Skip to content

2755101 Improve access callback logic#424

Closed
haringsrob wants to merge 4 commits into
drupalcommerce:8.x-2.xfrom
haringsrob:2755101-checkout-access
Closed

2755101 Improve access callback logic#424
haringsrob wants to merge 4 commits into
drupalcommerce:8.x-2.xfrom
haringsrob:2755101-checkout-access

Conversation

@haringsrob

Copy link
Copy Markdown
Contributor

No description provided.

$this->drupalLogout();
$this->drupalGet('/checkout/' . $order->id());
$this->assertSession()->statusCodeEquals(403);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we test other users can't access the order, not just anon + owner?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea why not, it covers a potential security issue. I'll add it

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have updated the test.

@bojanz

bojanz commented Jun 27, 2016

Copy link
Copy Markdown
Contributor

Committed in 857f69d.

@bojanz bojanz closed this Jun 27, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants