aboutsummaryrefslogtreecommitdiffstats
path: root/apps/dav/tests/unit/comments/commentnode.php
diff options
context:
space:
mode:
authorArthur Schiwon <blizzz@owncloud.com>2016-02-04 12:57:48 +0100
committerArthur Schiwon <blizzz@owncloud.com>2016-02-04 12:57:48 +0100
commita480b2261b04f1972843028270029dc2ce76253d (patch)
treeabc240f9f3327600fc2b74fe5f4a45a1fb2234a9 /apps/dav/tests/unit/comments/commentnode.php
parentcd16ba5cb3bf9333b0ecacab4bf152c1b692ed59 (diff)
downloadnextcloud-server-a480b2261b04f1972843028270029dc2ce76253d.tar.gz
nextcloud-server-a480b2261b04f1972843028270029dc2ce76253d.zip
Check for authorship on edit and delete attempts
Diffstat (limited to 'apps/dav/tests/unit/comments/commentnode.php')
-rw-r--r--apps/dav/tests/unit/comments/commentnode.php171
1 files changed, 170 insertions, 1 deletions
diff --git a/apps/dav/tests/unit/comments/commentnode.php b/apps/dav/tests/unit/comments/commentnode.php
index 44ac54ae937..8d1bf06ab60 100644
--- a/apps/dav/tests/unit/comments/commentnode.php
+++ b/apps/dav/tests/unit/comments/commentnode.php
@@ -51,10 +51,28 @@ class CommentsNode extends \Test\TestCase {
}
public function testDelete() {
+ $user = $this->getMock('\OCP\IUser');
+
+ $user->expects($this->once())
+ ->method('getUID')
+ ->will($this->returnValue('alice'));
+
+ $this->userSession->expects($this->once())
+ ->method('getUser')
+ ->will($this->returnValue($user));
+
$this->comment->expects($this->once())
->method('getId')
->will($this->returnValue('19'));
+ $this->comment->expects($this->any())
+ ->method('getActorType')
+ ->will($this->returnValue('users'));
+
+ $this->comment->expects($this->any())
+ ->method('getActorId')
+ ->will($this->returnValue('alice'));
+
$this->commentsManager->expects($this->once())
->method('delete')
->with('19');
@@ -62,6 +80,37 @@ class CommentsNode extends \Test\TestCase {
$this->node->delete();
}
+ /**
+ * @expectedException \Sabre\DAV\Exception\Forbidden
+ */
+ public function testDeleteForbidden() {
+ $user = $this->getMock('\OCP\IUser');
+
+ $user->expects($this->once())
+ ->method('getUID')
+ ->will($this->returnValue('mallory'));
+
+ $this->userSession->expects($this->once())
+ ->method('getUser')
+ ->will($this->returnValue($user));
+
+ $this->comment->expects($this->never())
+ ->method('getId');
+
+ $this->comment->expects($this->any())
+ ->method('getActorType')
+ ->will($this->returnValue('users'));
+
+ $this->comment->expects($this->any())
+ ->method('getActorId')
+ ->will($this->returnValue('alice'));
+
+ $this->commentsManager->expects($this->never())
+ ->method('delete');
+
+ $this->node->delete();
+ }
+
public function testGetName() {
$id = '19';
$this->comment->expects($this->once())
@@ -85,10 +134,28 @@ class CommentsNode extends \Test\TestCase {
public function testUpdateComment() {
$msg = 'Hello Earth';
+ $user = $this->getMock('\OCP\IUser');
+
+ $user->expects($this->once())
+ ->method('getUID')
+ ->will($this->returnValue('alice'));
+
+ $this->userSession->expects($this->once())
+ ->method('getUser')
+ ->will($this->returnValue($user));
+
$this->comment->expects($this->once())
->method('setMessage')
->with($msg);
+ $this->comment->expects($this->any())
+ ->method('getActorType')
+ ->will($this->returnValue('users'));
+
+ $this->comment->expects($this->any())
+ ->method('getActorId')
+ ->will($this->returnValue('alice'));
+
$this->commentsManager->expects($this->once())
->method('save')
->with($this->comment);
@@ -96,14 +163,32 @@ class CommentsNode extends \Test\TestCase {
$this->assertTrue($this->node->updateComment($msg));
}
- public function testUpdateCommentException() {
+ public function testUpdateCommentLogException() {
$msg = null;
+ $user = $this->getMock('\OCP\IUser');
+
+ $user->expects($this->once())
+ ->method('getUID')
+ ->will($this->returnValue('alice'));
+
+ $this->userSession->expects($this->once())
+ ->method('getUser')
+ ->will($this->returnValue($user));
+
$this->comment->expects($this->once())
->method('setMessage')
->with($msg)
->will($this->throwException(new \Exception('buh!')));
+ $this->comment->expects($this->any())
+ ->method('getActorType')
+ ->will($this->returnValue('users'));
+
+ $this->comment->expects($this->any())
+ ->method('getActorId')
+ ->will($this->returnValue('alice'));
+
$this->commentsManager->expects($this->never())
->method('save');
@@ -113,6 +198,90 @@ class CommentsNode extends \Test\TestCase {
$this->assertFalse($this->node->updateComment($msg));
}
+ /**
+ * @expectedException \Sabre\DAV\Exception\Forbidden
+ */
+ public function testUpdateForbiddenByUser() {
+ $msg = 'HaXX0r';
+
+ $user = $this->getMock('\OCP\IUser');
+
+ $user->expects($this->once())
+ ->method('getUID')
+ ->will($this->returnValue('mallory'));
+
+ $this->userSession->expects($this->once())
+ ->method('getUser')
+ ->will($this->returnValue($user));
+
+ $this->comment->expects($this->never())
+ ->method('setMessage');
+
+ $this->comment->expects($this->any())
+ ->method('getActorType')
+ ->will($this->returnValue('users'));
+
+ $this->comment->expects($this->any())
+ ->method('getActorId')
+ ->will($this->returnValue('alice'));
+
+ $this->commentsManager->expects($this->never())
+ ->method('save');
+
+ $this->node->updateComment($msg);
+ }
+
+ /**
+ * @expectedException \Sabre\DAV\Exception\Forbidden
+ */
+ public function testUpdateForbiddenByType() {
+ $msg = 'HaXX0r';
+
+ $user = $this->getMock('\OCP\IUser');
+
+ $user->expects($this->never())
+ ->method('getUID');
+
+ $this->userSession->expects($this->once())
+ ->method('getUser')
+ ->will($this->returnValue($user));
+
+ $this->comment->expects($this->never())
+ ->method('setMessage');
+
+ $this->comment->expects($this->any())
+ ->method('getActorType')
+ ->will($this->returnValue('bots'));
+
+ $this->commentsManager->expects($this->never())
+ ->method('save');
+
+ $this->node->updateComment($msg);
+ }
+
+ /**
+ * @expectedException \Sabre\DAV\Exception\Forbidden
+ */
+ public function testUpdateForbiddenByNotLoggedIn() {
+ $msg = 'HaXX0r';
+
+ $this->userSession->expects($this->once())
+ ->method('getUser')
+ ->will($this->returnValue(null));
+
+ $this->comment->expects($this->never())
+ ->method('setMessage');
+
+ $this->comment->expects($this->any())
+ ->method('getActorType')
+ ->will($this->returnValue('users'));
+
+ $this->commentsManager->expects($this->never())
+ ->method('save');
+
+ $this->node->updateComment($msg);
+ }
+
public function testPropPatch() {
$propPatch = $this->getMockBuilder('Sabre\DAV\PropPatch')
->disableOriginalConstructor()