2011-04-11 02:59:42 +02:00
|
|
|
<?php
|
|
|
|
|
2017-04-23 22:23:34 +02:00
|
|
|
namespace SilverStripe\Subsites\Tests;
|
|
|
|
|
2017-06-01 15:57:53 +02:00
|
|
|
use SilverStripe\CMS\Controllers\CMSPageEditController;
|
2016-09-22 16:38:29 +02:00
|
|
|
use SilverStripe\Control\Session;
|
|
|
|
use SilverStripe\Core\Config\Config;
|
|
|
|
use SilverStripe\Dev\FunctionalTest;
|
2017-06-01 15:57:53 +02:00
|
|
|
use SilverStripe\Security\Member;
|
2017-05-24 15:25:34 +02:00
|
|
|
use SilverStripe\Subsites\Controller\SubsiteXHRController;
|
2017-05-24 15:26:28 +02:00
|
|
|
use SilverStripe\Subsites\Model\Subsite;
|
2017-05-24 15:25:34 +02:00
|
|
|
|
2017-05-24 15:26:28 +02:00
|
|
|
class SubsiteAdminFunctionalTest extends FunctionalTest
|
|
|
|
{
|
2017-05-30 15:14:28 +02:00
|
|
|
public static $fixture_file = 'subsites/tests/php/SubsiteTest.yml';
|
2017-05-29 13:42:42 +02:00
|
|
|
public static $use_draft_site = true;
|
2017-05-24 15:26:28 +02:00
|
|
|
|
2017-06-01 15:57:53 +02:00
|
|
|
protected $autoFollowRedirection = false;
|
2017-05-24 15:26:28 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Helper: FunctionalTest is only able to follow redirection once, we want to go all the way.
|
2017-06-01 15:10:07 +02:00
|
|
|
* @param $url
|
|
|
|
* @return \SilverStripe\Control\HTTPResponse
|
2017-05-24 15:26:28 +02:00
|
|
|
*/
|
2017-05-29 13:42:42 +02:00
|
|
|
public function getAndFollowAll($url)
|
2017-05-24 15:26:28 +02:00
|
|
|
{
|
|
|
|
$response = $this->get($url);
|
|
|
|
while ($location = $response->getHeader('Location')) {
|
|
|
|
$response = $this->mainSession->followRedirection();
|
|
|
|
}
|
|
|
|
echo $response->getHeader('Location');
|
|
|
|
|
2017-06-01 15:57:53 +02:00
|
|
|
return $response;
|
|
|
|
}
|
2017-05-24 15:26:28 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Anonymous user cannot access anything.
|
|
|
|
*/
|
2017-05-29 13:42:42 +02:00
|
|
|
public function testAnonymousIsForbiddenAdminAccess()
|
2017-05-24 15:26:28 +02:00
|
|
|
{
|
|
|
|
$response = $this->getAndFollowAll('admin/pages/?SubsiteID=0');
|
|
|
|
$this->assertRegExp('#^Security/login.*#', $this->mainSession->lastUrl(), 'Admin is disallowed');
|
|
|
|
|
|
|
|
$subsite1 = $this->objFromFixture(Subsite::class, 'subsite1');
|
|
|
|
$response = $this->getAndFollowAll("admin/pages/?SubsiteID={$subsite1->ID}");
|
|
|
|
$this->assertRegExp('#^Security/login.*#', $this->mainSession->lastUrl(), 'Admin is disallowed');
|
|
|
|
|
2017-05-29 13:42:42 +02:00
|
|
|
$response = $this->getAndFollowAll('SubsiteXHRController');
|
2017-05-24 15:26:28 +02:00
|
|
|
$this->assertRegExp('#^Security/login.*#', $this->mainSession->lastUrl(),
|
|
|
|
'SubsiteXHRController is disallowed');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Admin should be able to access all subsites and the main site
|
|
|
|
*/
|
2017-05-29 13:42:42 +02:00
|
|
|
public function testAdminCanAccessAllSubsites()
|
2017-05-24 15:26:28 +02:00
|
|
|
{
|
2017-05-29 13:42:42 +02:00
|
|
|
$member = $this->objFromFixture(Member::class, 'admin');
|
2017-06-01 14:49:55 +02:00
|
|
|
Session::set('loggedInAs', $member->ID);
|
2017-05-24 15:26:28 +02:00
|
|
|
|
|
|
|
$this->getAndFollowAll('admin/pages/?SubsiteID=0');
|
|
|
|
$this->assertEquals(Subsite::currentSubsiteID(), '0', 'Can access main site.');
|
|
|
|
$this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');
|
|
|
|
|
|
|
|
$subsite1 = $this->objFromFixture(Subsite::class, 'subsite1');
|
|
|
|
$this->getAndFollowAll("admin/pages/?SubsiteID={$subsite1->ID}");
|
|
|
|
$this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Can access other subsite.');
|
|
|
|
$this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');
|
|
|
|
|
|
|
|
$response = $this->getAndFollowAll(SubsiteXHRController::class);
|
|
|
|
$this->assertNotRegExp('#^Security/login.*#', $this->mainSession->lastUrl(),
|
|
|
|
'SubsiteXHRController is reachable');
|
|
|
|
}
|
|
|
|
|
2017-05-29 13:42:42 +02:00
|
|
|
public function testAdminIsRedirectedToObjectsSubsite()
|
2017-05-24 15:26:28 +02:00
|
|
|
{
|
2017-05-29 13:42:42 +02:00
|
|
|
$member = $this->objFromFixture(Member::class, 'admin');
|
2017-06-01 14:49:55 +02:00
|
|
|
Session::set('loggedInAs', $member->ID);
|
2017-05-24 15:26:28 +02:00
|
|
|
|
|
|
|
$mainSubsitePage = $this->objFromFixture('Page', 'mainSubsitePage');
|
|
|
|
$subsite1Home = $this->objFromFixture('Page', 'subsite1_home');
|
|
|
|
|
2017-06-01 15:57:53 +02:00
|
|
|
Config::nest();
|
2017-05-24 15:26:28 +02:00
|
|
|
|
2017-05-30 15:14:28 +02:00
|
|
|
Config::modify()->set(CMSPageEditController::class, 'treats_subsite_0_as_global', false);
|
2017-05-24 15:26:28 +02:00
|
|
|
Subsite::changeSubsite(0);
|
|
|
|
$this->getAndFollowAll("admin/pages/edit/show/$subsite1Home->ID");
|
2017-06-01 15:57:53 +02:00
|
|
|
$this->assertEquals(Subsite::currentSubsiteID(), $subsite1Home->SubsiteID,
|
|
|
|
'Loading an object switches the subsite');
|
2017-06-01 14:49:55 +02:00
|
|
|
$this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');
|
2017-05-24 15:26:28 +02:00
|
|
|
|
2017-05-30 15:14:28 +02:00
|
|
|
Config::modify()->set(CMSPageEditController::class, 'treats_subsite_0_as_global', true);
|
2017-05-24 15:26:28 +02:00
|
|
|
Subsite::changeSubsite(0);
|
|
|
|
$this->getAndFollowAll("admin/pages/edit/show/$subsite1Home->ID");
|
2017-06-01 15:57:53 +02:00
|
|
|
$this->assertEquals(Subsite::currentSubsiteID(), $subsite1Home->SubsiteID,
|
|
|
|
'Loading a non-main-site object still switches the subsite if configured with treats_subsite_0_as_global');
|
2017-06-01 14:49:55 +02:00
|
|
|
$this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');
|
2017-05-24 15:26:28 +02:00
|
|
|
|
|
|
|
$this->getAndFollowAll("admin/pages/edit/show/$mainSubsitePage->ID");
|
2017-06-01 15:57:53 +02:00
|
|
|
$this->assertNotEquals(Subsite::currentSubsiteID(), $mainSubsitePage->SubsiteID,
|
|
|
|
'Loading a main-site object does not change the subsite if configured with treats_subsite_0_as_global');
|
2017-06-01 14:49:55 +02:00
|
|
|
$this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');
|
2017-05-24 15:26:28 +02:00
|
|
|
|
2017-06-01 15:57:53 +02:00
|
|
|
Config::unnest();
|
|
|
|
}
|
2017-05-24 15:26:28 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* User which has AccessAllSubsites set to 1 should be able to access all subsites and main site,
|
|
|
|
* even though he does not have the ADMIN permission.
|
|
|
|
*/
|
2017-05-29 13:42:42 +02:00
|
|
|
public function testEditorCanAccessAllSubsites()
|
2017-05-24 15:26:28 +02:00
|
|
|
{
|
2017-05-29 13:42:42 +02:00
|
|
|
$member = $this->objFromFixture(Member::class, 'editor');
|
2017-06-01 14:49:55 +02:00
|
|
|
Session::set('loggedInAs', $member->ID);
|
2017-05-24 15:26:28 +02:00
|
|
|
|
2017-06-01 15:57:53 +02:00
|
|
|
$this->getAndFollowAll('admin/pages/?SubsiteID=0');
|
|
|
|
$this->assertEquals(Subsite::currentSubsiteID(), '0', 'Can access main site.');
|
|
|
|
$this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');
|
2017-05-24 15:26:28 +02:00
|
|
|
|
|
|
|
$subsite1 = $this->objFromFixture(Subsite::class, 'subsite1');
|
|
|
|
$this->getAndFollowAll("admin/pages/?SubsiteID={$subsite1->ID}");
|
|
|
|
$this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Can access other subsite.');
|
|
|
|
$this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Lands on the correct section');
|
|
|
|
|
2017-05-29 13:42:42 +02:00
|
|
|
$response = $this->getAndFollowAll('SubsiteXHRController');
|
2017-05-24 15:26:28 +02:00
|
|
|
$this->assertNotRegExp('#^Security/login.*#', $this->mainSession->lastUrl(),
|
|
|
|
'SubsiteXHRController is reachable');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test a member who only has access to one subsite (subsite1) and only some sections (pages and security).
|
|
|
|
*/
|
2017-05-29 13:42:42 +02:00
|
|
|
public function testSubsiteAdmin()
|
2017-05-24 15:26:28 +02:00
|
|
|
{
|
2017-05-29 13:42:42 +02:00
|
|
|
$member = $this->objFromFixture(Member::class, 'subsite1member');
|
2017-06-01 14:49:55 +02:00
|
|
|
Session::set('loggedInAs', $member->ID);
|
2017-05-24 15:26:28 +02:00
|
|
|
|
|
|
|
$subsite1 = $this->objFromFixture(Subsite::class, 'subsite1');
|
|
|
|
|
2017-06-01 15:57:53 +02:00
|
|
|
// Check allowed URL.
|
|
|
|
$this->getAndFollowAll("admin/pages/?SubsiteID={$subsite1->ID}");
|
|
|
|
$this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Can access own subsite.');
|
|
|
|
$this->assertRegExp('#^admin/pages.*#', $this->mainSession->lastUrl(), 'Can access permitted section.');
|
|
|
|
|
|
|
|
// Check forbidden section in allowed subsite.
|
|
|
|
$this->getAndFollowAll("admin/assets/?SubsiteID={$subsite1->ID}");
|
|
|
|
$this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Is redirected within subsite.');
|
|
|
|
$this->assertNotRegExp('#^admin/assets/.*#', $this->mainSession->lastUrl(),
|
|
|
|
'Is redirected away from forbidden section');
|
|
|
|
|
|
|
|
// Check forbidden site, on a section that's allowed on another subsite
|
|
|
|
$this->getAndFollowAll('admin/pages/?SubsiteID=0');
|
|
|
|
$this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Is redirected to permitted subsite.');
|
|
|
|
|
|
|
|
// Check forbidden site, on a section that's not allowed on any other subsite
|
|
|
|
$this->getAndFollowAll('admin/assets/?SubsiteID=0');
|
|
|
|
$this->assertEquals(Subsite::currentSubsiteID(), $subsite1->ID, 'Is redirected to first permitted subsite.');
|
|
|
|
$this->assertNotRegExp('#^Security/login.*#', $this->mainSession->lastUrl(), 'Is not denied access');
|
2017-05-24 15:26:28 +02:00
|
|
|
|
|
|
|
// Check the standalone XHR controller.
|
|
|
|
$response = $this->getAndFollowAll(SubsiteXHRController::class);
|
|
|
|
$this->assertNotRegExp('#^Security/login.*#', $this->mainSession->lastUrl(),
|
|
|
|
'SubsiteXHRController is reachable');
|
|
|
|
}
|
2011-04-11 02:59:42 +02:00
|
|
|
}
|