From 7b8bdca93133fbc6f382f00f6ea7dba5b556a1a1 Mon Sep 17 00:00:00 2001
From: Sam Minnee <sam@silverstripe.com>
Date: Mon, 19 Oct 2009 05:28:59 +0000
Subject: [PATCH] MINOR: Made security fixture set-up tigher in tests and other
 bugfixes.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89458 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 tests/SiteTreeActionsTest.php     | 43 +++++++++++++++++--------------
 tests/SiteTreePermissionsTest.php |  2 ++
 2 files changed, 26 insertions(+), 19 deletions(-)

diff --git a/tests/SiteTreeActionsTest.php b/tests/SiteTreeActionsTest.php
index 0f82a0837..f63dbf339 100644
--- a/tests/SiteTreeActionsTest.php
+++ b/tests/SiteTreeActionsTest.php
@@ -31,14 +31,14 @@ class SiteTreeActionsTest extends FunctionalTest {
 	function testActionsReadonly() {
 		if(class_exists('SiteTreeCMSWorkflow')) return true;
 		
+		$readonlyEditor = $this->objFromFixture('Member', 'cmsreadonlyeditor');
+		$this->session()->inst_set('loggedInAs', $readonlyEditor->ID);
+	
 		$page = new SiteTreeActionsTest_Page();
 		$page->CanEditType = 'LoggedInUsers';
 		$page->write();
 		$page->doPublish();
 	
-		$readonlyEditor = $this->objFromFixture('Member', 'cmsreadonlyeditor');
-		$this->session()->inst_set('loggedInAs', $readonlyEditor->ID);
-	
 		$actionsArr = $page->getCMSActions()->column('Name');
 	
 		$this->assertNotContains('action_save',$actionsArr);
@@ -52,39 +52,44 @@ class SiteTreeActionsTest extends FunctionalTest {
 	
 	function testActionsNoDeletePublishedRecord() {
 		if(class_exists('SiteTreeCMSWorkflow')) return true;
+
+		$this->logInWithPermssion('ADMIN');
 		
 		$page = new SiteTreeActionsTest_Page();
 		$page->CanEditType = 'LoggedInUsers';
-		$pageID = $page->ID;
 		$page->write();
+		$pageID = $page->ID;
 		$page->doPublish();
 		$page->deleteFromStage('Stage');
 		
 		// Get the live version of the page
 		$page = Versioned::get_one_by_stage("SiteTree", "Live", "\"SiteTree\".\"ID\" = $pageID");
-	
+		$this->assertType("SiteTree", $page);
+		
+		// Check that someone without the right permission can't delete the page
 		$editor = $this->objFromFixture('Member', 'cmsnodeleteeditor');
 		$this->session()->inst_set('loggedInAs', $editor->ID);
-	
+
 		$actionsArr = $page->getCMSActions()->column('Name');
-	
-		$this->assertContains('action_save',$actionsArr);
-		$this->assertContains('action_publish',$actionsArr);
-		$this->assertNotContains('action_delete',$actionsArr);
 		$this->assertNotContains('action_deletefromlive',$actionsArr);
+
+		// Check that someone with the right permission can delete the page
+ 		$this->objFromFixture('Member', 'cmseditor')->logIn();
+		$actionsArr = $page->getCMSActions()->column('Name');
+		$this->assertContains('action_deletefromlive',$actionsArr);
 	}
 
 	function testActionsPublishedRecord() {
 		if(class_exists('SiteTreeCMSWorkflow')) return true;
+
+		$author = $this->objFromFixture('Member', 'cmseditor');
+		$this->session()->inst_set('loggedInAs', $author->ID);
 		
 		$page = new Page();
 		$page->CanEditType = 'LoggedInUsers';
 		$page->write();
 		$page->doPublish();
 	
-		$author = $this->objFromFixture('Member', 'cmseditor');
-		$this->session()->inst_set('loggedInAs', $author->ID);
-	
 		$actionsArr = $page->getCMSActions()->column('Name');
 	
 		$this->assertContains('action_save',$actionsArr);
@@ -98,6 +103,9 @@ class SiteTreeActionsTest extends FunctionalTest {
 	
 	function testActionsDeletedFromStageRecord() {
 		if(class_exists('SiteTreeCMSWorkflow')) return true;
+
+		$author = $this->objFromFixture('Member', 'cmseditor');
+		$this->session()->inst_set('loggedInAs', $author->ID);
 		
 		$page = new Page();
 		$page->CanEditType = 'LoggedInUsers';
@@ -109,9 +117,6 @@ class SiteTreeActionsTest extends FunctionalTest {
 		// Get the live version of the page
 		$page = Versioned::get_one_by_stage("SiteTree", "Live", "\"SiteTree\".\"ID\" = $pageID");
 		
-		$author = $this->objFromFixture('Member', 'cmseditor');
-		$this->session()->inst_set('loggedInAs', $author->ID);
-		
 		$actionsArr = $page->getCMSActions()->column('Name');
 		
 		$this->assertNotContains('action_save',$actionsArr);
@@ -126,6 +131,9 @@ class SiteTreeActionsTest extends FunctionalTest {
 	function testActionsChangedOnStageRecord() {
 		if(class_exists('SiteTreeCMSWorkflow')) return true;
 		
+		$author = $this->objFromFixture('Member', 'cmseditor');
+		$this->session()->inst_set('loggedInAs', $author->ID);
+		
 		$page = new Page();
 		$page->CanEditType = 'LoggedInUsers';
 		$page->write();
@@ -134,9 +142,6 @@ class SiteTreeActionsTest extends FunctionalTest {
 		$page->write();
 		$page->flushCache();
 		
-		$author = $this->objFromFixture('Member', 'cmseditor');
-		$this->session()->inst_set('loggedInAs', $author->ID);
-		
 		$actionsArr = $page->getCMSActions()->column('Name');
 		
 		$this->assertContains('action_save',$actionsArr);
diff --git a/tests/SiteTreePermissionsTest.php b/tests/SiteTreePermissionsTest.php
index cc74083ec..713a26f1c 100755
--- a/tests/SiteTreePermissionsTest.php
+++ b/tests/SiteTreePermissionsTest.php
@@ -258,6 +258,8 @@ class SiteTreePermissionsTest extends FunctionalTest {
 		$page = $this->objFromFixture('Page', 'restrictedEditLoggedInUsers');
 		$pageID = $page->ID;
 		
+		$this->logInWithPermssion("ADMIN");
+		
 		$page->doPublish();
 		$page->deleteFromStage('Stage');