diff options
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Dashboard.pm | 4 | ||||
| -rw-r--r-- | t/app/controller/dashboard.t | 16 |
3 files changed, 21 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 5f9e335a9..a80b26720 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,6 +49,7 @@ - Admins can now unban users #1881 - Council dashboard has date range for report generation #1885 - More JavaScript-enhanced `<select multiple>` elements #1589 + - Council dashboard CSV export now has token based authentication #1911 - UK: - Use SVG logo, inlined on front page. #1887 - Inline critical CSS on front page. diff --git a/perllib/FixMyStreet/App/Controller/Dashboard.pm b/perllib/FixMyStreet/App/Controller/Dashboard.pm index 27661b736..264845d40 100644 --- a/perllib/FixMyStreet/App/Controller/Dashboard.pm +++ b/perllib/FixMyStreet/App/Controller/Dashboard.pm @@ -91,6 +91,10 @@ Show the dashboard table. sub index : Path : Args(0) { my ( $self, $c ) = @_; + if ($c->get_param('export')) { + $c->authenticate(undef, "access_token"); + } + my $body = $c->forward('check_page_allowed'); $c->stash->{body} = $body; diff --git a/t/app/controller/dashboard.t b/t/app/controller/dashboard.t index c1706cc81..83833ee7d 100644 --- a/t/app/controller/dashboard.t +++ b/t/app/controller/dashboard.t @@ -673,6 +673,22 @@ FixMyStreet::override_config { is scalar @rows, 2, '1 (header) + 1 (reports) = 2 lines'; }; + + subtest 'export as csv using token' => sub { + $mech->log_out_ok; + + $user->set_extra_metadata('access_token', '1234567890abcdefgh'); + $user->update(); + + $mech->get_ok('/dashboard?export=1'); + like $mech->res->header('Content-type'), qr'text/html'; + $mech->content_lacks('Report ID'); + + $mech->add_header('Authorization', 'Bearer 1234567890abcdefgh'); + $mech->get_ok('/dashboard?export=1'); + like $mech->res->header('Content-type'), qr'text/csv'; + $mech->content_contains('Report ID'); + }; }; restore_time; |