diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2016-02-01 18:18:17 +0100 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2016-02-01 18:23:40 +0100 |
| commit | d72c0ffbc6c68f02c46d4060996738aabc869a6f (patch) | |
| tree | 09106c104b53bfe3e51a17c3c66b12923f663dd4 /apps/dav/tests/unit | |
| parent | b4853f3fce696b8b89f0dd898b25d7fde93e1a92 (diff) | |
| download | nextcloud-server-d72c0ffbc6c68f02c46d4060996738aabc869a6f.tar.gz nextcloud-server-d72c0ffbc6c68f02c46d4060996738aabc869a6f.zip | |
Make sure user has access to file for system tag operations
Fixes DAV's SystemTagsObjectTypeCollection to not give access to files
where the current user doesn't have access to.
Diffstat (limited to 'apps/dav/tests/unit')
| -rw-r--r-- | apps/dav/tests/unit/systemtag/systemtagplugin.php | 34 | ||||
| -rw-r--r-- | apps/dav/tests/unit/systemtag/systemtagsobjecttypecollection.php | 47 |
2 files changed, 78 insertions, 3 deletions
diff --git a/apps/dav/tests/unit/systemtag/systemtagplugin.php b/apps/dav/tests/unit/systemtag/systemtagplugin.php index 873dd7088a8..b026451701f 100644 --- a/apps/dav/tests/unit/systemtag/systemtagplugin.php +++ b/apps/dav/tests/unit/systemtag/systemtagplugin.php @@ -272,6 +272,40 @@ class SystemTagPlugin extends \Test\TestCase { } /** + * @expectedException \Sabre\DAV\Exception\NotFound + */ + public function testCreateTagToUnknownNode() { + $systemTag = new SystemTag(1, 'Test', true, false); + + $node = $this->getMockBuilder('\OCA\DAV\SystemTag\SystemTagsObjectMappingCollection') + ->disableOriginalConstructor() + ->getMock(); + + $this->tree->expects($this->any()) + ->method('getNodeForPath') + ->will($this->throwException(new \Sabre\DAV\Exception\NotFound())); + + $this->tagManager->expects($this->never()) + ->method('createTag'); + + $node->expects($this->never()) + ->method('createFile'); + + $request = $this->getMockBuilder('Sabre\HTTP\RequestInterface') + ->disableOriginalConstructor() + ->getMock(); + $response = $this->getMockBuilder('Sabre\HTTP\ResponseInterface') + ->disableOriginalConstructor() + ->getMock(); + + $request->expects($this->once()) + ->method('getPath') + ->will($this->returnValue('/systemtags-relations/files/12')); + + $this->plugin->httpPost($request, $response); + } + + /** * @dataProvider nodeClassProvider * @expectedException Sabre\DAV\Exception\Conflict */ diff --git a/apps/dav/tests/unit/systemtag/systemtagsobjecttypecollection.php b/apps/dav/tests/unit/systemtag/systemtagsobjecttypecollection.php index e6d94803cc0..1d4264f94f9 100644 --- a/apps/dav/tests/unit/systemtag/systemtagsobjecttypecollection.php +++ b/apps/dav/tests/unit/systemtag/systemtagsobjecttypecollection.php @@ -38,6 +38,11 @@ class SystemTagsObjectTypeCollection extends \Test\TestCase { */ private $tagMapper; + /** + * @var \OCP\Files\Folder + */ + private $userFolder; + protected function setUp() { parent::setUp(); @@ -58,12 +63,21 @@ class SystemTagsObjectTypeCollection extends \Test\TestCase { ->with('testuser') ->will($this->returnValue(true)); + $this->userFolder = $this->getMock('\OCP\Files\Folder'); + + $fileRoot = $this->getMock('\OCP\Files\IRootFolder'); + $fileRoot->expects($this->any()) + ->method('getUserfolder') + ->with('testuser') + ->will($this->returnValue($this->userFolder)); + $this->node = new \OCA\DAV\SystemTag\SystemTagsObjectTypeCollection( 'files', $this->tagManager, $this->tagMapper, $userSession, - $groupManager + $groupManager, + $fileRoot ); } @@ -82,10 +96,25 @@ class SystemTagsObjectTypeCollection extends \Test\TestCase { } public function testGetChild() { - $childNode = $this->node->getChild('files'); + $this->userFolder->expects($this->once()) + ->method('getById') + ->with('555') + ->will($this->returnValue([true])); + $childNode = $this->node->getChild('555'); $this->assertInstanceOf('\OCA\DAV\SystemTag\SystemTagsObjectMappingCollection', $childNode); - $this->assertEquals('files', $childNode->getName()); + $this->assertEquals('555', $childNode->getName()); + } + + /** + * @expectedException Sabre\DAV\Exception\NotFound + */ + public function testGetChildWithoutAccess() { + $this->userFolder->expects($this->once()) + ->method('getById') + ->with('555') + ->will($this->returnValue([])); + $this->node->getChild('555'); } /** @@ -96,9 +125,21 @@ class SystemTagsObjectTypeCollection extends \Test\TestCase { } public function testChildExists() { + $this->userFolder->expects($this->once()) + ->method('getById') + ->with('123') + ->will($this->returnValue([true])); $this->assertTrue($this->node->childExists('123')); } + public function testChildExistsWithoutAccess() { + $this->userFolder->expects($this->once()) + ->method('getById') + ->with('555') + ->will($this->returnValue([])); + $this->assertFalse($this->node->childExists('555')); + } + /** * @expectedException Sabre\DAV\Exception\Forbidden */ |