This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | declare(strict_types=1); |
||
4 | |||
5 | /* |
||
6 | * This file is part of the Sonata Project package. |
||
7 | * |
||
8 | * (c) Thomas Rabaix <[email protected]> |
||
9 | * |
||
10 | * For the full copyright and license information, please view the LICENSE |
||
11 | * file that was distributed with this source code. |
||
12 | */ |
||
13 | |||
14 | namespace Sonata\AdminBundle\Tests\Action; |
||
15 | |||
16 | use PHPUnit\Framework\TestCase; |
||
17 | use Prophecy\Argument; |
||
18 | use Prophecy\Prophecy\ObjectProphecy; |
||
19 | use Sonata\AdminBundle\Action\GetShortObjectDescriptionAction; |
||
20 | use Sonata\AdminBundle\Action\RetrieveAutocompleteItemsAction; |
||
21 | use Sonata\AdminBundle\Admin\AbstractAdmin; |
||
22 | use Sonata\AdminBundle\Admin\FieldDescriptionInterface; |
||
23 | use Sonata\AdminBundle\Admin\Pool; |
||
24 | use Sonata\AdminBundle\Datagrid\DatagridInterface; |
||
25 | use Sonata\AdminBundle\Datagrid\Pager; |
||
26 | use Sonata\AdminBundle\Object\MetadataInterface; |
||
27 | use Sonata\AdminBundle\Tests\Fixtures\Filter\FooFilter; |
||
28 | use Symfony\Component\Form\Form; |
||
29 | use Symfony\Component\Form\FormConfigInterface; |
||
30 | use Symfony\Component\HttpFoundation\Request; |
||
31 | use Symfony\Component\HttpFoundation\Response; |
||
32 | use Symfony\Component\Security\Core\Exception\AccessDeniedException; |
||
33 | |||
34 | final class RetrieveAutocompleteItemsActionTest extends TestCase |
||
35 | { |
||
36 | /** |
||
37 | * @var Pool |
||
38 | */ |
||
39 | private $pool; |
||
40 | |||
41 | /** |
||
42 | * @var GetShortObjectDescriptionAction |
||
43 | */ |
||
44 | private $action; |
||
45 | |||
46 | /** |
||
47 | * @var AbstractAdmin |
||
48 | */ |
||
49 | private $admin; |
||
50 | |||
51 | protected function setUp(): void |
||
52 | { |
||
53 | $this->admin = $this->prophesize(AbstractAdmin::class); |
||
54 | $this->admin->setRequest(Argument::type(Request::class))->shouldBeCalled(); |
||
55 | $this->pool = $this->prophesize(Pool::class); |
||
56 | $this->pool->getInstance(Argument::any())->willReturn($this->admin->reveal()); |
||
57 | $this->action = new RetrieveAutocompleteItemsAction( |
||
58 | $this->pool->reveal() |
||
59 | ); |
||
60 | } |
||
61 | |||
62 | public function testRetrieveAutocompleteItemsActionNotGranted(): void |
||
63 | { |
||
64 | $this->expectException(AccessDeniedException::class); |
||
65 | |||
66 | $request = new Request([ |
||
67 | 'admin_code' => 'foo.admin', |
||
68 | ], [], [], [], [], ['REQUEST_METHOD' => Request::METHOD_GET, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest']); |
||
69 | |||
70 | $this->admin->hasAccess('create')->willReturn(false); |
||
71 | $this->admin->hasAccess('edit')->willReturn(false); |
||
72 | |||
73 | ($this->action)($request); |
||
74 | } |
||
75 | |||
76 | public function testRetrieveAutocompleteItemsActionDisabledFormelememt(): void |
||
77 | { |
||
78 | $this->expectException(AccessDeniedException::class); |
||
79 | $this->expectExceptionMessage('Autocomplete list can`t be retrieved because the form element is disabled or read_only.'); |
||
80 | |||
81 | $object = new \stdClass(); |
||
82 | $request = new Request([ |
||
83 | 'admin_code' => 'foo.admin', |
||
84 | 'field' => 'barField', |
||
85 | ], [], [], [], [], ['REQUEST_METHOD' => Request::METHOD_GET, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest']); |
||
86 | |||
87 | $fieldDescription = $this->prophesize(FieldDescriptionInterface::class); |
||
88 | |||
89 | $this->configureFormConfig('barField', true); |
||
90 | |||
91 | $this->admin->getNewInstance()->willReturn($object); |
||
92 | $this->admin->setSubject($object)->shouldBeCalled(); |
||
93 | $this->admin->hasAccess('create')->willReturn(true); |
||
94 | $this->admin->getFormFieldDescriptions()->willReturn([]); |
||
95 | $this->admin->hasFormFieldDescription('barField')->willReturn(true); |
||
96 | $this->admin->getFormFieldDescription('barField')->willReturn($fieldDescription->reveal()); |
||
97 | |||
98 | $fieldDescription->getTargetModel()->willReturn(Foo::class); |
||
99 | $fieldDescription->getName()->willReturn('barField'); |
||
100 | |||
101 | ($this->action)($request); |
||
102 | } |
||
103 | |||
104 | public function testRetrieveAutocompleteItemsTooShortSearchString(): void |
||
105 | { |
||
106 | $object = new \stdClass(); |
||
107 | $request = new Request([ |
||
108 | 'admin_code' => 'foo.admin', |
||
109 | 'field' => 'barField', |
||
110 | 'q' => 'so', |
||
111 | ], [], [], [], [], ['REQUEST_METHOD' => Request::METHOD_GET, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest']); |
||
112 | |||
113 | $targetAdmin = $this->prophesize(AbstractAdmin::class); |
||
114 | $fieldDescription = $this->prophesize(FieldDescriptionInterface::class); |
||
115 | |||
116 | $this->configureFormConfig('barField'); |
||
117 | |||
118 | $this->admin->getNewInstance()->willReturn($object); |
||
119 | $this->admin->setSubject($object)->shouldBeCalled(); |
||
120 | $this->admin->hasAccess('create')->willReturn(true); |
||
121 | $this->admin->hasFormFieldDescription('barField')->willReturn(true); |
||
122 | $this->admin->getFormFieldDescription('barField')->willReturn($fieldDescription->reveal()); |
||
123 | $this->admin->getFormFieldDescriptions()->willReturn([]); |
||
124 | $targetAdmin->checkAccess('list')->shouldBeCalled(); |
||
125 | $fieldDescription->getTargetModel()->willReturn(Foo::class); |
||
126 | $fieldDescription->getName()->willReturn('barField'); |
||
127 | $fieldDescription->getAssociationAdmin()->willReturn($targetAdmin->reveal()); |
||
128 | |||
129 | $response = ($this->action)($request); |
||
130 | |||
131 | $this->assertInstanceOf(Response::class, $response); |
||
132 | $this->assertSame('application/json', $response->headers->get('Content-Type')); |
||
133 | $this->assertSame('{"status":"KO","message":"Too short search string."}', $response->getContent()); |
||
134 | } |
||
135 | |||
136 | public function testRetrieveAutocompleteItems(): void |
||
137 | { |
||
138 | $request = new Request([ |
||
139 | 'admin_code' => 'foo.admin', |
||
140 | 'field' => 'barField', |
||
141 | 'q' => 'sonata', |
||
142 | ], [], [], [], [], ['REQUEST_METHOD' => Request::METHOD_GET, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest']); |
||
143 | |||
144 | $this->configureFormConfig('barField'); |
||
145 | |||
146 | $datagrid = $this->configureAutocompleteItemsDatagrid(); |
||
147 | $filter = new FooFilter(); |
||
148 | $filter->initialize('foo'); |
||
149 | |||
150 | $datagrid->hasFilter('foo')->willReturn(true); |
||
151 | $datagrid->getFilter('foo')->willReturn($filter); |
||
152 | $datagrid->setValue('foo', null, 'sonata')->shouldBeCalled(); |
||
153 | |||
154 | $response = ($this->action)($request); |
||
155 | |||
156 | $this->assertInstanceOf(Response::class, $response); |
||
157 | $this->assertSame('application/json', $response->headers->get('Content-Type')); |
||
158 | $this->assertSame('{"status":"OK","more":false,"items":[{"id":"123","label":"FOO"}]}', $response->getContent()); |
||
159 | } |
||
160 | |||
161 | public function testRetrieveAutocompleteItemsComplexPropertyArray(): void |
||
162 | { |
||
163 | $request = new Request([ |
||
164 | 'admin_code' => 'foo.admin', |
||
165 | 'field' => 'barField', |
||
166 | 'q' => 'sonata', |
||
167 | ], [], [], [], [], ['REQUEST_METHOD' => Request::METHOD_GET, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest']); |
||
168 | |||
169 | $this->configureFormConfigComplexPropertyArray('barField'); |
||
170 | $datagrid = $this->configureAutocompleteItemsDatagrid(); |
||
171 | |||
172 | $filter = new FooFilter(); |
||
173 | $filter->initialize('entity.property'); |
||
174 | |||
175 | $datagrid->hasFilter('entity.property')->willReturn(true); |
||
176 | $datagrid->getFilter('entity.property')->willReturn($filter); |
||
177 | $filter2 = new FooFilter(); |
||
178 | $filter2->initialize('entity2.property2'); |
||
179 | |||
180 | $datagrid->hasFilter('entity2.property2')->willReturn(true); |
||
181 | $datagrid->getFilter('entity2.property2')->willReturn($filter2); |
||
182 | |||
183 | $datagrid->setValue('entity__property', null, 'sonata')->shouldBeCalled(); |
||
184 | $datagrid->setValue('entity2__property2', null, 'sonata')->shouldBeCalled(); |
||
185 | |||
186 | $response = ($this->action)($request); |
||
187 | |||
188 | $this->assertInstanceOf(Response::class, $response); |
||
189 | $this->assertSame('application/json', $response->headers->get('Content-Type')); |
||
190 | $this->assertSame('{"status":"OK","more":false,"items":[{"id":"123","label":"FOO"}]}', $response->getContent()); |
||
191 | } |
||
192 | |||
193 | public function testRetrieveAutocompleteItemsComplexProperty(): void |
||
194 | { |
||
195 | $request = new Request([ |
||
196 | 'admin_code' => 'foo.admin', |
||
197 | 'field' => 'barField', |
||
198 | 'q' => 'sonata', |
||
199 | ], [], [], [], [], ['REQUEST_METHOD' => Request::METHOD_GET, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest']); |
||
200 | |||
201 | $this->configureFormConfigComplexProperty('barField'); |
||
202 | $datagrid = $this->configureAutocompleteItemsDatagrid(); |
||
203 | |||
204 | $filter = new FooFilter(); |
||
205 | $filter->initialize('entity.property'); |
||
206 | |||
207 | $datagrid->hasFilter('entity.property')->willReturn(true); |
||
208 | $datagrid->getFilter('entity.property')->willReturn($filter); |
||
209 | $datagrid->setValue('entity__property', null, 'sonata')->shouldBeCalled(); |
||
210 | |||
211 | $response = ($this->action)($request); |
||
212 | |||
213 | $this->assertInstanceOf(Response::class, $response); |
||
214 | $this->assertSame('application/json', $response->headers->get('Content-Type')); |
||
215 | $this->assertSame('{"status":"OK","more":false,"items":[{"id":"123","label":"FOO"}]}', $response->getContent()); |
||
216 | } |
||
217 | |||
218 | private function configureAutocompleteItemsDatagrid(): ObjectProphecy |
||
219 | { |
||
220 | $model = new \stdClass(); |
||
221 | |||
222 | $targetAdmin = $this->prophesize(AbstractAdmin::class); |
||
223 | $datagrid = $this->prophesize(DatagridInterface::class); |
||
224 | $metadata = $this->prophesize(MetadataInterface::class); |
||
225 | $pager = $this->prophesize(Pager::class); |
||
226 | $fieldDescription = $this->prophesize(FieldDescriptionInterface::class); |
||
227 | |||
228 | $this->admin->getNewInstance()->willReturn($model); |
||
229 | $this->admin->setSubject($model)->shouldBeCalled(); |
||
230 | $this->admin->hasAccess('create')->willReturn(true); |
||
231 | $this->admin->hasFormFieldDescription('barField')->willReturn(true); |
||
232 | $this->admin->getFormFieldDescription('barField')->willReturn($fieldDescription->reveal()); |
||
233 | $this->admin->getFormFieldDescriptions()->willReturn([]); |
||
234 | $this->admin->id($model)->willReturn(123); |
||
235 | $targetAdmin->checkAccess('list')->shouldBeCalled(); |
||
236 | $targetAdmin->setFilterPersister(null)->shouldBeCalled(); |
||
237 | $targetAdmin->getDatagrid()->willReturn($datagrid->reveal()); |
||
238 | $targetAdmin->getObjectMetadata($model)->willReturn($metadata->reveal()); |
||
239 | $metadata->getTitle()->willReturn('FOO'); |
||
240 | |||
241 | $datagrid->setValue('_per_page', null, 10)->shouldBeCalled(); |
||
242 | $datagrid->setValue('_page', null, 1)->shouldBeCalled(); |
||
243 | $datagrid->buildPager()->shouldBeCalled(); |
||
244 | $datagrid->getPager()->willReturn($pager->reveal()); |
||
245 | $pager->getResults()->willReturn([$model]); |
||
246 | $pager->isLastPage()->willReturn(true); |
||
247 | $fieldDescription->getTargetModel()->willReturn(Foo::class); |
||
248 | $fieldDescription->getName()->willReturn('barField'); |
||
249 | $fieldDescription->getAssociationAdmin()->willReturn($targetAdmin->reveal()); |
||
250 | |||
251 | return $datagrid; |
||
252 | } |
||
253 | |||
254 | private function configureFormConfig(string $field, bool $disabled = false): void |
||
255 | { |
||
256 | $form = $this->prophesize(Form::class); |
||
257 | $formType = $this->prophesize(Form::class); |
||
258 | $formConfig = $this->prophesize(FormConfigInterface::class); |
||
259 | |||
260 | $this->admin->getForm()->willReturn($form->reveal()); |
||
261 | $form->get($field)->willReturn($formType->reveal()); |
||
262 | $formType->getConfig()->willReturn($formConfig->reveal()); |
||
263 | $formConfig->getAttribute('disabled')->willReturn($disabled); |
||
264 | $formConfig->getAttribute('property')->willReturn('foo'); |
||
265 | $formConfig->getAttribute('callback')->willReturn(null); |
||
266 | $formConfig->getAttribute('minimum_input_length')->willReturn(3); |
||
267 | $formConfig->getAttribute('items_per_page')->willReturn(10); |
||
268 | $formConfig->getAttribute('req_param_name_page_number')->willReturn('_page'); |
||
269 | $formConfig->getAttribute('to_string_callback')->willReturn(null); |
||
270 | $formConfig->getAttribute('target_admin_access_action')->willReturn('list'); |
||
271 | } |
||
272 | |||
273 | private function configureFormConfigComplexProperty(string $field): void |
||
274 | { |
||
275 | $form = $this->prophesize(Form::class); |
||
276 | $formType = $this->prophesize(Form::class); |
||
277 | $formConfig = $this->prophesize(FormConfigInterface::class); |
||
278 | |||
279 | $this->admin->getForm()->willReturn($form->reveal()); |
||
0 ignored issues
–
show
|
|||
280 | $form->get($field)->willReturn($formType->reveal()); |
||
281 | $formType->getConfig()->willReturn($formConfig->reveal()); |
||
282 | $formConfig->getAttribute('disabled')->willReturn(false); |
||
283 | $formConfig->getAttribute('property')->willReturn('entity.property'); |
||
284 | $formConfig->getAttribute('callback')->willReturn(null); |
||
285 | $formConfig->getAttribute('minimum_input_length')->willReturn(3); |
||
286 | $formConfig->getAttribute('items_per_page')->willReturn(10); |
||
287 | $formConfig->getAttribute('req_param_name_page_number')->willReturn('_page'); |
||
288 | $formConfig->getAttribute('to_string_callback')->willReturn(null); |
||
289 | $formConfig->getAttribute('target_admin_access_action')->willReturn('list'); |
||
290 | } |
||
291 | |||
292 | private function configureFormConfigComplexPropertyArray(string $field): void |
||
293 | { |
||
294 | $form = $this->prophesize(Form::class); |
||
295 | $formType = $this->prophesize(Form::class); |
||
296 | $formConfig = $this->prophesize(FormConfigInterface::class); |
||
297 | |||
298 | $this->admin->getForm()->willReturn($form->reveal()); |
||
299 | $form->get($field)->willReturn($formType->reveal()); |
||
300 | $formType->getConfig()->willReturn($formConfig->reveal()); |
||
301 | $formConfig->getAttribute('disabled')->willReturn(false); |
||
302 | $formConfig->getAttribute('property')->willReturn(['entity.property', 'entity2.property2']); |
||
303 | $formConfig->getAttribute('callback')->willReturn(null); |
||
304 | $formConfig->getAttribute('minimum_input_length')->willReturn(3); |
||
305 | $formConfig->getAttribute('items_per_page')->willReturn(10); |
||
306 | $formConfig->getAttribute('req_param_name_page_number')->willReturn('_page'); |
||
307 | $formConfig->getAttribute('to_string_callback')->willReturn(null); |
||
308 | $formConfig->getAttribute('target_admin_access_action')->willReturn('list'); |
||
309 | } |
||
310 | } |
||
311 |
This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces.
This is most likely a typographical error or the method has been renamed.