summaryrefslogtreecommitdiff
path: root/modules/gallery/tests
diff options
context:
space:
mode:
Diffstat (limited to 'modules/gallery/tests')
-rw-r--r--modules/gallery/tests/Access_Helper_Test.php153
-rw-r--r--modules/gallery/tests/Albums_Controller_Test.php5
-rw-r--r--modules/gallery/tests/File_Structure_Test.php36
-rw-r--r--modules/gallery/tests/Gallery_Filters.php48
-rw-r--r--modules/gallery/tests/Item_Helper_Test.php6
-rw-r--r--modules/gallery/tests/No_Direct_Access_Test.php77
-rw-r--r--modules/gallery/tests/Photos_Controller_Test.php6
7 files changed, 214 insertions, 117 deletions
diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php
index 72d7e04c..dac431a7 100644
--- a/modules/gallery/tests/Access_Helper_Test.php
+++ b/modules/gallery/tests/Access_Helper_Test.php
@@ -22,8 +22,8 @@ class Access_Helper_Test extends Unit_Test_Case {
public function teardown() {
try {
- $group = ORM::factory("group")->where("name", "access_test")->find();
- if ($group->loaded) {
+ $group = Identity::lookup_group_by_name("access_test");
+ if (!empty($group)) {
$group->delete();
}
} catch (Exception $e) { }
@@ -33,24 +33,24 @@ class Access_Helper_Test extends Unit_Test_Case {
} catch (Exception $e) { }
try {
- $user = user::lookup_by_name("access_test");
- if ($user->loaded) {
+ $user = Identity::lookup_user_by_name("access_test");
+ if (!empty($user)) {
$user->delete();
}
} catch (Exception $e) { }
// Reset some permissions that we mangle below
$root = ORM::factory("item", 1);
- access::allow(group::everybody(), "view", $root);
+ access::allow(Identity::everybody(), "view", $root);
}
public function setup() {
- user::set_active(user::guest());
+ Session::set_active_user(Identity::guest());
}
public function groups_and_permissions_are_bound_to_columns_test() {
access::register_permission("access_test", "Access Test");
- $group = group::create("access_test");
+ $group = Identity::create_group("access_test");
// We have a new column for this perm / group combo
$fields = Database::instance()->list_fields("access_caches");
@@ -65,17 +65,17 @@ class Access_Helper_Test extends Unit_Test_Case {
}
public function user_can_access_test() {
- $access_test = group::create("access_test");
+ $access_test = Identity::create_group("access_test");
$root = ORM::factory("item", 1);
access::allow($access_test, "view", $root);
$item = album::create($root, rand(), "test album");
- access::deny(group::everybody(), "view", $item);
- access::deny(group::registered_users(), "view", $item);
+ access::deny(Identity::everybody(), "view", $item);
+ access::deny(Identity::registered_users(), "view", $item);
- $user = user::create("access_test", "Access Test", "");
+ $user = Identity::create_user("access_test", "Access Test", "");
foreach ($user->groups as $group) {
$user->remove($group);
}
@@ -89,10 +89,10 @@ class Access_Helper_Test extends Unit_Test_Case {
$root = ORM::factory("item", 1);
$item = album::create($root, rand(), "test album");
- access::deny(group::everybody(), "view", $item);
- access::deny(group::registered_users(), "view", $item);
+ access::deny(Identity::everybody(), "view", $item);
+ access::deny(Identity::registered_users(), "view", $item);
- $user = user::create("access_test", "Access Test", "");
+ $user = Identity::create_user("access_test", "Access Test", "");
foreach ($user->groups as $group) {
$user->remove($group);
}
@@ -121,14 +121,11 @@ class Access_Helper_Test extends Unit_Test_Case {
$root = ORM::factory("item", 1);
$album = album::create($root, rand(), "test album");
- access::allow(group::everybody(), "view", $album);
+ access::allow(Identity::everybody(), "view", $album);
- $photo = ORM::factory("item");
- $photo->type = "photo";
- $photo->add_to_parent($album);
- access::add_item($photo);
+ $photo = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "");
- $this->assert_true($photo->__get("view_" . group::everybody()->id));
+ $this->assert_true($photo->__get("view_" . Identity::everybody()->id));
}
public function can_allow_deny_and_reset_intent_test() {
@@ -137,23 +134,23 @@ class Access_Helper_Test extends Unit_Test_Case {
$intent = ORM::factory("access_intent")->where("item_id", $album)->find();
// Allow
- access::allow(group::everybody(), "view", $album);
+ access::allow(Identity::everybody(), "view", $album);
$this->assert_same(access::ALLOW, $intent->reload()->view_1);
// Deny
- access::deny(group::everybody(), "view", $album);
+ access::deny(Identity::everybody(), "view", $album);
$this->assert_same(
access::DENY,
ORM::factory("access_intent")->where("item_id", $album)->find()->view_1);
// Allow again. If the initial value was allow, then the first Allow clause above may not
// have actually changed any values.
- access::allow(group::everybody(), "view", $album);
+ access::allow(Identity::everybody(), "view", $album);
$this->assert_same(
access::ALLOW,
ORM::factory("access_intent")->where("item_id", $album)->find()->view_1);
- access::reset(group::everybody(), "view", $album);
+ access::reset(Identity::everybody(), "view", $album);
$this->assert_same(
null,
ORM::factory("access_intent")->where("item_id", $album)->find()->view_1);
@@ -161,7 +158,7 @@ class Access_Helper_Test extends Unit_Test_Case {
public function cant_reset_root_item_test() {
try {
- access::reset(group::everybody(), "view", ORM::factory("item", 1));
+ access::reset(Identity::everybody(), "view", ORM::factory("item", 1));
} catch (Exception $e) {
return;
}
@@ -170,17 +167,17 @@ class Access_Helper_Test extends Unit_Test_Case {
public function can_view_item_test() {
$root = ORM::factory("item", 1);
- access::allow(group::everybody(), "view", $root);
- $this->assert_true(access::group_can(group::everybody(), "view", $root));
+ access::allow(Identity::everybody(), "view", $root);
+ $this->assert_true(access::group_can(Identity::everybody(), "view", $root));
}
public function can_always_fails_on_unloaded_items_test() {
$root = ORM::factory("item", 1);
- access::allow(group::everybody(), "view", $root);
- $this->assert_true(access::group_can(group::everybody(), "view", $root));
+ access::allow(Identity::everybody(), "view", $root);
+ $this->assert_true(access::group_can(Identity::everybody(), "view", $root));
$bogus = ORM::factory("item", -1);
- $this->assert_false(access::group_can(group::everybody(), "view", $bogus));
+ $this->assert_false(access::group_can(Identity::everybody(), "view", $bogus));
}
public function cant_view_child_of_hidden_parent_test() {
@@ -188,21 +185,21 @@ class Access_Helper_Test extends Unit_Test_Case {
$album = album::create($root, rand(), "test album");
$root->reload();
- access::deny(group::everybody(), "view", $root);
- access::reset(group::everybody(), "view", $album);
+ access::deny(Identity::everybody(), "view", $root);
+ access::reset(Identity::everybody(), "view", $album);
$album->reload();
- $this->assert_false(access::group_can(group::everybody(), "view", $album));
+ $this->assert_false(access::group_can(Identity::everybody(), "view", $album));
}
public function view_permissions_propagate_down_test() {
$root = ORM::factory("item", 1);
$album = album::create($root, rand(), "test album");
- access::allow(group::everybody(), "view", $root);
- access::reset(group::everybody(), "view", $album);
+ access::allow(Identity::everybody(), "view", $root);
+ access::reset(Identity::everybody(), "view", $album);
$album->reload();
- $this->assert_true(access::group_can(group::everybody(), "view", $album));
+ $this->assert_true(access::group_can(Identity::everybody(), "view", $album));
}
public function can_toggle_view_permissions_propagate_down_test() {
@@ -217,18 +214,18 @@ class Access_Helper_Test extends Unit_Test_Case {
$album3->reload();
$album4->reload();
- access::allow(group::everybody(), "view", $root);
- access::deny(group::everybody(), "view", $album1);
- access::reset(group::everybody(), "view", $album2);
- access::reset(group::everybody(), "view", $album3);
- access::reset(group::everybody(), "view", $album4);
+ access::allow(Identity::everybody(), "view", $root);
+ access::deny(Identity::everybody(), "view", $album1);
+ access::reset(Identity::everybody(), "view", $album2);
+ access::reset(Identity::everybody(), "view", $album3);
+ access::reset(Identity::everybody(), "view", $album4);
$album4->reload();
- $this->assert_false(access::group_can(group::everybody(), "view", $album4));
+ $this->assert_false(access::group_can(Identity::everybody(), "view", $album4));
- access::allow(group::everybody(), "view", $album1);
+ access::allow(Identity::everybody(), "view", $album1);
$album4->reload();
- $this->assert_true(access::group_can(group::everybody(), "view", $album4));
+ $this->assert_true(access::group_can(Identity::everybody(), "view", $album4));
}
public function revoked_view_permissions_cant_be_allowed_lower_down_test() {
@@ -237,29 +234,29 @@ class Access_Helper_Test extends Unit_Test_Case {
$album2 = album::create($album1, rand(), "test album");
$root->reload();
- access::deny(group::everybody(), "view", $root);
- access::allow(group::everybody(), "view", $album2);
+ access::deny(Identity::everybody(), "view", $root);
+ access::allow(Identity::everybody(), "view", $album2);
$album1->reload();
- $this->assert_false(access::group_can(group::everybody(), "view", $album1));
+ $this->assert_false(access::group_can(Identity::everybody(), "view", $album1));
$album2->reload();
- $this->assert_false(access::group_can(group::everybody(), "view", $album2));
+ $this->assert_false(access::group_can(Identity::everybody(), "view", $album2));
}
public function can_edit_item_test() {
$root = ORM::factory("item", 1);
- access::allow(group::everybody(), "edit", $root);
- $this->assert_true(access::group_can(group::everybody(), "edit", $root));
+ access::allow(Identity::everybody(), "edit", $root);
+ $this->assert_true(access::group_can(Identity::everybody(), "edit", $root));
}
public function non_view_permissions_propagate_down_test() {
$root = ORM::factory("item", 1);
$album = album::create($root, rand(), "test album");
- access::allow(group::everybody(), "edit", $root);
- access::reset(group::everybody(), "edit", $album);
- $this->assert_true(access::group_can(group::everybody(), "edit", $album));
+ access::allow(Identity::everybody(), "edit", $root);
+ access::reset(Identity::everybody(), "edit", $album);
+ $this->assert_true(access::group_can(Identity::everybody(), "edit", $album));
}
public function non_view_permissions_can_be_revoked_lower_down_test() {
@@ -279,36 +276,36 @@ class Access_Helper_Test extends Unit_Test_Case {
$outer->reload();
$inner->reload();
- access::allow(group::everybody(), "edit", $root);
- access::deny(group::everybody(), "edit", $outer);
- access::allow(group::everybody(), "edit", $inner);
+ access::allow(Identity::everybody(), "edit", $root);
+ access::deny(Identity::everybody(), "edit", $outer);
+ access::allow(Identity::everybody(), "edit", $inner);
// Outer album is not editable, inner one is.
- $this->assert_false(access::group_can(group::everybody(), "edit", $outer_photo));
- $this->assert_true(access::group_can(group::everybody(), "edit", $inner_photo));
+ $this->assert_false(access::group_can(Identity::everybody(), "edit", $outer_photo));
+ $this->assert_true(access::group_can(Identity::everybody(), "edit", $inner_photo));
}
public function i_can_edit_test() {
// Create a new user that belongs to no groups
- $user = user::create("access_test", "Access Test", "");
+ $user = Identity::create_user("access_test", "Access Test", "");
foreach ($user->groups as $group) {
$user->remove($group);
}
$user->save();
- user::set_active($user);
+ Session::set_active_user($user);
// This user can't edit anything
$root = ORM::factory("item", 1);
$this->assert_false(access::can("edit", $root));
// Now add them to a group that has edit permission
- $group = group::create("access_test");
+ $group = Identity::create_group("access_test");
$group->add($user);
$group->save();
access::allow($group, "edit", $root);
- $user = user::lookup($user->id); // reload() does not flush related columns
- user::set_active($user);
+ $user = Identity::lookup_user($user->id); // reload() does not flush related columns
+ Session::set_active_user($user);
// And verify that the user can edit.
$this->assert_true(access::can("edit", $root));
@@ -320,16 +317,16 @@ class Access_Helper_Test extends Unit_Test_Case {
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
- access::deny(group::everybody(), "view", $album);
+ access::deny(Identity::everybody(), "view", $album);
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
- access::allow(group::everybody(), "view", $album);
+ access::allow(Identity::everybody(), "view", $album);
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
- access::deny(group::everybody(), "view", $album);
+ access::deny(Identity::everybody(), "view", $album);
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
- access::reset(group::everybody(), "view", $album);
+ access::reset(Identity::everybody(), "view", $album);
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
}
@@ -341,44 +338,44 @@ class Access_Helper_Test extends Unit_Test_Case {
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
- access::deny(group::everybody(), "view_full", $album);
+ access::deny(Identity::everybody(), "view_full", $album);
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
- access::allow(group::everybody(), "view_full", $album);
+ access::allow(Identity::everybody(), "view_full", $album);
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
- access::deny(group::everybody(), "view_full", $album);
+ access::deny(Identity::everybody(), "view_full", $album);
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
- access::reset(group::everybody(), "view_full", $album);
+ access::reset(Identity::everybody(), "view_full", $album);
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
}
public function moved_items_inherit_new_permissions_test() {
- user::set_active(user::lookup_by_name("admin"));
+ Session::set_active_user(Identity::lookup_user_by_name("admin"));
$root = ORM::factory("item", 1);
$public_album = album::create($root, rand(), "public album");
$public_photo = photo::create($public_album, MODPATH . "gallery/images/gallery.png", "", "");
- access::allow(group::everybody(), "view", $public_album);
+ access::allow(Identity::everybody(), "view", $public_album);
$root->reload(); // Account for MPTT changes
$private_album = album::create($root, rand(), "private album");
- access::deny(group::everybody(), "view", $private_album);
+ access::deny(Identity::everybody(), "view", $private_album);
$private_photo = photo::create($private_album, MODPATH . "gallery/images/gallery.png", "", "");
// Make sure that we now have a public photo and private photo.
- $this->assert_true(access::group_can(group::everybody(), "view", $public_photo));
- $this->assert_false(access::group_can(group::everybody(), "view", $private_photo));
+ $this->assert_true(access::group_can(Identity::everybody(), "view", $public_photo));
+ $this->assert_false(access::group_can(Identity::everybody(), "view", $private_photo));
// Swap the photos
item::move($public_photo, $private_album);
@@ -394,7 +391,7 @@ class Access_Helper_Test extends Unit_Test_Case {
$public_photo->reload();
// Make sure that the public_photo is now private, and the private_photo is now public.
- $this->assert_false(access::group_can(group::everybody(), "view", $public_photo));
- $this->assert_true(access::group_can(group::everybody(), "view", $private_photo));
+ $this->assert_false(access::group_can(Identity::everybody(), "view", $public_photo));
+ $this->assert_true(access::group_can(Identity::everybody(), "view", $private_photo));
}
}
diff --git a/modules/gallery/tests/Albums_Controller_Test.php b/modules/gallery/tests/Albums_Controller_Test.php
index d65946c7..fa46d924 100644
--- a/modules/gallery/tests/Albums_Controller_Test.php
+++ b/modules/gallery/tests/Albums_Controller_Test.php
@@ -43,8 +43,9 @@ class Albums_Controller_Test extends Unit_Test_Case {
$_POST["column"] = "weight";
$_POST["direction"] = "ASC";
$_POST["csrf"] = access::csrf_token();
+ $_POST["slug"] = "new_name";
$_POST["_method"] = "put";
- access::allow(group::everybody(), "edit", $root);
+ access::allow(Identity::everybody(), "edit", $root);
ob_start();
$controller->_update($this->_album);
@@ -68,7 +69,7 @@ class Albums_Controller_Test extends Unit_Test_Case {
$_POST["name"] = "new name";
$_POST["title"] = "new title";
$_POST["description"] = "new description";
- access::allow(group::everybody(), "edit", $root);
+ access::allow(Identity::everybody(), "edit", $root);
try {
$controller->_update($this->_album);
diff --git a/modules/gallery/tests/File_Structure_Test.php b/modules/gallery/tests/File_Structure_Test.php
index 9018f4c6..327b6be8 100644
--- a/modules/gallery/tests/File_Structure_Test.php
+++ b/modules/gallery/tests/File_Structure_Test.php
@@ -17,6 +17,8 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
+require_once(dirname(__FILE__) . "/Gallery_Filters.php");
+
class File_Structure_Test extends Unit_Test_Case {
public function no_trailing_closing_php_tag_test() {
$dir = new GalleryCodeFilterIterator(
@@ -233,7 +235,9 @@ class File_Structure_Test extends Unit_Test_Case {
foreach ($info_files as $file) {
foreach (file($file) as $line) {
$parts = explode("=", $line, 2);
- $values[trim($parts[0])] = trim($parts[1]);
+ if (isset($parts[1])) {
+ $values[trim($parts[0])] = trim($parts[1]);
+ }
}
$module = dirname($file);
@@ -261,33 +265,3 @@ class File_Structure_Test extends Unit_Test_Case {
}
}
}
-
-class PhpCodeFilterIterator extends FilterIterator {
- public function accept() {
- $path_name = $this->getInnerIterator()->getPathName();
- return substr($path_name, -4) == ".php";
- }
-}
-
-class GalleryCodeFilterIterator extends FilterIterator {
- public function accept() {
- // Skip anything that we didn"t write
- $path_name = $this->getInnerIterator()->getPathName();
- return !(
- strpos($path_name, ".svn") ||
- strpos($path_name, DOCROOT . "test") !== false ||
- strpos($path_name, DOCROOT . "var") !== false ||
- strpos($path_name, MODPATH . "forge") !== false ||
- strpos($path_name, MODPATH . "gallery/views/kohana_error_page.php") !== false ||
- strpos($path_name, MODPATH . "gallery/views/kohana_profiler.php") !== false ||
- strpos($path_name, MODPATH . "gallery_unit_test/views/kohana_error_page.php") !== false ||
- strpos($path_name, MODPATH . "gallery_unit_test/views/kohana_unit_test_cli.php") !== false ||
- strpos($path_name, MODPATH . "unit_test") !== false ||
- strpos($path_name, MODPATH . "exif/lib") !== false ||
- strpos($path_name, MODPATH . "user/lib/PasswordHash") !== false ||
- strpos($path_name, DOCROOT . "lib/swfupload") !== false ||
- strpos($path_name, SYSPATH) !== false ||
- strpos($path_name, MODPATH . "gallery/libraries/HTMLPurifier") !== false ||
- substr($path_name, -1, 1) == "~");
- }
-}
diff --git a/modules/gallery/tests/Gallery_Filters.php b/modules/gallery/tests/Gallery_Filters.php
new file mode 100644
index 00000000..d1bc2cfa
--- /dev/null
+++ b/modules/gallery/tests/Gallery_Filters.php
@@ -0,0 +1,48 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+class PhpCodeFilterIterator extends FilterIterator {
+ public function accept() {
+ $path_name = $this->getInnerIterator()->getPathName();
+ return substr($path_name, -4) == ".php";
+ }
+}
+
+class GalleryCodeFilterIterator extends FilterIterator {
+ public function accept() {
+ // Skip anything that we didn"t write
+ $path_name = $this->getInnerIterator()->getPathName();
+ return !(
+ strpos($path_name, ".svn") ||
+ strpos($path_name, DOCROOT . "test") !== false ||
+ strpos($path_name, DOCROOT . "var") !== false ||
+ strpos($path_name, MODPATH . "forge") !== false ||
+ strpos($path_name, MODPATH . "gallery/views/kohana_error_page.php") !== false ||
+ strpos($path_name, MODPATH . "gallery/views/kohana_profiler.php") !== false ||
+ strpos($path_name, MODPATH . "gallery_unit_test/views/kohana_error_page.php") !== false ||
+ strpos($path_name, MODPATH . "gallery_unit_test/views/kohana_unit_test_cli.php") !== false ||
+ strpos($path_name, MODPATH . "unit_test") !== false ||
+ strpos($path_name, MODPATH . "exif/lib") !== false ||
+ strpos($path_name, MODPATH . "user/lib/PasswordHash") !== false ||
+ strpos($path_name, DOCROOT . "lib/swfupload") !== false ||
+ strpos($path_name, SYSPATH) !== false ||
+ strpos($path_name, MODPATH . "gallery/libraries/HTMLPurifier") !== false ||
+ substr($path_name, -1, 1) == "~");
+ }
+}
diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php
index 33fcdb73..fc01db91 100644
--- a/modules/gallery/tests/Item_Helper_Test.php
+++ b/modules/gallery/tests/Item_Helper_Test.php
@@ -23,16 +23,16 @@ class Item_Helper_Test extends Unit_Test_Case {
$root = ORM::factory("item", 1);
$album = album::create($root, rand(), rand(), rand());
$item = self::_create_random_item($album);
- user::set_active(user::guest());
+ Session::set_active_user(Identity::guest());
// We can see the item when permissions are granted
- access::allow(group::everybody(), "view", $album);
+ access::allow(Identity::everybody(), "view", $album);
$this->assert_equal(
1,
ORM::factory("item")->viewable()->where("id", $item->id)->count_all());
// We can't see the item when permissions are denied
- access::deny(group::everybody(), "view", $album);
+ access::deny(Identity::everybody(), "view", $album);
$this->assert_equal(
0,
ORM::factory("item")->viewable()->where("id", $item->id)->count_all());
diff --git a/modules/gallery/tests/No_Direct_Access_Test.php b/modules/gallery/tests/No_Direct_Access_Test.php
new file mode 100644
index 00000000..c6d8df95
--- /dev/null
+++ b/modules/gallery/tests/No_Direct_Access_Test.php
@@ -0,0 +1,77 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+require_once("Gallery_Filters.php");
+
+class No_Direct_Access_Test extends Unit_Test_Case {
+ public function no_access_to_users_table_test() {
+ $dir = new UserModuleFilterIterator(
+ new PhpCodeFilterIterator(
+ new GalleryCodeFilterIterator(
+ new RecursiveIteratorIterator(
+ new RecursiveDirectoryIterator(DOCROOT)))));
+ $errors = array();
+ foreach ($dir as $file) {
+ //if (basename(dirname($file)) == "helpers") {
+ $file_as_string = file_get_contents($file);
+ if (preg_match("/ORM::factory\\(\"user\"/", $file_as_string)) {
+ foreach (split("\n", $file_as_string) as $l => $line) {
+ if (preg_match('/ORM::factory\\(\"user\"/', $line)) {
+ $errors[] = "$file($l) => $line";
+ }
+ }
+ }
+ $file_as_string = null;
+ }
+ if ($errors) {
+ $this->assert_false(true, "Direct access to the users table found:\n" . join("\n", $errors));
+ }
+ }
+
+ public function no_access_to_groups_table_test() {
+ $dir = new UserModuleFilterIterator(
+ new PhpCodeFilterIterator(
+ new GalleryCodeFilterIterator(
+ new RecursiveIteratorIterator(
+ new RecursiveDirectoryIterator(DOCROOT)))));
+ $errors = array();
+ foreach ($dir as $file) {
+ $file_as_string = file_get_contents($file);
+ if (preg_match("/ORM::factory\\(\"group\"/", $file_as_string)) {
+ foreach (split("\n", $file_as_string) as $l => $line) {
+ if (preg_match('/ORM::factory\\(\"group\"/', $line)) {
+ $errors[] = "$file($l) => $line";
+ }
+ }
+ }
+ $file_as_string = null;
+ }
+ if ($errors) {
+ $this->assert_false(true, "Direct access to the groups table found:\n" . join("\n", $errors));
+ }
+ }
+
+}
+
+class UserModuleFilterIterator extends FilterIterator {
+ public function accept() {
+ $path_name = $this->getInnerIterator()->getPathName();
+ return strpos($path_name, "/modules/user") === false;
+ }
+}
diff --git a/modules/gallery/tests/Photos_Controller_Test.php b/modules/gallery/tests/Photos_Controller_Test.php
index 0159b420..59c3f78a 100644
--- a/modules/gallery/tests/Photos_Controller_Test.php
+++ b/modules/gallery/tests/Photos_Controller_Test.php
@@ -31,7 +31,7 @@ class Photos_Controller_Test extends Unit_Test_Case {
$root = ORM::factory("item", 1);
$photo = photo::create(
$root, MODPATH . "gallery/tests/test.jpg", "test.jpeg",
- "test", "test", user::active(), "slug");
+ "test", "test", Session::active_user()->id, "slug");
$orig_name = $photo->name;
$_POST["filename"] = "test.jpeg";
@@ -40,7 +40,7 @@ class Photos_Controller_Test extends Unit_Test_Case {
$_POST["description"] = "new description";
$_POST["slug"] = "new-slug";
$_POST["csrf"] = access::csrf_token();
- access::allow(group::everybody(), "edit", $root);
+ access::allow(Identity::everybody(), "edit", $root);
ob_start();
$controller->_update($photo);
@@ -64,7 +64,7 @@ class Photos_Controller_Test extends Unit_Test_Case {
$_POST["name"] = "new name";
$_POST["title"] = "new title";
$_POST["description"] = "new description";
- access::allow(group::everybody(), "edit", $root);
+ access::allow(Identity::everybody(), "edit", $root);
try {
$controller->_update($photo);
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 16:07:16 +0000