diff --git a/tests/AbstractTest.php b/tests/AbstractTest.php index 1e4f2b02..7c5def61 100644 --- a/tests/AbstractTest.php +++ b/tests/AbstractTest.php @@ -17,9 +17,10 @@ class AbstractTest return UserModel::save($user); } - protected function mockPost() + protected function mockPost($owner) { $post = PostModel::spawn(); + $post->setUploader($owner); $post->setType(new PostType(PostType::Image)); return PostModel::save($post); } @@ -31,7 +32,7 @@ class AbstractTest protected function mockComment($owner) { - $post = $this->mockPost(); + $post = $this->mockPost($owner); $comment = CommentModel::spawn(); $comment->setPost($post); $comment->setCommenter($owner); diff --git a/tests/JobTests/AddCommentJobTest.php b/tests/JobTests/AddCommentJobTest.php index f84d5b4a..cb685773 100644 --- a/tests/JobTests/AddCommentJobTest.php +++ b/tests/JobTests/AddCommentJobTest.php @@ -127,7 +127,7 @@ class AddCommentJobTest extends AbstractTest protected function runApi($text) { - $post = $this->mockPost(); + $post = $this->mockPost(Auth::getCurrentUser()); return Api::run( new AddCommentJob(), diff --git a/tests/JobTests/EditPostSourceJobTest.php b/tests/JobTests/EditPostSourceJobTest.php new file mode 100644 index 00000000..6a43a32f --- /dev/null +++ b/tests/JobTests/EditPostSourceJobTest.php @@ -0,0 +1,134 @@ +prepare(); + $this->grantAccess('editPostSource.own'); + $post = $this->assert->doesNotThrow(function() + { + return $this->runApi('a'); + }); + + $this->assert->areEqual('a', $post->source); + $this->assert->doesNotThrow(function() use ($post) + { + PostModel::findById($post->getId()); + }); + } + + public function testAlmostTooLongText() + { + $this->prepare(); + $this->grantAccess('editPostSource.own'); + $this->assert->doesNotThrow(function() + { + $this->runApi(str_repeat('a', getConfig()->posts->maxSourceLength)); + }); + } + + public function testTooLongText() + { + $this->prepare(); + $this->grantAccess('editPostSource.own'); + $this->assert->throws(function() + { + $this->runApi(str_repeat('a', getConfig()->posts->maxSourceLength + 1)); + }, 'Source must have at most'); + } + + public function testNoAuth() + { + $this->prepare(); + $this->grantAccess('editPostSource'); + Auth::setCurrentUser(null); + + $this->assert->doesNotThrow(function() + { + $this->runApi('alohaaaaaaa'); + }); + } + + public function testOwnAccessDenial() + { + $this->prepare(); + + $this->assert->throws(function() + { + $this->runApi('alohaaaaaaa'); + }, 'Insufficient privileges'); + } + + public function testOtherAccessGrant() + { + $this->prepare(); + $this->grantAccess('editPostSource.all'); + + $post = $this->mockPost(Auth::getCurrentUser()); + + //login as someone else + $this->login($this->mockUser()); + + $this->assert->doesNotThrow(function() use ($post) + { + Api::run( + new EditPostSourceJob(), + [ + EditPostSourceJob::POST_ID => $post->getId(), + EditPostSourceJob::SOURCE => 'alohaa', + ]); + }); + } + + public function testOtherAccessDenial() + { + $this->prepare(); + $this->grantAccess('editPostSource.own'); + + $post = $this->mockPost(Auth::getCurrentUser()); + + //login as someone else + $this->login($this->mockUser()); + + $this->assert->throws(function() use ($post) + { + Api::run( + new EditPostSourceJob(), + [ + EditPostSourceJob::POST_ID => $post->getId(), + EditPostSourceJob::SOURCE => 'alohaa', + ]); + }, 'Insufficient privileges'); + } + + public function testWrongPostId() + { + $this->prepare(); + $this->assert->throws(function() + { + Api::run( + new EditPostSourceJob(), + [ + EditPostSourceJob::POST_ID => 100, + EditPostSourceJob::SOURCE => 'alohaa', + ]); + }, 'Invalid post ID'); + } + + + protected function runApi($text) + { + $post = $this->mockPost(Auth::getCurrentUser()); + return Api::run( + new EditPostSourceJob(), + [ + EditPostSourceJob::POST_ID => $post->getId(), + EditPostSourceJob::SOURCE => $text + ]); + } + + protected function prepare() + { + $this->login($this->mockUser()); + } +} diff --git a/tests/JobTests/PreviewCommentJobTest.php b/tests/JobTests/PreviewCommentJobTest.php index 85ad5262..215ca26d 100644 --- a/tests/JobTests/PreviewCommentJobTest.php +++ b/tests/JobTests/PreviewCommentJobTest.php @@ -82,7 +82,7 @@ class PreviewCommentJobTest extends AbstractTest protected function runApi($text) { - $post = $this->mockPost(); + $post = $this->mockPost(Auth::getCurrentUser()); return Api::run( new PreviewCommentJob(),