Chrisneuroth has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/364982 )
Change subject: Work in Progress: Add tests for permissions in edit entity API
......................................................................
Work in Progress: Add tests for permissions in edit entity API
Note the test is currently passing and we don't know why, just committing to
shae.
Change-Id: I75740d583a9f474340d69a6dc8df5ac18893d798
---
M repo/tests/phpunit/includes/Api/EditEntityTest.php
M repo/tests/phpunit/includes/Api/WikibaseApiTestCase.php
2 files changed, 68 insertions(+), 9 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Wikibase
refs/changes/82/364982/1
diff --git a/repo/tests/phpunit/includes/Api/EditEntityTest.php
b/repo/tests/phpunit/includes/Api/EditEntityTest.php
index 9b39ed9..3d1e048 100644
--- a/repo/tests/phpunit/includes/Api/EditEntityTest.php
+++ b/repo/tests/phpunit/includes/Api/EditEntityTest.php
@@ -418,6 +418,60 @@
}
}
+ public function testUserCannotEditWhenTheyLackPermission() {
+ // Given there is a user without edit permission
+ $userWithInsufficientPermissions =
$this->createTestUser()->getUser();
+ $userWithAllPermissions = $GLOBALS['wgUser'];
+
+ $this->setMwGlobals( 'wgGroupPermissions', [
+ '*' => ['read' => true, 'edit' => false]
+ ]);
+
+ // And an existing item
+ $createItemParams = [ 'action' => 'wbeditentity',
+ 'new' => 'item',
+ 'data' =>
+
'{"labels":{"en":{"language":"en","value":"something"}}}' ];
+ $this->doApiRequestWithToken($createItemParams, null,
$userWithAllPermissions);
+ $newItemId = $result['entity']['id'];
+
+ // When I try to edit the item via API
+ $removeLabelParams = [ 'action' => 'wbeditentity',
+ 'data' =>
+
'{"labels":{"en":{"language":"en","value":""}}}' ];
+
+ // Then the request is denied
+ $expected = [
+ 'type' => ApiUsageException::class,
+ 'code' => 'writeapidenied'
+ ];
+
+ $this->doTestQueryExceptions( $removeLabelParams, $expected,
$userWithInsufficientPermissions);
+ }
+
+ // public function testUserCanEditWhenTheyHaveSufficientPermission () {
+ // // Given there is a userWithInsufficientPermissions with read
AND edit permission
+ // $userWithInsufficientPermissions =
$this->createTestUser()->getUser();
+ // $this->setMwGlobals( 'wgGroupPermissions', [
+ // '*' => ['read' => true, 'edit' => true]
+ // ]);
+
+ // // And an existing item
+ // $createItemParams = [ 'action' => 'wbeditentity',
+ // 'new' => 'item',
+ // 'data' =>
+ //
'{"labels":{"en":{"language":"en","value":"something"}}}' ];
+ // $newItemId = $result['entity']['id'];
+
+ // // When I try to edit the item via API
+ // $removeLabelParams = [ 'action' => 'wbeditentity',
+ // 'data' =>
+ //
'{"labels":{"en":{"language":"en","value":""}}}' ];
+ // // Then it is updated
+ // list ($result,) =
$this->doApiRequestWithToken($removeLabelParams, null,
$userWithInsufficientPermissions);
+ // $this->assertEquals($result, "foo");
+ // }
+
/**
* @dataProvider provideData
*/
diff --git a/repo/tests/phpunit/includes/Api/WikibaseApiTestCase.php
b/repo/tests/phpunit/includes/Api/WikibaseApiTestCase.php
index 491a39d..2245aee 100644
--- a/repo/tests/phpunit/includes/Api/WikibaseApiTestCase.php
+++ b/repo/tests/phpunit/includes/Api/WikibaseApiTestCase.php
@@ -47,14 +47,18 @@
}
}
+ protected function createTestUser () {
+ return new TestUser(
+ 'Apitesteditor',
+ 'Api Test Editor',
+ 'api_test_edi...@example.com',
+ [ 'wbeditor' ]
+ );
+ }
+
private function setupUser() {
if ( !self::$wbTestUser ) {
- self::$wbTestUser = new TestUser(
- 'Apitesteditor',
- 'Api Test Editor',
- 'api_test_edi...@example.com',
- [ 'wbeditor' ]
- );
+ self::$wbTestUser = $this->createTestUser();
}
ApiTestCase::$users['wbeditor'] = self::$wbTestUser;
@@ -167,15 +171,16 @@
*
* @param array $params Array of params for the API query.
* @param array $exception Details of the exception to expect (type,
code, message, message-key).
+ * @param User $user
*/
- protected function doTestQueryExceptions( array $params, array
$exception ) {
+ protected function doTestQueryExceptions( array $params, array
$exception, User $user = null) {
try {
if ( array_key_exists( 'code', $exception )
&& preg_match( '/^(no|bad)token$/',
$exception['code'] )
) {
- $this->doApiRequest( $params );
+ $this->doApiRequest( $params, null, false,
$user);
} else {
- $this->doApiRequestWithToken( $params );
+ $this->doApiRequestWithToken( $params, null,
$user );
}
$this->fail( 'Failed to throw ApiUsageException' );
--
To view, visit https://gerrit.wikimedia.org/r/364982
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I75740d583a9f474340d69a6dc8df5ac18893d798
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Wikibase
Gerrit-Branch: master
Gerrit-Owner: Chrisneuroth <christoph.neuroth+wikime...@gmail.com>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
