mirror of
https://gitlab.com/davical-project/davical.git
synced 2026-04-21 14:30:49 +00:00
f69480ce77
Test that other users can't delete: - collections - tickets - bindings No significant change, just return an error message rather than assume that things worked.
152 lines
4.2 KiB
Plaintext
152 lines
4.2 KiB
Plaintext
MODE=TAP,16
|
|
|
|
BEGINPERL
|
|
|
|
my $mech;
|
|
|
|
subtest 'Login' => sub {
|
|
plan tests => 4;
|
|
|
|
$mech = webui_login(
|
|
username => 'user2',
|
|
password => 'user2',
|
|
url => "http://$webhost",
|
|
);
|
|
};
|
|
|
|
$mech->follow_link( text_regex => qr/View My Details/ );
|
|
|
|
(my $principal_id = $mech->uri()) =~ s/^.*&id=(\d+)$/$1/;
|
|
|
|
$mech->follow_link( text_regex => qr/Create Collection/ );
|
|
my $create_url = $mech->uri();
|
|
|
|
# Create 3 collections for testing deletion.
|
|
# 0 = Delete by the principal who created it.
|
|
# 1 = Try to delete by another principal
|
|
# 2 = Try to delete by another principal
|
|
my @col_id;
|
|
|
|
for (my $i = 0; $i < 3; $i++) {
|
|
$col_id[$i] = create_collection($mech, $create_url, $i);
|
|
}
|
|
|
|
$mech->follow_link( text_regex => qr/View My Details/ );
|
|
|
|
for (my $i = 0; $i < 3; $i++) {
|
|
$mech->content_contains(
|
|
"/user2/test_collection_$i",
|
|
"New collection exists - $i"
|
|
);
|
|
}
|
|
|
|
$mech->save_content("$save_location/$case-A", binmode => ':utf8');
|
|
|
|
SKIP: {
|
|
skip "Database error thrown see #319", 2;
|
|
|
|
# Expect this one to fail.
|
|
create_collection($mech, $create_url, 0, 1);
|
|
}
|
|
|
|
# Delete our first collection.
|
|
$mech->get("http://$webhost/admin.php?action=edit&t=principal&id=$principal_id&collection_id=" . $col_id[0] . "&subaction=delete_collection");
|
|
$mech->follow_link( text_regex => qr/Confirm Deletion of the Collection/ );
|
|
|
|
$mech->content_contains(
|
|
'Collection deleted',
|
|
'Collection deleted message displayed'
|
|
);
|
|
|
|
#diag("Saved content of B to $save_location/$case-B");
|
|
#$mech->save_content("$save_location/$case-B", binmode => ':utf8');
|
|
|
|
my $mech_other;
|
|
subtest 'Login as user1' => sub {
|
|
plan tests => 4;
|
|
|
|
$mech_other = webui_login(
|
|
username => 'user1',
|
|
password => 'user1',
|
|
url => "http://$webhost",
|
|
);
|
|
};
|
|
|
|
$mech_other->follow_link( text_regex => qr/View My Details/ );
|
|
(my $other_principal_id = $mech_other->uri()) =~ s/^.*&id=(\d+)$/$1/;
|
|
|
|
# Try delete collection as another user, should be rejected.
|
|
$mech_other->get("http://$webhost/admin.php?action=edit&t=principal&id=$principal_id&collection_id=" . $col_id[1] . "&subaction=delete_collection");
|
|
$mech->follow_link( text_regex => qr/Confirm Deletion of the Collection/ );
|
|
|
|
$mech_other->content_contains(
|
|
'You are not allowed to delete collections for this principal.',
|
|
'Collection deletion error displayed when specifying other principal and their collection'
|
|
);
|
|
|
|
#diag("Saved content of C to $save_location/$case-C");
|
|
#$mech_other->save_content("$save_location/$case-C", binmode => ':utf8');
|
|
|
|
# Try delete other users collection as us, should be rejected.
|
|
$mech_other->get("http://$webhost/admin.php?action=edit&t=principal&id=$other_principal_id&collection_id=" . $col_id[2] . "&subaction=delete_collection");
|
|
$mech_other->follow_link( text_regex => qr/Confirm Deletion of the Collection/ );
|
|
|
|
$mech_other->content_contains(
|
|
'Collection deletion failed.',
|
|
'Collection deletion error display when specifying our principal and their collection'
|
|
);
|
|
|
|
#diag("Saved content of D to $save_location/$case-D");
|
|
#$mech_other->save_content("$save_location/$case-D", binmode => ':utf8');
|
|
|
|
sub create_collection {
|
|
my ($mech, $create_url, $i, $fail) = @_;
|
|
|
|
$mech->get($create_url);
|
|
|
|
# Create a collection
|
|
$mech->submit_form_ok(
|
|
{
|
|
form_number => 1,
|
|
button => 'submit',
|
|
fields => {
|
|
collection_name => "test_collection_$i",
|
|
dav_displayname => "Test Collection $i",
|
|
description => "Description for Collection $i",
|
|
},
|
|
}, "Create collection - $i"
|
|
);
|
|
|
|
if (! defined $fail) {
|
|
$mech->content_contains(
|
|
'Creating new Collection.',
|
|
"Collection created message displayed - $i"
|
|
);
|
|
|
|
if ($mech->content() =~ /Collection ID:.*?(\d+)/m) {
|
|
return $1;
|
|
}
|
|
} else {
|
|
$mech->content_contains(
|
|
'Failed to create new collection.',
|
|
"Collection failed message displayed - $i"
|
|
);
|
|
|
|
return;
|
|
}
|
|
}
|
|
|
|
ENDPERL
|
|
|
|
|
|
# Check that the state of the following collections:
|
|
# 0 = Deleted
|
|
# 1 = Exists
|
|
# 2 = Exists
|
|
BEGINQUERY
|
|
SELECT user_no, dav_name, dav_displayname
|
|
FROM collection
|
|
WHERE dav_name like '/user2/test_collection%'
|
|
ORDER BY dav_name;
|
|
ENDQUERY
|