From 68e775dfd30a991bff65f71308d5998a2149cb9d Mon Sep 17 00:00:00 2001 From: Romain Neutron Date: Mon, 10 Feb 2014 14:08:01 +0100 Subject: [PATCH] Fix #1693 : Guest users should be able to access detailed view --- .../Phrasea/Controller/Prod/Records.php | 14 +++--- .../Phrasea/Controller/Prod/RecordsTest.php | 45 +++++++++++++++++++ tests/classes/PhraseanetPHPUnitAbstract.php | 8 ++-- 3 files changed, 58 insertions(+), 9 deletions(-) diff --git a/lib/Alchemy/Phrasea/Controller/Prod/Records.php b/lib/Alchemy/Phrasea/Controller/Prod/Records.php index ecd35008ba..aae7f085eb 100644 --- a/lib/Alchemy/Phrasea/Controller/Prod/Records.php +++ b/lib/Alchemy/Phrasea/Controller/Prod/Records.php @@ -30,10 +30,6 @@ class Records implements ControllerProviderInterface $app['firewall']->addMandatoryAuthentication($controllers); - $controllers->before(function (Request $request) use ($app) { - $app['firewall']->requireNotGuest(); - }); - /** * Get the record detailed view * @@ -65,7 +61,10 @@ class Records implements ControllerProviderInterface * return : JSON Response */ $controllers->post('/delete/', $this->call('doDeleteRecords')) - ->bind('record_delete'); + ->bind('record_delete') + ->before(function (Request $request) use ($app) { + $app['firewall']->requireNotGuest(); + }); /** * Verify if I can delete records @@ -81,7 +80,10 @@ class Records implements ControllerProviderInterface * return : HTML Response */ $controllers->post('/delete/what/', $this->call('whatCanIDelete')) - ->bind('record_what_can_i_delete'); + ->bind('record_what_can_i_delete') + ->before(function (Request $request) use ($app) { + $app['firewall']->requireNotGuest(); + }); /** * Renew a record URL diff --git a/tests/Alchemy/Tests/Phrasea/Controller/Prod/RecordsTest.php b/tests/Alchemy/Tests/Phrasea/Controller/Prod/RecordsTest.php index 696c8d5435..8bb54fa474 100644 --- a/tests/Alchemy/Tests/Phrasea/Controller/Prod/RecordsTest.php +++ b/tests/Alchemy/Tests/Phrasea/Controller/Prod/RecordsTest.php @@ -4,6 +4,8 @@ namespace Alchemy\Tests\Phrasea\Controller\Prod; use Alchemy\Phrasea\Border\File; use Alchemy\Phrasea\SearchEngine\SearchEngineOptions; +use Entities\Basket; +use Entities\BasketElement; /** * @todo Test Alchemy\Phrasea\Controller\Prod\Export::exportMail @@ -78,6 +80,49 @@ class RecordsTest extends \PhraseanetWebTestCaseAuthenticatedAbstract $this->assertBadResponse(self::$DI['client']->getResponse()); } + public function testGetRecordDetailAsGuest() + { + $inviteUsrid = \User_Adapter::get_usr_id_from_login(self::$DI['app'], 'invite'); + $invite_user = \User_Adapter::getInstance($inviteUsrid, self::$DI['app']); + + $this->authenticate(self::$DI['app'], $invite_user); + + $basket = new Basket(); + $basket->setUsrId($inviteUsrid); + $basket->setName('test'); + + self::$DI['app']['EM']->persist($basket); + + $element = new BasketElement(); + $element->setRecord(self::$DI['record_24']); + $element->setBasket($basket); + $basket->addElement($element); + + self::$DI['app']['EM']->persist($element); + self::$DI['app']['EM']->flush(); + + $this->XMLHTTPRequest('POST', '/prod/records/', array( + 'env' => 'BASK', + 'pos' => 0, + 'query' => '', + 'cont' => $basket->getId(), + )); + $response = self::$DI['client']->getResponse(); + + $this->assertEquals(200, $response->getStatusCode()); + $data = json_decode($response->getContent(), true); + + $this->assertArrayHasKey('desc', $data); + $this->assertArrayHasKey('html_preview', $data); + $this->assertArrayHasKey('current', $data); + $this->assertArrayHasKey('others', $data); + $this->assertArrayHasKey('history', $data); + $this->assertArrayHasKey('popularity', $data); + $this->assertArrayHasKey('tools', $data); + $this->assertArrayHasKey('pos', $data); + $this->assertArrayHasKey('title', $data); + } + /** * @covers Alchemy\Phrasea\Controller\Prod\Records::getRecord */ diff --git a/tests/classes/PhraseanetPHPUnitAbstract.php b/tests/classes/PhraseanetPHPUnitAbstract.php index 782db2a7b7..2742a90043 100644 --- a/tests/classes/PhraseanetPHPUnitAbstract.php +++ b/tests/classes/PhraseanetPHPUnitAbstract.php @@ -917,12 +917,14 @@ abstract class PhraseanetPHPUnitAbstract extends WebTestCase return; } - protected function authenticate(Application $app) + protected function authenticate(Application $app, $user = null) { + $user = $user ?: self::$DI['user']; + $app['session']->clear(); - $app['session']->set('usr_id', self::$DI['user']->get_id()); + $app['session']->set('usr_id', $user->get_id()); $session = new \Entities\Session(); - $session->setUsrId(self::$DI['user']->get_id()); + $session->setUsrId($user->get_id()); $session->setUserAgent(''); self::$DI['app']['EM']->persist($session); self::$DI['app']['EM']->flush();