Remove dark magic middleware and check permission in services
This commit is contained in:
Julius Haertl
@@ -71,68 +71,6 @@ class SharingMiddlewareTest extends \PHPUnit_Framework_TestCase {
|
||||
);
|
||||
}
|
||||
|
||||
public function dataBeforeController() {
|
||||
return [
|
||||
['GET', '\OCA\Deck\Controller\PageController', 'index', false, true, 123],
|
||||
['GET', '\OCA\Deck\Controller\BoardController', 'index', false, true, 123],
|
||||
['GET', '\OCA\Deck\Controller\BoardController', 'read', true, true, 123],
|
||||
['GET', '\OCA\Deck\Controller\BoardController', 'read', true, true, 123, NoPermissionException::class],
|
||||
['GET', '\OCA\Deck\Controller\BoardController', 'read', false, false, null, NotFoundException::class],
|
||||
['GET', '\OCA\Deck\Controller\CardController', 'read', true, true, 123, NoPermissionException::class],
|
||||
['POST', '\OCA\Deck\Controller\CardController', 'reorder', true, true, 123, NoPermissionException::class],
|
||||
['PUT', '\OCA\Deck\Controller\BoardController', 'update', true, false, 123, NoPermissionException::class],
|
||||
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider dataBeforeController
|
||||
* @param $controllerClass
|
||||
* @param $methodName
|
||||
*/
|
||||
public function testBeforeController($method, $controllerClass, $methodName, $getPermission, $success, $boardId, $exception=null) {
|
||||
$controller = $this->getMockBuilder($controllerClass)
|
||||
->disableOriginalConstructor()->getMock();
|
||||
$mapper = $this->getMockBuilder(IPermissionMapper::class)
|
||||
->disableOriginalConstructor()->getMock();
|
||||
$mapper->expects($this->any())->method('findBoardId')->willReturn($boardId);
|
||||
$mapper->expects($this->any())->method('isOwner')->willReturn(false);
|
||||
$user = $this->getMockBuilder(IUser::class)
|
||||
->disableOriginalConstructor()->getMock();
|
||||
$user->expects($this->once())->method('getUID')->willReturn('user1');
|
||||
$controllerInstance = \OC::$server->query($controllerClass);
|
||||
$this->reflector->reflect($controllerInstance, $methodName);
|
||||
|
||||
$this->container->expects($this->any())
|
||||
->method('query')->willReturn($mapper);
|
||||
$this->userSession->expects($this->exactly(2))->method('getUser')->willReturn($user);
|
||||
$this->request->expects($this->once())->method('getMethod')->willReturn($method);
|
||||
if($getPermission === true) {
|
||||
$this->permissionService
|
||||
->expects($this->once())
|
||||
->method('getPermission')
|
||||
->willReturn($getPermission);
|
||||
}
|
||||
|
||||
if($success) {
|
||||
$this->sharingMiddleware->beforeController($controller, $methodName);
|
||||
} else {
|
||||
try {
|
||||
$this->sharingMiddleware->beforeController($controller, $methodName);
|
||||
} catch (\Exception $e) {
|
||||
$this->assertInstanceOf($exception, $e);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public function setUpPermissions() {
|
||||
$this->permissionService->expects($this->once())
|
||||
->method('getPermission')
|
||||
->with(123, Acl::PERMISSION_READ)
|
||||
->willReturn(true);
|
||||
}
|
||||
|
||||
|
||||
public function dataAfterException() {
|
||||
return [
|
||||
|
||||
Reference in New Issue
Block a user