browsercms 3.0.2 → 3.0.3

data/test/functional/cms/content_controller_test.rb

@@ -2,26 +2,26 @@ require File.join(File.dirname(__FILE__), '/../../test_helper')
 
 class Cms::ContentControllerTest < ActionController::TestCase
   include Cms::ControllerTestHelper
-  
+
   def test_show_home_page
     get :show
     assert_response :success
     assert_select "title", "Home"
   end
-  
+
   def test_show_another_page
     @page = Factory(:page, :section => root_section, :path => "/about", :name => "Test About", :template_file_name => "default.html.erb", :publish_on_save => true)
     get :show, :path => ["about"]
     assert_select "title", "Test About"
   end
-  
+
   def test_page_not_found_to_guest
     get :show, :path => ["foo"]
     assert_response :not_found
     assert_select "title", "Not Found"
     assert_select "h1", "Page Not Found"
   end
-  
+
   def test_page_not_found_to_cms_admin
     login_as_cms_admin
     get :show, :path => ["foo"]
@@ -29,25 +29,25 @@ class Cms::ContentControllerTest < ActionController::TestCase
     assert_select "title", "Page Not Found"
     assert_select "h2", "There is no page at /foo"
   end
-  
+
   def test_show_protected_page_to_guest
     create_protected_page
-    
+
     get :show, :path => ["secret"]
     assert_response :forbidden
     assert_select "title", "Access Denied"
   end
-  
+
   def test_show_protected_page_to_privileged_user
     create_protected_page
-    
+
     login_as @privileged_user
-    
+
     get :show, :path => ["secret"]
     assert_response :success
     assert_select "title", "Shhh... It's a Secret"
   end
-  
+
   def test_show_archived_page_to_guest
     create_archived_page
 
@@ -67,14 +67,14 @@ class Cms::ContentControllerTest < ActionController::TestCase
 
   def test_show_file
     create_file
-    
+
     get :show, :path => ["test.txt"]
-    
+
     assert_response :success
     assert_equal "text/plain", @response.content_type
     assert_equal "This is a test", streaming_file_contents
   end
-  
+
   def test_show_archived_file
     create_file
 
@@ -82,46 +82,46 @@ class Cms::ContentControllerTest < ActionController::TestCase
     @file_block.update_attributes(:archived => true, :publish_on_save => true)
     reset(:file_block)
     assert @file_block.attachment.archived?
-    
+
     get :show, :path => ["test.txt"]
-    
+
     assert_response :not_found
     assert_select "title", "Not Found"
   end
-  
+
   def test_show_protected_file_to_guest
     create_protected_file
-    
+
     get :show, :path => ["test.txt"]
-    
+
     assert_response :forbidden
     assert_select "title", "Access Denied"
   end
-  
+
   def test_show_protected_file_to_privileged_user
     create_protected_file
     login_as @privileged_user
-    
+
     get :show, :path => ["test.txt"]
-    
+
     assert_response :success
     assert_equal "text/plain", @response.content_type
     assert_equal "This is a test", streaming_file_contents
   end
-  
+
   def test_show_page_route
     @page_template = Factory(:page_template, :name => "test_show_page_route")
-    @page = Factory(:page, 
-      :section => root_section, 
+    @page = Factory(:page,
+      :section => root_section,
       :template_file_name => "test_show_page_route.html.erb")
-    @portlet = DynamicPortlet.create!(:name => "Test", 
+    @portlet = DynamicPortlet.create!(:name => "Test",
       :template => "<h1><%= @foo %></h1>",
       :connect_to_page_id => @page.id, :connect_to_container => "main")
     @page_route = @page.page_routes.create(:pattern => "/foo", :code => "@foo = params[:foo]")
 
     reset(:page)
     @page.publish!
-    
+
     get :show_page_route, :foo => "42", :_page_route_id => @page_route.id
     assert_response :success
     assert_select "h1", "42"
@@ -137,10 +137,10 @@ class Cms::ContentControllerTest < ActionController::TestCase
   def test_show_draft_page_with_content_as_editor
     login_as_cms_admin
     create_page_with_content
-    
+
     @block.update_attributes(:content => "<h3>I've been edited</h3>")
     reset(:page, :block)
-    
+
     get :show, :path => ["page_with_content"]
     assert_response :success
     assert_select "h3", "I've been edited"
@@ -154,42 +154,42 @@ class Cms::ContentControllerTest < ActionController::TestCase
       @secret_group = Factory(:group, :name => "Secret")
       @secret_group.sections << @protected_section
       @privileged_user = Factory(:user, :login => "privileged")
-      @privileged_user.groups << @secret_group      
+      @privileged_user.groups << @secret_group
     end
-  
+
     def create_protected_page
-      create_protected_user_section_group      
-      @page = Factory(:page, 
-        :section => @protected_section, 
-        :path => "/secret", 
-        :name => "Shhh... It's a Secret", 
-        :template_file_name => "default.html.erb", 
+      create_protected_user_section_group
+      @page = Factory(:page,
+        :section => @protected_section,
+        :path => "/secret",
+        :name => "Shhh... It's a Secret",
+        :template_file_name => "default.html.erb",
         :publish_on_save => true)
     end
-  
+
     def create_file
       @file = mock_file(:read => "This is a test", :content_type => "text/plain")
-      @file_block = Factory(:file_block, :attachment_section => root_section, :attachment_file => @file, :attachment_file_path => "/test.txt", :publish_on_save => true)      
+      @file_block = Factory(:file_block, :attachment_section => root_section, :attachment_file => @file, :attachment_file_path => "/test.txt", :publish_on_save => true)
     end
-    
+
     def create_protected_file
-      create_protected_user_section_group      
+      create_protected_user_section_group
       create_file
       reset(:file_block)
       @file_block.update_attributes(:attachment_section => @protected_section)
       reset(:file_block)
     end
-  
+
     def create_archived_page
-      @page = Factory(:page, 
-        :section => root_section, 
-        :path => "/archived", 
-        :name => "Archived", 
-        :archived => true, 
-        :template_file_name => "default.html.erb", 
+      @page = Factory(:page,
+        :section => root_section,
+        :path => "/archived",
+        :name => "Archived",
+        :archived => true,
+        :template_file_name => "default.html.erb",
         :publish_on_save => true)
     end
-  
+
     def create_page_with_content
       @page_template = Factory(:page_template, :name => "testing_editting_content")
 
@@ -200,14 +200,14 @@ class Cms::ContentControllerTest < ActionController::TestCase
 
       @block = HtmlBlock.create!(:name => "Test",
         :content => "<h3>TEST</h3>",
-        :connect_to_page_id => @page.id, 
+        :connect_to_page_id => @page.id,
         :connect_to_container => "main")
 
       reset(:page)
       @page.publish!
-      
+
     end
-  
+
 end
 
 # CMS Page Caching Enabled (Production Mode)
@@ -225,18 +225,18 @@ end
 class Cms::ContentCachingEnabledControllerTest < ActionController::TestCase
   tests Cms::ContentController
   include Cms::ControllerTestHelper
-  
+
   def setup
     ActionController::Base.perform_caching = true
     @page = Factory(:page, :section => root_section, :name => "Test Page", :path => "/page", :publish_on_save => true)
     @registered_user = Factory(:user)
-    @registered_user.groups << Group.with_code("guest").first
+    @registered_user.groups << Group.guest
   end
-  
+
   def teardown
     ActionController::Base.perform_caching = false
   end
-  
+
   def test_guest_user_views_page_on_public_site
     @request.host = "mysite.com"
     get :show, :path => ["page"]
@@ -253,9 +253,9 @@ class Cms::ContentCachingEnabledControllerTest < ActionController::TestCase
   def test_registered_user_views_page_on_public_site
     login_as @registered_user
     @request.host = "mysite.com"
-    
+
     get :show, :path => ["page"]
-    
+
     assert_response :success
     assert_select "title", "Test Page"
   end
@@ -263,19 +263,19 @@ class Cms::ContentCachingEnabledControllerTest < ActionController::TestCase
   def test_registered_user_views_page_on_cms_site
     login_as @registered_user
     @request.host = "cms.mysite.com"
-    
+
     get :show, :path => ["page"]
-    
+
     assert_redirected_to "http://mysite.com/page"
   end
-  
+
   def test_cms_user_views_page_on_public_site
     login_as_cms_admin
     @request.session[:page_mode] = "edit"
     @request.host = "mysite.com"
-    
+
     get :show, :path => ["page"]
-    
+
     assert_response :success
     assert_select "title", "Test Page"
     assert_select "iframe", {:count => 0}
@@ -285,14 +285,14 @@ class Cms::ContentCachingEnabledControllerTest < ActionController::TestCase
     login_as_cms_admin
     @request.session[:page_mode] = "edit"
     @request.host = "cms.mysite.com"
-    
+
     get :show, :path => ["page"]
-    
+
     assert_response :success
     assert_select "title", "Test Page"
     assert_select "iframe"
-  end  
-  
+  end
+
 end
 
 # CMS Page Caching Disabled (Development Mode)
@@ -310,14 +310,14 @@ end
 class Cms::ContentCachingDisabledControllerTest < ActionController::TestCase
   tests Cms::ContentController
   include Cms::ControllerTestHelper
-  
+
   def setup
     ActionController::Base.perform_caching = false
     @page = Factory(:page, :section => root_section, :name => "Test Page", :path => "/page", :publish_on_save => true)
     @registered_user = Factory(:user)
-    @registered_user.groups << Group.with_code("guest").first
+    @registered_user.groups << Group.guest
   end
-  
+
   def test_guest_user_views_page_on_public_site
     @request.host = "mysite.com"
     get :show, :path => ["page"]
@@ -335,9 +335,9 @@ class Cms::ContentCachingDisabledControllerTest < ActionController::TestCase
   def test_registered_user_views_page_on_public_site
     login_as @registered_user
     @request.host = "mysite.com"
-    
+
     get :show, :path => ["page"]
-    
+
     assert_response :success
     assert_select "title", "Test Page"
   end
@@ -345,20 +345,20 @@ class Cms::ContentCachingDisabledControllerTest < ActionController::TestCase
   def test_registered_user_views_page_on_cms_site
     login_as @registered_user
     @request.host = "mysite.com"
-    
+
     get :show, :path => ["page"]
-    
+
     assert_response :success
     assert_select "title", "Test Page"
   end
-  
+
   def test_cms_user_views_page_on_public_site
     login_as_cms_admin
     @request.session[:page_mode] = "edit"
     @request.host = "mysite.com"
-    
+
     get :show, :path => ["page"]
-    
+
     assert_response :success
     assert_select "title", "Test Page"
     assert_select "iframe"
@@ -368,12 +368,67 @@ class Cms::ContentCachingDisabledControllerTest < ActionController::TestCase
     login_as_cms_admin
     @request.session[:page_mode] = "edit"
     @request.host = "cms.mysite.com"
-    
+
     get :show, :path => ["page"]
-    
+
     assert_response :success
     assert_select "title", "Test Page"
     assert_select "iframe"
   end
-  
-end
+
+  def test_portlet_throw_access_denied_goes_to_access_denied_page
+    @page = Factory(:page, :section => root_section, :path => "/about", :name => "Test About", :template_file_name => "default.html.erb", :publish_on_save => true)
+    @portlet_render = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :template => '<p id="hi">hello</p>')
+    @portlet_raise_access_denied = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :code => 'raise Cms::Errors::AccessDenied')
+    reset(:page)
+
+    get :show, :path => ["about"]
+    assert_response :forbidden
+    assert_select "title", "Access Denied"
+  end
+  def test_portlet_throw_not_found_goes_to_not_found_page
+    @page = Factory(:page, :section => root_section, :path => "/about", :name => "Test About", :template_file_name => "default.html.erb", :publish_on_save => true)
+    @portlet_render = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :template => '<p id="hi">hello</p>')
+    @portlet_raise_not_found = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :code => 'raise ActiveRecord::RecordNotFound')
+    reset(:page)
+
+    get :show, :path => ["about"]
+    assert_response :not_found
+    assert_select "title", "Not Found"
+  end
+
+  def test_portlets_throw_multiple_goes_to_not_found
+    @page = Factory(:page, :section => root_section, :path => "/about", :name => "Test About", :template_file_name => "default.html.erb", :publish_on_save => true)
+    @portlet_render = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :template => '<p id="hi">hello</p>')
+    @portlet_raise_not_found = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :code => 'raise ActiveRecord::RecordNotFound')
+    @portlet_raise_access_denied = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :code => 'raise Cms::Errors::AccessDenied')   
+    @portlet_raise_generic = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :code => 'raise')
+    reset(:page)
+
+    get :show, :path => ["about"]
+    assert_response :not_found
+    assert_select "title", "Not Found"
+  end
+
+  def test_portlets_throw_multiple_goes_to_access_denied
+    @page = Factory(:page, :section => root_section, :path => "/about", :name => "Test About", :template_file_name => "default.html.erb", :publish_on_save => true)
+    @portlet_render = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :template => '<p id="hi">hello</p>')
+    @portlet_raise_access_denied = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :code => 'raise Cms::Errors::AccessDenied')   
+    @portlet_raise_generic = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :code => 'raise')
+    reset(:page)
+
+    get :show, :path => ["about"]
+    assert_response :forbidden
+    assert_select "title", "Access Denied"
+  end
+  def test_portlet_throw_generic_exception_still_render_page
+    @page = Factory(:page, :section => root_section, :path => "/about", :name => "Test About", :template_file_name => "default.html.erb", :publish_on_save => true)
+    @portlet_render = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :template => '<p id="hi">hello</p>')
+    @portlet_raise_generic = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :code => 'raise')
+    reset(:page)
+
+    get :show, :path => ["about"]
+    assert_select "#hi", "hello"
+
+  end
+end

data/test/functional/cms/links_controller_test.rb

@@ -57,4 +57,92 @@ class Cms::LinksControllerTest < ActionController::TestCase
       @link = Factory(:link, :section => root_section, :url => "http://v1.example.com")
     end
 
-end
+end
+
+class Cms::LinksControllerPermissionsTest < ActionController::TestCase
+  tests Cms::LinksController
+  include Cms::ControllerTestHelper
+  
+  def setup 
+    # DRYME copypaste from UserPermissionTest
+    @user = Factory(:user)
+    @group = Factory(:group, :name => "Test", :group_type => Factory(:group_type, :name => "CMS User", :cms_access => true))
+    @group.permissions << create_or_find_permission_named("edit_content")
+    @group.permissions << create_or_find_permission_named("publish_content")
+    @user.groups << @group
+    
+    @editable_section = Factory(:section, :parent => root_section, :name => "Editable")
+    @editable_subsection = Factory(:section, :parent => @editable_section, :name => "Editable Subsection")
+    @group.sections << @editable_section
+    @editable_page = Factory(:page, :section => @editable_section, :name => "Editable Page")
+    @editable_subpage = Factory(:page, :section => @editable_subsection, :name => "Editable SubPage")
+    @editable_link = Factory(:link, :section => @editable_section, :name => "Editable Link")
+    @editable_sublink = Factory(:link, :section => @editable_subsection, :name => "Editable SubLink")
+    
+    @noneditable_section = Factory(:section, :parent => root_section, :name => "Not Editable")
+    @noneditable_page = Factory(:page, :section => @noneditable_section, :name => "Non-Editable Page")
+    @noneditable_link = Factory(:link, :section => @noneditable_section, :name => "Non-Editable Link")
+    
+    @noneditables = [@noneditable_section, @noneditable_page, @noneditable_link]
+    @editables = [@editable_section, @editable_subsection, 
+      @editable_page, @editable_subpage, 
+      @editable_link, @editable_sublink]
+  end
+
+  def test_new_permissions
+    login_as(@user)
+
+    get :new, :section_id => @editable_section
+    assert_response :success
+
+    get :new, :section_id => @noneditable_section
+    assert_response 403
+    assert_template "cms/shared/access_denied"
+  end
+
+  def test_create_permissions
+    login_as(@user)
+
+    post :create, :section_id => @editable_section, :name => "Another editable link"
+    assert_response :success
+
+    post :create, :section_id => @noneditable_section, :name => "Another non-editable link"
+    assert_response 403
+    assert_template "cms/shared/access_denied"
+  end
+
+  def test_edit_permissions
+    login_as(@user)
+
+    get :edit, :id => @editable_link
+    assert_response :success
+
+    get :edit, :id => @noneditable_link
+    assert_response 403
+    assert_template "cms/shared/access_denied"
+  end
+
+  def test_update_permissions
+    login_as(@user)
+
+    put :update, :id => @editable_link, :name => "Modified editable link"
+    assert_response :redirect
+
+    put :update, :id => @noneditable_link, :name => "Modified non-editable link"
+    assert_response 403
+    assert_template "cms/shared/access_denied"
+  end
+
+  def test_destroy_permissions
+    login_as(@user)
+
+    delete :destroy, :id => @editable_link
+    assert_response :redirect
+
+    delete :destroy, :id => @noneditable_link
+    assert_response 403
+    assert_template "cms/shared/access_denied"
+  end
+end
+
+

data/test/functional/cms/pages_controller_test.rb

@@ -66,6 +66,13 @@ class Cms::PagesControllerTest < ActionController::TestCase
     end
   end
 
+ def test_version
+    create_page
+    @page.update_attributes(:name => "V2")
+    get :version, :id => @page.to_param, :version => 1
+    assert_response :success
+  end
+
   def test_revert_to
     create_page
     @page.update_attributes(:name => "V2")
@@ -87,3 +94,134 @@ class Cms::PagesControllerTest < ActionController::TestCase
     end
 
 end
+
+class Cms::PagesControllerPermissionsTest < ActionController::TestCase
+  tests Cms::PagesController
+  include Cms::ControllerTestHelper
+  
+  def setup 
+    # DRYME copypaste from UserPermissionTest
+    @user = Factory(:user)
+    @group = Factory(:group, :name => "Test", :group_type => Factory(:group_type, :name => "CMS User", :cms_access => true))
+    @group.permissions << create_or_find_permission_named("edit_content")
+    @group.permissions << create_or_find_permission_named("publish_content")
+    @user.groups << @group
+    
+    @editable_section = Factory(:section, :parent => root_section, :name => "Editable")
+    @editable_subsection = Factory(:section, :parent => @editable_section, :name => "Editable Subsection")
+    @group.sections << @editable_section
+    @editable_page = Factory(:page, :section => @editable_section, :name => "Editable Page")
+    @editable_subpage = Factory(:page, :section => @editable_subsection, :name => "Editable SubPage")
+    @editable_link = Factory(:link, :section => @editable_section, :name => "Editable Link")
+    @editable_sublink = Factory(:link, :section => @editable_subsection, :name => "Editable SubLink")
+    
+    @noneditable_section = Factory(:section, :parent => root_section, :name => "Not Editable")
+    @noneditable_page = Factory(:page, :section => @noneditable_section, :name => "Non-Editable Page")
+    @noneditable_link = Factory(:link, :section => @noneditable_section, :name => "Non-Editable Link")
+    
+    @noneditables = [@noneditable_section, @noneditable_page, @noneditable_link]
+    @editables = [@editable_section, @editable_subsection, 
+      @editable_page, @editable_subpage, 
+      @editable_link, @editable_sublink]
+  end
+
+  def test_new_permissions
+    login_as(@user)
+
+    get :new, :section_id => @editable_section
+    assert_response :success
+
+    get :new, :section_id => @noneditable_section
+    assert_response 403
+    assert_template "cms/shared/access_denied"
+  end
+
+  def test_create_permissions
+    login_as(@user)
+
+    post :create, :section_id => @editable_section, :name => "Another editable page"
+    assert_response :success
+
+    post :create, :section_id => @noneditable_section, :name => "Another non-editable page"
+    assert_response 403
+    assert_template "cms/shared/access_denied"
+  end
+
+  def test_edit_permissions
+    login_as(@user)
+
+    get :edit, :id => @editable_page
+    assert_response :success
+
+    get :edit, :id => @noneditable_page
+    assert_response 403
+    assert_template "cms/shared/access_denied"
+  end
+
+  def test_update_permissions
+    login_as(@user)
+
+    # Regular update
+    put :update, :id => @editable_page, :name => "Modified editable page"
+    assert_response :redirect
+
+    put :update, :id => @noneditable_page, :name => "Modified non-editable page"
+    assert_response 403
+    assert_template "cms/shared/access_denied"
+
+    # archive
+    put :archive, :id => @editable_page
+    assert_response :redirect
+
+    put :archive, :id => @noneditable_page
+    assert_response 403
+    assert_template "cms/shared/access_denied"
+
+    # hide
+    put :hide, :id => @editable_page
+    assert_response :redirect
+
+    put :hide, :id => @noneditable_page
+    assert_response 403
+    assert_template "cms/shared/access_denied"
+
+    # publish
+    put :publish, :id => @editable_page
+    assert_response :redirect
+
+    put :publish, :id => @noneditable_page
+    assert_response 403
+    assert_template "cms/shared/access_denied"
+
+    # publish many
+    put :publish, :page_ids => [@editable_page.id]
+    assert_response :redirect
+    
+    put :publish, :page_ids => [@noneditable_page.id]
+    assert_response 403
+    
+    put :publish, :page_ids => [@editable_page.id, @noneditable_page.id]
+    assert_response 403
+
+    # revert_to
+    # can't find route...
+#    put :revert_to, :id => @editable_page.id
+#    assert_response :redirect
+
+#    put :revert_to, :id => @noneditable_page.id
+#    assert_response :error # shouldn't it be 403?
+  end
+
+  def test_destroy_permissions
+    login_as(@user)
+
+    delete :destroy, :id => @editable_page
+    assert_response :redirect
+
+    delete :destroy, :id => @noneditable_page
+    assert_response 403
+    assert_template "cms/shared/access_denied"
+  end
+end
+
+