2008-08-09 05:19:54 +02:00
|
|
|
<?php
|
|
|
|
|
2009-09-10 08:34:40 +02:00
|
|
|
class ControllerTest extends FunctionalTest {
|
|
|
|
static $fixture_file = 'sapphire/tests/ControllerTest.yml';
|
2008-08-09 05:19:54 +02:00
|
|
|
|
|
|
|
function testDefaultAction() {
|
|
|
|
/* For a controller with a template, the default action will simple run that template. */
|
2009-09-10 08:34:40 +02:00
|
|
|
$response = $this->get("ControllerTest_Controller/");
|
2008-11-24 20:28:46 +01:00
|
|
|
$this->assertRegExp("/This is the main template. Content is 'default content'/", $response->getBody());
|
2008-08-09 05:19:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
function testMethodActions() {
|
|
|
|
/* The Action can refer to a method that is called on the object. If a method returns an array, then it will be
|
|
|
|
used to customise the template data */
|
2009-09-10 08:34:40 +02:00
|
|
|
$response = $this->get("ControllerTest_Controller/methodaction");
|
2008-11-24 20:28:46 +01:00
|
|
|
$this->assertRegExp("/This is the main template. Content is 'methodaction content'./", $response->getBody());
|
2008-08-09 05:19:54 +02:00
|
|
|
|
|
|
|
/* If the method just returns a string, then that will be used as the response */
|
2009-09-10 08:34:40 +02:00
|
|
|
$response = $this->get("ControllerTest_Controller/stringaction");
|
2008-11-24 20:28:46 +01:00
|
|
|
$this->assertRegExp("/stringaction was called./", $response->getBody());
|
2008-08-09 05:19:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
function testTemplateActions() {
|
|
|
|
/* If there is no method, it can be used to point to an alternative template. */
|
2009-09-10 08:34:40 +02:00
|
|
|
$response = $this->get("ControllerTest_Controller/templateaction");
|
2008-11-24 20:28:46 +01:00
|
|
|
$this->assertRegExp("/This is the template for templateaction. Content is 'default content'./", $response->getBody());
|
2008-08-09 05:19:54 +02:00
|
|
|
}
|
2009-10-11 02:07:01 +02:00
|
|
|
|
|
|
|
public function testUndefinedActions() {
|
|
|
|
$response = Director::test('ControllerTest_UnsecuredController/undefinedaction');
|
|
|
|
$this->assertEquals(404, $response->getStatusCode(), 'Undefined actions return a not found response.');
|
|
|
|
}
|
|
|
|
|
2008-08-09 05:19:54 +02:00
|
|
|
function testAllowedActions() {
|
2009-09-10 08:34:40 +02:00
|
|
|
$adminUser = $this->objFromFixture('Member', 'admin');
|
|
|
|
|
|
|
|
$response = $this->get("ControllerTest_SecuredController/methodaction");
|
2008-08-09 05:19:54 +02:00
|
|
|
$this->assertEquals(200, $response->getStatusCode());
|
|
|
|
|
2009-09-10 08:34:40 +02:00
|
|
|
$response = $this->get("ControllerTest_SecuredController/stringaction");
|
2008-08-09 05:19:54 +02:00
|
|
|
$this->assertEquals(403, $response->getStatusCode());
|
|
|
|
|
2009-09-10 08:34:40 +02:00
|
|
|
$response = $this->get("ControllerTest_SecuredController/adminonly");
|
2008-08-09 05:19:54 +02:00
|
|
|
$this->assertEquals(403, $response->getStatusCode());
|
2009-03-21 06:10:05 +01:00
|
|
|
|
2009-09-10 08:34:40 +02:00
|
|
|
$response = $this->get('ControllerTest_UnsecuredController/stringaction');
|
2009-04-02 18:34:27 +02:00
|
|
|
$this->assertEquals(200, $response->getStatusCode(),
|
|
|
|
"test that a controller without a specified allowed_actions allows actions through"
|
|
|
|
);
|
|
|
|
|
2009-09-10 08:34:40 +02:00
|
|
|
$response = $this->get("ControllerTest_FullSecuredController/index");
|
2009-09-10 03:37:44 +02:00
|
|
|
$this->assertEquals(403, $response->getStatusCode(),
|
|
|
|
"Actions can be globally disallowed by using asterisk (*) for index method"
|
|
|
|
);
|
|
|
|
|
2009-09-10 08:34:40 +02:00
|
|
|
$response = $this->get("ControllerTest_FullSecuredController/adminonly");
|
2009-04-02 18:34:27 +02:00
|
|
|
$this->assertEquals(403, $response->getStatusCode(),
|
|
|
|
"Actions can be globally disallowed by using asterisk (*) instead of a method name"
|
|
|
|
);
|
|
|
|
|
2009-09-10 08:34:40 +02:00
|
|
|
$response = $this->get("ControllerTest_FullSecuredController/unsecuredaction");
|
2009-04-02 18:34:27 +02:00
|
|
|
$this->assertEquals(200, $response->getStatusCode(),
|
|
|
|
"Actions can be overridden to be allowed if globally disallowed by using asterisk (*)"
|
|
|
|
);
|
2009-09-10 08:34:40 +02:00
|
|
|
|
|
|
|
$this->session()->inst_set('loggedInAs', $adminUser->ID);
|
|
|
|
$response = $this->get("ControllerTest_SecuredController/adminonly");
|
|
|
|
$this->assertEquals(
|
|
|
|
200,
|
|
|
|
$response->getStatusCode(),
|
|
|
|
"Permission codes are respected when set in \$allowed_actions"
|
|
|
|
);
|
2008-08-09 05:19:54 +02:00
|
|
|
}
|
2008-08-28 06:25:13 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Test Controller::join_links()
|
|
|
|
*/
|
|
|
|
function testJoinLinks() {
|
|
|
|
/* Controller::join_links() will reliably join two URL-segments together so that they will be appropriately parsed by the URL parser */
|
|
|
|
$this->assertEquals("admin/crm/MyForm", Controller::join_links("admin/crm", "MyForm"));
|
|
|
|
$this->assertEquals("admin/crm/MyForm", Controller::join_links("admin/crm/", "MyForm"));
|
|
|
|
|
|
|
|
/* It will also handle appropriate combination of querystring variables */
|
|
|
|
$this->assertEquals("admin/crm/MyForm?flush=1", Controller::join_links("admin/crm/?flush=1", "MyForm"));
|
|
|
|
$this->assertEquals("admin/crm/MyForm?flush=1", Controller::join_links("admin/crm/", "MyForm?flush=1"));
|
|
|
|
$this->assertEquals("admin/crm/MyForm?field=1&other=1", Controller::join_links("admin/crm/?field=1", "MyForm?other=1"));
|
|
|
|
|
|
|
|
/* It can handle arbitrary numbers of components, and will ignore empty ones */
|
|
|
|
$this->assertEquals("admin/crm/MyForm/", Controller::join_links("admin/", "crm", "", "MyForm/"));
|
|
|
|
$this->assertEquals("admin/crm/MyForm/?a=1&b=2", Controller::join_links("admin/?a=1", "crm", "", "MyForm/?b=2"));
|
|
|
|
|
|
|
|
/* It can also be used to attach additional get variables to a link */
|
|
|
|
$this->assertEquals("admin/crm?flush=1", Controller::join_links("admin/crm", "?flush=1"));
|
|
|
|
$this->assertEquals("admin/crm?existing=1&flush=1", Controller::join_links("admin/crm?existing=1", "?flush=1"));
|
|
|
|
$this->assertEquals("admin/crm/MyForm?a=1&b=2&c=3", Controller::join_links("?a=1", "admin/crm", "?b=2", "MyForm?c=3"));
|
|
|
|
|
|
|
|
/* Note, however, that it doesn't deal with duplicates very well. */
|
|
|
|
$this->assertEquals("admin/crm?flush=1&flush=1", Controller::join_links("admin/crm?flush=1", "?flush=1"));
|
2009-10-11 02:07:15 +02:00
|
|
|
|
|
|
|
$this->assertEquals (
|
|
|
|
'admin/action', Controller::join_links('admin/', '/', '/action'), 'Test that multiple slashes are trimmed.'
|
|
|
|
);
|
|
|
|
|
|
|
|
$this->assertEquals('/admin/action', Controller::join_links('/admin', 'action'));
|
2008-08-28 06:25:13 +02:00
|
|
|
}
|
2008-08-09 05:19:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Simple controller for testing
|
|
|
|
*/
|
|
|
|
class ControllerTest_Controller extends Controller {
|
|
|
|
public $Content = "default content";
|
|
|
|
|
|
|
|
function methodaction() {
|
|
|
|
return array(
|
|
|
|
"Content" => "methodaction content"
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
function stringaction() {
|
|
|
|
return "stringaction was called.";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Controller with an $allowed_actions value
|
|
|
|
*/
|
|
|
|
class ControllerTest_SecuredController extends Controller {
|
|
|
|
static $allowed_actions = array(
|
|
|
|
"methodaction",
|
|
|
|
"adminonly" => "ADMIN",
|
|
|
|
);
|
|
|
|
|
|
|
|
public $Content = "default content";
|
|
|
|
|
|
|
|
function methodaction() {
|
|
|
|
return array(
|
|
|
|
"Content" => "methodaction content"
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
function stringaction() {
|
|
|
|
return "stringaction was called.";
|
|
|
|
}
|
|
|
|
|
|
|
|
function adminonly() {
|
|
|
|
return "You must be an admin!";
|
|
|
|
}
|
2009-03-21 06:10:05 +01:00
|
|
|
}
|
|
|
|
|
2009-04-02 18:34:27 +02:00
|
|
|
class ControllerTest_FullSecuredController extends Controller {
|
|
|
|
|
|
|
|
static $allowed_actions = array(
|
|
|
|
"*" => "ADMIN",
|
|
|
|
'unsecuredaction' => true,
|
|
|
|
);
|
|
|
|
|
|
|
|
function adminonly() {
|
|
|
|
return "You must be an admin!";
|
|
|
|
}
|
|
|
|
|
|
|
|
function unsecuredaction() {
|
|
|
|
return "Allowed for everybody";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-03-21 06:10:05 +01:00
|
|
|
class ControllerTest_UnsecuredController extends ControllerTest_SecuredController {}
|