silverstripe-framework/tests/php/Forms/GridField/GridFieldDeleteActionTest.php

<?php

namespace SilverStripe\Forms\Tests\GridField;

use SilverStripe\Control\HTTPResponse_Exception;
use SilverStripe\Forms\Tests\GridField\GridFieldTest\Cheerleader;
use SilverStripe\Forms\Tests\GridField\GridFieldTest\Permissions;
use SilverStripe\Forms\Tests\GridField\GridFieldTest\Player;
use SilverStripe\Forms\Tests\GridField\GridFieldTest\Team;
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\DataList;
use SilverStripe\ORM\ValidationException;
use SilverStripe\Security\Member;
use SilverStripe\Security\SecurityToken;
use SilverStripe\Dev\CSSContentParser;
use SilverStripe\Dev\SapphireTest;
use SilverStripe\Control\Controller;
use SilverStripe\Control\HTTPRequest;
use SilverStripe\Control\Session;
use SilverStripe\Forms\FieldList;
use SilverStripe\Forms\Form;
use SilverStripe\Forms\GridField\GridFieldConfig;
use SilverStripe\Forms\GridField\GridFieldDeleteAction;
use SilverStripe\Forms\GridField\GridField;

class GridFieldDeleteActionTest extends SapphireTest {

	/** @var ArrayList */
	protected $list;

	/** @var GridField */
	protected $gridField;

	/** @var Form */
	protected $form;

	/** @var string */
	protected static $fixture_file = 'GridFieldActionTest.yml';

	/** @var array */
	protected $extraDataObjects = [
		Team::class,
		Cheerleader::class,
		Player::class,
		Permissions::class
	];

	public function setUp() {
		parent::setUp();
		$this->list = new DataList(Team::class);
		$config = GridFieldConfig::create()->addComponent(new GridFieldDeleteAction());
		$this->gridField = new GridField('testfield', 'testfield', $this->list, $config);
		$this->form = new Form(new Controller(), 'mockform', new FieldList(array($this->gridField)), new FieldList());
	}

	public function testDontShowDeleteButtons() {
		if(Member::currentUser()) { Member::currentUser()->logOut(); }
		$content = new CSSContentParser($this->gridField->FieldHolder());
		// Check that there are content
		$this->assertEquals(4, count($content->getBySelector('.ss-gridfield-item')));
		// Make sure that there are no delete buttons
		$this->assertEquals(0, count($content->getBySelector('.gridfield-button-delete')),
			'Delete buttons should not show when not logged in.');
	}

	public function testShowDeleteButtonsWithAdminPermission() {
		$this->logInWithPermission('ADMIN');
		$content = new CSSContentParser($this->gridField->FieldHolder());
		$deleteButtons = $content->getBySelector('.gridfield-button-delete');
		$this->assertEquals(3, count($deleteButtons), 'Delete buttons should show when logged in.');
	}

	public function testActionsRequireCSRF() {
		$this->logInWithPermission('ADMIN');
		$this->setExpectedException(
			HTTPResponse_Exception::class,
			_t("Form.CSRF_FAILED_MESSAGE",
				"There seems to have been a technical problem. Please click the back button, ".
				"refresh your browser, and try again."
			),
			400
		);
		$stateID = 'testGridStateActionField';
		$request = new HTTPRequest(
			'POST',
			'url',
			array(),
			array(
				'action_gridFieldAlterAction?StateID='.$stateID,
				'SecurityID' => null,
			)
		);
		$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
	}

	public function testDeleteActionWithoutCorrectPermission() {
		if(Member::currentUser()) {
			Member::currentUser()->logOut();
		}
		$this->setExpectedException(ValidationException::class);

		$stateID = 'testGridStateActionField';
		Session::set(
			$stateID,
			array(
				'grid' => '',
				'actionName' => 'deleterecord',
				'args' => array(
					'RecordID' => $this->idFromFixture(Team::class, 'team1')
				)
			)
		);
		$token = SecurityToken::inst();
		$request = new HTTPRequest(
			'POST',
			'url',
			array(),
			array(
				'action_gridFieldAlterAction?StateID='.$stateID => true,
				$token->getName() => $token->getValue(),
			)
		);
		$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
		$this->assertEquals(3, $this->list->count(),
			'User should\'t be able to delete records without correct permissions.');
	}

	public function testDeleteActionWithAdminPermission() {
		$this->logInWithPermission('ADMIN');
		$stateID = 'testGridStateActionField';
		Session::set(
			$stateID,
			array(
				'grid'=>'',
				'actionName'=>'deleterecord',
				'args' => array(
					'RecordID' => $this->idFromFixture(Team::class, 'team1')
				)
			)
		);
		$token = SecurityToken::inst();
		$request = new HTTPRequest(
			'POST',
			'url',
			array(),
			array(
				'action_gridFieldAlterAction?StateID='.$stateID=>true,
				$token->getName() => $token->getValue(),
			)
		);
		$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
		$this->assertEquals(2, $this->list->count(), 'User should be able to delete records with ADMIN permission.');
	}

	public function testDeleteActionRemoveRelation() {
		$this->logInWithPermission('ADMIN');

		$config = GridFieldConfig::create()->addComponent(new GridFieldDeleteAction(true));

		$gridField = new GridField('testfield', 'testfield', $this->list, $config);
		$form = new Form(new Controller(), 'mockform', new FieldList(array($this->gridField)), new FieldList());

		$stateID = 'testGridStateActionField';
		Session::set(
			$stateID,
			array(
				'grid'=>'',
				'actionName'=>'deleterecord',
				'args' => array(
					'RecordID' => $this->idFromFixture(Team::class, 'team1')
				)
			)
		);
		$token = SecurityToken::inst();
		$request = new HTTPRequest(
			'POST',
			'url',
			array(),
			array(
				'action_gridFieldAlterAction?StateID='.$stateID=>true,
				$token->getName() => $token->getValue(),
			)
		);
		$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
		$this->assertEquals(2, $this->list->count(), 'User should be able to delete records with ADMIN permission.');

	}
}