0013032: add GRANT_DOWNLOAD
authorPhilipp Schüle <p.schuele@metaways.de>
Mon, 29 May 2017 13:21:46 +0000 (15:21 +0200)
committerPhilipp Schüle <p.schuele@metaways.de>
Mon, 29 May 2017 14:25:56 +0000 (16:25 +0200)
* adds test for download record attachment
* ignoreAcl when fetching record attachments
 ... as acl is already assured by record acl

https://forge.tine20.org/view.php?id=13032

Change-Id: I1df512dc966c58773dcd5d2e905882a54d9fae09
Reviewed-on: http://gerrit.tine20.com/customers/4771
Tested-by: Jenkins CI (http://ci.tine20.com/)
Reviewed-by: Philipp Schüle <p.schuele@metaways.de>
tests/tine20/Tinebase/FileSystem/RecordAttachmentsTest.php
tests/tine20/Tinebase/Frontend/HttpTest.php
tine20/Tinebase/Frontend/Http.php
tine20/Tinebase/Frontend/Http/Abstract.php

index dce696d..4fbc391 100644 (file)
@@ -4,20 +4,17 @@
  * 
  * @package     Addressbook
  * @license     http://www.gnu.org/licenses/agpl.html
- * @copyright   Copyright (c) 2014 Metaways Infosystems GmbH (http://www.metaways.de)
+ * @copyright   Copyright (c) 2014-2017 Metaways Infosystems GmbH (http://www.metaways.de)
  * @author      Lars Kneschke <l.kneschke@metaways.de>
  */
 
 /**
- * Test helper
- */
-require_once dirname(dirname(dirname(__FILE__))) . DIRECTORY_SEPARATOR . 'TestHelper.php';
-
-/**
  * Test class for Tinebase_User
  */
-class Tinebase_FileSystem_RecordAttachmentsTest extends PHPUnit_Framework_TestCase
+class Tinebase_FileSystem_RecordAttachmentsTest extends TestCase
 {
+    use GetProtectedMethodTrait;
+
     /**
      * @var array test objects
      */
@@ -32,10 +29,10 @@ class Tinebase_FileSystem_RecordAttachmentsTest extends PHPUnit_Framework_TestCa
     protected function setUp()
     {
         if (empty(Tinebase_Core::getConfig()->filesdir)) {
-            $this->markTestSkipped('filesystem base path not found');
+            self::markTestSkipped('filesystem base path not found');
         }
         
-        Tinebase_TransactionManager::getInstance()->startTransaction(Tinebase_Core::getDb());
+        parent::setUp();
         
         Tinebase_FileSystem::getInstance()->initializeApplication(Tinebase_Application::getInstance()->getApplicationByName('Addressbook'));
         
@@ -50,7 +47,7 @@ class Tinebase_FileSystem_RecordAttachmentsTest extends PHPUnit_Framework_TestCa
      */
     protected function tearDown()
     {
-        Tinebase_TransactionManager::getInstance()->rollBack();
+        parent::tearDown();
         Tinebase_FileSystem::getInstance()->clearStatCache();
         Tinebase_FileSystem::getInstance()->clearDeletedFilesFromFilesystem();
     }
@@ -58,18 +55,21 @@ class Tinebase_FileSystem_RecordAttachmentsTest extends PHPUnit_Framework_TestCa
     /**
      * test adding attachments to record
      * 
-     * @todo add assertions
+     * @return Addressbook_Model_Contact
      */
     public function testAddRecordAttachments()
     {
         $recordAttachments = Tinebase_FileSystem_RecordAttachments::getInstance();
         
         $record = new Addressbook_Model_Contact(array('n_family' => Tinebase_Record_Abstract::generateUID()));
-        $record->setId(Tinebase_Record_Abstract::generateUID());
+        $record = Addressbook_Controller_Contact::getInstance()->create($record);
         
         $recordAttachments->addRecordAttachment($record, 'Test.txt', fopen(__FILE__, 'r'));
         
         $attachments = $this->testGetRecordAttachments($record);
+        self::assertEquals(1, count($attachments));
+
+        return $record;
     }
     
     /**
@@ -86,9 +86,7 @@ class Tinebase_FileSystem_RecordAttachmentsTest extends PHPUnit_Framework_TestCa
             $record->setId(Tinebase_Record_Abstract::generateUID());
         }
         
-        $attachments = $recordAttachments->getRecordAttachments($record);
-        
-        return $attachments;
+        return $recordAttachments->getRecordAttachments($record);
     }
     
     /**
@@ -113,7 +111,30 @@ class Tinebase_FileSystem_RecordAttachmentsTest extends PHPUnit_Framework_TestCa
         $recordAttachments->getMultipleAttachmentsOfRecords($records);
         
         foreach ($records as $record) {
-            $this->assertEquals(1, $record->attachments->count(), 'Attachments missing');
+            self::assertEquals(1, $record->attachments->count(), 'Attachments missing');
         }
     }
+
+    /**
+     * @see 0013032: add GRANT_DOWNLOAD
+     *
+     * @throws Tinebase_Exception_InvalidArgument
+     */
+    public function testDownloadRecordAttachment()
+    {
+        $contactWithAttachment = $this->testAddRecordAttachments();
+        $http = new Tinebase_Frontend_Http();
+
+        $attachment = $contactWithAttachment->attachments->getFirstRecord();
+        $path = Tinebase_Model_Tree_Node_Path::STREAMWRAPPERPREFIX
+            . Tinebase_FileSystem_RecordAttachments::getInstance()->getRecordAttachmentPath($contactWithAttachment)
+            . '/' . $attachment->name;
+
+        ob_start();
+        $reflectionMethod = $this->getProtectedMethod(Tinebase_Frontend_Http::class, '_downloadFileNode');
+        $reflectionMethod->invokeArgs($http, [$attachment, $path, null, /* ignoreAcl */ true]);
+        $output = ob_get_clean();
+
+        self::assertContains('Tinebase_FileSystem_RecordAttachmentsTest', $output);
+    }
 }
index 5646475..4fb27a2 100644 (file)
@@ -4,7 +4,7 @@
  * 
  * @package     Tinebase
  * @license     http://www.gnu.org/licenses/agpl.html
- * @copyright   Copyright (c) 2011 Metaways Infosystems GmbH (http://www.metaways.de)
+ * @copyright   Copyright (c) 2011-2017 Metaways Infosystems GmbH (http://www.metaways.de)
  * @author      Cornelius Weiss <c.weiss@metaways.de>
  */
 
@@ -43,7 +43,8 @@ class Tinebase_Frontend_HttpTest extends PHPUnit_Framework_TestCase
         $this->assertGreaterThan(100, strlen($html));
     }
 
-    public function testgetPostalXWindow() {
+    public function testgetPostalXWindow()
+    {
         if (headers_sent() || version_compare(PHPUnit_Runner_Version::id(), '3.3.0', '<')) {
             $this->markTestSkipped('phpunit version < 3.3.0 cant cope with headers');
         }
index df89fe2..f78feba 100644 (file)
@@ -794,11 +794,12 @@ class Tinebase_Frontend_Http extends Tinebase_Frontend_Http_Abstract
         $record = $recordController->get($recordId);
         
         $node = Tinebase_FileSystem::getInstance()->get($nodeId);
+        $node->grants =
         $path = Tinebase_Model_Tree_Node_Path::STREAMWRAPPERPREFIX
             . Tinebase_FileSystem_RecordAttachments::getInstance()->getRecordAttachmentPath($record)
             . '/' . $node->name;
         
-        $this->_downloadFileNode($node, $path);
+        $this->_downloadFileNode($node, $path, /* revision */ null, /* $ignoreAcl */ true);
         exit;
     }
 
index ffda4b3..4ae9f09 100644 (file)
@@ -144,11 +144,12 @@ abstract class Tinebase_Frontend_Http_Abstract extends Tinebase_Frontend_Abstrac
      * @param Tinebase_Model_Tree_Node $node
      * @param string $filesystemPath
      * @param int|null $revision
+     * @param boolean $ignoreAcl
      * @throws Tinebase_Exception_NotFound
      */
-    protected function _downloadFileNode(Tinebase_Model_Tree_Node $node, $filesystemPath, $revision = null)
+    protected function _downloadFileNode(Tinebase_Model_Tree_Node $node, $filesystemPath, $revision = null, $ignoreAcl = false)
     {
-        if (! Tinebase_Core::getUser()->hasGrant($node, Tinebase_Model_Grants::GRANT_DOWNLOAD)) {
+        if (! $ignoreAcl && ! Tinebase_Core::getUser()->hasGrant($node, Tinebase_Model_Grants::GRANT_DOWNLOAD)) {
             throw new Tinebase_Exception_AccessDenied('download not allowed');
         }