diff options
| author | Matthew Somerville <matthew-github@dracos.co.uk> | 2018-10-10 09:58:15 +0100 |
|---|---|---|
| committer | Matthew Somerville <matthew-github@dracos.co.uk> | 2018-10-10 09:59:13 +0100 |
| commit | 42e20f742bf80b41083c02fd9319159df65ffb9f (patch) | |
| tree | 5fc229f794fc4fe25b1ec6414c4806b417adb77b /t | |
| parent | 70a19127923a54eee5ad16f1bb1b97675273bceb (diff) | |
Add cobrand hook for dashboard viewing permission.
This allows a cobrand to e.g. as the test does, allow public access to
dashboard CSV export for a body, but not otherwise.
Diffstat (limited to 't')
| -rw-r--r-- | t/app/controller/dashboard.t | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/t/app/controller/dashboard.t b/t/app/controller/dashboard.t index 26c19f596..a5fa8772a 100644 --- a/t/app/controller/dashboard.t +++ b/t/app/controller/dashboard.t @@ -1,4 +1,17 @@ use Test::MockTime ':all'; + +package FixMyStreet::Cobrand::Tester; +use parent 'FixMyStreet::Cobrand::Default'; +# Allow access if CSV export for a body, otherwise deny +sub dashboard_permission { + my $self = shift; + my $c = $self->{c}; + return 0 unless $c->get_param('export'); + return $c->get_param('body') || 0; +} + +package main; + use strict; use warnings; @@ -230,6 +243,25 @@ FixMyStreet::override_config { $mech->get_ok('/dashboard?export=1'); like $mech->res->header('Content-type'), qr'text/csv'; $mech->content_contains('Report ID'); + $mech->delete_header('Authorization'); + }; +}; + +FixMyStreet::override_config { + ALLOWED_COBRANDS => 'tester', + MAPIT_URL => 'http://mapit.uk/', +}, sub { + subtest 'no body or export, 404' => sub { + $mech->get('/dashboard'); + is $mech->status, '404', 'No parameters, 404'; + $mech->get('/dashboard?export=1'); + is $mech->status, '404', 'If no body, 404'; + $mech->get("/dashboard?body=$body_id"); + is $mech->status, '404', 'If no export, 404'; + }; + + subtest 'body and export, okay' => sub { + $mech->get_ok("/dashboard?body=$body_id&export=1"); }; }; |