silverstripe-subsites/tests/php/SubsiteAdminFunctionalTest.php

<?php

namespace SilverStripe\Subsites\Tests;

use SilverStripe\Security\Member;
use SilverStripe\Control\Session;
use SilverStripe\Core\Config\Config;
use SilverStripe\CMS\Controllers\CMSPageEditController;
use SilverStripe\Dev\FunctionalTest;
use SilverStripe\Subsites\Controller\SubsiteXHRController;
use SilverStripe\Subsites\Model\Subsite;

class SubsiteAdminFunctionalTest extends FunctionalTest
{
    public static $fixture_file = 'subsites/tests/php/SubsiteTest.yml';
    public static $use_draft_site = true;

	protected $autoFollowRedirection = false;

    /**
     * Helper: FunctionalTest is only able to follow redirection once, we want to go all the way.
     */
    public function getAndFollowAll($url)
    {
        $response = $this->get($url);
        while ($location = $response->getHeader('Location')) {
            $response = $this->mainSession->followRedirection();
        }
        echo $response->getHeader('Location');

		return $response;
	}

    /**
     * Anonymous user cannot access anything.
     */
    public function testAnonymousIsForbiddenAdminAccess()
    {
        $response = $this->getAndFollowAll('admin/pages/?SubsiteID=0');
        $this->assertRegExp('#^Security/login.*#', $this->mainSession->lastUrl(), 'Admin is disallowed');

        $subsite1 = $this->objFromFixture(Subsite::class, 'subsite1');
        $response = $this->getAndFollowAll("admin/pages/?SubsiteID={$subsite1->ID}");
        $this->assertRegExp('#^Security/login.*#', $this->mainSession->lastUrl(), 'Admin is disallowed');

        $response = $this->getAndFollowAll('SubsiteXHRController');
        $this->assertRegExp('#^Security/login.*#', $this->mainSession->lastUrl(),
            'SubsiteXHRController is disallowed');
    }

    /**
     * Admin should be able to access all subsites and the main site
     */
    public function testAdminCanAccessAllSubsites()
    {
        $member = $this->objFromFixture(Member::class, 'admin');
        Session::set('loggedInAs', $member->ID);

        $this->getAndFollowAll('admin/pages/?SubsiteID=0');
        $this->assertEquals(Subsite::currentSubsiteID(), '0', 'Can access main site.');
        $this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');

        $subsite1 = $this->objFromFixture(Subsite::class, 'subsite1');
        $this->getAndFollowAll("admin/pages/?SubsiteID={$subsite1->ID}");
        $this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Can access other subsite.');
        $this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');

        $response = $this->getAndFollowAll(SubsiteXHRController::class);
        $this->assertNotRegExp('#^Security/login.*#', $this->mainSession->lastUrl(),
            'SubsiteXHRController is reachable');
    }

    public function testAdminIsRedirectedToObjectsSubsite()
    {
        $member = $this->objFromFixture(Member::class, 'admin');
        Session::set('loggedInAs', $member->ID);

        $mainSubsitePage = $this->objFromFixture('Page', 'mainSubsitePage');
        $subsite1Home = $this->objFromFixture('Page', 'subsite1_home');

		Config::nest();

        Config::modify()->set(CMSPageEditController::class, 'treats_subsite_0_as_global', false);
        Subsite::changeSubsite(0);
        $this->getAndFollowAll("admin/pages/edit/show/$subsite1Home->ID");
        $this->assertEquals(Subsite::currentSubsiteID(), $subsite1Home->SubsiteID, 'Loading an object switches the subsite');
        $this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');

        Config::modify()->set(CMSPageEditController::class, 'treats_subsite_0_as_global', true);
        Subsite::changeSubsite(0);
        $this->getAndFollowAll("admin/pages/edit/show/$subsite1Home->ID");
        $this->assertEquals(Subsite::currentSubsiteID(), $subsite1Home->SubsiteID, 'Loading a non-main-site object still switches the subsite if configured with treats_subsite_0_as_global');
        $this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');

        $this->getAndFollowAll("admin/pages/edit/show/$mainSubsitePage->ID");
        $this->assertNotEquals(Subsite::currentSubsiteID(), $mainSubsitePage->SubsiteID, 'Loading a main-site object does not change the subsite if configured with treats_subsite_0_as_global');
        $this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');

		Config::unnest();
	}

    /**
     * User which has AccessAllSubsites set to 1 should be able to access all subsites and main site,
     * even though he does not have the ADMIN permission.
     */
    public function testEditorCanAccessAllSubsites()
    {
        $member = $this->objFromFixture(Member::class, 'editor');
        Session::set('loggedInAs', $member->ID);

		$this->getAndFollowAll('admin/pages/?SubsiteID=0');
		$this->assertEquals(Subsite::currentSubsiteID(), '0', 'Can access main site.');
		$this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');

        $subsite1 = $this->objFromFixture(Subsite::class, 'subsite1');
        $this->getAndFollowAll("admin/pages/?SubsiteID={$subsite1->ID}");
        $this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Can access other subsite.');
        $this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');

        $response = $this->getAndFollowAll('SubsiteXHRController');
        $this->assertNotRegExp('#^Security/login.*#', $this->mainSession->lastUrl(),
            'SubsiteXHRController is reachable');
    }

    /**
     * Test a member who only has access to one subsite (subsite1) and only some sections (pages and security).
     */
    public function testSubsiteAdmin()
    {
        $member = $this->objFromFixture(Member::class, 'subsite1member');
        Session::set('loggedInAs', $member->ID);

        $subsite1 = $this->objFromFixture(Subsite::class, 'subsite1');

		// Check allowed URL.
		$this->getAndFollowAll("admin/pages/?SubsiteID={$subsite1->ID}");
		$this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Can access own subsite.');
		$this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Can access permitted section.');

		// Check forbidden section in allowed subsite.
		$this->getAndFollowAll("admin/assets/?SubsiteID={$subsite1->ID}");
		$this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Is redirected within subsite.');
		$this->assertNotRegExp('#^admin/assets/.*#', $this->mainSession->lastUrl(),
			'Is redirected away from forbidden section');

		// Check forbidden site, on a section that's allowed on another subsite
		$this->getAndFollowAll('admin/pages/?SubsiteID=0');
		$this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Is redirected to permitted subsite.');

		// Check forbidden site, on a section that's not allowed on any other subsite
		$this->getAndFollowAll('admin/assets/?SubsiteID=0');
		$this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Is redirected to first permitted subsite.');
		$this->assertNotRegExp('#^Security/login.*#', $this->mainSession->lastUrl(), 'Is not denied access');

        // Check the standalone XHR controller.
        $response = $this->getAndFollowAll(SubsiteXHRController::class);
        $this->assertNotRegExp('#^Security/login.*#', $this->mainSession->lastUrl(),
            'SubsiteXHRController is reachable');
    }
}
BUGFIX: Change the default setting to include the main site. Users able to AccessAllSites should be able to access the main site as well. 2011-04-11 02:59:42 +02:00			`<?php`

- namespacing all classes - moving all phpunit tests into tests/php - moving all extensions from _config.php into config.yml and removing obsolete _config.php - moving GridFieldSubsiteDetailForm_ItemRequest into own file (cherry picked from commit ee02828) 2017-04-23 22:23:34 +02:00			`namespace SilverStripe\Subsites\Tests;`

merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`use SilverStripe\Security\Member;`
SS4 namespaces compatibility 2016-09-22 16:38:29 +02:00			`use SilverStripe\Control\Session;`
			`use SilverStripe\Core\Config\Config;`
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`use SilverStripe\CMS\Controllers\CMSPageEditController;`
SS4 namespaces compatibility 2016-09-22 16:38:29 +02:00			`use SilverStripe\Dev\FunctionalTest;`
upgrade tests 2017-05-24 15:25:34 +02:00			`use SilverStripe\Subsites\Controller\SubsiteXHRController;`
reformat code and tests 2017-05-24 15:26:28 +02:00			`use SilverStripe\Subsites\Model\Subsite;`
upgrade tests 2017-05-24 15:25:34 +02:00
reformat code and tests 2017-05-24 15:26:28 +02:00			`class SubsiteAdminFunctionalTest extends FunctionalTest`
			`{`
fixing tests: adjusting yml file, update Config::modify usage 2017-05-30 15:14:28 +02:00			`public static $fixture_file = 'subsites/tests/php/SubsiteTest.yml';`
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`public static $use_draft_site = true;`
reformat code and tests 2017-05-24 15:26:28 +02:00
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`protected $autoFollowRedirection = false;`
reformat code and tests 2017-05-24 15:26:28 +02:00
			`/**`
			`* Helper: FunctionalTest is only able to follow redirection once, we want to go all the way.`
			`*/`
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`public function getAndFollowAll($url)`
reformat code and tests 2017-05-24 15:26:28 +02:00			`{`
			`$response = $this->get($url);`
			`while ($location = $response->getHeader('Location')) {`
			`$response = $this->mainSession->followRedirection();`
			`}`
			`echo $response->getHeader('Location');`

merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`return $response;`
			`}`
reformat code and tests 2017-05-24 15:26:28 +02:00
			`/**`
			`* Anonymous user cannot access anything.`
			`*/`
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`public function testAnonymousIsForbiddenAdminAccess()`
reformat code and tests 2017-05-24 15:26:28 +02:00			`{`
			`$response = $this->getAndFollowAll('admin/pages/?SubsiteID=0');`
			`$this->assertRegExp('#^Security/login.*#', $this->mainSession->lastUrl(), 'Admin is disallowed');`

			`$subsite1 = $this->objFromFixture(Subsite::class, 'subsite1');`
			`$response = $this->getAndFollowAll("admin/pages/?SubsiteID={$subsite1->ID}");`
			`$this->assertRegExp('#^Security/login.*#', $this->mainSession->lastUrl(), 'Admin is disallowed');`

merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`$response = $this->getAndFollowAll('SubsiteXHRController');`
reformat code and tests 2017-05-24 15:26:28 +02:00			`$this->assertRegExp('#^Security/login.*#', $this->mainSession->lastUrl(),`
			`'SubsiteXHRController is disallowed');`
			`}`

			`/**`
			`* Admin should be able to access all subsites and the main site`
			`*/`
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`public function testAdminCanAccessAllSubsites()`
reformat code and tests 2017-05-24 15:26:28 +02:00			`{`
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`$member = $this->objFromFixture(Member::class, 'admin');`
fixing code analysis: safely use single quotes 2017-06-01 14:49:55 +02:00			`Session::set('loggedInAs', $member->ID);`
reformat code and tests 2017-05-24 15:26:28 +02:00
			`$this->getAndFollowAll('admin/pages/?SubsiteID=0');`
			`$this->assertEquals(Subsite::currentSubsiteID(), '0', 'Can access main site.');`
			`$this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');`

			`$subsite1 = $this->objFromFixture(Subsite::class, 'subsite1');`
			`$this->getAndFollowAll("admin/pages/?SubsiteID={$subsite1->ID}");`
			`$this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Can access other subsite.');`
			`$this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');`

			`$response = $this->getAndFollowAll(SubsiteXHRController::class);`
			`$this->assertNotRegExp('#^Security/login.*#', $this->mainSession->lastUrl(),`
			`'SubsiteXHRController is reachable');`
			`}`

merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`public function testAdminIsRedirectedToObjectsSubsite()`
reformat code and tests 2017-05-24 15:26:28 +02:00			`{`
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`$member = $this->objFromFixture(Member::class, 'admin');`
fixing code analysis: safely use single quotes 2017-06-01 14:49:55 +02:00			`Session::set('loggedInAs', $member->ID);`
reformat code and tests 2017-05-24 15:26:28 +02:00
			`$mainSubsitePage = $this->objFromFixture('Page', 'mainSubsitePage');`
			`$subsite1Home = $this->objFromFixture('Page', 'subsite1_home');`

Get some more tests working Updating config and i18n calls 2017-05-30 17:35:02 +02:00			`Config::nest();`
reformat code and tests 2017-05-24 15:26:28 +02:00
fixing tests: adjusting yml file, update Config::modify usage 2017-05-30 15:14:28 +02:00			`Config::modify()->set(CMSPageEditController::class, 'treats_subsite_0_as_global', false);`
reformat code and tests 2017-05-24 15:26:28 +02:00			`Subsite::changeSubsite(0);`
			`$this->getAndFollowAll("admin/pages/edit/show/$subsite1Home->ID");`
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`$this->assertEquals(Subsite::currentSubsiteID(), $subsite1Home->SubsiteID, 'Loading an object switches the subsite');`
fixing code analysis: safely use single quotes 2017-06-01 14:49:55 +02:00			`$this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');`
reformat code and tests 2017-05-24 15:26:28 +02:00
fixing tests: adjusting yml file, update Config::modify usage 2017-05-30 15:14:28 +02:00			`Config::modify()->set(CMSPageEditController::class, 'treats_subsite_0_as_global', true);`
reformat code and tests 2017-05-24 15:26:28 +02:00			`Subsite::changeSubsite(0);`
			`$this->getAndFollowAll("admin/pages/edit/show/$subsite1Home->ID");`
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`$this->assertEquals(Subsite::currentSubsiteID(), $subsite1Home->SubsiteID, 'Loading a non-main-site object still switches the subsite if configured with treats_subsite_0_as_global');`
fixing code analysis: safely use single quotes 2017-06-01 14:49:55 +02:00			`$this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');`
reformat code and tests 2017-05-24 15:26:28 +02:00
			`$this->getAndFollowAll("admin/pages/edit/show/$mainSubsitePage->ID");`
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`$this->assertNotEquals(Subsite::currentSubsiteID(), $mainSubsitePage->SubsiteID, 'Loading a main-site object does not change the subsite if configured with treats_subsite_0_as_global');`
fixing code analysis: safely use single quotes 2017-06-01 14:49:55 +02:00			`$this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');`
reformat code and tests 2017-05-24 15:26:28 +02:00
Get some more tests working Updating config and i18n calls 2017-05-30 17:35:02 +02:00			`Config::unnest();`
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`}`
reformat code and tests 2017-05-24 15:26:28 +02:00
			`/**`
			`* User which has AccessAllSubsites set to 1 should be able to access all subsites and main site,`
			`* even though he does not have the ADMIN permission.`
			`*/`
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`public function testEditorCanAccessAllSubsites()`
reformat code and tests 2017-05-24 15:26:28 +02:00			`{`
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`$member = $this->objFromFixture(Member::class, 'editor');`
fixing code analysis: safely use single quotes 2017-06-01 14:49:55 +02:00			`Session::set('loggedInAs', $member->ID);`
reformat code and tests 2017-05-24 15:26:28 +02:00
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`$this->getAndFollowAll('admin/pages/?SubsiteID=0');`
			`$this->assertEquals(Subsite::currentSubsiteID(), '0', 'Can access main site.');`
			`$this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');`
reformat code and tests 2017-05-24 15:26:28 +02:00
			`$subsite1 = $this->objFromFixture(Subsite::class, 'subsite1');`
			`$this->getAndFollowAll("admin/pages/?SubsiteID={$subsite1->ID}");`
			`$this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Can access other subsite.');`
			`$this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');`

merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`$response = $this->getAndFollowAll('SubsiteXHRController');`
reformat code and tests 2017-05-24 15:26:28 +02:00			`$this->assertNotRegExp('#^Security/login.*#', $this->mainSession->lastUrl(),`
			`'SubsiteXHRController is reachable');`
			`}`

			`/**`
			`* Test a member who only has access to one subsite (subsite1) and only some sections (pages and security).`
			`*/`
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`public function testSubsiteAdmin()`
reformat code and tests 2017-05-24 15:26:28 +02:00			`{`
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`$member = $this->objFromFixture(Member::class, 'subsite1member');`
fixing code analysis: safely use single quotes 2017-06-01 14:49:55 +02:00			`Session::set('loggedInAs', $member->ID);`
reformat code and tests 2017-05-24 15:26:28 +02:00
			`$subsite1 = $this->objFromFixture(Subsite::class, 'subsite1');`

merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`// Check allowed URL.`
			`$this->getAndFollowAll("admin/pages/?SubsiteID={$subsite1->ID}");`
			`$this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Can access own subsite.');`
			`$this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Can access permitted section.');`

			`// Check forbidden section in allowed subsite.`
			`$this->getAndFollowAll("admin/assets/?SubsiteID={$subsite1->ID}");`
			`$this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Is redirected within subsite.');`
			`$this->assertNotRegExp('#^admin/assets/.*#', $this->mainSession->lastUrl(),`
			`'Is redirected away from forbidden section');`

			`// Check forbidden site, on a section that's allowed on another subsite`
fixing code analysis: safely use single quotes 2017-06-01 14:49:55 +02:00			`$this->getAndFollowAll('admin/pages/?SubsiteID=0');`
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`$this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Is redirected to permitted subsite.');`

			`// Check forbidden site, on a section that's not allowed on any other subsite`
fixing code analysis: safely use single quotes 2017-06-01 14:49:55 +02:00			`$this->getAndFollowAll('admin/assets/?SubsiteID=0');`
merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00			`$this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Is redirected to first permitted subsite.');`
			`$this->assertNotRegExp('#^Security/login.*#', $this->mainSession->lastUrl(), 'Is not denied access');`
reformat code and tests 2017-05-24 15:26:28 +02:00
			`// Check the standalone XHR controller.`
			`$response = $this->getAndFollowAll(SubsiteXHRController::class);`
			`$this->assertNotRegExp('#^Security/login.*#', $this->mainSession->lastUrl(),`
			`'SubsiteXHRController is reachable');`
			`}`
BUGFIX: Change the default setting to include the main site. Users able to AccessAllSites should be able to access the main site as well. 2011-04-11 02:59:42 +02:00			`}`