diff --git a/app/config/security.yml b/app/config/security.yml index e23520a2b..0a4e3096b 100644 --- a/app/config/security.yml +++ b/app/config/security.yml @@ -55,9 +55,13 @@ security: - { path: ^/admin/members/badges, roles: ROLE_ADMIN } - { path: ^/admin/members/users, roles: ROLE_ADMIN } - { path: ^/admin/event/speakers-management, roles: ROLE_FORUM } + #- { path: ^/admin/event, roles: ROLE_ADMIN } + #- { path: ^/admin/vote, roles: ROLE_ADMIN } + #- { path: ^/admin/members/general_meeting, roles: ROLE_ADMIN } + #- { path: ^/admin/members/general_meeting_vote, roles: ROLE_ADMIN } + #- { path: ^/admin/site, roles: ROLE_ADMIN } - { path: ^/admin/(members/reporting|association/relances|talk|slackmembers/check), roles: ROLE_ADMIN} - { path: ^/member, roles: [ROLE_USER, ROLE_MEMBER_EXPIRED]} - - { path: ^/admin/(members/reporting|association/relances|talk|slackmembers/check), roles: ROLE_NO_ACCESS} - { path: ^/admin/, roles: ROLE_MEMBER_EXPIRED } - { path: ^/blog, allow_if: "request.getClientIp() in ['217.70.189.71', '127.0.0.1', '192.168.42.1'] or request.server.get('ALLOW_BLOG_FROM_ALL') == 1 or request.headers.get('x-afup-blog-api-key') == '%blog_api_key%'" } - { path: ^/blog, roles: ROLE_NO_ACCESS } diff --git a/tests/behat/features/Admin/AdminGithubUsers.feature b/tests/behat/features/Admin/AdminGithubUsers.feature index 32e3da61e..96a50eb4f 100644 --- a/tests/behat/features/Admin/AdminGithubUsers.feature +++ b/tests/behat/features/Admin/AdminGithubUsers.feature @@ -1,6 +1,12 @@ Feature: Administration - Partie GitHub Users @reloadDbWithTestData + + Scenario: Un membre ne peut pas accéder aux utilisateurs GitHub + Given I am logged-in with the user "paul" and the password "paul" + And I am on "/admin/event/github-user/" + Then the response status code should be 403 + Scenario Outline: Accès à la liste des utilisateurs GitHub Given I am logged in as admin and on the Administration And I follow "Github Users" diff --git a/tests/behat/features/Admin/AdminSpeakers.feature b/tests/behat/features/Admin/AdminSpeakers.feature index fbd5e332b..789f21510 100644 --- a/tests/behat/features/Admin/AdminSpeakers.feature +++ b/tests/behat/features/Admin/AdminSpeakers.feature @@ -1,6 +1,12 @@ Feature: Administration - Partie Speakers @reloadDbWithTestData + + Scenario: Un membre ne peut pas accéder à la gestion des Speakers + Given I am logged-in with the user "paul" and the password "paul" + And I am on "/admin/event/speakers-management" + Then the response status code should be 403 + Scenario: Ajout/modification/suppression d'un speaker Given I am logged in as admin and on the Administration And I follow "Speakers" diff --git a/tests/behat/features/Admin/AdminTarifications.feature b/tests/behat/features/Admin/AdminTarifications.feature index 782506d45..0e81bd09c 100644 --- a/tests/behat/features/Admin/AdminTarifications.feature +++ b/tests/behat/features/Admin/AdminTarifications.feature @@ -1,6 +1,12 @@ Feature: Administration - Partie Tarifications @reloadDbWithTestData + + Scenario: Un membre ne peut pas accéder à la tarification + Given I am logged-in with the user "paul" and the password "paul" + And I am on "/admin/event/prices" + Then the response status code should be 403 + Scenario: Ajout d'une tarification Given I am logged in as admin and on the Administration And I follow "Tarifications" diff --git a/tests/behat/features/Admin/AdminVenueSpeakers.feature b/tests/behat/features/Admin/AdminVenueSpeakers.feature index f2a2ec25c..c1c38c443 100644 --- a/tests/behat/features/Admin/AdminVenueSpeakers.feature +++ b/tests/behat/features/Admin/AdminVenueSpeakers.feature @@ -1,6 +1,12 @@ Feature: Administration - Partie Venue Speakers @reloadDbWithTestData + + Scenario: Un membre ne peut pas accéder aux venues Speakers + Given I am logged-in with the user "paul" and the password "paul" + And I am on "/admin/event/speakers-expenses" + Then the response status code should be 403 + Scenario: Liste des speakers liés à un évènement et modification d'une information sur la page info speaker Given I am logged in as admin and on the Administration And I follow "Venue speakers" diff --git a/tests/behat/features/Admin/Events/GestionEvenements.feature b/tests/behat/features/Admin/Events/GestionEvenements.feature index b6fac9eb3..9c41f7b7f 100644 --- a/tests/behat/features/Admin/Events/GestionEvenements.feature +++ b/tests/behat/features/Admin/Events/GestionEvenements.feature @@ -4,6 +4,25 @@ Feature: Administration - Évènements - Gestions Évènements @clearEmails @clearAllMailInscriptionAttachments @clearAllSponsorFiles + + Scenario: Un membre ne peut pas accéder à la liste des événements + Given I am logged-in with the user "paul" and the password "paul" + And I am on "/admin/event/list" + Then the response status code should be 403 + + Scenario: Supression d'un évènement vide + Given I am logged in as admin and on the Administration + And I follow "Gestion évènements" + Then the ".content h2" element should contain "Liste des évènements" + When I follow "Ajouter" + Then I fill in "titre" with "SUPP" + And I fill in "nb_places" with "3" + And I press "Soumettre" + Then I should see "Le forum a été ajouté" + And I should see "Liste des évènements" + When I follow the button of tooltip "Supprimer le forum SUPP" + And I should see "Événement supprimé" + Scenario: On crée un nouvel évènement vide Given I am logged in as admin and on the Administration And I follow "Gestion évènements" diff --git a/tests/behat/features/Admin/Events/Salles.feature b/tests/behat/features/Admin/Events/Salles.feature index 7d4492c50..fb1c04cc8 100644 --- a/tests/behat/features/Admin/Events/Salles.feature +++ b/tests/behat/features/Admin/Events/Salles.feature @@ -1,6 +1,12 @@ Feature: Administration - Évènements - Salles @reloadDbWithTestData + + Scenario: Un membre ne peut pas accéder aux Salles + Given I am logged-in with the user "paul" and the password "paul" + And I am on "/admin/event/room" + Then the response status code should be 403 + Scenario: On crée une nouvelle salle vide Given I am logged in as admin and on the Administration And I follow "Salles" diff --git a/tests/behat/features/Admin/Events/Suivi.feature b/tests/behat/features/Admin/Events/Suivi.feature index 24d11a9ec..dc1117c59 100644 --- a/tests/behat/features/Admin/Events/Suivi.feature +++ b/tests/behat/features/Admin/Events/Suivi.feature @@ -1,6 +1,12 @@ Feature: Administration - Évènements - Suivi @reloadDbWithTestData + + Scenario: Un membre ne peut pas accéder aux stats + Given I am logged-in with the user "paul" and the password "paul" + And I am on "/admin/event/stats" + Then the response status code should be 403 + Scenario: On vérifie la page du suivi Given I am logged in as admin and on the Administration And I follow "Suivi" diff --git a/tests/behat/features/Admin/Events/TokensSponsors.feature b/tests/behat/features/Admin/Events/TokensSponsors.feature index 139b79fb7..e64106d45 100644 --- a/tests/behat/features/Admin/Events/TokensSponsors.feature +++ b/tests/behat/features/Admin/Events/TokensSponsors.feature @@ -2,6 +2,12 @@ Feature: Administration - Évènements - Tokens Sponsors @reloadDbWithTestData @clearEmails + + Scenario: Un membre ne peut pas accéder aux tokens Sponsors + Given I am logged-in with the user "paul" and the password "paul" + And I am on "/admin/event/sponsor" + Then the response status code should be 403 + Scenario: Tickets sponsors Given I am logged in as admin and on the Administration And I follow "Tokens sponsors" diff --git a/tests/behat/features/Admin/Events/TokensVIsiteurs.feature b/tests/behat/features/Admin/Events/TokensVIsiteurs.feature index 4f3334733..6521ea593 100644 --- a/tests/behat/features/Admin/Events/TokensVIsiteurs.feature +++ b/tests/behat/features/Admin/Events/TokensVIsiteurs.feature @@ -1,6 +1,12 @@ Feature: Administration - Évènements - Tokens Visiteurs @reloadDbWithTestData + + Scenario: Un membre ne peut pas accéder aux tokens visiteurs + Given I am logged-in with the user "paul" and the password "paul" + And I am on "/admin/event/special_price" + Then the response status code should be 403 + Scenario: Création d'un token visiteurs Given I am logged in as admin and on the Administration And I follow "Tokens visiteurs" diff --git a/tests/behat/features/Admin/Events/Virements.feature b/tests/behat/features/Admin/Events/Virements.feature index be3a94ef3..cd9aafd2c 100644 --- a/tests/behat/features/Admin/Events/Virements.feature +++ b/tests/behat/features/Admin/Events/Virements.feature @@ -1,6 +1,12 @@ Feature: Administration - Évènements - Virements en attente @reloadDbWithTestData + + Scenario: Un membre ne peut pas accéder aux virements en attente + Given I am logged-in with the user "paul" and the password "paul" + And I am on "/admin/event/bankwires" + Then the response status code should be 403 + Scenario: Accès à la liste des virements Given I am logged in as admin and on the Administration # Ajout d'une inscription avec virement diff --git a/tests/behat/features/Admin/Events/VoteVisiteur.feature b/tests/behat/features/Admin/Events/VoteVisiteur.feature index c72faa10c..3ab235ff8 100644 --- a/tests/behat/features/Admin/Events/VoteVisiteur.feature +++ b/tests/behat/features/Admin/Events/VoteVisiteur.feature @@ -1,6 +1,12 @@ Feature: Administration - Évènements - Vote Visiteur @reloadDbWithTestData + + Scenario: Un membre ne peut pas accéder aux votes visiteurs + Given I am logged-in with the user "paul" and the password "paul" + And I am on "/admin/vote/" + Then the response status code should be 403 + Scenario: Accès aux votes des visiteurs Given I am logged in as admin and on the Administration And I follow "Votes visiteurs" diff --git a/tests/behat/features/Admin/Members/GeneralMeeting/GeneralMeeting.feature b/tests/behat/features/Admin/Members/GeneralMeeting/GeneralMeeting.feature index 7b7c3ed68..0277fe944 100644 --- a/tests/behat/features/Admin/Members/GeneralMeeting/GeneralMeeting.feature +++ b/tests/behat/features/Admin/Members/GeneralMeeting/GeneralMeeting.feature @@ -1,6 +1,17 @@ Feature: Administration - Partie Assemblée Générale @reloadDbWithTestData + + Scenario: Un membre ne peut pas accéder à la gestion de l'assemblée générale + Given I am logged-in with the user "paul" and the password "paul" + And I am on "/admin/members/general_meeting" + Then the response status code should be 403 + + Scenario: Un membre ne peut pas accéder à la préparation de l'assemblée générale + Given I am logged-in with the user "paul" and the password "paul" + And I am on "/admin/members/general_meeting/prepare" + Then the response status code should be 403 + Scenario: Créer une assemblée générale Given I am logged in as admin and on the Administration And I follow "Assemblée générale" diff --git a/tests/behat/features/Admin/Members/GeneralMeeting/GeneralMeetingQuestions.feature b/tests/behat/features/Admin/Members/GeneralMeeting/GeneralMeetingQuestions.feature index 1d509ee64..de5a7d587 100644 --- a/tests/behat/features/Admin/Members/GeneralMeeting/GeneralMeetingQuestions.feature +++ b/tests/behat/features/Admin/Members/GeneralMeeting/GeneralMeetingQuestions.feature @@ -1,6 +1,12 @@ Feature: Administration - Partie Assemblée Générale Questions @reloadDbWithTestData + + Scenario: Un membre ne peut pas accéder aux questions de l'assemblée générale + Given I am logged-in with the user "paul" and the password "paul" + And I am on "/admin/members/general_meeting_vote" + Then the response status code should be 403 + Scenario: Accès à la liste des questions Given I am logged in as admin and on the Administration And I follow "Assemblée générale - votes" diff --git a/tests/behat/features/Admin/Members/GeneralMeeting/GeneralMeetingReports.feature b/tests/behat/features/Admin/Members/GeneralMeeting/GeneralMeetingReports.feature index dcabfad11..3be894ec7 100644 --- a/tests/behat/features/Admin/Members/GeneralMeeting/GeneralMeetingReports.feature +++ b/tests/behat/features/Admin/Members/GeneralMeeting/GeneralMeetingReports.feature @@ -1,6 +1,12 @@ Feature: Administration - Partie Assemblée Générale CR @reloadDbWithTestData + + Scenario: Un membre ne peut pas accéder aux comptes rendus de l'ssemblée générale + Given I am logged-in with the user "paul" and the password "paul" + And I am on "/admin/members/general_meeting/reports" + Then the response status code should be 403 + Scenario: Accède à la liste des CR Given I am logged in as admin and on the Administration And I follow "Assemblée générale" diff --git a/tests/behat/features/Admin/PlanetePHP/BIllets.feature b/tests/behat/features/Admin/PlanetePHP/BIllets.feature index a2efbfc18..a37340373 100644 --- a/tests/behat/features/Admin/PlanetePHP/BIllets.feature +++ b/tests/behat/features/Admin/PlanetePHP/BIllets.feature @@ -1,8 +1,16 @@ Feature: Administration - Planète PHP - Billets @reloadDbWithTestData + + Scenario: Un membre ne peut pas accéder à la gestion de planète PHP + Given I am logged-in with the user "paul" and the password "paul" + And I am on "/admin/planete/feed-articles" + Then the response status code should be 403 + Scenario: Gestion des flux Given I am logged in as admin and on the Administration When I follow "Billets" Then the ".content h2" element should contain "Billets" And I should see "Un titre Le contenu du super article Actif" + + diff --git a/tests/behat/features/Admin/PlanetePHP/Flux.feature b/tests/behat/features/Admin/PlanetePHP/Flux.feature index 557e6d7cd..e70609fff 100644 --- a/tests/behat/features/Admin/PlanetePHP/Flux.feature +++ b/tests/behat/features/Admin/PlanetePHP/Flux.feature @@ -1,6 +1,18 @@ Feature: Administration - Planète PHP - Flux @reloadDbWithTestData + + Scenario: Un membre ne peut pas accéder à la gestion de planète PHP + Given I am logged-in with the user "paul" and the password "paul" + And I am on "/admin/planete/feeds" + Then the response status code should be 403 + And I am on "/admin/planete/feeds/add" + Then the response status code should be 403 + And I am on "/admin/planete/feeds/edit" + Then the response status code should be 403 + And I am on "/admin/planete/feeds/delete" + Then the response status code should be 403 + Scenario: Gestion des flux Given I am logged in as admin and on the Administration When I follow "Flux" diff --git a/tests/behat/features/Admin/Site/AdminSiteRubriques.feature b/tests/behat/features/Admin/Site/AdminSiteRubriques.feature index 2197e1514..2692db013 100644 --- a/tests/behat/features/Admin/Site/AdminSiteRubriques.feature +++ b/tests/behat/features/Admin/Site/AdminSiteRubriques.feature @@ -1,6 +1,16 @@ Feature: Administration - Partie Site @reloadDbWithTestData + + Scenario: Un membre ne peut pas accéder à la gestion du site + Given I am logged-in with the user "paul" and the password "paul" + And I am on "/admin/site/rubriques" + Then the response status code should be 403 + And I am on "/admin/site/rubriques/add" + Then the response status code should be 403 + And I am on "/admin/site/rubriques/delete" + Then the response status code should be 403 + Scenario: Ajout/modification/suppression d'une rubrique Given I am logged in as admin and on the Administration And I follow "Rubriques"