Spaces:

chrisbryan17
/

mautic

No application file

App Files Files Community

mautic / app /bundles /AssetBundle /Tests /Controller /AssetControllerFunctionalTest.php

chrisbryan17

Upload folder using huggingface_hub

d2897cd verified 12 months ago

raw

history blame contribute delete

8.83 kB

	<?php

	declare(strict_types=1);

	namespace Mautic\AssetBundle\Tests\Controller;

	use Mautic\AssetBundle\Entity\Asset;
	use Mautic\AssetBundle\Tests\Asset\AbstractAssetTest;
	use Mautic\CoreBundle\Tests\Traits\ControllerTrait;
	use Mautic\PageBundle\Tests\Controller\PageControllerTest;
	use Mautic\UserBundle\Entity\Permission;
	use Mautic\UserBundle\Entity\User;
	use Mautic\UserBundle\Model\RoleModel;
	use PHPUnit\Framework\Assert;
	use Symfony\Component\HttpFoundation\Request;
	use Symfony\Component\HttpFoundation\Response;

	class AssetControllerFunctionalTest extends AbstractAssetTest
	{
	use ControllerTrait;

	private const SALES_USER = 'sales';
	private const ADMIN_USER = 'admin';

	/**
	* Index action should return status code 200.
	*/
	public function testIndexAction(): void
	{
	$asset = new Asset();
	$asset->setTitle('test');
	$asset->setAlias('test');
	$asset->setDateAdded(new \DateTime('2020-02-07 20:29:02'));
	$asset->setDateModified(new \DateTime('2020-03-21 20:29:02'));
	$asset->setCreatedByUser('Test User');

	$this->em->persist($asset);
	$this->em->flush();
	$this->em->detach($asset);

	$urlAlias = 'assets';
	$routeAlias = 'asset';
	$column = 'dateModified';
	$column2 = 'title';
	$tableAlias = 'a.';

	$this->getControllerColumnTests($urlAlias, $routeAlias, $column, $tableAlias, $column2);
	}

	/**
	* Preview action should return the file content.
	*/
	public function testPreviewActionStreamByDefault(): void
	{
	$this->client->request('GET', '/s/assets/preview/'.$this->asset->getId());
	ob_start();
	$response = $this->client->getResponse();
	$response->sendContent();
	$content = ob_get_contents();
	ob_end_clean();

	$this->assertSame(Response::HTTP_OK, $response->getStatusCode());
	$this->assertSame($this->expectedMimeType, $response->headers->get('Content-Type'));
	$this->assertNotSame($this->expectedContentDisposition.$this->asset->getOriginalFileName(), $response->headers->get('Content-Disposition'));
	$this->assertEquals($this->expectedPngContent, $content);
	}

	/**
	* Preview action should return the file content.
	*/
	public function testPreviewActionStreamIsZero(): void
	{
	$this->client->request('GET', '/s/assets/preview/'.$this->asset->getId().'?stream=0&download=1');
	ob_start();
	$response = $this->client->getResponse();
	$response->sendContent();
	$content = ob_get_contents();
	ob_end_clean();

	$this->assertSame(Response::HTTP_OK, $response->getStatusCode());
	$this->assertSame($this->expectedContentDisposition.$this->asset->getOriginalFileName(), $response->headers->get('Content-Disposition'));
	$this->assertEquals($this->expectedPngContent, $content);
	}

	/**
	* Preview action should return the html code.
	*/
	public function testPreviewActionStreamDownloadAreZero(): void
	{
	$this->client->request('GET', '/s/assets/preview/'.$this->asset->getId().'?stream=0&download=0');
	ob_start();
	$response = $this->client->getResponse();
	$response->sendContent();
	$content = ob_get_contents();
	ob_end_clean();

	$this->assertSame(Response::HTTP_OK, $response->getStatusCode(), $content);
	$this->assertNotEquals($this->expectedPngContent, $content);
	PageControllerTest::assertTrue($response->isOk());

	$assetSlug = $this->asset->getId().':'.$this->asset->getAlias();
	PageControllerTest::assertStringContainsString(
	'/asset/'.$assetSlug,
	$content,
	'The return must contain the assert slug'
	);
	}

	/**
	* @param array<string, string[]> $permission
	*
	* @dataProvider getValuesProvider
	*/
	public function testEditWithPermissions(string $route, array $permission, int $expectedStatusCode, string $userCreatorUN): void
	{
	$userCreator = $this->getUser($userCreatorUN);
	$userEditor = $this->getUser(self::SALES_USER);
	$this->setPermission($userEditor, ['asset:assets' => $permission]);

	$asset = new Asset();
	$asset->setTitle('Asset A');
	$asset->setAlias('asset-a');
	$asset->setStorageLocation('local');
	$asset->setPath('broken-image.jpg');
	$asset->setExtension('jpg');
	$asset->setCreatedByUser($userCreator->getUserIdentifier());
	$asset->setCreatedBy($userCreator->getId());
	$this->em->persist($asset);
	$this->em->flush();
	$this->em->clear();

	// Logout admin.
	$this->client->request(Request::METHOD_GET, '/s/logout');

	$this->loginUser(self::SALES_USER);

	$this->client->setServerParameter('PHP_AUTH_USER', self::SALES_USER);
	$this->client->request(Request::METHOD_GET, "/s/assets/{$route}/{$asset->getId()}");

	Assert::assertSame($expectedStatusCode, $this->client->getResponse()->getStatusCode());
	}

	/**
	* @return \Generator<string, mixed[]>
	*/
	public function getValuesProvider(): \Generator
	{
	yield 'The sales user with edit own permission can edits its own asset' => [
	'route' => 'edit',
	'permission' => ['editown'],
	'expectedStatusCode' => Response::HTTP_OK,
	'userCreatorUN' => self::SALES_USER,
	];

	yield 'The sales user with edit own permission cannot edit asset created by admin' => [
	'route' => 'edit',
	'permission' => ['editown'],
	'expectedStatusCode' => Response::HTTP_FORBIDDEN,
	'userCreatorUN' => self::ADMIN_USER,
	];

	yield 'The sales user with edit other permission can edit asset created by admin' => [
	'route' => 'edit',
	'permission' => ['editown', 'editother'],
	'expectedStatusCode' => Response::HTTP_OK,
	'userCreatorUN' => self::ADMIN_USER,
	];

	yield 'The sales user with view own permission cannot edit or asset created by admin' => [
	'route' => 'edit',
	'permission' => ['viewown'],
	'expectedStatusCode' => Response::HTTP_FORBIDDEN,
	'userCreatorUN' => self::ADMIN_USER,
	];

	yield 'The sales user with view other permission cannot edit asset created by admin' => [
	'route' => 'edit',
	'permission' => ['viewown', 'viewother'],
	'expectedStatusCode' => Response::HTTP_FORBIDDEN,
	'userCreatorUN' => self::ADMIN_USER,
	];

	yield 'The sales user with view own permission cannot view asset created by admin' => [
	'route' => 'view',
	'permission' => ['viewown'],
	'expectedStatusCode' => Response::HTTP_FORBIDDEN,
	'userCreatorUN' => self::ADMIN_USER,
	];

	yield 'The sales user with view others permission can view asset created by admin' => [
	'route' => 'view',
	'permission' => ['viewown', 'viewother'],
	'expectedStatusCode' => Response::HTTP_OK,
	'userCreatorUN' => self::ADMIN_USER,
	];

	yield 'The sales user with view own permission can view its own asset' => [
	'route' => 'view',
	'permission' => ['viewown'],
	'expectedStatusCode' => Response::HTTP_OK,
	'userCreatorUN' => self::SALES_USER,
	];
	}

	private function getUser(string $username): User
	{
	$repository = $this->em->getRepository(User::class);

	return $repository->findOneBy(['username' => $username]);
	}

	/**
	* @param array<string, array<string, array<string>>> $permissions
	*/
	private function setPermission(User $user, array $permissions): void
	{
	$role = $user->getRole();

	// Delete previous permissions
	$this->em->createQueryBuilder()
	->delete(Permission::class, 'p')
	->where('p.bundle = :bundle')
	->andWhere('p.role = :role_id')
	->setParameters(['bundle' => 'asset', 'role_id' => $role->getId()])
	->getQuery()
	->execute();

	// Set new permissions
	$role->setIsAdmin(false);
	$roleModel = static::getContainer()->get('mautic.user.model.role');
	\assert($roleModel instanceof RoleModel);
	$roleModel->setRolePermissions($role, $permissions);
	$this->em->persist($role);
	$this->em->flush();
	}
	}