@@ 53-76 (lines=24) @@ | ||
50 | Security::setCurrentUser(null); |
|
51 | } |
|
52 | ||
53 | public function testApiAccess() |
|
54 | { |
|
55 | $comment1 = $this->objFromFixture(RestfulServerTestComment::class, 'comment1'); |
|
56 | $page1 = $this->objFromFixture(RestfulServerTestPage::class, 'page1'); |
|
57 | ||
58 | // normal GET should succeed with $api_access enabled |
|
59 | $urlSafeClassname = $this->urlSafeClassname(RestfulServerTestComment::class); |
|
60 | $url = "{$this->baseURI}/api/v1/$urlSafeClassname/" . $comment1->ID; |
|
61 | ||
62 | $response = Director::test($url, null, null, 'GET'); |
|
63 | $this->assertEquals(200, $response->getStatusCode()); |
|
64 | ||
65 | $_SERVER['PHP_AUTH_USER'] = '[email protected]'; |
|
66 | $_SERVER['PHP_AUTH_PW'] = 'user'; |
|
67 | ||
68 | // even with logged in user a GET with $api_access disabled should fail |
|
69 | $urlSafeClassname = $this->urlSafeClassname(RestfulServerTestPage::class); |
|
70 | $url = "{$this->baseURI}/api/v1/$urlSafeClassname/" . $page1->ID; |
|
71 | $response = Director::test($url, null, null, 'GET'); |
|
72 | $this->assertEquals(401, $response->getStatusCode()); |
|
73 | ||
74 | unset($_SERVER['PHP_AUTH_USER']); |
|
75 | unset($_SERVER['PHP_AUTH_PW']); |
|
76 | } |
|
77 | ||
78 | public function testApiAccessBoolean() |
|
79 | { |
|
@@ 92-113 (lines=22) @@ | ||
89 | $this->assertContains('<Author', $response->getBody()); |
|
90 | } |
|
91 | ||
92 | public function testAuthenticatedGET() |
|
93 | { |
|
94 | $thing1 = $this->objFromFixture(RestfulServerTestSecretThing::class, 'thing1'); |
|
95 | $comment1 = $this->objFromFixture(RestfulServerTestComment::class, 'comment1'); |
|
96 | ||
97 | // @todo create additional mock object with authenticated VIEW permissions |
|
98 | $urlSafeClassname = $this->urlSafeClassname(RestfulServerTestSecretThing::class); |
|
99 | $url = "{$this->baseURI}/api/v1/$urlSafeClassname/" . $thing1->ID; |
|
100 | $response = Director::test($url, null, null, 'GET'); |
|
101 | $this->assertEquals(401, $response->getStatusCode()); |
|
102 | ||
103 | $_SERVER['PHP_AUTH_USER'] = '[email protected]'; |
|
104 | $_SERVER['PHP_AUTH_PW'] = 'user'; |
|
105 | ||
106 | $urlSafeClassname = $this->urlSafeClassname(RestfulServerTestComment::class); |
|
107 | $url = "{$this->baseURI}/api/v1/$urlSafeClassname/" . $comment1->ID; |
|
108 | $response = Director::test($url, null, null, 'GET'); |
|
109 | $this->assertEquals(200, $response->getStatusCode()); |
|
110 | ||
111 | unset($_SERVER['PHP_AUTH_USER']); |
|
112 | unset($_SERVER['PHP_AUTH_PW']); |
|
113 | } |
|
114 | ||
115 | public function testAuthenticatedPUT() |
|
116 | { |