Chrisneuroth has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/364982 )
Change subject: Work in Progress: Add tests for permissions in edit entity API ...................................................................... Work in Progress: Add tests for permissions in edit entity API Note the test is currently passing and we don't know why, just committing to shae. Change-Id: I75740d583a9f474340d69a6dc8df5ac18893d798 --- M repo/tests/phpunit/includes/Api/EditEntityTest.php M repo/tests/phpunit/includes/Api/WikibaseApiTestCase.php 2 files changed, 68 insertions(+), 9 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Wikibase refs/changes/82/364982/1 diff --git a/repo/tests/phpunit/includes/Api/EditEntityTest.php b/repo/tests/phpunit/includes/Api/EditEntityTest.php index 9b39ed9..3d1e048 100644 --- a/repo/tests/phpunit/includes/Api/EditEntityTest.php +++ b/repo/tests/phpunit/includes/Api/EditEntityTest.php @@ -418,6 +418,60 @@ } } + public function testUserCannotEditWhenTheyLackPermission() { + // Given there is a user without edit permission + $userWithInsufficientPermissions = $this->createTestUser()->getUser(); + $userWithAllPermissions = $GLOBALS['wgUser']; + + $this->setMwGlobals( 'wgGroupPermissions', [ + '*' => ['read' => true, 'edit' => false] + ]); + + // And an existing item + $createItemParams = [ 'action' => 'wbeditentity', + 'new' => 'item', + 'data' => + '{"labels":{"en":{"language":"en","value":"something"}}}' ]; + $this->doApiRequestWithToken($createItemParams, null, $userWithAllPermissions); + $newItemId = $result['entity']['id']; + + // When I try to edit the item via API + $removeLabelParams = [ 'action' => 'wbeditentity', + 'data' => + '{"labels":{"en":{"language":"en","value":""}}}' ]; + + // Then the request is denied + $expected = [ + 'type' => ApiUsageException::class, + 'code' => 'writeapidenied' + ]; + + $this->doTestQueryExceptions( $removeLabelParams, $expected, $userWithInsufficientPermissions); + } + + // public function testUserCanEditWhenTheyHaveSufficientPermission () { + // // Given there is a userWithInsufficientPermissions with read AND edit permission + // $userWithInsufficientPermissions = $this->createTestUser()->getUser(); + // $this->setMwGlobals( 'wgGroupPermissions', [ + // '*' => ['read' => true, 'edit' => true] + // ]); + + // // And an existing item + // $createItemParams = [ 'action' => 'wbeditentity', + // 'new' => 'item', + // 'data' => + // '{"labels":{"en":{"language":"en","value":"something"}}}' ]; + // $newItemId = $result['entity']['id']; + + // // When I try to edit the item via API + // $removeLabelParams = [ 'action' => 'wbeditentity', + // 'data' => + // '{"labels":{"en":{"language":"en","value":""}}}' ]; + // // Then it is updated + // list ($result,) = $this->doApiRequestWithToken($removeLabelParams, null, $userWithInsufficientPermissions); + // $this->assertEquals($result, "foo"); + // } + /** * @dataProvider provideData */ diff --git a/repo/tests/phpunit/includes/Api/WikibaseApiTestCase.php b/repo/tests/phpunit/includes/Api/WikibaseApiTestCase.php index 491a39d..2245aee 100644 --- a/repo/tests/phpunit/includes/Api/WikibaseApiTestCase.php +++ b/repo/tests/phpunit/includes/Api/WikibaseApiTestCase.php @@ -47,14 +47,18 @@ } } + protected function createTestUser () { + return new TestUser( + 'Apitesteditor', + 'Api Test Editor', + 'api_test_edi...@example.com', + [ 'wbeditor' ] + ); + } + private function setupUser() { if ( !self::$wbTestUser ) { - self::$wbTestUser = new TestUser( - 'Apitesteditor', - 'Api Test Editor', - 'api_test_edi...@example.com', - [ 'wbeditor' ] - ); + self::$wbTestUser = $this->createTestUser(); } ApiTestCase::$users['wbeditor'] = self::$wbTestUser; @@ -167,15 +171,16 @@ * * @param array $params Array of params for the API query. * @param array $exception Details of the exception to expect (type, code, message, message-key). + * @param User $user */ - protected function doTestQueryExceptions( array $params, array $exception ) { + protected function doTestQueryExceptions( array $params, array $exception, User $user = null) { try { if ( array_key_exists( 'code', $exception ) && preg_match( '/^(no|bad)token$/', $exception['code'] ) ) { - $this->doApiRequest( $params ); + $this->doApiRequest( $params, null, false, $user); } else { - $this->doApiRequestWithToken( $params ); + $this->doApiRequestWithToken( $params, null, $user ); } $this->fail( 'Failed to throw ApiUsageException' ); -- To view, visit https://gerrit.wikimedia.org/r/364982 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I75740d583a9f474340d69a6dc8df5ac18893d798 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Wikibase Gerrit-Branch: master Gerrit-Owner: Chrisneuroth <christoph.neuroth+wikime...@gmail.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits