silverstripe-framework/tests/php/Forms/GridField/GridFieldDeleteActionTest.php
Damian Mooyman 0c41a97a8b API Refactor Form request handling into FormRequestHandler
API Add HasRequestHandler interface
API Refactor Link() and url handling behaviour from Controller into RequestHandler
API RequestHandler classes now must define url_segment to have a default Link()
API Clean up redirectBack()
2017-03-10 15:04:33 +13:00

215 lines
6.8 KiB
PHP

<?php
namespace SilverStripe\Forms\Tests\GridField;
use SilverStripe\Control\HTTPResponse_Exception;
use SilverStripe\Forms\Tests\GridField\GridFieldTest\Cheerleader;
use SilverStripe\Forms\Tests\GridField\GridFieldTest\Permissions;
use SilverStripe\Forms\Tests\GridField\GridFieldTest\Player;
use SilverStripe\Forms\Tests\GridField\GridFieldTest\Team;
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\DataList;
use SilverStripe\ORM\ValidationException;
use SilverStripe\Security\Member;
use SilverStripe\Security\SecurityToken;
use SilverStripe\Dev\CSSContentParser;
use SilverStripe\Dev\SapphireTest;
use SilverStripe\Control\Controller;
use SilverStripe\Control\HTTPRequest;
use SilverStripe\Control\Session;
use SilverStripe\Forms\FieldList;
use SilverStripe\Forms\Form;
use SilverStripe\Forms\GridField\GridFieldConfig;
use SilverStripe\Forms\GridField\GridFieldDeleteAction;
use SilverStripe\Forms\GridField\GridField;
class GridFieldDeleteActionTest extends SapphireTest
{
/**
* @var ArrayList
*/
protected $list;
/**
* @var GridField
*/
protected $gridField;
/**
* @var Form
*/
protected $form;
/**
* @var string
*/
protected static $fixture_file = 'GridFieldActionTest.yml';
/**
* @var array
*/
protected $extraDataObjects = [
Team::class,
Cheerleader::class,
Player::class,
Permissions::class
];
public function setUp()
{
parent::setUp();
$this->list = new DataList(Team::class);
$config = GridFieldConfig::create()->addComponent(new GridFieldDeleteAction());
$this->gridField = new GridField('testfield', 'testfield', $this->list, $config);
$this->form = new Form(null, 'mockform', new FieldList(array($this->gridField)), new FieldList());
}
public function testDontShowDeleteButtons()
{
if (Member::currentUser()) {
Member::currentUser()->logOut();
}
$content = new CSSContentParser($this->gridField->FieldHolder());
// Check that there are content
$this->assertEquals(4, count($content->getBySelector('.ss-gridfield-item')));
// Make sure that there are no delete buttons
$this->assertEquals(
0,
count($content->getBySelector('.gridfield-button-delete')),
'Delete buttons should not show when not logged in.'
);
}
public function testShowDeleteButtonsWithAdminPermission()
{
$this->logInWithPermission('ADMIN');
$content = new CSSContentParser($this->gridField->FieldHolder());
$deleteButtons = $content->getBySelector('.gridfield-button-delete');
$this->assertEquals(3, count($deleteButtons), 'Delete buttons should show when logged in.');
}
public function testActionsRequireCSRF()
{
$this->logInWithPermission('ADMIN');
$this->setExpectedException(
HTTPResponse_Exception::class,
_t(
"Form.CSRF_FAILED_MESSAGE",
"There seems to have been a technical problem. Please click the back button, ".
"refresh your browser, and try again."
),
400
);
$stateID = 'testGridStateActionField';
$request = new HTTPRequest(
'POST',
'url',
array(),
array(
'action_gridFieldAlterAction?StateID='.$stateID,
'SecurityID' => null,
)
);
$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
}
public function testDeleteActionWithoutCorrectPermission()
{
if (Member::currentUser()) {
Member::currentUser()->logOut();
}
$this->setExpectedException(ValidationException::class);
$stateID = 'testGridStateActionField';
Session::set(
$stateID,
array(
'grid' => '',
'actionName' => 'deleterecord',
'args' => array(
'RecordID' => $this->idFromFixture(Team::class, 'team1')
)
)
);
$token = SecurityToken::inst();
$request = new HTTPRequest(
'POST',
'url',
array(),
array(
'action_gridFieldAlterAction?StateID='.$stateID => true,
$token->getName() => $token->getValue(),
)
);
$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
$this->assertEquals(
3,
$this->list->count(),
'User should\'t be able to delete records without correct permissions.'
);
}
public function testDeleteActionWithAdminPermission()
{
$this->logInWithPermission('ADMIN');
$stateID = 'testGridStateActionField';
Session::set(
$stateID,
array(
'grid'=>'',
'actionName'=>'deleterecord',
'args' => array(
'RecordID' => $this->idFromFixture(Team::class, 'team1')
)
)
);
$token = SecurityToken::inst();
$request = new HTTPRequest(
'POST',
'url',
array(),
array(
'action_gridFieldAlterAction?StateID='.$stateID=>true,
$token->getName() => $token->getValue(),
)
);
$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
$this->assertEquals(2, $this->list->count(), 'User should be able to delete records with ADMIN permission.');
}
public function testDeleteActionRemoveRelation()
{
$this->logInWithPermission('ADMIN');
$config = GridFieldConfig::create()->addComponent(new GridFieldDeleteAction(true));
$gridField = new GridField('testfield', 'testfield', $this->list, $config);
$form = new Form(null, 'mockform', new FieldList(array($this->gridField)), new FieldList());
$stateID = 'testGridStateActionField';
Session::set(
$stateID,
array(
'grid'=>'',
'actionName'=>'deleterecord',
'args' => array(
'RecordID' => $this->idFromFixture(Team::class, 'team1')
)
)
);
$token = SecurityToken::inst();
$request = new HTTPRequest(
'POST',
'url',
array(),
array(
'action_gridFieldAlterAction?StateID='.$stateID=>true,
$token->getName() => $token->getValue(),
)
);
$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
$this->assertEquals(2, $this->list->count(), 'User should be able to delete records with ADMIN permission.');
}
}