108			'action_gridFieldAlterAction?StateID='.$stateID,
109			'SecurityID' => null,
110			)
111			);
112			$request->setSession(new Session([]));
113			$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
114			}
115
116			public function testDeleteActionWithoutCorrectPermission()
117			{
118			if (Security::getCurrentUser()) {
119			Security::setCurrentUser(null);
120			}
121			$this->expectException(ValidationException::class);
122
123			$stateID = 'testGridStateActionField';
124			$session = Controller::curr()->getRequest()->getSession();
125			$session->set(
126			$stateID,
127			array(
128			'grid' => '',
129			'actionName' => 'deleterecord',
130			'args' => array(
131			'RecordID' => $this->idFromFixture(Team::class, 'team1')
132			)
133			)
134			);
135			$token = SecurityToken::inst();
136			$request = new HTTPRequest(
137			'POST',
138			'url',
139			array(),
140			array(
141			'action_gridFieldAlterAction?StateID='.$stateID => true,
142			$token->getName() => $token->getValue(),
143			)
144			);
145			$request->setSession($session);
146			$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
147			$this->assertEquals(
148			3,
149			$this->list->count(),
150			'User should\'t be able to delete records without correct permissions.'
151			);
152			}
153
154			public function testDeleteActionWithAdminPermission()
155			{
156			$this->logInWithPermission('ADMIN');
157			$stateID = 'testGridStateActionField';
158			$session = Controller::curr()->getRequest()->getSession();
159			$session->set(
160			$stateID,
161			array(
162			'grid'=>'',
163			'actionName'=>'deleterecord',
164			'args' => array(
165			'RecordID' => $this->idFromFixture(Team::class, 'team1')
166			)
167			)
168			);
169			$token = SecurityToken::inst();
170			$request = new HTTPRequest(
171			'POST',
172			'url',
173			array(),
174			array(
175			'action_gridFieldAlterAction?StateID='.$stateID=>true,
176			$token->getName() => $token->getValue(),
177			)
178			);
179			$request->setSession($session);
180			$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
181			$this->assertEquals(2, $this->list->count(), 'User should be able to delete records with ADMIN permission.');
182			}
183
184			public function testDeleteActionRemoveRelation()
185			{
186			$this->logInWithPermission('ADMIN');
187
188			$config = GridFieldConfig::create()->addComponent(new GridFieldDeleteAction(true));
189
190			$session = Controller::curr()->getRequest()->getSession();
191			$gridField = new GridField('testfield', 'testfield', $this->list, $config);
192			new Form(null, 'mockform', new FieldList(array($gridField)), new FieldList());
193			$stateID = 'testGridStateActionField';
194			$session->set(
195			$stateID,
196			array(
197			'grid'=>'',
198			'actionName'=>'deleterecord',
199			'args' => array(
200			'RecordID' => $this->idFromFixture(Team::class, 'team1')
201			)
202			)
203			);
204			$token = SecurityToken::inst();
205			$request = new HTTPRequest(
206			'POST',
207			'url',
208			array(),
209			array(
210			'action_gridFieldAlterAction?StateID='.$stateID=>true,
211			$token->getName() => $token->getValue(),
212			)
213			);
214			$request->setSession($session);
215			$gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
216			$this->assertEquals(2, $this->list->count(), 'User should be able to delete records with ADMIN permission.');
217			}
218			}
219

silverstripe / silverstripe-framework

Push — master ( 4ad6bd...3873e4 )

testActionsRequireCSRF() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like