Skip to content

Commit

Permalink
ENH Restrict access to getJobStatus execution (#113)
Browse files Browse the repository at this point in the history
  • Loading branch information
@sabina-talipova
sabina-talipova authored Nov 8, 2023
1 parent 20c2231 commit 8797f1f
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 9 deletions.
16 changes: 9 additions & 7 deletions client/javascript/BrokenExternalLinksReport.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
},

start: function() {
var self = this;
// initiate a new job
$('.external-links-report__report-progress')
.empty()
Expand All @@ -25,10 +26,14 @@
$.ajax({
url: "admin/externallinks/start",
async: true,
timeout: 3000
timeout: 3000,
success: function() {
self.poll();
},
error: function() {
self.buttonReset();
}
});

this.poll();
},

/**
Expand Down Expand Up @@ -125,10 +130,7 @@
$('.external-links-report__create-report').poll();
}, 1000));
},
error: function(e) {
if (typeof console !== 'undefined') {
console.log(e);
}
error: function() {
self.buttonReset();
}
});
Expand Down
7 changes: 7 additions & 0 deletions src/Controllers/CMSExternalLinksController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
use SilverStripe\Control\Controller;
use Symbiote\QueuedJobs\Services\QueuedJobService;
use SilverStripe\Control\Middleware\HTTPCacheControlMiddleware;
use SilverStripe\Security\Permission;

class CMSExternalLinksController extends Controller
{
Expand All @@ -24,6 +25,9 @@ class CMSExternalLinksController extends Controller
*/
public function getJobStatus()
{
if (!Permission::check('CMS_ACCESS_CMSMain')) {
return $this->httpError(403, 'You do not have permission to access this resource');
}
// Set headers
HTTPCacheControlMiddleware::singleton()->setMaxAge(0);
$this->response
Expand All @@ -49,6 +53,9 @@ public function getJobStatus()
*/
public function start()
{
if (!Permission::check('CMS_ACCESS_CMSMain')) {
return $this->httpError(403, 'You do not have permission to access this resource');
}
// return if the a job is already running
$status = BrokenExternalPageTrackStatus::get_latest();
if ($status && $status->Status == 'Running') {
Expand Down
29 changes: 27 additions & 2 deletions tests/php/ExternalLinksTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
namespace SilverStripe\ExternalLinks\Tests;

use SilverStripe\Core\Injector\Injector;
use SilverStripe\Dev\SapphireTest;
use SilverStripe\Dev\FunctionalTest;
use SilverStripe\ExternalLinks\Model\BrokenExternalPageTrackStatus;
use SilverStripe\ExternalLinks\Reports\BrokenExternalLinksReport;
use SilverStripe\ExternalLinks\Tasks\CheckExternalLinksTask;
Expand All @@ -13,7 +13,7 @@
use SilverStripe\i18n\i18n;
use SilverStripe\Reports\Report;

class ExternalLinksTest extends SapphireTest
class ExternalLinksTest extends FunctionalTest
{

protected static $fixture_file = 'ExternalLinksTest.yml';
Expand Down Expand Up @@ -125,4 +125,29 @@ public function testArchivedPagesAreHiddenFromReport()
// Ensure report does not list the link associated with an archived page
$this->assertEquals(3, BrokenExternalLinksReport::create()->sourceRecords()->count());
}

public function provideGetJobStatus(): array
{
return [
'ADMIN - valid permission' => ['ADMIN', 200],
'CMS_ACCESS_CMSMain - valid permission' => ['CMS_ACCESS_CMSMain', 200],
'VIEW_SITE - not enough permission' => ['VIEW_SITE', 403],
];
}

/**
* @dataProvider provideGetJobStatus
*/
public function testGetJobStatus(
string $permission,
int $expectedResponseCode
): void {
$this->logInWithPermission($permission);

$response = $this->get('admin/externallinks/start', null, ['Accept' => 'application/json']);
$this->assertEquals($expectedResponseCode, $response->getStatusCode());

$response = $this->get('admin/externallinks/getJobStatus', null, ['Accept' => 'application/json']);
$this->assertEquals($expectedResponseCode, $response->getStatusCode());
}
}

0 comments on commit 8797f1f

Please sign in to comment.