2011-04-11 02:59:42 +02:00
< ? php
2017-04-23 22:23:34 +02:00
namespace SilverStripe\Subsites\Tests ;
2017-05-29 13:42:42 +02:00
use SilverStripe\Security\Member ;
2016-09-22 16:38:29 +02:00
use SilverStripe\Control\Session ;
use SilverStripe\Core\Config\Config ;
2017-05-29 13:42:42 +02:00
use SilverStripe\CMS\Controllers\CMSPageEditController ;
2016-09-22 16:38:29 +02:00
use SilverStripe\Dev\FunctionalTest ;
2017-05-24 15:25:34 +02:00
use SilverStripe\Subsites\Controller\SubsiteXHRController ;
2017-05-24 15:26:28 +02:00
use SilverStripe\Subsites\Model\Subsite ;
2017-05-24 15:25:34 +02:00
2017-05-24 15:26:28 +02:00
class SubsiteAdminFunctionalTest extends FunctionalTest
{
2017-05-30 15:14:28 +02:00
public static $fixture_file = 'subsites/tests/php/SubsiteTest.yml' ;
2017-05-29 13:42:42 +02:00
public static $use_draft_site = true ;
2017-05-24 15:26:28 +02:00
2017-05-29 13:42:42 +02:00
protected $autoFollowRedirection = false ;
2017-05-24 15:26:28 +02:00
/**
* Helper : FunctionalTest is only able to follow redirection once , we want to go all the way .
2017-06-01 15:10:07 +02:00
* @ param $url
* @ return \SilverStripe\Control\HTTPResponse
2017-05-24 15:26:28 +02:00
*/
2017-05-29 13:42:42 +02:00
public function getAndFollowAll ( $url )
2017-05-24 15:26:28 +02:00
{
$response = $this -> get ( $url );
while ( $location = $response -> getHeader ( 'Location' )) {
$response = $this -> mainSession -> followRedirection ();
}
echo $response -> getHeader ( 'Location' );
2017-05-29 13:42:42 +02:00
return $response ;
}
2017-05-24 15:26:28 +02:00
/**
* Anonymous user cannot access anything .
*/
2017-05-29 13:42:42 +02:00
public function testAnonymousIsForbiddenAdminAccess ()
2017-05-24 15:26:28 +02:00
{
$response = $this -> getAndFollowAll ( 'admin/pages/?SubsiteID=0' );
$this -> assertRegExp ( '#^Security/login.*#' , $this -> mainSession -> lastUrl (), 'Admin is disallowed' );
$subsite1 = $this -> objFromFixture ( Subsite :: class , 'subsite1' );
$response = $this -> getAndFollowAll ( " admin/pages/?SubsiteID= { $subsite1 -> ID } " );
$this -> assertRegExp ( '#^Security/login.*#' , $this -> mainSession -> lastUrl (), 'Admin is disallowed' );
2017-05-29 13:42:42 +02:00
$response = $this -> getAndFollowAll ( 'SubsiteXHRController' );
2017-05-24 15:26:28 +02:00
$this -> assertRegExp ( '#^Security/login.*#' , $this -> mainSession -> lastUrl (),
'SubsiteXHRController is disallowed' );
}
/**
* Admin should be able to access all subsites and the main site
*/
2017-05-29 13:42:42 +02:00
public function testAdminCanAccessAllSubsites ()
2017-05-24 15:26:28 +02:00
{
2017-05-29 13:42:42 +02:00
$member = $this -> objFromFixture ( Member :: class , 'admin' );
2017-06-01 14:49:55 +02:00
Session :: set ( 'loggedInAs' , $member -> ID );
2017-05-24 15:26:28 +02:00
$this -> getAndFollowAll ( 'admin/pages/?SubsiteID=0' );
$this -> assertEquals ( Subsite :: currentSubsiteID (), '0' , 'Can access main site.' );
$this -> assertRegExp ( '#^admin/pages.*#' , $this -> mainSession -> lastUrl (), 'Lands on the correct section' );
$subsite1 = $this -> objFromFixture ( Subsite :: class , 'subsite1' );
$this -> getAndFollowAll ( " admin/pages/?SubsiteID= { $subsite1 -> ID } " );
$this -> assertEquals ( Subsite :: currentSubsiteID (), $subsite1 -> ID , 'Can access other subsite.' );
$this -> assertRegExp ( '#^admin/pages.*#' , $this -> mainSession -> lastUrl (), 'Lands on the correct section' );
$response = $this -> getAndFollowAll ( SubsiteXHRController :: class );
$this -> assertNotRegExp ( '#^Security/login.*#' , $this -> mainSession -> lastUrl (),
'SubsiteXHRController is reachable' );
}
2017-05-29 13:42:42 +02:00
public function testAdminIsRedirectedToObjectsSubsite ()
2017-05-24 15:26:28 +02:00
{
2017-05-29 13:42:42 +02:00
$member = $this -> objFromFixture ( Member :: class , 'admin' );
2017-06-01 14:49:55 +02:00
Session :: set ( 'loggedInAs' , $member -> ID );
2017-05-24 15:26:28 +02:00
$mainSubsitePage = $this -> objFromFixture ( 'Page' , 'mainSubsitePage' );
$subsite1Home = $this -> objFromFixture ( 'Page' , 'subsite1_home' );
2017-05-30 17:35:02 +02:00
Config :: nest ();
2017-05-24 15:26:28 +02:00
2017-05-30 15:14:28 +02:00
Config :: modify () -> set ( CMSPageEditController :: class , 'treats_subsite_0_as_global' , false );
2017-05-24 15:26:28 +02:00
Subsite :: changeSubsite ( 0 );
$this -> getAndFollowAll ( " admin/pages/edit/show/ $subsite1Home->ID " );
2017-05-29 13:42:42 +02:00
$this -> assertEquals ( Subsite :: currentSubsiteID (), $subsite1Home -> SubsiteID , 'Loading an object switches the subsite' );
2017-06-01 14:49:55 +02:00
$this -> assertRegExp ( '#^admin/pages.*#' , $this -> mainSession -> lastUrl (), 'Lands on the correct section' );
2017-05-24 15:26:28 +02:00
2017-05-30 15:14:28 +02:00
Config :: modify () -> set ( CMSPageEditController :: class , 'treats_subsite_0_as_global' , true );
2017-05-24 15:26:28 +02:00
Subsite :: changeSubsite ( 0 );
$this -> getAndFollowAll ( " admin/pages/edit/show/ $subsite1Home->ID " );
2017-05-29 13:42:42 +02:00
$this -> assertEquals ( Subsite :: currentSubsiteID (), $subsite1Home -> SubsiteID , 'Loading a non-main-site object still switches the subsite if configured with treats_subsite_0_as_global' );
2017-06-01 14:49:55 +02:00
$this -> assertRegExp ( '#^admin/pages.*#' , $this -> mainSession -> lastUrl (), 'Lands on the correct section' );
2017-05-24 15:26:28 +02:00
$this -> getAndFollowAll ( " admin/pages/edit/show/ $mainSubsitePage->ID " );
2017-05-29 13:42:42 +02:00
$this -> assertNotEquals ( Subsite :: currentSubsiteID (), $mainSubsitePage -> SubsiteID , 'Loading a main-site object does not change the subsite if configured with treats_subsite_0_as_global' );
2017-06-01 14:49:55 +02:00
$this -> assertRegExp ( '#^admin/pages.*#' , $this -> mainSession -> lastUrl (), 'Lands on the correct section' );
2017-05-24 15:26:28 +02:00
2017-05-30 17:35:02 +02:00
Config :: unnest ();
2017-05-29 13:42:42 +02:00
}
2017-05-24 15:26:28 +02:00
/**
* User which has AccessAllSubsites set to 1 should be able to access all subsites and main site ,
* even though he does not have the ADMIN permission .
*/
2017-05-29 13:42:42 +02:00
public function testEditorCanAccessAllSubsites ()
2017-05-24 15:26:28 +02:00
{
2017-05-29 13:42:42 +02:00
$member = $this -> objFromFixture ( Member :: class , 'editor' );
2017-06-01 14:49:55 +02:00
Session :: set ( 'loggedInAs' , $member -> ID );
2017-05-24 15:26:28 +02:00
2017-05-29 13:42:42 +02:00
$this -> getAndFollowAll ( 'admin/pages/?SubsiteID=0' );
$this -> assertEquals ( Subsite :: currentSubsiteID (), '0' , 'Can access main site.' );
$this -> assertRegExp ( '#^admin/pages.*#' , $this -> mainSession -> lastUrl (), 'Lands on the correct section' );
2017-05-24 15:26:28 +02:00
$subsite1 = $this -> objFromFixture ( Subsite :: class , 'subsite1' );
$this -> getAndFollowAll ( " admin/pages/?SubsiteID= { $subsite1 -> ID } " );
$this -> assertEquals ( Subsite :: currentSubsiteID (), $subsite1 -> ID , 'Can access other subsite.' );
$this -> assertRegExp ( '#^admin/pages.*#' , $this -> mainSession -> lastUrl (), 'Lands on the correct section' );
2017-05-29 13:42:42 +02:00
$response = $this -> getAndFollowAll ( 'SubsiteXHRController' );
2017-05-24 15:26:28 +02:00
$this -> assertNotRegExp ( '#^Security/login.*#' , $this -> mainSession -> lastUrl (),
'SubsiteXHRController is reachable' );
}
/**
* Test a member who only has access to one subsite ( subsite1 ) and only some sections ( pages and security ) .
*/
2017-05-29 13:42:42 +02:00
public function testSubsiteAdmin ()
2017-05-24 15:26:28 +02:00
{
2017-05-29 13:42:42 +02:00
$member = $this -> objFromFixture ( Member :: class , 'subsite1member' );
2017-06-01 14:49:55 +02:00
Session :: set ( 'loggedInAs' , $member -> ID );
2017-05-24 15:26:28 +02:00
$subsite1 = $this -> objFromFixture ( Subsite :: class , 'subsite1' );
2017-05-29 13:42:42 +02:00
// Check allowed URL.
$this -> getAndFollowAll ( " admin/pages/?SubsiteID= { $subsite1 -> ID } " );
$this -> assertEquals ( Subsite :: currentSubsiteID (), $subsite1 -> ID , 'Can access own subsite.' );
$this -> assertRegExp ( '#^admin/pages.*#' , $this -> mainSession -> lastUrl (), 'Can access permitted section.' );
// Check forbidden section in allowed subsite.
$this -> getAndFollowAll ( " admin/assets/?SubsiteID= { $subsite1 -> ID } " );
$this -> assertEquals ( Subsite :: currentSubsiteID (), $subsite1 -> ID , 'Is redirected within subsite.' );
$this -> assertNotRegExp ( '#^admin/assets/.*#' , $this -> mainSession -> lastUrl (),
'Is redirected away from forbidden section' );
// Check forbidden site, on a section that's allowed on another subsite
2017-06-01 14:49:55 +02:00
$this -> getAndFollowAll ( 'admin/pages/?SubsiteID=0' );
2017-05-29 13:42:42 +02:00
$this -> assertEquals ( Subsite :: currentSubsiteID (), $subsite1 -> ID , 'Is redirected to permitted subsite.' );
// Check forbidden site, on a section that's not allowed on any other subsite
2017-06-01 14:49:55 +02:00
$this -> getAndFollowAll ( 'admin/assets/?SubsiteID=0' );
2017-05-29 13:42:42 +02:00
$this -> assertEquals ( Subsite :: currentSubsiteID (), $subsite1 -> ID , 'Is redirected to first permitted subsite.' );
$this -> assertNotRegExp ( '#^Security/login.*#' , $this -> mainSession -> lastUrl (), 'Is not denied access' );
2017-05-24 15:26:28 +02:00
// Check the standalone XHR controller.
$response = $this -> getAndFollowAll ( SubsiteXHRController :: class );
$this -> assertNotRegExp ( '#^Security/login.*#' , $this -> mainSession -> lastUrl (),
'SubsiteXHRController is reachable' );
}
2011-04-11 02:59:42 +02:00
}