bug #109 Fixed tests (javiereguiluz)

This PR was squashed before being merged into the master branch (closes #109). Discussion ---------- Fixed tests This fixes functional tests in preparation of Travis activation. Commits ------- 0ebd218 Fixed tests
symfony · Jul 24, 2015 · 4e560a1 · 4e560a1
2 parents 7d09256 + 0ebd218
commit 4e560a1
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 17 deletions.
diff --git a/src/AppBundle/Controller/Admin/BlogController.php b/src/AppBundle/Controller/Admin/BlogController.php
@@ -101,13 +101,16 @@ public function newAction(Request $request)
      *
      * @Route("/{id}", requirements={"id" = "\d+"}, name="admin_post_show")
      * @Method("GET")
-     * @Security("post.isAuthor(user)")
-     *
-     * NOTE: You can also centralize security logic by using a "voter"
-     * See http://symfony.com/doc/current/cookbook/security/voters_data_permission.html
      */
     public function showAction(Post $post)
     {
+        // This security check can also be performed:
+        //   1. Using an annotation: @Security("post.isAuthor(user)")
+        //   2. Using a "voter" (see http://symfony.com/doc/current/cookbook/security/voters_data_permission.html)
+        if (null === $this->getUser() || !$post->isAuthor($this->getUser())) {
+            throw $this->createAccessDeniedException('Posts can only be shown to their authors.');
+        }
+
         $deleteForm = $this->createDeleteForm($post);
 
         return $this->render('admin/blog/show.html.twig', array(
@@ -121,10 +124,13 @@ public function showAction(Post $post)
      *
      * @Route("/{id}/edit", requirements={"id" = "\d+"}, name="admin_post_edit")
      * @Method({"GET", "POST"})
-     * @Security("post.isAuthor(user)")
      */
     public function editAction(Post $post, Request $request)
     {
+        if (null === $this->getUser() || !$post->isAuthor($this->getUser())) {
+            throw $this->createAccessDeniedException('Posts can only be edited by their authors.');
+        }
+
         $em = $this->getDoctrine()->getManager();
 
         $editForm = $this->createForm(new PostType(), $post);

diff --git a/src/AppBundle/Tests/Controller/Admin/BlogControllerTest.php b/src/AppBundle/Tests/Controller/Admin/BlogControllerTest.php
@@ -39,7 +39,7 @@ public function testRegularUsersCannotAccessToTheBackend()
             'PHP_AUTH_PW'   => 'kitten',
         ));
 
-        $client->request('GET', '/admin/post/');
+        $client->request('GET', '/en/admin/post/');
 
         $this->assertEquals(Response::HTTP_FORBIDDEN, $client->getResponse()->getStatusCode());
     }
@@ -51,7 +51,7 @@ public function testAdministratorUsersCanAccessToTheBackend()
             'PHP_AUTH_PW'   => 'kitten',
         ));
 
-        $client->request('GET', '/admin/post/');
+        $client->request('GET', '/en/admin/post/');
 
         $this->assertEquals(Response::HTTP_OK, $client->getResponse()->getStatusCode());
     }
@@ -63,7 +63,7 @@ public function testIndex()
             'PHP_AUTH_PW'   => 'kitten',
         ));
 
-        $crawler = $client->request('GET', '/admin/post/');
+        $crawler = $client->request('GET', '/en/admin/post/');
 
         $this->assertCount(
             Post::NUM_ITEMS,

diff --git a/src/AppBundle/Tests/Controller/BlogControllerTest.php b/src/AppBundle/Tests/Controller/BlogControllerTest.php
@@ -29,7 +29,7 @@ class BlogControllerTest extends WebTestCase
     public function testIndex()
     {
         $client = static::createClient();
-        $crawler = $client->request('GET', '/blog/');
+        $crawler = $client->request('GET', '/en/blog/');
 
         $this->assertCount(
             Post::NUM_ITEMS,

diff --git a/src/AppBundle/Tests/Controller/DefaultControllerTest.php b/src/AppBundle/Tests/Controller/DefaultControllerTest.php
@@ -59,7 +59,7 @@ public function testSecureUrls($url)
         $this->assertTrue($client->getResponse()->isRedirect());
 
         $this->assertEquals(
-            'http://localhost/login',
+            'http://localhost/en/login',
             $client->getResponse()->getTargetUrl(),
             sprintf('The %s secure URL redirects to the login form.', $url)
         );
@@ -69,19 +69,19 @@ public function getPublicUrls()
     {
         return array(
             array('/'),
-            array('/blog/'),
-            array('/blog/posts/morbi-tempus-commodo-mattis'),
-            array('/login'),
+            array('/en/blog/'),
+            array('/en/blog/posts/morbi-tempus-commodo-mattis'),
+            array('/en/login'),
         );
     }
 
     public function getSecureUrls()
     {
         return array(
-            array('/admin/post/'),
-            array('/admin/post/new'),
-            array('/admin/post/1'),
-            array('/admin/post/1/edit'),
+            array('/en/admin/post/'),
+            array('/en/admin/post/new'),
+            array('/en/admin/post/1'),
+            array('/en/admin/post/1/edit'),
         );
     }
 }