Unexpected output: Affected paths: relative - resubmit patch.
⚙ D282 INP-1665 - Add/use "kApplication::permissionCheckingDisabled" method
Page MenuHomeIn-Portal Phabricator

INP-1665 - Add/use "kApplication::permissionCheckingDisabled" method
ClosedPublic

Authored by alex on Jan 19 2017, 10:02 AM.

Details

Test Plan

Preparations

  • in Admin Console
    1. go to User ManagementUsers section
    2. create 2 active users by using Add toolbar button
    3. go to User ManagementAdministrators section
    4. create user with pseudo-root as it's Username
    5. remember ID of created user
  • in IDE:
    1. open /core/kernel/application.php for editing
    2. in the kApplication::permissionCheckingDisabled method before returning a result add code, that would return true (means permission check is disabled), when $user_id is equals to ID of pseudo-root user

Part 1 (create/update/delete own address)

  • on the Front-End
    1. login using 1st created user
    2. click on My Addresses link in My Account sidebox on the left
    3. click on New Address link
    4. create new address
    5. confirm, that redirect to address list page happened
    6. confirm, that address was created and it's shown on list page
    7. click Edit link to edit just created address
    8. locate "addr-X---" part at the end of page URL (the X is any number)
    9. change Full Name field value
    10. press the Update button
    11. confirm, that redirect to address list page happened
    12. confirm, that new value of Full Name field is displayed
    13. click on Delete link to edit just created address
    14. confirm address removal by pressing OK or similar button in browser confirmation window, that appears
    15. confirm, that redirect to address list page happened
    16. confirm, that no addresses are shown in the list

Part 2 (update/delete other user address)

  • on the Front-End
    1. login using 1st created user
    2. click on My Addresses link in My Account sidebox on the left
    3. click on New Address link
    4. create new address
      1. click Edit link to edit just created address
    5. locate "addr-X---" part at the end of page URL (the X is any number)
    6. change Full Name field value
  • in the database
    1. open Addresses table
    2. locate record, that has AddressId column value equals to X number obtained above
    3. change value of PortalUserId field to ID of 2nd created user
    4. remember value in FullName field
  • on the Front-End
    1. press the Update button
    2. confirm, that you stayed on same address editing page
  • in the database
    1. open "Addresses" table
    2. locate record, that has "AddressId" column value equals to "X" number obtained above
    3. confirm, that FullName field value matches one, that was remembered before
    4. change value of "PortalUserId" field to ID of 1st created user
  • on the Front-End
    1. click on My Addresses link in My Account sidebox on the left
  • in the database
    1. change value of PortalUserId field to ID of 2nd created user
  • on the Front-End
  • click on Delete link to edit just created address
    1. confirm address removal by pressing OK or similar button in browser confirmation window, that appears
    2. confirm, that redirect to address list page happened
    3. confirm, that no addresses are shown in the list
  • in the database
    1. open "Addresses" table
    2. locate record, that has "AddressId" column value equals to "X" number obtained above
    3. confirm, that record wasn't deleted
    4. change value of PortalUserId field to ID of 1st created user

Part 3 (the root user changing/deleting address)

  • login to Admin Console as root user
    1. go to User ManagementUsers section
    2. open 1st created user (the one, used to login on Front-End) for editing
    3. go to Addresses tab
    4. open address for editing
    5. change Full Name and save changes
    6. confirm, that changed value of Full Name field is shown in the grid
    7. delete address
    8. confirm, that address was deleted

Part 4 (the administrator changing/deleting address)

  • login to Admin Console as administrator (not root user)
    1. go to User ManagementUsers section
    2. open 1st created user (the one, used to login on Front-End) for editing
    3. go to Addresses tab
    4. open address for editing
    5. change Full Name and save changes
    6. confirm, that changed value of Full Name field is shown in the grid
    7. delete address
    8. confirm, that address was deleted

Part 5 (permission override in user permission checking code)

NOTE: Test needs to be performed in Firefox.
NOTE: The User ManagementGroups section can be enabled from ConfigurationUsersGeneral section.
  • login to Admin Console as administrator
    1. go to Website & ContentLabels & Phrases section
    2. right click on section name in the tree
    3. select Open Link in New Tab context menu item (the new tab will open in background)
    4. go to User ManagementGroups section
    5. for admin group remove view permission (but keep other permissions) from Website & ContentLabels & Phrases section
    6. confirm, that Website & ContentLabels & Phrases section is no longer visible in tree
    7. switch to background tab, that was opened before
    8. reload page in the browser
    9. confirm, that No Permission screen is shown
    10. close current tab
    11. logout
  • login to Admin Console as pseudo-root user
    1. confirm, that Website & ContentLabels & Phrases section is visible in tree
    2. go to Website & ContentLabels & Phrases section
    3. confirm, that section content (grid) is displayed in main frame

Part 6 (event permission override)

  • login to Admin Console as administrator
    1. go to User ManagementGroups section
    2. for admin group remove add permission (but keep other permissions) from CustomWidgets section
    3. go to CustomWidgets section
    4. click on Add button on toolbar
    5. confirm, that modal/popup window is opened and the No Permission page is displayed in it
    6. logout
  • login to Admin Console as pseudo-root user
    1. go to CustomWidgets section
    2. click on Add button on toolbar
    3. confirm, that modal/popup window is opened and widget adding page is displayed in it

Part 7 (upload permission override)

  • in IDE:
    1. open /modules/custom/units/widgets/widget_eh.php file for editing
    2. add 'OnProcessSelected' => array('self' => 'edit'), line to $permissions array in WidgetEventHandler::mapPermissions method
  • login to Admin Console as administrator
    1. go to User ManagementGroups section
    2. for admin group add add permission and remove edit permission from CustomWidgets section
    3. go to CustomWidgets section
    4. click on Add button on toolbar
    5. use Browse button of Image field to select an image for upload
    6. confirm, that alert telling that upload permissions are missing is displayed and no image is uploaded
  • login to Admin Console as pseudo-root user
    1. go to CustomWidgets section
    2. click on Add button on toolbar
    3. use Browse button of Image field to select an image for upload
    4. confirm, that image was uploaded and it's thumbnail is displayed

Part 8 (autoload permission override)

  • on Front-End:
    1. login using 1st created user
    2. click on My Addresses link in My Account sidebox on the left
    3. click on New Address link
    4. if no addresses exist already, then create new address
    5. click Edit link next to any of displayed addresses
    6. confirm, that redirect happened on a page, where selected address details are shown
  • in IDE:
    1. open /modules/in-commerce/units/addresses/addresses_event_handler.php file for editing
    2. comment out 'OnItemBuild' => Array ('subitem' => true), line in AddressesEventHandler::mapPermissions method
  • on Front-End:
    1. reload the page
    2. confirm, that No Permission page is shown
    3. logout
    4. login as pseudo-root user
    5. click on My Addresses link in My Account sidebox on the left
    6. click on New Address link
    7. create new address
    8. click Edit link next to any of displayed addresses
    9. confirm, that redirect happened on a page, where selected address details are shown

Diff Detail

Repository
rINP In-Portal
Branch
/in-portal/branches/5.2.x
Lint
Lint ErrorsExcuse: Ignoring class method indentation issue fixes to prevent possible merging conflicts for 5.3.x.
SeverityLocationCodeMessage
Errorcore/units/helpers/permissions_helper.php:846PHPCS.E.CodingStandard.Classes.ClassDeclaration.SpaceBeforeCloseBraceCodingStandard.Classes.ClassDeclaration.SpaceBeforeCloseBrace
Errormodules/in-commerce/units/addresses/addresses_event_handler.php:105PHPCS.E.Generic.WhiteSpace.ScopeIndent.IncorrectExactGeneric.WhiteSpace.ScopeIndent.IncorrectExact
Errormodules/in-commerce/units/addresses/addresses_event_handler.php:403PHPCS.E.Generic.WhiteSpace.ScopeIndent.IncorrectExactGeneric.WhiteSpace.ScopeIndent.IncorrectExact
Unit
No Unit Test Coverage
Build Status
Buildable 649
Build 649: arc lint + arc unit

Event Timeline

alex updated this revision to Diff 683.Jan 19 2017, 10:02 AM
alex retitled this revision from to INP-1665 - Add/use "kApplication::permissionCheckingDisabled" method.
alex updated this object.
alex edited the test plan for this revision. (Show Details)
alex added 1 JIRA issue(s): INP-1665.
alex edited the test plan for this revision. (Show Details)Jan 20 2017, 4:30 AM
alex edited edge metadata.

Forgot to post test plan originally. Posted now and can be tested for real.

erik accepted this revision.Jan 31 2017, 5:01 AM
erik edited edge metadata.
This revision is now accepted and ready to land.Jan 31 2017, 5:01 AM
This revision was automatically updated to reflect the committed changes.