2015-08-28 03:21:57 +02:00
|
|
|
<?php
|
|
|
|
|
2017-08-09 01:55:09 +02:00
|
|
|
namespace SilverStripe\UserForms\Test\Model\EditableFormField;
|
|
|
|
|
|
|
|
use SilverStripe\Assets\Filesystem;
|
|
|
|
use SilverStripe\Assets\Folder;
|
2017-08-11 02:20:12 +02:00
|
|
|
use SilverStripe\Core\Config\Config;
|
2017-08-09 01:55:09 +02:00
|
|
|
use SilverStripe\Dev\SapphireTest;
|
2017-08-11 02:20:12 +02:00
|
|
|
use SilverStripe\UserForms\Model\EditableFormField\EditableFileField;
|
2017-08-09 01:55:09 +02:00
|
|
|
|
2015-08-28 03:21:57 +02:00
|
|
|
/**
|
|
|
|
* Tests integration of EditableFileField with the securefiles module
|
|
|
|
*
|
2017-08-11 02:20:12 +02:00
|
|
|
* @todo
|
2015-08-28 03:21:57 +02:00
|
|
|
* @author dmooyman
|
|
|
|
*/
|
2016-07-21 07:53:59 +02:00
|
|
|
class SecureEditableFileFieldTest extends SapphireTest
|
|
|
|
{
|
|
|
|
protected $usesDatabase = true;
|
2015-08-28 03:21:57 +02:00
|
|
|
|
2017-08-11 02:20:12 +02:00
|
|
|
protected function setUp()
|
2016-07-21 07:53:59 +02:00
|
|
|
{
|
|
|
|
parent::setUp();
|
2015-09-11 00:20:06 +02:00
|
|
|
|
2016-07-21 07:53:59 +02:00
|
|
|
if (!class_exists('SecureFileExtension')) {
|
|
|
|
$this->skipTest = true;
|
|
|
|
$this->markTestSkipped(get_class() . ' skipped unless running with securefiles');
|
|
|
|
}
|
2017-08-11 02:20:12 +02:00
|
|
|
Config::modify()->set(EditableFileField::class, 'secure_folder_name', 'SecureEditableFileFieldTest/SecureUploads');
|
2016-07-21 07:53:59 +02:00
|
|
|
$this->clearPath();
|
|
|
|
}
|
2015-08-28 03:21:57 +02:00
|
|
|
|
2017-08-11 02:20:12 +02:00
|
|
|
protected function tearDown()
|
2016-07-21 07:53:59 +02:00
|
|
|
{
|
|
|
|
$this->clearPath();
|
|
|
|
parent::tearDown();
|
|
|
|
}
|
2015-08-28 03:21:57 +02:00
|
|
|
|
2016-07-21 07:53:59 +02:00
|
|
|
protected function clearPath()
|
|
|
|
{
|
|
|
|
if (file_exists(ASSETS_PATH . '/SecureEditableFileFieldTest')) {
|
|
|
|
Filesystem::removeFolder(ASSETS_PATH . '/SecureEditableFileFieldTest');
|
|
|
|
}
|
|
|
|
}
|
2015-08-28 03:21:57 +02:00
|
|
|
|
2016-07-21 07:53:59 +02:00
|
|
|
/**
|
|
|
|
* Test that newly created folders are secure
|
|
|
|
*/
|
|
|
|
public function testCreateFolder()
|
|
|
|
{
|
|
|
|
$field = new EditableFileField();
|
|
|
|
$field->write();
|
|
|
|
$this->assertTrue($field->getIsSecure());
|
|
|
|
$this->assertTrue($field->Folder()->exists());
|
|
|
|
$this->assertEquals('assets/SecureEditableFileFieldTest/SecureUploads/', $field->Folder()->Filename);
|
|
|
|
$this->assertEquals('OnlyTheseUsers', $field->Folder()->CanViewType);
|
|
|
|
$this->assertEquals(1, $field->Folder()->ViewerGroups()->first()->Permissions()->filter('code', 'ADMIN')->count());
|
|
|
|
}
|
2015-08-28 03:21:57 +02:00
|
|
|
|
2016-07-21 07:53:59 +02:00
|
|
|
/**
|
|
|
|
* Test new folders that are created without security enabled
|
|
|
|
*/
|
|
|
|
public function testCreateInsecure()
|
|
|
|
{
|
2017-08-11 02:20:12 +02:00
|
|
|
Config::modify()->set(EditableFileField::class, 'disable_security', true);
|
2015-08-28 03:21:57 +02:00
|
|
|
|
2016-07-21 07:53:59 +02:00
|
|
|
// Esure folder is created without a folder
|
|
|
|
$field = new EditableFileField();
|
|
|
|
$field->write();
|
|
|
|
$this->assertFalse($field->getIsSecure());
|
|
|
|
$this->assertFalse($field->Folder()->exists());
|
2015-08-28 03:21:57 +02:00
|
|
|
|
2016-07-21 07:53:59 +02:00
|
|
|
// Assigning a non-secure folder doesn't secure this
|
|
|
|
$folder = Folder::find_or_make('SecureEditableFileFieldTest/PublicFolder');
|
|
|
|
$field->FolderID = $folder->ID;
|
|
|
|
$field->write();
|
2015-08-28 03:21:57 +02:00
|
|
|
|
2016-07-21 07:53:59 +02:00
|
|
|
$this->assertFalse($field->getIsSecure());
|
|
|
|
$this->assertTrue($field->Folder()->exists());
|
|
|
|
$this->assertEquals('assets/SecureEditableFileFieldTest/PublicFolder/', $field->Folder()->Filename);
|
|
|
|
$this->assertEquals('Inherit', $field->Folder()->CanViewType);
|
2015-08-28 03:21:57 +02:00
|
|
|
|
2016-07-21 07:53:59 +02:00
|
|
|
// Enabling security and re-saving will force this field to be made secure (but not changed)
|
2017-08-11 02:20:12 +02:00
|
|
|
Config::modify()->set(EditableFileField::class, 'disable_security', false);
|
2017-08-09 01:55:09 +02:00
|
|
|
singleton(EditableFileField::class)->requireDefaultRecords();
|
2015-08-28 03:21:57 +02:00
|
|
|
|
2016-07-21 07:53:59 +02:00
|
|
|
// Reload record from DB
|
|
|
|
$field = EditableFileField::get()->byID($field->ID);
|
2015-08-28 03:21:57 +02:00
|
|
|
|
2016-07-21 07:53:59 +02:00
|
|
|
// Existing folder is now secured (retro-actively secures any old uploads)
|
|
|
|
$this->assertTrue($field->getIsSecure());
|
|
|
|
$this->assertTrue($field->Folder()->exists());
|
|
|
|
$this->assertEquals('assets/SecureEditableFileFieldTest/PublicFolder/', $field->Folder()->Filename);
|
|
|
|
$this->assertEquals('OnlyTheseUsers', $field->Folder()->CanViewType);
|
|
|
|
$this->assertEquals(1, $field->Folder()->ViewerGroups()->first()->Permissions()->filter('code', 'ADMIN')->count());
|
|
|
|
}
|
|
|
|
}
|