Skip to content
Permalink
Browse files Browse the repository at this point in the history
XWIKI-20190: Properly handle AWM creation without script right
* Warn when the user doesn't have script right.
* Ensure that in integration tests the users have script right.
* Add an explicit test for the behavior without script right.
* Fix missing dependency.
* Actually delete the preferences in AppsLiveTableIT.
  • Loading branch information
michitux committed Dec 7, 2022
1 parent ce076ae commit e73b890
Show file tree
Hide file tree
Showing 8 changed files with 127 additions and 5 deletions.
Expand Up @@ -85,4 +85,10 @@ class NestedUserClassFieldIT extends UserClassFieldIT
class NestedClassEditorIT extends ClassEditorIT
{
}

@Nested
@DisplayName("Without script right test")
class NestedWithoutScriptRightIT extends WithoutScriptRightIT
{
}
}
Expand Up @@ -58,6 +58,9 @@
@BeforeAll
public void setupClass(TestUtils testUtils)
{
testUtils.loginAsSuperAdmin();
// The application creator needs script rights in order to execute the scripts generated by the wizard.
testUtils.setGlobalRights("", "XWiki." + USERNAME, "script", true);
testUtils.createUserAndLogin(USERNAME, PASSWORD);
}

Expand Down Expand Up @@ -179,6 +182,7 @@ void testActionRights(TestUtils testUtils, TestReference testReference)
assertTrue(appsLiveTable.canEditApplication(appName));
assertFalse(appsLiveTable.canDeleteApplication(appName));
} finally {
testUtils.loginAsSuperAdmin();
// We don't want to keep the rights
testUtils.deletePage(xwikiPreferences);
}
Expand Down
@@ -0,0 +1,96 @@
/*
* See the NOTICE file distributed with this work for additional
* information regarding copyright ownership.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.xwiki.appwithinminutes.test.ui;

import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Test;
import org.xwiki.appwithinminutes.test.po.AppWithinMinutesHomePage;
import org.xwiki.appwithinminutes.test.po.ApplicationClassEditPage;
import org.xwiki.appwithinminutes.test.po.ApplicationCreatePage;
import org.xwiki.appwithinminutes.test.po.ApplicationHomeEditPage;
import org.xwiki.appwithinminutes.test.po.ApplicationHomePage;
import org.xwiki.appwithinminutes.test.po.ApplicationsLiveTableElement;
import org.xwiki.appwithinminutes.test.po.EntryEditPage;
import org.xwiki.appwithinminutes.test.po.EntryNamePane;
import org.xwiki.test.docker.junit5.TestReference;
import org.xwiki.test.docker.junit5.UITest;
import org.xwiki.test.ui.TestUtils;

import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;

/**
* Tests AWM without script right.
*
* @version $Id$
* @since 13.10.11
* @since 14.4.8
* @since 14.10.1
* @since 15.0RC1
*/
@UITest
class WithoutScriptRightIT
{
private static final String USER_NAME = "NoScript";

private static final String PASSWORD = "password";

private static final String NO_SCRIPT_ERROR = "You don't have the script right which is necessary to create or "
+ "edit an application. The application might not work correctly when you continue.";

@BeforeAll
static void beforeAll(TestUtils testUtils)
{
testUtils.loginAsSuperAdmin();
testUtils.createUserAndLogin(USER_NAME, PASSWORD, "");
}

@Order(1)
@Test
void createApplicationWithoutScriptRight(TestReference testReference)
{
ApplicationCreatePage appCreatePage = AppWithinMinutesHomePage.gotoPage().clickCreateApplication();
String appName = testReference.getLastSpaceReference().getName();
appCreatePage.setApplicationName(appName);
appCreatePage.waitForApplicationNamePreview();
assertTrue(appCreatePage.getContent().contains(NO_SCRIPT_ERROR));

ApplicationClassEditPage classEditPage = appCreatePage.clickNextStep();
classEditPage.addField("Short Text");
ApplicationHomeEditPage applicationHomeEditPage = classEditPage.clickNextStep().clickNextStep();
assertTrue(applicationHomeEditPage.getContent().contains(NO_SCRIPT_ERROR));

ApplicationHomePage applicationHomePage = applicationHomeEditPage.clickFinish();
// TODO: change to assert rendering errors when https://jira.xwiki.org/browse/XWIKI-20423 has been fixed.
assertTrue(applicationHomePage.hasEntriesLiveTable());

EntryNamePane entryNamePane = applicationHomePage.clickAddNewEntry();
entryNamePane.setName("Test entry");
EntryEditPage editPage = entryNamePane.clickAdd();
// The edit form doesn't work without script right.
assertTrue(editPage.hasRenderingError());

// Without script right, no delete is available.
ApplicationsLiveTableElement liveTable = AppWithinMinutesHomePage.gotoPage().getAppsLiveTable();
assertTrue(liveTable.isApplicationListed(appName));
assertFalse(liveTable.canDeleteApplication(appName));
}
}
Expand Up @@ -344,10 +344,8 @@ void goBackToFirstStep(TestUtils testUtils, TestReference testReference)

private ApplicationCreatePage goToAppCreatePage(TestUtils testUtils, TestReference testReference)
{
// Register a simple user, login and go to the App Within Minutes home page.
String userName = "SimpleUser";
String password = "SimplePassword";
testUtils.createUserAndLogin(userName, password);
// Login and go to the App Within Minutes home page.
testUtils.login(USER_NAME, PASSWORD);
// Make sure the application location exists so that we can select it with the location picker.
testUtils.createPage(Arrays.asList(getClass().getSimpleName(), testReference.getLastSpaceReference().getName()),
"WebHome", null, null);
Expand Down
Expand Up @@ -119,6 +119,12 @@
<version>${rendering.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.xwiki.rendering</groupId>
<artifactId>xwiki-rendering-macro-message</artifactId>
<version>${rendering.version}</version>
<scope>runtime</scope>
</dependency>
<!-- Used to implement drag & drop in the "Structure" (class definition) and "Presentation" (home page) steps. -->
<dependency>
<groupId>org.webjars</groupId>
Expand Down
Expand Up @@ -143,6 +143,11 @@
$services.localization.render('platform.appwithinminutes.appNameIsUsedWarning')
&lt;/div&gt;
#end
#if (!$services.security.authorization.hasAccess('script', $xcontext.userReference, $appHomeRef))
&lt;div class="box errormessage"&gt;
$escapetool.xml($services.localization.render('platform.appwithinminutes.appHomePageNoScriptRight'))
&lt;/div&gt;
#end
#end
#end

Expand Down
Expand Up @@ -231,7 +231,9 @@
## Grant space administration rights only if the space is new. Don't overwrite existing space preferences.
#set ($spaceHomeRef = $services.model.resolveDocument('', 'default', $spaceRef))
#set ($spacePrefsRef = $services.model.resolveDocument('WebPreferences', 'explicit', $spaceRef))
#if (!$xwiki.exists($spaceHomeRef) &amp;&amp; !$xwiki.exists($spacePrefsRef))
## Verify that the current user has script right on the current space home.
#set ($hasScript = $services.security.authorization.hasAccess('script', $xcontext.userReference, $spaceHomeRef))
#if ($hasScript &amp;&amp; !$xwiki.exists($spaceHomeRef) &amp;&amp; !$xwiki.exists($spacePrefsRef))
#set ($spacePrefsDoc = $xwiki.getDocument($spacePrefsRef))
#set ($discard = $spacePrefsDoc.use($spacePrefsDoc.getObject('XWiki.XWikiGlobalRights', true)))
#set ($discard = $spacePrefsDoc.set('allow', 1))
Expand Down Expand Up @@ -353,6 +355,10 @@
{{/velocity}}

{{velocity}}
#if (!$services.security.authorization.hasAccess('script', $xcontext.userReference, $doc.documentReference))
{{error}}{{translation key="platform.appwithinminutes.appHomePageNoScriptRight" /}}{{/error}}

#end
#if ("$!request.wizard" == 'true')
{{include reference="AppWithinMinutes.WizardStep" /}}
#end
Expand Down
Expand Up @@ -210,6 +210,7 @@ platform.appwithinminutes.appHomePageEditAppLabel=Edit application
platform.appwithinminutes.appHomePageTranslateAppLabel=Translate application
platform.appwithinminutes.appHomePageDeleteAppLabel=Delete application
platform.appwithinminutes.appHomePageMovedWarning=The application might not function correctly because it has been renamed or moved without updating the code. Please edit the application and follow the steps in order to update the code.
platform.appwithinminutes.appHomePageNoScriptRight=You don't have the script right which is necessary to create or edit an application. The application might not work correctly when you continue.
AppWithinMinutes.LiveTableClass_description=Description
AppWithinMinutes.LiveTableClass_columns=Live Table Columns

Expand Down

0 comments on commit e73b890

Please sign in to comment.