WMDE-leszek has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/365019 )
Change subject: Add permission-related tests to Api\SetSiteLink tests
......................................................................
Add permission-related tests to Api\SetSiteLink tests
Change-Id: Icb082d061ca35a71f9e8c816db385b16db893e9a
---
M repo/tests/phpunit/includes/Api/SetSiteLinkTest.php
1 file changed, 73 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Wikibase
refs/changes/19/365019/1
diff --git a/repo/tests/phpunit/includes/Api/SetSiteLinkTest.php
b/repo/tests/phpunit/includes/Api/SetSiteLinkTest.php
index a4e7beb..69b3fab 100644
--- a/repo/tests/phpunit/includes/Api/SetSiteLinkTest.php
+++ b/repo/tests/phpunit/includes/Api/SetSiteLinkTest.php
@@ -3,6 +3,7 @@
namespace Wikibase\Repo\Tests\Api;
use ApiUsageException;
+use User;
use Wikibase\DataModel\Entity\Item;
use Wikibase\DataModel\Entity\ItemId;
use Wikibase\Repo\WikibaseRepo;
@@ -564,4 +565,76 @@
$this->assertContains( 'Unrecognized value for parameter
"badges"', $warning );
}
+ public function testUserCanEditWhenTheyHaveSufficientPermission() {
+ $userWithAllPermissions = $this->createUserWithGroup(
'all-permission' );
+
+ $this->setMwGlobals( 'wgGroupPermissions', [
+ 'all-permission' => [ 'edit' => true, ],
+ '*' => [ 'read' => true, 'writeapi' => true ]
+ ] );
+
+ $newItem = $this->createItemUsing( $userWithAllPermissions );
+
+ list ( $result, ) = $this->doApiRequestWithToken(
+ $this->getSetSiteLinkRequestParams( $newItem->getId() ),
+ null,
+ $userWithAllPermissions
+ );
+
+ $this->assertEquals( 1, $result['success'] );
+ }
+
+ public function testUserCannotSetLabelWhenTheyLackPermission() {
+ $userWithInsufficientPermissions = $this->createUserWithGroup(
'no-permission' );
+ $userWithAllPermissions = $this->createUserWithGroup(
'all-permission' );
+
+ $this->setMwGlobals( 'wgGroupPermissions', [
+ 'no-permission' => [ 'edit' => false ],
+ 'all-permission' => [ 'edit' => true, ],
+ '*' => [ 'read' => true, 'writeapi' => true ]
+ ] );
+
+ // And an item
+ $newItem = $this->createItemUsing( $userWithAllPermissions );
+
+ // Then the request is denied
+ $expected = [
+ 'type' => ApiUsageException::class,
+ 'code' => 'permissiondenied'
+ ];
+
+ $this->doTestQueryExceptions(
+ $this->getSetSiteLinkRequestParams( $newItem->getId() ),
+ $expected,
+ $userWithInsufficientPermissions
+ );
+ }
+
+ /**
+ * @param User $user
+ * @return Item
+ */
+ private function createItemUsing( User $user ) {
+ $store = WikibaseRepo::getDefaultInstance()->getEntityStore();
+
+ $itemRevision = $store->saveEntity( new Item(),
'SetSiteLinkTest', $user, EDIT_NEW );
+ return $itemRevision->getEntity();
+ }
+
+ private function createUserWithGroup( $groupName ) {
+ $user = $this->createTestUser()->getUser();
+ $user->addGroup( $groupName );
+ return $user;
+
+ }
+
+ private function getSetSiteLinkRequestParams( ItemId $id ) {
+ return [
+ 'action' => 'wbsetsitelink',
+ 'id' => $id->getSerialization(),
+ 'linksite' => 'enwiki',
+ 'linktitle' => 'Come Cool Page',
+ ];
+ }
+
}
--
To view, visit https://gerrit.wikimedia.org/r/365019
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Icb082d061ca35a71f9e8c816db385b16db893e9a
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Wikibase
Gerrit-Branch: master
Gerrit-Owner: WMDE-leszek <leszek.mani...@wikimedia.de>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
