mirror_php/humhub
1
0
Fork 0
mirror of https://github.com/humhub/humhub.git synced 2025-01-16 21:58:17 +01:00
Code Issues Projects Releases Wiki Activity

Fix #2721 delete space button not visible for system admin

Browse Source 
Added additional space management tests
This commit is contained in:
buddh4 2018-07-20 01:14:14 +02:00
parent 069259f8de
commit cd6d548c5c
13 changed files with 156 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
protected/humhub/components/access/ControllerAccess.php
View File

@ -424,7 +424,7 @@ class ControllerAccess extends BaseObject
*/
public function validatePostRequest()
{
return Yii::$app->request->method == 'POST';
return Yii::$app->request->isPost;
}
/**

2
protected/humhub/docs/CHANGELOG.md
View File

@ -9,6 +9,8 @@ HumHub Change Log
- Fix: space archive activity wrong originator assignment
- Fix: suppress "unable to determine dataType" error for aborted xhr requests
- Enh: added `FunctionalTester::loginBySpaceUserGroup()` and `FunctionalTest::assertSpaceAccessStatus()` for ACL testing
- Fix #2721 delete space button not visible for system admin
- Enh: added `humhub\modules\space\behaviors\SpaceModelMembership::canDelete()`
1.3.0-beta.2 (July 18, 2018)
-----------------------------

9
protected/humhub/modules/space/behaviors/SpaceModelMembership.php
View File

@ -157,6 +157,15 @@ class SpaceModelMembership extends Behavior
return $this->_spaceOwner;
}
/**
* @return bool checks if the current user is allowed to delete this space
* @since 1.3
*/
public function canDelete()
{
return Yii::$app->user->isAdmin() || $this->isSpaceOwner();
}
/**
* Is given User owner of this Space
* @param User|int|null $userId

21
protected/humhub/modules/space/modules/manage/controllers/DefaultController.php
View File

@ -8,6 +8,7 @@
namespace humhub\modules\space\modules\manage\controllers;
use humhub\modules\content\components\ContentContainerControllerAccess;
use humhub\modules\space\components\UrlRule;
use Yii;
use humhub\modules\space\models\Space;
@ -34,10 +35,8 @@ class DefaultController extends Controller
public function getAccessRules()
{
$result = parent::getAccessRules();
$result[] = [
'userGroup' => [Space::USERGROUP_OWNER], 'actions' => ['archive', 'unarchive', 'delete']
];
$result[] = [ContentContainerControllerAccess::RULE_USER_GROUP_ONLY => [Space::USERGROUP_OWNER], 'actions' => ['archive', 'unarchive', 'delete']];
$result[] = [ContentContainerControllerAccess::RULE_POST => ['archive', 'unarchive']];
return $result;
}
@ -90,15 +89,10 @@ class DefaultController extends Controller
// Create Activity when the space in archieved
SpaceArchieved::instance()->from(Yii::$app->user->getIdentity())->about($space->owner)->save();
if (Yii::$app->request->isAjax) {
Yii::$app->response->format = 'json';
return [
'success' => true,
'space' => Chooser::getSpaceResult($space, true, ['isMember' => true])
];
}
return $this->redirect($space->createUrl('/space/manage'));
return $this->asJson( [
'success' => true,
'space' => Chooser::getSpaceResult($space, true, ['isMember' => true])
]);
}
/**
@ -136,5 +130,4 @@ class DefaultController extends Controller
return $this->render('delete', ['model' => $model, 'space' => $this->getSpace()]);
}
}

5
protected/humhub/modules/space/modules/manage/controllers/MemberController.php
View File

@ -31,9 +31,7 @@ class MemberController extends Controller
public function getAccessRules()
{
$result = parent::getAccessRules();
$result[] = [
'userGroup' => [Space::USERGROUP_OWNER], 'actions' => ['change-owner']
];
$result[] = ['userGroup' => [Space::USERGROUP_OWNER], 'actions' => ['change-owner']];
return $result;
}
@ -186,7 +184,6 @@ class MemberController extends Controller
if ($model->load(Yii::$app->request->post()) && $model->validate()) {
$space->setSpaceOwner($model->ownerId);
return $this->redirect($space->getUrl());
}

3
protected/humhub/modules/space/modules/manage/models/ChangeOwnerForm.php
View File

@ -8,6 +8,7 @@
namespace humhub\modules\space\modules\manage\models;
use humhub\modules\space\models\Space;
use Yii;
use yii\base\Model;
use humhub\modules\space\models\Membership;
@ -60,7 +61,7 @@ class ChangeOwnerForm extends Model
{
$possibleOwners = [];
$query = Membership::find()->joinWith(['user', 'user.profile'])->andWhere(['space_membership.group_id' => 'admin', 'space_membership.space_id' => $this->space->id]);
$query = Membership::find()->joinWith(['user', 'user.profile'])->andWhere(['space_membership.group_id' => Space::USERGROUP_ADMIN, 'space_membership.space_id' => $this->space->id]);
foreach ($query->all() as $membership) {
$possibleOwners[$membership->user->id] = $membership->user->displayName;
}

19
protected/humhub/modules/space/modules/manage/views/default/delete.php
View File

@ -1,8 +1,9 @@
<?php
use humhub\compat\CActiveForm;
use yii\bootstrap\ActiveForm;
use humhub\modules\space\modules\manage\widgets\DefaultMenu;
use yii\helpers\Html;
use humhub\widgets\Button;
?>
<div class="panel panel-default">
@ -17,18 +18,14 @@ use yii\helpers\Html;
<p><?= Yii::t('SpaceModule.views_admin_delete', 'Please provide your password to continue!'); ?></p>
<br>
<?php $form = CActiveForm::begin(); ?>
<?php $form = ActiveForm::begin(); ?>
<div class="form-group">
<?= $form->labelEx($model, 'currentPassword'); ?>
<?= $form->passwordField($model, 'currentPassword', ['class' => 'form-control', 'rows' => '6']); ?>
<?= $form->error($model, 'currentPassword'); ?>
</div>
<?= $form->field($model, 'currentPassword')->passwordInput(); ?>
<hr>
<hr>
<?= Html::submitButton(Yii::t('SpaceModule.views_admin_delete', 'Delete'), ['class' => 'btn btn-danger', 'data-ui-loader' => '']); ?>
<?= Button::danger(Yii::t('SpaceModule.views_admin_delete', 'Delete'))->submit() ?>
<?php CActiveForm::end(); ?>
<?php ActiveForm::end(); ?>
</div>
</div>

7
protected/humhub/modules/space/modules/manage/views/default/index.php
View File

@ -5,6 +5,7 @@ use humhub\modules\space\widgets\SpaceNameColorInput;
use humhub\widgets\DataSaved;
use yii\bootstrap\ActiveForm;
use yii\helpers\Html;
use humhub\widgets\Button;
?>
<div class="panel panel-default">
@ -30,11 +31,7 @@ use yii\helpers\Html;
<?= DataSaved::widget(); ?>
<div class="pull-right">
<?php if ($model->isSpaceOwner()) : ?>
<?= Html::a(Yii::t('SpaceModule.views_admin_edit', 'Delete'), $model->createUrl('delete'), ['class' => 'btn btn-danger', 'data-post' => 'POST']); ?>
<?php endif; ?>
</div>
<?= Button::danger(Yii::t('SpaceModule.views_admin_edit', 'Delete'))->right()->link($model->createUrl('delete'))->visible($model->canDelete()) ?>
<?php ActiveForm::end(); ?>
</div>

12
protected/humhub/modules/space/modules/manage/views/member/change-owner.php
View File

@ -1,10 +1,15 @@
<?php
use humhub\modules\space\modules\manage\models\ChangeOwnerForm;
use yii\helpers\Html;
use humhub\modules\space\modules\manage\widgets\MemberMenu;
use yii\widgets\ActiveForm;
use humhub\widgets\Button;
/* @var $model ChangeOwnerForm */
?>
<div class="panel panel-default">
<div class="panel-heading">
<?= Yii::t('SpaceModule.views_admin_members', '<strong>Manage</strong> members'); ?>
@ -15,11 +20,12 @@ use yii\widgets\ActiveForm;
<p><?= Yii::t('SpaceModule.manage', 'As owner of this space you can transfer this role to another administrator in space.'); ?></p>
<?php $form = ActiveForm::begin([]); ?>
<?= $form->field($model, 'ownerId')->dropDownList($model->getNewOwnerArray()) ?>
<hr>
<?= $form->field($model, 'ownerId')->dropDownList($model->getNewOwnerArray()) ?>
<?= Html::submitButton(Yii::t('SpaceModule.manage', 'Transfer ownership'), ['class' => 'btn btn-danger', 'data-confirm' => 'Are you really sure?']) ?>
<hr>
<?= Button::danger(Yii::t('SpaceModule.manage', 'Transfer ownership'))->action('client.submit')->confirm() ?>
<?php ActiveForm::end(); ?>

34
protected/humhub/modules/space/tests/codeception/functional/ArchiveCest.php Normal file
View File

@ -0,0 +1,34 @@
<?php
/**
* Created by PhpStorm.
* User: kingb
* Date: 19.07.2018
* Time: 21:30
*/
namespace humhub\modules\space\tests\codeception\functional;
use FunctionalTester;
use humhub\modules\space\models\Space;
class ArchiveCest
{
public function testSpaceArchiveAccess(FunctionalTester $I)
{
$I->assertSpaceAccessFalse(Space::USERGROUP_MEMBER, '/space/manage/default/archive');
$I->assertSpaceAccessFalse(Space::USERGROUP_USER, '/space/manage/default/archive');
$I->assertSpaceAccessFalse(Space::USERGROUP_MODERATOR, '/space/manage/default/archive');
$I->assertSpaceAccessFalse(Space::USERGROUP_ADMIN, '/space/manage/default/archive');
$I->assertSpaceAccessFalse(Space::USERGROUP_OWNER, '/space/manage/default/archive');
$I->assertSpaceAccessTrue(Space::USERGROUP_OWNER, '/space/manage/default/archive', true);
}
public function testSpaceArchiveSpace(FunctionalTester $I)
{
$space = $I->loginBySpaceUserGroup(Space::USERGROUP_OWNER);
$I->amOnSpace($space, '/space/manage/default/archive', true);
$I->amOnSpace($space);
$I->see('Archived');
}
}

55
protected/humhub/modules/space/tests/codeception/functional/DeleteSpaceCest.php
View File

@ -8,60 +8,25 @@
namespace enterprise\acceptance\modules\emailwhitelist;
use Yii;
use humhub\modules\space\models\Space;
use FunctionalTester;
class DeleteSpaceCest
{
public function testOwnerDeletion(FunctionalTester $I)
public function testSpaceDeleteAccess(FunctionalTester $I)
{
$I->wantTo('ensure the owner of the space is able to delete the space');
$I->amUser();
$space = $this->createSpace();
$I->amOnRoute('/space/manage/default/delete', ['sguid' => $space->guid]);
$I->canSeeResponseCodeIs(200);
}
public function testMemberDeletion(FunctionalTester $I)
{
$I->wantTo('ensure a member of the space is not able to delete the space');
$I->amUser1();
// User1 is member of Space3
$I->amOnRoute('/space/manage/default/delete', ['sguid' =>'5396d499-20d6-4233-800b-c6c86e5fa34c']);
$I->canSeeResponseCodeIs(403);
$I->assertSpaceAccessFalse(Space::USERGROUP_MEMBER, '/space/manage/default/delete');
$I->assertSpaceAccessFalse(Space::USERGROUP_USER, '/space/manage/default/delete');
$I->assertSpaceAccessFalse(Space::USERGROUP_MODERATOR, '/space/manage/default/delete');
$I->assertSpaceAccessFalse(Space::USERGROUP_ADMIN, '/space/manage/default/delete');
$I->assertSpaceAccessTrue(Space::USERGROUP_OWNER, '/space/manage/default/delete');
$space = $I->assertSpaceAccessStatus(Space::USERGROUP_OWNER, 302, '/space/manage/default/delete', [], ['DeleteForm[currentPassword]' => '123qwe']);
$I->amOnSpace($space);
$I->seeResponseCodeIs(404);
}
public function testSystemAdminDeletion(FunctionalTester $I)
{
$I->wantTo('ensure a system admin is able to delete the space');
$I->amAdmin();
// User1 is member of Space3
$I->amOnRoute('/space/manage/default/delete', ['sguid' =>'5396d499-20d6-4233-800b-c6c86e5fa34c']);
$I->canSeeResponseCodeIs(200);
$I->assertSpaceAccessTrue('root', '/space/manage/default/delete', [], ['DeleteForm[currentPassword]' => 'test']);
}
public function testAdminDeletion(FunctionalTester $I)
{
$I->wantTo('ensure a simple space admin is not able to delete the space');
$I->amUser1();
// User1 is admin of Space4
$I->amOnRoute('/space/manage/default/delete', ['sguid' =>'5396d499-20d6-4233-800b-c6c86e5fa34d']);
$I->canSeeResponseCodeIs(403);
}
private function createSpace()
{
$space = new Space([
'name' => 'DeleteSpaceTest'
]);
$space->created_by = Yii::$app->user->getId();
$space->save();
return $space;
}
}

25
protected/humhub/modules/space/tests/codeception/functional/ManageAccessCest.php Normal file
View File

@ -0,0 +1,25 @@
<?php
/**
* Created by PhpStorm.
* User: kingb
* Date: 19.07.2018
* Time: 21:30
*/
namespace humhub\modules\space\tests\codeception\functional;
use FunctionalTester;
use humhub\modules\space\models\Space;
class ManageAccessCest
{
public function testSpaceAccessManage(FunctionalTester $I)
{
$I->assertSpaceAccessFalse(Space::USERGROUP_MEMBER, '/space/manage');
$I->assertSpaceAccessFalse(Space::USERGROUP_USER, '/space/manage');
$I->assertSpaceAccessFalse(Space::USERGROUP_MODERATOR, '/space/manage');
$I->assertSpaceAccessTrue(Space::USERGROUP_ADMIN, '/space/manage');
$I->assertSpaceAccessTrue(Space::USERGROUP_OWNER, '/space/manage');
}
}

46
protected/humhub/modules/space/tests/codeception/functional/ManageMembersCest.php Normal file
View File

@ -0,0 +1,46 @@
<?php
/**
* Created by PhpStorm.
* User: kingb
* Date: 19.07.2018
* Time: 21:30
*/
namespace humhub\modules\space\tests\codeception\functional;
use FunctionalTester;
use humhub\modules\space\models\Space;
class ManageMembersCest
{
public function testSpaceManageMembersAccess(FunctionalTester $I)
{
$I->assertSpaceAccessFalse(Space::USERGROUP_MEMBER, '/space/manage/member');
$I->assertSpaceAccessFalse(Space::USERGROUP_USER, '/space/manage/member');
$I->assertSpaceAccessFalse(Space::USERGROUP_MODERATOR, '/space/manage/member');
$I->assertSpaceAccessTrue(Space::USERGROUP_ADMIN, '/space/manage/member');
$I->assertSpaceAccessTrue(Space::USERGROUP_OWNER, '/space/manage/member');
}
public function testChangeOwnerAccess(FunctionalTester $I)
{
$I->assertSpaceAccessFalse(Space::USERGROUP_MEMBER, '/space/manage/member/change-owner');
$I->assertSpaceAccessFalse(Space::USERGROUP_USER, '/space/manage/member/change-owner');
$I->assertSpaceAccessFalse(Space::USERGROUP_MODERATOR, '/space/manage/member/change-owner');
$I->assertSpaceAccessFalse(Space::USERGROUP_ADMIN, '/space/manage/member/change-owner');
$I->assertSpaceAccessTrue(Space::USERGROUP_OWNER, '/space/manage/member/change-owner');
$I->amAdmin();
$I->amOnSpace4('/space/manage/member/change-owner', [], ['ChangeOwnerForm[ownerId]' => 2]);
$I->seeSuccessResponseCode();
$space = Space::findOne(4);
if(!$space->ownerUser->id === 2) {
$I->see('Change owner did not work');
}
}
}