2012-03-08 01:58:53 +01:00
|
|
|
<?php
|
|
|
|
|
2016-10-14 03:30:05 +02:00
|
|
|
namespace SilverStripe\Forms\Tests\GridField;
|
|
|
|
|
2017-06-22 12:50:45 +02:00
|
|
|
use SilverStripe\Control\Controller;
|
|
|
|
use SilverStripe\Control\HTTPRequest;
|
2016-10-14 03:30:05 +02:00
|
|
|
use SilverStripe\Control\HTTPResponse_Exception;
|
2017-06-22 12:50:45 +02:00
|
|
|
use SilverStripe\Control\Session;
|
|
|
|
use SilverStripe\Dev\CSSContentParser;
|
|
|
|
use SilverStripe\Dev\SapphireTest;
|
|
|
|
use SilverStripe\Forms\FieldList;
|
|
|
|
use SilverStripe\Forms\Form;
|
|
|
|
use SilverStripe\Forms\GridField\GridField;
|
|
|
|
use SilverStripe\Forms\GridField\GridFieldConfig;
|
|
|
|
use SilverStripe\Forms\GridField\GridFieldDeleteAction;
|
2016-10-14 03:30:05 +02:00
|
|
|
use SilverStripe\Forms\Tests\GridField\GridFieldTest\Cheerleader;
|
|
|
|
use SilverStripe\Forms\Tests\GridField\GridFieldTest\Permissions;
|
|
|
|
use SilverStripe\Forms\Tests\GridField\GridFieldTest\Player;
|
|
|
|
use SilverStripe\Forms\Tests\GridField\GridFieldTest\Team;
|
|
|
|
use SilverStripe\ORM\ArrayList;
|
2016-06-15 06:03:16 +02:00
|
|
|
use SilverStripe\ORM\DataList;
|
2016-10-14 03:30:05 +02:00
|
|
|
use SilverStripe\ORM\ValidationException;
|
2017-05-20 06:32:25 +02:00
|
|
|
use SilverStripe\Security\Security;
|
2016-06-23 01:37:22 +02:00
|
|
|
use SilverStripe\Security\SecurityToken;
|
2016-08-19 00:51:35 +02:00
|
|
|
|
2016-12-16 05:34:21 +01:00
|
|
|
class GridFieldDeleteActionTest extends SapphireTest
|
|
|
|
{
|
|
|
|
|
|
|
|
/**
|
2017-03-24 12:17:26 +01:00
|
|
|
* @var ArrayList
|
|
|
|
*/
|
2016-12-16 05:34:21 +01:00
|
|
|
protected $list;
|
|
|
|
|
|
|
|
/**
|
2017-03-24 12:17:26 +01:00
|
|
|
* @var GridField
|
|
|
|
*/
|
2016-12-16 05:34:21 +01:00
|
|
|
protected $gridField;
|
|
|
|
|
|
|
|
/**
|
2017-03-24 12:17:26 +01:00
|
|
|
* @var Form
|
|
|
|
*/
|
2016-12-16 05:34:21 +01:00
|
|
|
protected $form;
|
|
|
|
|
|
|
|
/**
|
2017-03-24 12:17:26 +01:00
|
|
|
* @var string
|
|
|
|
*/
|
2016-12-16 05:34:21 +01:00
|
|
|
protected static $fixture_file = 'GridFieldActionTest.yml';
|
|
|
|
|
|
|
|
/**
|
2017-03-24 12:17:26 +01:00
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
protected static $extra_dataobjects = [
|
2016-12-16 05:34:21 +01:00
|
|
|
Team::class,
|
|
|
|
Cheerleader::class,
|
|
|
|
Player::class,
|
2017-03-24 12:17:26 +01:00
|
|
|
Permissions::class,
|
2016-12-16 05:34:21 +01:00
|
|
|
];
|
|
|
|
|
2017-03-24 04:00:54 +01:00
|
|
|
protected function setUp()
|
2016-12-16 05:34:21 +01:00
|
|
|
{
|
|
|
|
parent::setUp();
|
|
|
|
$this->list = new DataList(Team::class);
|
|
|
|
$config = GridFieldConfig::create()->addComponent(new GridFieldDeleteAction());
|
|
|
|
$this->gridField = new GridField('testfield', 'testfield', $this->list, $config);
|
2017-03-02 03:24:38 +01:00
|
|
|
$this->form = new Form(null, 'mockform', new FieldList(array($this->gridField)), new FieldList());
|
2016-12-16 05:34:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
public function testDontShowDeleteButtons()
|
|
|
|
{
|
2017-05-20 06:32:25 +02:00
|
|
|
if (Security::getCurrentUser()) {
|
|
|
|
Security::setCurrentUser(null);
|
2016-12-16 05:34:21 +01:00
|
|
|
}
|
|
|
|
$content = new CSSContentParser($this->gridField->FieldHolder());
|
|
|
|
// Check that there are content
|
|
|
|
$this->assertEquals(4, count($content->getBySelector('.ss-gridfield-item')));
|
|
|
|
// Make sure that there are no delete buttons
|
|
|
|
$this->assertEquals(
|
|
|
|
0,
|
|
|
|
count($content->getBySelector('.gridfield-button-delete')),
|
|
|
|
'Delete buttons should not show when not logged in.'
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testShowDeleteButtonsWithAdminPermission()
|
|
|
|
{
|
|
|
|
$this->logInWithPermission('ADMIN');
|
|
|
|
$content = new CSSContentParser($this->gridField->FieldHolder());
|
2018-08-24 03:13:32 +02:00
|
|
|
$deleteButtons = $content->getBySelector('.action--delete');
|
2016-12-16 05:34:21 +01:00
|
|
|
$this->assertEquals(3, count($deleteButtons), 'Delete buttons should show when logged in.');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testActionsRequireCSRF()
|
|
|
|
{
|
|
|
|
$this->logInWithPermission('ADMIN');
|
2017-06-22 12:50:45 +02:00
|
|
|
$this->expectException(HTTPResponse_Exception::class);
|
|
|
|
$this->expectExceptionMessage(_t(
|
|
|
|
"SilverStripe\\Forms\\Form.CSRF_FAILED_MESSAGE",
|
2018-01-16 19:39:30 +01:00
|
|
|
"There seems to have been a technical problem. Please click the back button, " . "refresh your browser, and try again."
|
2017-06-22 12:50:45 +02:00
|
|
|
));
|
|
|
|
$this->expectExceptionCode(400);
|
2016-12-16 05:34:21 +01:00
|
|
|
$stateID = 'testGridStateActionField';
|
|
|
|
$request = new HTTPRequest(
|
|
|
|
'POST',
|
|
|
|
'url',
|
|
|
|
array(),
|
|
|
|
array(
|
2018-01-16 19:39:30 +01:00
|
|
|
'action_gridFieldAlterAction?StateID=' . $stateID,
|
2016-12-16 05:34:21 +01:00
|
|
|
'SecurityID' => null,
|
|
|
|
)
|
|
|
|
);
|
2017-06-22 12:50:45 +02:00
|
|
|
$request->setSession(new Session([]));
|
2016-12-16 05:34:21 +01:00
|
|
|
$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testDeleteActionWithoutCorrectPermission()
|
|
|
|
{
|
2017-05-20 06:32:25 +02:00
|
|
|
if (Security::getCurrentUser()) {
|
|
|
|
Security::setCurrentUser(null);
|
2016-12-16 05:34:21 +01:00
|
|
|
}
|
2017-06-22 12:50:45 +02:00
|
|
|
$this->expectException(ValidationException::class);
|
2016-12-16 05:34:21 +01:00
|
|
|
|
|
|
|
$stateID = 'testGridStateActionField';
|
2017-06-22 12:50:45 +02:00
|
|
|
$session = Controller::curr()->getRequest()->getSession();
|
|
|
|
$session->set(
|
2016-12-16 05:34:21 +01:00
|
|
|
$stateID,
|
|
|
|
array(
|
|
|
|
'grid' => '',
|
|
|
|
'actionName' => 'deleterecord',
|
|
|
|
'args' => array(
|
|
|
|
'RecordID' => $this->idFromFixture(Team::class, 'team1')
|
|
|
|
)
|
|
|
|
)
|
|
|
|
);
|
|
|
|
$token = SecurityToken::inst();
|
|
|
|
$request = new HTTPRequest(
|
|
|
|
'POST',
|
|
|
|
'url',
|
|
|
|
array(),
|
|
|
|
array(
|
2018-01-16 19:39:30 +01:00
|
|
|
'action_gridFieldAlterAction?StateID=' . $stateID => true,
|
2016-12-16 05:34:21 +01:00
|
|
|
$token->getName() => $token->getValue(),
|
|
|
|
)
|
|
|
|
);
|
2017-06-22 12:50:45 +02:00
|
|
|
$request->setSession($session);
|
2016-12-16 05:34:21 +01:00
|
|
|
$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
|
|
|
|
$this->assertEquals(
|
|
|
|
3,
|
|
|
|
$this->list->count(),
|
|
|
|
'User should\'t be able to delete records without correct permissions.'
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testDeleteActionWithAdminPermission()
|
|
|
|
{
|
|
|
|
$this->logInWithPermission('ADMIN');
|
|
|
|
$stateID = 'testGridStateActionField';
|
2017-06-22 12:50:45 +02:00
|
|
|
$session = Controller::curr()->getRequest()->getSession();
|
|
|
|
$session->set(
|
2016-12-16 05:34:21 +01:00
|
|
|
$stateID,
|
|
|
|
array(
|
|
|
|
'grid'=>'',
|
|
|
|
'actionName'=>'deleterecord',
|
|
|
|
'args' => array(
|
|
|
|
'RecordID' => $this->idFromFixture(Team::class, 'team1')
|
|
|
|
)
|
|
|
|
)
|
|
|
|
);
|
|
|
|
$token = SecurityToken::inst();
|
|
|
|
$request = new HTTPRequest(
|
|
|
|
'POST',
|
|
|
|
'url',
|
|
|
|
array(),
|
|
|
|
array(
|
2018-01-16 19:39:30 +01:00
|
|
|
'action_gridFieldAlterAction?StateID=' . $stateID=>true,
|
2016-12-16 05:34:21 +01:00
|
|
|
$token->getName() => $token->getValue(),
|
|
|
|
)
|
|
|
|
);
|
2017-06-22 12:50:45 +02:00
|
|
|
$request->setSession($session);
|
2016-12-16 05:34:21 +01:00
|
|
|
$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
|
|
|
|
$this->assertEquals(2, $this->list->count(), 'User should be able to delete records with ADMIN permission.');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testDeleteActionRemoveRelation()
|
|
|
|
{
|
|
|
|
$this->logInWithPermission('ADMIN');
|
|
|
|
|
|
|
|
$config = GridFieldConfig::create()->addComponent(new GridFieldDeleteAction(true));
|
|
|
|
|
2017-06-22 12:50:45 +02:00
|
|
|
$session = Controller::curr()->getRequest()->getSession();
|
2016-12-16 05:34:21 +01:00
|
|
|
$gridField = new GridField('testfield', 'testfield', $this->list, $config);
|
2017-06-22 12:50:45 +02:00
|
|
|
new Form(null, 'mockform', new FieldList(array($gridField)), new FieldList());
|
2016-12-16 05:34:21 +01:00
|
|
|
$stateID = 'testGridStateActionField';
|
2017-06-22 12:50:45 +02:00
|
|
|
$session->set(
|
2016-12-16 05:34:21 +01:00
|
|
|
$stateID,
|
|
|
|
array(
|
|
|
|
'grid'=>'',
|
|
|
|
'actionName'=>'deleterecord',
|
|
|
|
'args' => array(
|
|
|
|
'RecordID' => $this->idFromFixture(Team::class, 'team1')
|
|
|
|
)
|
|
|
|
)
|
|
|
|
);
|
|
|
|
$token = SecurityToken::inst();
|
|
|
|
$request = new HTTPRequest(
|
|
|
|
'POST',
|
|
|
|
'url',
|
|
|
|
array(),
|
|
|
|
array(
|
2018-01-16 19:39:30 +01:00
|
|
|
'action_gridFieldAlterAction?StateID=' . $stateID=>true,
|
2016-12-16 05:34:21 +01:00
|
|
|
$token->getName() => $token->getValue(),
|
|
|
|
)
|
|
|
|
);
|
2017-06-22 12:50:45 +02:00
|
|
|
$request->setSession($session);
|
|
|
|
$gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
|
2016-12-16 05:34:21 +01:00
|
|
|
$this->assertEquals(2, $this->list->count(), 'User should be able to delete records with ADMIN permission.');
|
|
|
|
}
|
2018-06-06 11:14:29 +02:00
|
|
|
|
|
|
|
public function testMenuGroup()
|
|
|
|
{
|
|
|
|
$this->logInWithPermission('ADMIN');
|
|
|
|
|
|
|
|
$config = GridFieldConfig::create()->addComponent($action = new GridFieldDeleteAction(true));
|
|
|
|
$gridField = new GridField('testfield', 'testfield', $this->list, $config);
|
|
|
|
new Form(null, 'mockform', new FieldList(array($gridField)), new FieldList());
|
|
|
|
$group = $action->getGroup($gridField, $this->list->first(), 'dummy');
|
|
|
|
$this->assertNotNull($group, 'A menu group exists when the user can delete');
|
|
|
|
|
|
|
|
$this->logOut();
|
|
|
|
|
|
|
|
$group = $action->getGroup($gridField, $this->list->first(), 'dummy');
|
|
|
|
$this->assertNull($group, 'A menu group does not exist when the user cannot delete');
|
|
|
|
}
|
2012-03-08 01:58:53 +01:00
|
|
|
}
|