silverstripe-framework/tests/php/Control/RequestHandlingTest.php

339 lines
14 KiB
PHP
Raw Normal View History

<?php
2016-10-14 03:30:05 +02:00
namespace SilverStripe\Control\Tests;
use SilverStripe\Admin\LeftAndMain;
use SilverStripe\CMS\Controllers\ErrorPageControllerExtension;
use SilverStripe\Control\Controller;
use SilverStripe\Control\Tests\RequestHandlingTest\AllowedController;
use SilverStripe\Control\Tests\RequestHandlingTest\ControllerFormWithAllowedActions;
use SilverStripe\Control\Tests\RequestHandlingTest\FieldController;
use SilverStripe\Control\Tests\RequestHandlingTest\FormActionController;
use SilverStripe\Control\Tests\RequestHandlingTest\TestController;
use SilverStripe\Dev\FunctionalTest;
use SilverStripe\Control\RequestHandler;
use SilverStripe\Control\Director;
use SilverStripe\Forms\Form;
2016-09-09 08:43:05 +02:00
use SilverStripe\Security\SecurityToken;
/**
2016-09-09 08:43:05 +02:00
* Tests for RequestHandler and HTTPRequest.
2014-08-15 08:53:05 +02:00
* We've set up a simple URL handling model based on
*/
class RequestHandlingTest extends FunctionalTest {
protected static $fixture_file = null;
2014-08-15 08:53:05 +02:00
Merge remote-tracking branch 'origin/3' # Conflicts: # control/Director.php # control/HTTP.php # core/startup/ParameterConfirmationToken.php # docs/en/00_Getting_Started/01_Installation/05_Common_Problems.md # docs/en/00_Getting_Started/04_Directory_Structure.md # docs/en/00_Getting_Started/05_Coding_Conventions.md # docs/en/01_Tutorials/01_Building_A_Basic_Site.md # docs/en/01_Tutorials/02_Extending_A_Basic_Site.md # docs/en/01_Tutorials/03_Forms.md # docs/en/01_Tutorials/04_Site_Search.md # docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md # docs/en/02_Developer_Guides/12_Search/01_Searchcontext.md # docs/en/02_Developer_Guides/13_i18n/index.md # docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md # docs/en/03_Upgrading/index.md # docs/en/changelogs/index.md # docs/en/howto/customize-cms-menu.md # docs/en/howto/navigation-menu.md # docs/en/index.md # docs/en/installation/index.md # docs/en/installation/windows-manual-iis-6.md # docs/en/misc/contributing/code.md # docs/en/misc/contributing/issues.md # docs/en/misc/module-release-process.md # docs/en/reference/dataobject.md # docs/en/reference/execution-pipeline.md # docs/en/reference/grid-field.md # docs/en/reference/modeladmin.md # docs/en/reference/rssfeed.md # docs/en/reference/templates.md # docs/en/topics/commandline.md # docs/en/topics/debugging.md # docs/en/topics/email.md # docs/en/topics/forms.md # docs/en/topics/index.md # docs/en/topics/module-development.md # docs/en/topics/modules.md # docs/en/topics/page-type-templates.md # docs/en/topics/page-types.md # docs/en/topics/search.md # docs/en/topics/testing/index.md # docs/en/topics/testing/testing-guide-troubleshooting.md # docs/en/topics/theme-development.md # docs/en/tutorials/1-building-a-basic-site.md # docs/en/tutorials/2-extending-a-basic-site.md # docs/en/tutorials/3-forms.md # docs/en/tutorials/4-site-search.md # docs/en/tutorials/5-dataobject-relationship-management.md # docs/en/tutorials/building-a-basic-site.md # docs/en/tutorials/dataobject-relationship-management.md # docs/en/tutorials/extending-a-basic-site.md # docs/en/tutorials/forms.md # docs/en/tutorials/index.md # docs/en/tutorials/site-search.md # main.php # model/SQLQuery.php # security/ChangePasswordForm.php # security/MemberLoginForm.php # tests/control/ControllerTest.php # tests/core/startup/ParameterConfirmationTokenTest.php # tests/model/SQLQueryTest.php # tests/security/SecurityTest.php # tests/view/SSViewerTest.php # view/SSTemplateParser.php # view/SSTemplateParser.php.inc # view/SSViewer.php
2016-01-20 01:16:27 +01:00
protected $illegalExtensions = array(
// Suppress CMS error page handling
2016-10-14 03:30:05 +02:00
Controller::class => array(
ErrorPageControllerExtension::class,
),
2016-10-14 03:30:05 +02:00
Form::class => array(
ErrorPageControllerExtension::class,
),
2016-10-14 03:30:05 +02:00
LeftAndMain::class => array(
ErrorPageControllerExtension::class,
),
Merge remote-tracking branch 'origin/3' # Conflicts: # control/Director.php # control/HTTP.php # core/startup/ParameterConfirmationToken.php # docs/en/00_Getting_Started/01_Installation/05_Common_Problems.md # docs/en/00_Getting_Started/04_Directory_Structure.md # docs/en/00_Getting_Started/05_Coding_Conventions.md # docs/en/01_Tutorials/01_Building_A_Basic_Site.md # docs/en/01_Tutorials/02_Extending_A_Basic_Site.md # docs/en/01_Tutorials/03_Forms.md # docs/en/01_Tutorials/04_Site_Search.md # docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md # docs/en/02_Developer_Guides/12_Search/01_Searchcontext.md # docs/en/02_Developer_Guides/13_i18n/index.md # docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md # docs/en/03_Upgrading/index.md # docs/en/changelogs/index.md # docs/en/howto/customize-cms-menu.md # docs/en/howto/navigation-menu.md # docs/en/index.md # docs/en/installation/index.md # docs/en/installation/windows-manual-iis-6.md # docs/en/misc/contributing/code.md # docs/en/misc/contributing/issues.md # docs/en/misc/module-release-process.md # docs/en/reference/dataobject.md # docs/en/reference/execution-pipeline.md # docs/en/reference/grid-field.md # docs/en/reference/modeladmin.md # docs/en/reference/rssfeed.md # docs/en/reference/templates.md # docs/en/topics/commandline.md # docs/en/topics/debugging.md # docs/en/topics/email.md # docs/en/topics/forms.md # docs/en/topics/index.md # docs/en/topics/module-development.md # docs/en/topics/modules.md # docs/en/topics/page-type-templates.md # docs/en/topics/page-types.md # docs/en/topics/search.md # docs/en/topics/testing/index.md # docs/en/topics/testing/testing-guide-troubleshooting.md # docs/en/topics/theme-development.md # docs/en/tutorials/1-building-a-basic-site.md # docs/en/tutorials/2-extending-a-basic-site.md # docs/en/tutorials/3-forms.md # docs/en/tutorials/4-site-search.md # docs/en/tutorials/5-dataobject-relationship-management.md # docs/en/tutorials/building-a-basic-site.md # docs/en/tutorials/dataobject-relationship-management.md # docs/en/tutorials/extending-a-basic-site.md # docs/en/tutorials/forms.md # docs/en/tutorials/index.md # docs/en/tutorials/site-search.md # main.php # model/SQLQuery.php # security/ChangePasswordForm.php # security/MemberLoginForm.php # tests/control/ControllerTest.php # tests/core/startup/ParameterConfirmationTokenTest.php # tests/model/SQLQueryTest.php # tests/security/SecurityTest.php # tests/view/SSViewerTest.php # view/SSTemplateParser.php # view/SSTemplateParser.php.inc # view/SSViewer.php
2016-01-20 01:16:27 +01:00
);
2016-10-14 03:30:05 +02:00
protected $extraControllers = [
TestController::class,
AllowedController::class,
ControllerFormWithAllowedActions::class,
FieldController::class,
FormActionController::class
];
public function setUp() {
parent::setUp();
Director::config()->update('rules', array(
2014-03-30 08:51:38 +02:00
// If we don't request any variables, then the whole URL will get shifted off.
// This is fine, but it means that the controller will have to parse the Action from the URL itself.
2016-10-14 03:30:05 +02:00
'testGoodBase1' => TestController::class,
2014-03-30 08:51:38 +02:00
// The double-slash indicates how much of the URL should be shifted off the stack.
// This is important for dealing with nested request handlers appropriately.
2016-10-14 03:30:05 +02:00
'testGoodBase2//$Action/$ID/$OtherID' => TestController::class,
2014-08-15 08:53:05 +02:00
// By default, the entire URL will be shifted off. This creates a bit of
2014-03-30 08:51:38 +02:00
// backward-incompatability, but makes the URL rules much more explicit.
2016-10-14 03:30:05 +02:00
'testBadBase/$Action/$ID/$OtherID' => TestController::class,
2014-08-15 08:53:05 +02:00
// Rules with an extension always default to the index() action
2016-10-14 03:30:05 +02:00
'testBaseWithExtension/virtualfile.xml' => TestController::class,
2014-08-15 08:53:05 +02:00
// Without the extension, the methodname should be matched
2016-10-14 03:30:05 +02:00
'testBaseWithExtension//$Action/$ID/$OtherID' => TestController::class,
2014-08-15 08:53:05 +02:00
// Test nested base
2016-10-14 03:30:05 +02:00
'testParentBase/testChildBase//$Action/$ID/$OtherID' => TestController::class,
));
}
2014-08-15 08:53:05 +02:00
// public function testRequestHandlerChainingLatestParams() {
// $c = new RequestHandlingTest_Controller();
// $c->init();
2016-09-09 08:43:05 +02:00
// $response = $c->handleRequest(new HTTPRequest('GET', 'testGoodBase1/TestForm/fields/MyField'));
// $this->assertEquals(
// $c->getRequest()->latestParams(),
// array(
// 'Action' => 'fields',
// 'ID' => 'MyField'
// )
// );
// }
2014-08-15 08:53:05 +02:00
public function testConstructedWithNullRequest() {
$r = new RequestHandler();
$this->assertInstanceOf('SilverStripe\\Control\\NullHTTPRequest', $r->getRequest());
}
2014-08-15 08:53:05 +02:00
public function testRequestHandlerChainingAllParams() {
$this->markTestIncomplete();
}
2014-08-15 08:53:05 +02:00
public function testMethodCallingOnController() {
/* Calling a controller works just like it always has */
$response = Director::test("testGoodBase1");
$this->assertEquals("This is the controller", $response->getBody());
/* ID and OtherID are extracted from the URL and passed in $request->params. */
$response = Director::test("testGoodBase1/method/1/2");
$this->assertEquals("This is a method on the controller: 1, 2", $response->getBody());
/* In addition, these values are availalbe in $controller->urlParams. This is mainly for backward
* compatability. */
$response = Director::test("testGoodBase1/legacymethod/3/4");
$this->assertEquals("\$this->urlParams can be used, for backward compatibility: 3, 4", $response->getBody());
}
2014-08-15 08:53:05 +02:00
public function testPostRequests() {
/* The HTTP Request handler can trigger special behaviour for GET and POST. */
$response = Director::test("testGoodBase1/TestForm", array("MyField" => 3), null, "POST");
$this->assertEquals("Form posted", $response->getBody());
$response = Director::test("testGoodBase1/TestForm");
$this->assertEquals("Get request on form", $response->getBody());
}
public function testRequestHandlerChaining() {
/* Request handlers can be chained, from Director to Controller to Form to FormField. Here, we can make a get
request on a FormField. */
$response = Director::test("testGoodBase1/TestForm/fields/MyField");
$this->assertEquals("MyField requested", $response->getBody());
2014-08-15 08:53:05 +02:00
/* We can also make a POST request on a form field, which could be used for in-place editing, for example. */
$response = Director::test("testGoodBase1/TestForm/fields/MyField", array("MyField" => 5));
$this->assertEquals("MyField posted, update to 5", $response->getBody());
}
2014-08-15 08:53:05 +02:00
public function testBaseUrlPrefixed() {
$this->withBaseFolder('/silverstripe', function($test) {
2016-10-14 03:30:05 +02:00
$this->assertEquals(
'MyField requested',
Director::test('/silverstripe/testGoodBase1/TestForm/fields/MyField')->getBody()
);
2016-10-14 03:30:05 +02:00
$this->assertEquals(
'MyField posted, update to 5',
Director::test('/silverstripe/testGoodBase1/TestForm/fields/MyField', array('MyField' => 5))->getBody()
);
});
}
public function testBadBase() {
/* We no longer support using hacky attempting to handle URL parsing with broken rules */
$response = Director::test("testBadBase/method/1/2");
$this->assertNotEquals("This is a method on the controller: 1, 2", $response->getBody());
$response = Director::test("testBadBase/TestForm", array("MyField" => 3), null, "POST");
$this->assertNotEquals("Form posted", $response->getBody());
2014-08-15 08:53:05 +02:00
$response = Director::test("testBadBase/TestForm/fields/MyField");
$this->assertNotEquals("MyField requested", $response->getBody());
}
2014-08-15 08:53:05 +02:00
public function testBaseWithExtension() {
/* Rules with an extension always default to the index() action */
$response = Director::test("testBaseWithExtension/virtualfile.xml");
$this->assertEquals("This is the controller", $response->getBody());
2014-08-15 08:53:05 +02:00
/* Without the extension, the methodname should be matched */
$response = Director::test("testBaseWithExtension/virtualfile");
$this->assertEquals("This is the virtualfile method", $response->getBody());
}
2014-08-15 08:53:05 +02:00
public function testNestedBase() {
/* Nested base should leave out the two parts and correctly map arguments */
$response = Director::test("testParentBase/testChildBase/method/1/2");
$this->assertEquals("This is a method on the controller: 1, 2", $response->getBody());
}
2014-08-15 08:53:05 +02:00
public function testInheritedUrlHandlers() {
/* $url_handlers can be defined on any class, and */
$response = Director::test("testGoodBase1/TestForm/fields/SubclassedField/something");
$this->assertEquals("customSomething", $response->getBody());
/* However, if the subclass' url_handlers don't match, then the parent class' url_handlers will be used */
$response = Director::test("testGoodBase1/TestForm/fields/SubclassedField");
$this->assertEquals("SubclassedField requested", $response->getBody());
}
2014-08-15 08:53:05 +02:00
public function testDisallowedExtendedActions() {
/* Actions on an extension are allowed because they specifically provided appropriate allowed_actions items */
$response = Director::test("testGoodBase1/otherExtendedMethod");
$this->assertEquals("otherExtendedMethod", $response->getBody());
/* The failoverMethod action wasn't explicitly listed and so isnt' allowed */
$response = Director::test("testGoodBase1/failoverMethod");
$this->assertEquals(404, $response->getStatusCode());
2014-08-15 08:53:05 +02:00
/* However, on RequestHandlingTest_AllowedController it has been explicitly allowed */
2016-10-14 03:30:05 +02:00
$response = Director::test("AllowedController/failoverMethod");
$this->assertEquals("failoverMethod", $response->getBody());
2014-08-15 08:53:05 +02:00
/* The action on the extension is allowed when explicitly allowed on extension,
even if its not mentioned in controller */
2016-10-14 03:30:05 +02:00
$response = Director::test("AllowedController/extendedMethod");
$this->assertEquals(200, $response->getStatusCode());
2014-08-15 08:53:05 +02:00
/* This action has been blocked by an argument to a method */
2016-10-14 03:30:05 +02:00
$response = Director::test('AllowedController/blockMethod');
$this->assertEquals(403, $response->getStatusCode());
/* Whereas this one has been allowed by a method without an argument */
2016-10-14 03:30:05 +02:00
$response = Director::test('AllowedController/allowMethod');
$this->assertEquals('allowMethod', $response->getBody());
}
2014-08-15 08:53:05 +02:00
public function testHTTPException() {
2016-10-14 03:30:05 +02:00
$exception = Director::test('TestController/throwexception');
$this->assertEquals(400, $exception->getStatusCode());
$this->assertEquals('This request was invalid.', $exception->getBody());
2014-08-15 08:53:05 +02:00
2016-10-14 03:30:05 +02:00
$responseException = (Director::test('TestController/throwresponseexception'));
$this->assertEquals(500, $responseException->getStatusCode());
$this->assertEquals('There was an internal server error.', $responseException->getBody());
}
2014-08-15 08:53:05 +02:00
public function testHTTPError() {
2016-10-14 03:30:05 +02:00
RequestHandlingTest\ControllerExtension::$called_error = false;
RequestHandlingTest\ControllerExtension::$called_404_error = false;
2016-10-14 03:30:05 +02:00
$response = Director::test('TestController/throwhttperror');
Merge remote-tracking branch 'origin/3' # Conflicts: # control/Director.php # control/HTTP.php # core/startup/ParameterConfirmationToken.php # docs/en/00_Getting_Started/01_Installation/05_Common_Problems.md # docs/en/00_Getting_Started/04_Directory_Structure.md # docs/en/00_Getting_Started/05_Coding_Conventions.md # docs/en/01_Tutorials/01_Building_A_Basic_Site.md # docs/en/01_Tutorials/02_Extending_A_Basic_Site.md # docs/en/01_Tutorials/03_Forms.md # docs/en/01_Tutorials/04_Site_Search.md # docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md # docs/en/02_Developer_Guides/12_Search/01_Searchcontext.md # docs/en/02_Developer_Guides/13_i18n/index.md # docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md # docs/en/03_Upgrading/index.md # docs/en/changelogs/index.md # docs/en/howto/customize-cms-menu.md # docs/en/howto/navigation-menu.md # docs/en/index.md # docs/en/installation/index.md # docs/en/installation/windows-manual-iis-6.md # docs/en/misc/contributing/code.md # docs/en/misc/contributing/issues.md # docs/en/misc/module-release-process.md # docs/en/reference/dataobject.md # docs/en/reference/execution-pipeline.md # docs/en/reference/grid-field.md # docs/en/reference/modeladmin.md # docs/en/reference/rssfeed.md # docs/en/reference/templates.md # docs/en/topics/commandline.md # docs/en/topics/debugging.md # docs/en/topics/email.md # docs/en/topics/forms.md # docs/en/topics/index.md # docs/en/topics/module-development.md # docs/en/topics/modules.md # docs/en/topics/page-type-templates.md # docs/en/topics/page-types.md # docs/en/topics/search.md # docs/en/topics/testing/index.md # docs/en/topics/testing/testing-guide-troubleshooting.md # docs/en/topics/theme-development.md # docs/en/tutorials/1-building-a-basic-site.md # docs/en/tutorials/2-extending-a-basic-site.md # docs/en/tutorials/3-forms.md # docs/en/tutorials/4-site-search.md # docs/en/tutorials/5-dataobject-relationship-management.md # docs/en/tutorials/building-a-basic-site.md # docs/en/tutorials/dataobject-relationship-management.md # docs/en/tutorials/extending-a-basic-site.md # docs/en/tutorials/forms.md # docs/en/tutorials/index.md # docs/en/tutorials/site-search.md # main.php # model/SQLQuery.php # security/ChangePasswordForm.php # security/MemberLoginForm.php # tests/control/ControllerTest.php # tests/core/startup/ParameterConfirmationTokenTest.php # tests/model/SQLQueryTest.php # tests/security/SecurityTest.php # tests/view/SSViewerTest.php # view/SSTemplateParser.php # view/SSTemplateParser.php.inc # view/SSViewer.php
2016-01-20 01:16:27 +01:00
$this->assertEquals(404, $response->getStatusCode());
$this->assertEquals('This page does not exist.', $response->getBody());
2016-10-14 03:30:05 +02:00
// Confirm that RequestHandlingTest\ControllerExtension::onBeforeHTTPError() called
$this->assertTrue(RequestHandlingTest\ControllerExtension::$called_error);
// Confirm that RequestHandlingTest\ControllerExtension::onBeforeHTTPError404() called
$this->assertTrue(RequestHandlingTest\ControllerExtension::$called_404_error);
}
2014-08-15 08:53:05 +02:00
public function testMethodsOnParentClassesOfRequestHandlerDeclined() {
$response = Director::test('testGoodBase1/getIterator');
$this->assertEquals(404, $response->getStatusCode());
}
2014-08-15 08:53:05 +02:00
public function testFormActionsCanBypassAllowedActions() {
2014-08-15 08:53:05 +02:00
SecurityToken::enable();
2016-10-14 03:30:05 +02:00
$response = $this->get('FormActionController');
$this->assertEquals(200, $response->getStatusCode());
$tokenEls = $this->cssParser()->getBySelector('#Form_Form_SecurityID');
$securityId = (string)$tokenEls[0]['value'];
2014-08-15 08:53:05 +02:00
$data = array('action_formaction' => 1);
2016-10-14 03:30:05 +02:00
$response = $this->post('FormActionController/Form', $data);
$this->assertEquals(400, $response->getStatusCode(),
'Should fail: Invocation through POST form handler, not contained in $allowed_actions, without CSRF token'
);
2014-08-15 08:53:05 +02:00
$data = array('action_disallowedcontrollermethod' => 1, 'SecurityID' => $securityId);
2016-10-14 03:30:05 +02:00
$response = $this->post('FormActionController/Form', $data);
2014-08-15 08:53:05 +02:00
$this->assertEquals(403, $response->getStatusCode(),
'Should fail: Invocation through POST form handler, controller action instead of form action,'
.' not contained in $allowed_actions, with CSRF token'
);
2014-08-15 08:53:05 +02:00
$data = array('action_formaction' => 1, 'SecurityID' => $securityId);
2016-10-14 03:30:05 +02:00
$response = $this->post('FormActionController/Form', $data);
$this->assertEquals(200, $response->getStatusCode());
2014-08-15 08:53:05 +02:00
$this->assertEquals('formaction', $response->getBody(),
'Should pass: Invocation through POST form handler, not contained in $allowed_actions, with CSRF token'
);
2014-08-15 08:53:05 +02:00
$data = array('action_controlleraction' => 1, 'SecurityID' => $securityId);
2016-10-14 03:30:05 +02:00
$response = $this->post('FormActionController/Form', $data);
2014-08-15 08:53:05 +02:00
$this->assertEquals(200, $response->getStatusCode(),
'Should pass: Invocation through POST form handler, controller action instead of form action, contained in'
. ' $allowed_actions, with CSRF token'
);
2014-08-15 08:53:05 +02:00
$data = array('action_formactionInAllowedActions' => 1);
2016-10-14 03:30:05 +02:00
$response = $this->post('FormActionController/Form', $data);
$this->assertEquals(400, $response->getStatusCode(),
'Should fail: Invocation through POST form handler, contained in $allowed_actions, without CSRF token'
);
2014-08-15 08:53:05 +02:00
$data = array('action_formactionInAllowedActions' => 1, 'SecurityID' => $securityId);
2016-10-14 03:30:05 +02:00
$response = $this->post('FormActionController/Form', $data);
$this->assertEquals(200, $response->getStatusCode(),
'Should pass: Invocation through POST form handler, contained in $allowed_actions, with CSRF token'
);
2014-08-15 08:53:05 +02:00
$data = array();
2016-10-14 03:30:05 +02:00
$response = $this->post('FormActionController/formaction', $data);
$this->assertEquals(404, $response->getStatusCode(),
'Should fail: Invocation through POST URL, not contained in $allowed_actions, without CSRF token'
);
2014-08-15 08:53:05 +02:00
$data = array();
2016-10-14 03:30:05 +02:00
$response = $this->post('FormActionController/formactionInAllowedActions', $data);
$this->assertEquals(200, $response->getStatusCode(),
'Should pass: Invocation of form action through POST URL, contained in $allowed_actions, without CSRF token'
);
2014-08-15 08:53:05 +02:00
$data = array('SecurityID' => $securityId);
2016-10-14 03:30:05 +02:00
$response = $this->post('FormActionController/formactionInAllowedActions', $data);
$this->assertEquals(200, $response->getStatusCode(),
'Should pass: Invocation of form action through POST URL, contained in $allowed_actions, with CSRF token'
);
2014-08-15 08:53:05 +02:00
$data = array(); // CSRF protection doesnt kick in for direct requests
2016-10-14 03:30:05 +02:00
$response = $this->post('FormActionController/formactionInAllowedActions', $data);
$this->assertEquals(200, $response->getStatusCode(),
'Should pass: Invocation of form action through POST URL, contained in $allowed_actions, without CSRF token'
);
2014-08-15 08:53:05 +02:00
SecurityToken::disable();
}
2014-08-15 08:53:05 +02:00
public function testAllowedActionsEnforcedOnForm() {
$data = array('action_allowedformaction' => 1);
2016-10-14 03:30:05 +02:00
$response = $this->post('ControllerFormWithAllowedActions/Form', $data);
$this->assertEquals(200, $response->getStatusCode());
$this->assertEquals('allowedformaction', $response->getBody());
2014-08-15 08:53:05 +02:00
$data = array('action_disallowedformaction' => 1);
2016-10-14 03:30:05 +02:00
$response = $this->post('ControllerFormWithAllowedActions/Form', $data);
$this->assertEquals(403, $response->getStatusCode());
// Note: Looks for a specific 403 thrown by Form->httpSubmission(), not RequestHandler->handleRequest()
$this->assertContains('not allowed on form', $response->getBody());
}
2014-08-15 08:53:05 +02:00
public function testActionHandlingOnField() {
$data = array('action_actionOnField' => 1);
2016-10-14 03:30:05 +02:00
$response = $this->post('FieldController/TestForm', $data);
$this->assertEquals(200, $response->getStatusCode());
$this->assertEquals('Test method on MyField', $response->getBody());
2014-08-15 08:53:05 +02:00
$data = array('action_actionNotAllowedOnField' => 1);
2016-10-14 03:30:05 +02:00
$response = $this->post('FieldController/TestForm', $data);
$this->assertEquals(404, $response->getStatusCode());
}
2014-08-15 08:53:05 +02:00
}