diff options
author | Arthur Schiwon <blizzz@owncloud.com> | 2016-02-04 12:57:48 +0100 |
---|---|---|
committer | Arthur Schiwon <blizzz@owncloud.com> | 2016-02-04 12:57:48 +0100 |
commit | a480b2261b04f1972843028270029dc2ce76253d (patch) | |
tree | abc240f9f3327600fc2b74fe5f4a45a1fb2234a9 /apps/dav/tests/unit/comments/commentnode.php | |
parent | cd16ba5cb3bf9333b0ecacab4bf152c1b692ed59 (diff) | |
download | nextcloud-server-a480b2261b04f1972843028270029dc2ce76253d.tar.gz nextcloud-server-a480b2261b04f1972843028270029dc2ce76253d.zip |
Check for authorship on edit and delete attempts
Diffstat (limited to 'apps/dav/tests/unit/comments/commentnode.php')
-rw-r--r-- | apps/dav/tests/unit/comments/commentnode.php | 171 |
1 files changed, 170 insertions, 1 deletions
diff --git a/apps/dav/tests/unit/comments/commentnode.php b/apps/dav/tests/unit/comments/commentnode.php index 44ac54ae937..8d1bf06ab60 100644 --- a/apps/dav/tests/unit/comments/commentnode.php +++ b/apps/dav/tests/unit/comments/commentnode.php @@ -51,10 +51,28 @@ class CommentsNode extends \Test\TestCase { } public function testDelete() { + $user = $this->getMock('\OCP\IUser'); + + $user->expects($this->once()) + ->method('getUID') + ->will($this->returnValue('alice')); + + $this->userSession->expects($this->once()) + ->method('getUser') + ->will($this->returnValue($user)); + $this->comment->expects($this->once()) ->method('getId') ->will($this->returnValue('19')); + $this->comment->expects($this->any()) + ->method('getActorType') + ->will($this->returnValue('users')); + + $this->comment->expects($this->any()) + ->method('getActorId') + ->will($this->returnValue('alice')); + $this->commentsManager->expects($this->once()) ->method('delete') ->with('19'); @@ -62,6 +80,37 @@ class CommentsNode extends \Test\TestCase { $this->node->delete(); } + /** + * @expectedException \Sabre\DAV\Exception\Forbidden + */ + public function testDeleteForbidden() { + $user = $this->getMock('\OCP\IUser'); + + $user->expects($this->once()) + ->method('getUID') + ->will($this->returnValue('mallory')); + + $this->userSession->expects($this->once()) + ->method('getUser') + ->will($this->returnValue($user)); + + $this->comment->expects($this->never()) + ->method('getId'); + + $this->comment->expects($this->any()) + ->method('getActorType') + ->will($this->returnValue('users')); + + $this->comment->expects($this->any()) + ->method('getActorId') + ->will($this->returnValue('alice')); + + $this->commentsManager->expects($this->never()) + ->method('delete'); + + $this->node->delete(); + } + public function testGetName() { $id = '19'; $this->comment->expects($this->once()) @@ -85,10 +134,28 @@ class CommentsNode extends \Test\TestCase { public function testUpdateComment() { $msg = 'Hello Earth'; + $user = $this->getMock('\OCP\IUser'); + + $user->expects($this->once()) + ->method('getUID') + ->will($this->returnValue('alice')); + + $this->userSession->expects($this->once()) + ->method('getUser') + ->will($this->returnValue($user)); + $this->comment->expects($this->once()) ->method('setMessage') ->with($msg); + $this->comment->expects($this->any()) + ->method('getActorType') + ->will($this->returnValue('users')); + + $this->comment->expects($this->any()) + ->method('getActorId') + ->will($this->returnValue('alice')); + $this->commentsManager->expects($this->once()) ->method('save') ->with($this->comment); @@ -96,14 +163,32 @@ class CommentsNode extends \Test\TestCase { $this->assertTrue($this->node->updateComment($msg)); } - public function testUpdateCommentException() { + public function testUpdateCommentLogException() { $msg = null; + $user = $this->getMock('\OCP\IUser'); + + $user->expects($this->once()) + ->method('getUID') + ->will($this->returnValue('alice')); + + $this->userSession->expects($this->once()) + ->method('getUser') + ->will($this->returnValue($user)); + $this->comment->expects($this->once()) ->method('setMessage') ->with($msg) ->will($this->throwException(new \Exception('buh!'))); + $this->comment->expects($this->any()) + ->method('getActorType') + ->will($this->returnValue('users')); + + $this->comment->expects($this->any()) + ->method('getActorId') + ->will($this->returnValue('alice')); + $this->commentsManager->expects($this->never()) ->method('save'); @@ -113,6 +198,90 @@ class CommentsNode extends \Test\TestCase { $this->assertFalse($this->node->updateComment($msg)); } + /** + * @expectedException \Sabre\DAV\Exception\Forbidden + */ + public function testUpdateForbiddenByUser() { + $msg = 'HaXX0r'; + + $user = $this->getMock('\OCP\IUser'); + + $user->expects($this->once()) + ->method('getUID') + ->will($this->returnValue('mallory')); + + $this->userSession->expects($this->once()) + ->method('getUser') + ->will($this->returnValue($user)); + + $this->comment->expects($this->never()) + ->method('setMessage'); + + $this->comment->expects($this->any()) + ->method('getActorType') + ->will($this->returnValue('users')); + + $this->comment->expects($this->any()) + ->method('getActorId') + ->will($this->returnValue('alice')); + + $this->commentsManager->expects($this->never()) + ->method('save'); + + $this->node->updateComment($msg); + } + + /** + * @expectedException \Sabre\DAV\Exception\Forbidden + */ + public function testUpdateForbiddenByType() { + $msg = 'HaXX0r'; + + $user = $this->getMock('\OCP\IUser'); + + $user->expects($this->never()) + ->method('getUID'); + + $this->userSession->expects($this->once()) + ->method('getUser') + ->will($this->returnValue($user)); + + $this->comment->expects($this->never()) + ->method('setMessage'); + + $this->comment->expects($this->any()) + ->method('getActorType') + ->will($this->returnValue('bots')); + + $this->commentsManager->expects($this->never()) + ->method('save'); + + $this->node->updateComment($msg); + } + + /** + * @expectedException \Sabre\DAV\Exception\Forbidden + */ + public function testUpdateForbiddenByNotLoggedIn() { + $msg = 'HaXX0r'; + + $this->userSession->expects($this->once()) + ->method('getUser') + ->will($this->returnValue(null)); + + $this->comment->expects($this->never()) + ->method('setMessage'); + + $this->comment->expects($this->any()) + ->method('getActorType') + ->will($this->returnValue('users')); + + $this->commentsManager->expects($this->never()) + ->method('save'); + + $this->node->updateComment($msg); + } + public function testPropPatch() { $propPatch = $this->getMockBuilder('Sabre\DAV\PropPatch') ->disableOriginalConstructor() |