Commit a64f6849 authored by Matthias Larisch's avatar Matthias Larisch Committed by Nick Sellen

Fix permissions on Fairteiler edit, more tests

parent 83eea55a
......@@ -25,6 +25,7 @@
- changed old foodsharing „Freiwilligenplattform“ mailfooter for outgoing replies via mail, which was based on lebensmittelretten !287 @irgendwer
- consistent use of jumper list (Springerliste) all over the page. !293 by @peter.toennies
- fixed new fairteiler can not get a region set !294 @NerdyProjects
- fixed ambassador of other region could edit fairteiler !294 @NerdyProjects
## Refactoring
- Consolidate remaining functions and modules !269 @NerdyProjects
......
......@@ -55,7 +55,19 @@ class FairTeilerControl extends Control
$this->func->goLogin();
}
if ($bid = $request->query->get('bid')) {
$this->fairteiler = false;
$this->follower = false;
$this->bezirke = $this->model->getRealBezirke();
if ($ftid = $request->query->get('id')) {
$this->fairteiler = $this->gateway->getFairteiler($ftid);
if (!$this->fairteiler) {
$this->func->go('/?page=fairteiler');
}
$bid = $this->fairteiler['bezirk_id'];
}
if ($bid || $bid = $request->query->get('bid')) {
if ($bezirk = $this->model->getBezirk($bid)) {
$this->bezirk_id = $bid;
$this->bezirk = $bezirk;
......@@ -70,16 +82,7 @@ class FairTeilerControl extends Control
$this->bezirk = null;
}
$this->fairteiler = false;
$this->follower = false;
$this->bezirke = $this->model->getRealBezirke();
if ($ftid = $request->query->get('id')) {
$this->fairteiler = $this->gateway->getFairteiler($ftid);
if (!$this->fairteiler) {
$this->func->go('/?page=fairteiler');
}
if ($ftid) {
$follow = $request->query->get('follow');
$infotype = $request->query->get('infotype', 2);
if ($this->handleFollowUnfollow($ftid, S::id(), $follow, $infotype)) {
......@@ -148,6 +151,9 @@ class FairTeilerControl extends Control
public function edit(Request $request)
{
if (!$this->mayEdit()) {
$this->func->go('/?page=fairteiler&sub=ft&id=' . $this->fairteiler['id']);
}
$this->func->addBread($this->fairteiler['name'], '/?page=fairteiler&sub=ft&bid=' . $this->bezirk_id . '&id=' . $this->fairteiler['id']);
$this->func->addBread($this->func->s('edit'));
if ($request->request->get('form_submit') == 'fairteiler') {
......
......@@ -82,7 +82,7 @@ class FairTeilerCest
* @param AcceptanceTester $I
* @example["user", false]
* @example["responsible", true]
* @example["otherBot", false]
* @example["otherBot", true]
*/
public function MayEditFairTeiler(AcceptanceTester $I, \Codeception\Example $example)
{
......@@ -92,7 +92,19 @@ class FairTeilerCest
if ($example[1]) {
$I->waitForText('Schreibe hier ein paar');
} else {
$I->waitUrlEquals('/?page=login');
/* just see the fairteiler page if not enough permissions to edit */
$I->waitForText('Beachte, dass Deine Beiträge');
}
}
public function MayNotEditFairTeilerWrongBid(AcceptanceTester $I)
{
$region = $I->createRegion('another funny region');
$bot = $I->createAmbassador(null, ['bezirk_id' => $region['id']]);
$I->addBezirkAdmin($region['id'], $bot['id']);
$I->login($bot['email']);
$I->amOnPage($I->fairTeilerEditUrl($this->fairTeiler['id']) . '&bid=' . $region['id']);
/* does not get edit view although region admin of another region (regression) */
$I->waitForText('Beachte, dass Deine Beiträge');
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment