Skip to content

Commit

Permalink
Merge pull request #78 from creative-commoners/pulls/2.2/fix-permissi…
Browse files Browse the repository at this point in the history
…on-cmsmain

FIX: CMSMain user able to see external broken links
  • Loading branch information
GuySartorelli authored May 5, 2022
2 parents b4ccd03 + 6d288c5 commit d4871e7
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 9 deletions.
2 changes: 1 addition & 1 deletion src/Model/BrokenExternalLink.php
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ public function canEdit($member = false)
public function canView($member = false)
{
$member = $member ? $member : Security::getCurrentUser();
$codes = array('content-authors', 'administrators');
$codes = ['CMS_ACCESS_CMSMain'];
return Permission::checkMember($member, $codes);
}

Expand Down
37 changes: 29 additions & 8 deletions tests/php/Model/BrokenExternalLinkTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,21 +8,16 @@
class BrokenExternalLinkTest extends SapphireTest
{
/**
* @param int $httpCode
* @param string $expected
* @dataProvider httpCodeProvider
*/
public function testGetHTTPCodeDescription($httpCode, $expected)
public function testGetHTTPCodeDescription(int $httpCode, string $expected)
{
$link = new BrokenExternalLink();
$link->HTTPCode = $httpCode;
$this->assertSame($expected, $link->getHTTPCodeDescription());
}

/**
* @return array[]
*/
public function httpCodeProvider()

public function httpCodeProvider(): array
{
return [
[200, '200 (OK)'],
Expand All @@ -32,4 +27,30 @@ public function httpCodeProvider()
[789, '789 (Unknown Response Code)'],
];
}

public function permissionProvider(): array
{
return [
['admin', 'ADMIN'],
['content-author', 'CMS_ACCESS_CMSMain'],
['asset-admin', 'CMS_ACCESS_AssetAdmin'],
];
}

/**
* @dataProvider permissionProvider
*/
public function testCanViewReport(string $user, string $permission)
{
$this->logOut();
$this->logInWithPermission($permission);

$link = new BrokenExternalLink();

if ($user === 'asset-admin') {
$this->assertFalse($link->canView());
} else {
$this->assertTrue($link->canView());
}
}
}

0 comments on commit d4871e7

Please sign in to comment.