1
|
<?php
|
2
|
|
3
|
/**
|
4
|
* Test class for access checks for VDE downloads.
|
5
|
*
|
6
|
* Views Data Export enforces that a previously exported file may only be
|
7
|
* re-downloaded by the user that created the export. We test for that with
|
8
|
* this class.
|
9
|
*/
|
10
|
class ViewsDataExportAccessTest extends ViewsDataExportBaseTest {
|
11
|
|
12
|
protected $profile = 'testing';
|
13
|
|
14
|
public static function getInfo() {
|
15
|
return array(
|
16
|
'name' => 'Access to temp files',
|
17
|
'description' => 'Check access to created export files.',
|
18
|
'group' => 'Views Data Export',
|
19
|
);
|
20
|
}
|
21
|
|
22
|
/**
|
23
|
* Test that VDE export can only be downloaded by the user that created them.
|
24
|
*/
|
25
|
public function testExportedTempFileAccess() {
|
26
|
$this->admin_user1 = $this->drupalCreateUser();
|
27
|
$this->admin_user2 = $this->drupalCreateUser();
|
28
|
|
29
|
// Run a batched export.
|
30
|
$path = 'vde_test/' . $this->randomName();
|
31
|
list($view, $expected) = $this->getExportView($path);
|
32
|
$display = &$view->display['vde_test']->handler;
|
33
|
// Set this view to be batched.
|
34
|
$display->override_option('use_batch', 'batch');
|
35
|
// Save this view so we can hit the path.
|
36
|
$view->save();
|
37
|
// Ensure that the menu router system is rebuilt on the next page load.
|
38
|
variable_set('menu_rebuild_needed', TRUE);
|
39
|
|
40
|
$this->drupalLogin($this->admin_user1);
|
41
|
// Catpure the session_id as the redirects in the request ditch it.
|
42
|
$session_id = $this->session_id;
|
43
|
$this->assertBatchedExportEqual($path, $expected, 'Batched access export matched expected output.');
|
44
|
|
45
|
// Remove all the test data, so future exports will be different.
|
46
|
db_truncate('views_test')->execute();
|
47
|
$this->resetAll();
|
48
|
|
49
|
// Assert that we can re-download directly when supplying the token.
|
50
|
// We rely on this being the first export in this test class.
|
51
|
// Restore the session_id from above so we can use drupalGetToken.
|
52
|
$this->session_id = $session_id;
|
53
|
$token = $this->drupalGetToken('views_data_export/1');
|
54
|
$this->drupalGet($path, array('query' => array('eid' => 1, 'download' => 1, 'token' => $token)));
|
55
|
$output = $this->drupalGetContent();
|
56
|
$this->assertEqual($this->normaliseString($output), $expected, 'Re-download of export file by original user is possible with session token.');
|
57
|
|
58
|
// Assert that we cannot re-download directly without supplying the token.
|
59
|
// We rely on this being the first export in this test class.
|
60
|
$this->drupalGet($path, array('query' => array('eid' => 1, 'download' => 1)));
|
61
|
$output = $this->drupalGetContent();
|
62
|
$this->assertEqual($this->normaliseString($output), '', 'Re-download of export file by original user is not possible.');
|
63
|
|
64
|
// Assert that someone else can't download our file.
|
65
|
// We rely on this being the first export in this test class.
|
66
|
$this->drupalLogin($this->admin_user2);
|
67
|
$this->drupalGet($path, array('query' => array('eid' => 1, 'download' => 1, 'token' => $token)));
|
68
|
$output = $this->drupalGetContent();
|
69
|
$this->assertEqual($this->normaliseString($output), '', 'Re-download of export file by different user is not possible.');
|
70
|
}
|
71
|
|
72
|
/**
|
73
|
* Overrides DrupalWebTestCase::drupalGetToken() to support the hash salt.
|
74
|
*
|
75
|
* @todo Remove when http://drupal.org/node/1555862 is fixed in core.
|
76
|
*/
|
77
|
protected function drupalGetToken($value = '') {
|
78
|
$private_key = drupal_get_private_key();
|
79
|
return drupal_hmac_base64($value, $this->session_id . $private_key . drupal_get_hash_salt());
|
80
|
}
|
81
|
|
82
|
/**
|
83
|
* Build and return a basic view of the views_test table.
|
84
|
*
|
85
|
* @return view
|
86
|
*/
|
87
|
protected function getBasicExportView() {
|
88
|
views_include('view');
|
89
|
|
90
|
// Create the basic view.
|
91
|
$view = new view();
|
92
|
$view->vid = 'new';
|
93
|
$view->base_table = 'views_test';
|
94
|
|
95
|
// Set up the fields we need.
|
96
|
$display = $view->new_display('default', 'Master', 'default');
|
97
|
|
98
|
$display->override_option('fields', array(
|
99
|
'id' => array(
|
100
|
'id' => 'id',
|
101
|
'table' => 'views_test',
|
102
|
'field' => 'id',
|
103
|
'relationship' => 'none',
|
104
|
),
|
105
|
'name' => array(
|
106
|
'id' => 'name',
|
107
|
'table' => 'views_test',
|
108
|
'field' => 'name',
|
109
|
'relationship' => 'none',
|
110
|
),
|
111
|
'age' => array(
|
112
|
'id' => 'age',
|
113
|
'table' => 'views_test',
|
114
|
'field' => 'age',
|
115
|
'relationship' => 'none',
|
116
|
),
|
117
|
));
|
118
|
|
119
|
// Set up the sort order.
|
120
|
$display->override_option('sorts', array(
|
121
|
'id' => array(
|
122
|
'order' => 'ASC',
|
123
|
'id' => 'id',
|
124
|
'table' => 'views_test',
|
125
|
'field' => 'id',
|
126
|
'relationship' => 'none',
|
127
|
),
|
128
|
));
|
129
|
|
130
|
// Set up the pager.
|
131
|
$display->override_option('pager', array(
|
132
|
'type' => 'none',
|
133
|
'options' => array('offset' => 0),
|
134
|
));
|
135
|
|
136
|
return $view;
|
137
|
}
|
138
|
|
139
|
protected function getStylePluginName() {
|
140
|
return 'views_data_export_txt';
|
141
|
}
|
142
|
|
143
|
protected function getExportView($path = 'vde_test') {
|
144
|
// Create the basic view.
|
145
|
$view = $this->getBasicExportView();
|
146
|
|
147
|
$display = $view->new_display('views_data_export', 'Data export', 'vde_test');
|
148
|
$display->override_option('style_plugin', $this->getStylePluginName());
|
149
|
$display->override_option('path', $path);
|
150
|
|
151
|
$expected = '[ID]
|
152
|
|
153
|
1
|
154
|
[Name]
|
155
|
|
156
|
John
|
157
|
[Age]
|
158
|
|
159
|
25
|
160
|
----------------------------------------
|
161
|
|
162
|
[ID]
|
163
|
|
164
|
2
|
165
|
[Name]
|
166
|
|
167
|
George
|
168
|
[Age]
|
169
|
|
170
|
27
|
171
|
----------------------------------------
|
172
|
|
173
|
[ID]
|
174
|
|
175
|
3
|
176
|
[Name]
|
177
|
|
178
|
Ringo
|
179
|
[Age]
|
180
|
|
181
|
28
|
182
|
----------------------------------------
|
183
|
|
184
|
[ID]
|
185
|
|
186
|
4
|
187
|
[Name]
|
188
|
|
189
|
Paul
|
190
|
[Age]
|
191
|
|
192
|
26
|
193
|
----------------------------------------
|
194
|
|
195
|
[ID]
|
196
|
|
197
|
5
|
198
|
[Name]
|
199
|
|
200
|
Meredith
|
201
|
[Age]
|
202
|
|
203
|
30
|
204
|
----------------------------------------';
|
205
|
|
206
|
return array(&$view, $expected);
|
207
|
}
|
208
|
}
|