Commit f238fde4 authored by Tymoteusz Motylewski's avatar Tymoteusz Motylewski
Browse files

[TASK] Cover BackendUserAuthentication->returnWebmounts() with test

Also fix misleading comment about permissions.

Resolves: #91454
Releases: 9.5, master
Change-Id: I1a399f1be613f007440bf542441bee60f53e49e0
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64557


Tested-by: default avatarTYPO3com <noreply@typo3.com>
Tested-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Richard Haeser's avatarRichard Haeser <richard@maxserv.com>
Tested-by: Tymoteusz Motylewski's avatarTymoteusz Motylewski <t.motylewski@gmail.com>
Reviewed-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Richard Haeser's avatarRichard Haeser <richard@maxserv.com>
Reviewed-by: Tymoteusz Motylewski's avatarTymoteusz Motylewski <t.motylewski@gmail.com>
parent 2491f759
......@@ -1255,10 +1255,9 @@ class BackendUserAuthentication extends AbstractUserAuthentication
/**
* Returns an array with the webmounts.
* If no webmounts, and empty array is returned.
* NOTICE: Deleted pages WILL NOT be filtered out! So if a mounted page has been deleted
* it is STILL coming out as a webmount. This is not checked due to performance.
* Webmounts permissions are checked in fetchGroupData()
*
* @return array
* @return array of web mounts uids (may include '0')
*/
public function returnWebmounts()
{
......
......@@ -91,4 +91,18 @@ class BackendUserAuthenticationTest extends FunctionalTestCase
self::assertEquals('13', $result['custom.']['groupProperty']);
self::assertEquals('installation-wide-configuration', $result['custom.']['generic']);
}
/**
* @test
*/
public function returnWebmountsFilterOutInaccessiblePages(): void
{
$result = $this->subject->returnWebmounts();
self::assertNotContains('3', $result, 'Deleted page is not filtered out');
self::assertNotContains('4', $result, 'Page user has no permission to read is not filtered out');
self::assertNotContains('5', $result, 'Not existing page is not filtered out');
self::assertContains('40', $result, 'Accessible db mount page, child of a not accessible page is not shown');
self::assertEquals(['1', '40'], $result);
}
}
......@@ -6,7 +6,7 @@
<title>editor group</title>
<lockToDomain></lockToDomain>
<workspace_perms>0</workspace_perms>
<db_mountpoints>1</db_mountpoints>
<db_mountpoints>1,3,4,5,40</db_mountpoints>
<tstamp>1544454571</tstamp>
<crdate>1542360853</crdate>
<deleted>0</deleted>
......
......@@ -26,4 +26,46 @@
<perms_everybody>0</perms_everybody>
<is_siteroot>1</is_siteroot>
</pages>
<pages>
<pid>0</pid>
<uid>3</uid>
<deleted>1</deleted>
<sys_language_uid>0</sys_language_uid>
<l10n_parent>0</l10n_parent>
<title>Deleted page</title>
<perms_userid>1</perms_userid>
<perms_groupid>1</perms_groupid>
<perms_user>31</perms_user>
<perms_group>27</perms_group>
<perms_everybody>0</perms_everybody>
<is_siteroot>1</is_siteroot>
</pages>
<pages>
<pid>0</pid>
<uid>4</uid>
<deleted>0</deleted>
<sys_language_uid>0</sys_language_uid>
<l10n_parent>0</l10n_parent>
<title>Another page</title>
<perms_userid>1</perms_userid>
<perms_groupid>2</perms_groupid>
<perms_user>31</perms_user>
<perms_group>27</perms_group>
<perms_everybody>0</perms_everybody>
<is_siteroot>1</is_siteroot>
</pages>
<pages>
<pid>4</pid>
<uid>40</uid>
<deleted>0</deleted>
<sys_language_uid>0</sys_language_uid>
<l10n_parent>0</l10n_parent>
<title>Another page subpage</title>
<perms_userid>1</perms_userid>
<perms_groupid>1</perms_groupid>
<perms_user>31</perms_user>
<perms_group>27</perms_group>
<perms_everybody>0</perms_everybody>
<is_siteroot>0</is_siteroot>
</pages>
</dataset>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment