WMDE-leszek has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/365019 )
Change subject: Add permission-related tests to Api\SetSiteLink tests ...................................................................... Add permission-related tests to Api\SetSiteLink tests Change-Id: Icb082d061ca35a71f9e8c816db385b16db893e9a --- M repo/tests/phpunit/includes/Api/SetSiteLinkTest.php 1 file changed, 73 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Wikibase refs/changes/19/365019/1 diff --git a/repo/tests/phpunit/includes/Api/SetSiteLinkTest.php b/repo/tests/phpunit/includes/Api/SetSiteLinkTest.php index a4e7beb..69b3fab 100644 --- a/repo/tests/phpunit/includes/Api/SetSiteLinkTest.php +++ b/repo/tests/phpunit/includes/Api/SetSiteLinkTest.php @@ -3,6 +3,7 @@ namespace Wikibase\Repo\Tests\Api; use ApiUsageException; +use User; use Wikibase\DataModel\Entity\Item; use Wikibase\DataModel\Entity\ItemId; use Wikibase\Repo\WikibaseRepo; @@ -564,4 +565,76 @@ $this->assertContains( 'Unrecognized value for parameter "badges"', $warning ); } + public function testUserCanEditWhenTheyHaveSufficientPermission() { + $userWithAllPermissions = $this->createUserWithGroup( 'all-permission' ); + + $this->setMwGlobals( 'wgGroupPermissions', [ + 'all-permission' => [ 'edit' => true, ], + '*' => [ 'read' => true, 'writeapi' => true ] + ] ); + + $newItem = $this->createItemUsing( $userWithAllPermissions ); + + list ( $result, ) = $this->doApiRequestWithToken( + $this->getSetSiteLinkRequestParams( $newItem->getId() ), + null, + $userWithAllPermissions + ); + + $this->assertEquals( 1, $result['success'] ); + } + + public function testUserCannotSetLabelWhenTheyLackPermission() { + $userWithInsufficientPermissions = $this->createUserWithGroup( 'no-permission' ); + $userWithAllPermissions = $this->createUserWithGroup( 'all-permission' ); + + $this->setMwGlobals( 'wgGroupPermissions', [ + 'no-permission' => [ 'edit' => false ], + 'all-permission' => [ 'edit' => true, ], + '*' => [ 'read' => true, 'writeapi' => true ] + ] ); + + // And an item + $newItem = $this->createItemUsing( $userWithAllPermissions ); + + // Then the request is denied + $expected = [ + 'type' => ApiUsageException::class, + 'code' => 'permissiondenied' + ]; + + $this->doTestQueryExceptions( + $this->getSetSiteLinkRequestParams( $newItem->getId() ), + $expected, + $userWithInsufficientPermissions + ); + } + + /** + * @param User $user + * @return Item + */ + private function createItemUsing( User $user ) { + $store = WikibaseRepo::getDefaultInstance()->getEntityStore(); + + $itemRevision = $store->saveEntity( new Item(), 'SetSiteLinkTest', $user, EDIT_NEW ); + return $itemRevision->getEntity(); + } + + private function createUserWithGroup( $groupName ) { + $user = $this->createTestUser()->getUser(); + $user->addGroup( $groupName ); + return $user; + + } + + private function getSetSiteLinkRequestParams( ItemId $id ) { + return [ + 'action' => 'wbsetsitelink', + 'id' => $id->getSerialization(), + 'linksite' => 'enwiki', + 'linktitle' => 'Come Cool Page', + ]; + } + } -- To view, visit https://gerrit.wikimedia.org/r/365019 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Icb082d061ca35a71f9e8c816db385b16db893e9a Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Wikibase Gerrit-Branch: master Gerrit-Owner: WMDE-leszek <leszek.mani...@wikimedia.de> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits