2015-08-28 13:21:57 +12:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Tests integration of EditableFileField with the securefiles module
|
|
|
|
*
|
|
|
|
* @author dmooyman
|
|
|
|
*/
|
2016-07-21 17:53:59 +12:00
|
|
|
class SecureEditableFileFieldTest extends SapphireTest
|
|
|
|
{
|
2015-08-28 13:21:57 +12:00
|
|
|
|
2016-07-21 17:53:59 +12:00
|
|
|
protected $usesDatabase = true;
|
2015-08-28 13:21:57 +12:00
|
|
|
|
2016-07-21 17:53:59 +12:00
|
|
|
public function setUp()
|
|
|
|
{
|
|
|
|
parent::setUp();
|
2015-09-11 10:20:06 +12:00
|
|
|
|
2016-07-21 17:53:59 +12:00
|
|
|
if (!class_exists('SecureFileExtension')) {
|
|
|
|
$this->skipTest = true;
|
|
|
|
$this->markTestSkipped(get_class() . ' skipped unless running with securefiles');
|
|
|
|
}
|
|
|
|
Config::inst()->update('EditableFileField', 'secure_folder_name', 'SecureEditableFileFieldTest/SecureUploads');
|
|
|
|
$this->clearPath();
|
|
|
|
}
|
2015-08-28 13:21:57 +12:00
|
|
|
|
2016-07-21 17:53:59 +12:00
|
|
|
public function tearDown()
|
|
|
|
{
|
|
|
|
$this->clearPath();
|
|
|
|
parent::tearDown();
|
|
|
|
}
|
2015-08-28 13:21:57 +12:00
|
|
|
|
2016-07-21 17:53:59 +12:00
|
|
|
protected function clearPath()
|
|
|
|
{
|
|
|
|
if (file_exists(ASSETS_PATH . '/SecureEditableFileFieldTest')) {
|
|
|
|
Filesystem::removeFolder(ASSETS_PATH . '/SecureEditableFileFieldTest');
|
|
|
|
}
|
|
|
|
}
|
2015-08-28 13:21:57 +12:00
|
|
|
|
2016-07-21 17:53:59 +12:00
|
|
|
/**
|
|
|
|
* Test that newly created folders are secure
|
|
|
|
*/
|
|
|
|
public function testCreateFolder()
|
|
|
|
{
|
|
|
|
$field = new EditableFileField();
|
|
|
|
$field->write();
|
|
|
|
$this->assertTrue($field->getIsSecure());
|
|
|
|
$this->assertTrue($field->Folder()->exists());
|
|
|
|
$this->assertEquals('assets/SecureEditableFileFieldTest/SecureUploads/', $field->Folder()->Filename);
|
|
|
|
$this->assertEquals('OnlyTheseUsers', $field->Folder()->CanViewType);
|
|
|
|
$this->assertEquals(1, $field->Folder()->ViewerGroups()->first()->Permissions()->filter('code', 'ADMIN')->count());
|
|
|
|
}
|
2015-08-28 13:21:57 +12:00
|
|
|
|
2016-07-21 17:53:59 +12:00
|
|
|
/**
|
|
|
|
* Test new folders that are created without security enabled
|
|
|
|
*/
|
|
|
|
public function testCreateInsecure()
|
|
|
|
{
|
|
|
|
Config::inst()->update('EditableFileField', 'disable_security', true);
|
2015-08-28 13:21:57 +12:00
|
|
|
|
2016-07-21 17:53:59 +12:00
|
|
|
// Esure folder is created without a folder
|
|
|
|
$field = new EditableFileField();
|
|
|
|
$field->write();
|
|
|
|
$this->assertFalse($field->getIsSecure());
|
|
|
|
$this->assertFalse($field->Folder()->exists());
|
2015-08-28 13:21:57 +12:00
|
|
|
|
2016-07-21 17:53:59 +12:00
|
|
|
// Assigning a non-secure folder doesn't secure this
|
|
|
|
$folder = Folder::find_or_make('SecureEditableFileFieldTest/PublicFolder');
|
|
|
|
$field->FolderID = $folder->ID;
|
|
|
|
$field->write();
|
2015-08-28 13:21:57 +12:00
|
|
|
|
2016-07-21 17:53:59 +12:00
|
|
|
$this->assertFalse($field->getIsSecure());
|
|
|
|
$this->assertTrue($field->Folder()->exists());
|
|
|
|
$this->assertEquals('assets/SecureEditableFileFieldTest/PublicFolder/', $field->Folder()->Filename);
|
|
|
|
$this->assertEquals('Inherit', $field->Folder()->CanViewType);
|
2015-08-28 13:21:57 +12:00
|
|
|
|
2016-07-21 17:53:59 +12:00
|
|
|
// Enabling security and re-saving will force this field to be made secure (but not changed)
|
|
|
|
Config::inst()->update('EditableFileField', 'disable_security', false);
|
|
|
|
singleton('EditableFileField')->requireDefaultRecords();
|
2015-08-28 13:21:57 +12:00
|
|
|
|
2016-07-21 17:53:59 +12:00
|
|
|
// Reload record from DB
|
|
|
|
$field = EditableFileField::get()->byID($field->ID);
|
2015-08-28 13:21:57 +12:00
|
|
|
|
2016-07-21 17:53:59 +12:00
|
|
|
// Existing folder is now secured (retro-actively secures any old uploads)
|
|
|
|
$this->assertTrue($field->getIsSecure());
|
|
|
|
$this->assertTrue($field->Folder()->exists());
|
|
|
|
$this->assertEquals('assets/SecureEditableFileFieldTest/PublicFolder/', $field->Folder()->Filename);
|
|
|
|
$this->assertEquals('OnlyTheseUsers', $field->Folder()->CanViewType);
|
|
|
|
$this->assertEquals(1, $field->Folder()->ViewerGroups()->first()->Permissions()->filter('code', 'ADMIN')->count());
|
|
|
|
}
|
|
|
|
}
|