Project

General

Profile

Paste
Download (5.48 KB) Statistics
| Branch: | Revision:

root / drupal7 / sites / all / modules / views_data_export / tests / access.test @ 56aebcb7

1
<?php
2

    
3
/**
4
 * Test class for access checks for VDE downloads.
5
 *
6
 * Views Data Export enforces that a previously exported file may only be
7
 * re-downloaded by the user that created the export. We test for that with
8
 * this class.
9
 */
10
class ViewsDataExportAccessTest extends ViewsDataExportBaseTest {
11

    
12
  protected $profile = 'testing';
13

    
14
  public static function getInfo() {
15
    return array(
16
      'name' => 'Access to temp files',
17
      'description' => 'Check access to created export files.',
18
      'group' => 'Views Data Export',
19
    );
20
  }
21

    
22
  /**
23
   * Test that VDE export can only be downloaded by the user that created them.
24
   */
25
  public function testExportedTempFileAccess() {
26
    $this->admin_user1 = $this->drupalCreateUser();
27
    $this->admin_user2 = $this->drupalCreateUser();
28

    
29
    // Run a batched export.
30
    $path = 'vde_test/' . $this->randomName();
31
    list($view, $expected) = $this->getExportView($path);
32
    $display = &$view->display['vde_test']->handler;
33
    // Set this view to be batched.
34
    $display->override_option('use_batch', 'batch');
35
    // Save this view so we can hit the path.
36
    $view->save();
37
    // Ensure that the menu router system is rebuilt on the next page load.
38
    variable_set('menu_rebuild_needed', TRUE);
39

    
40
    $this->drupalLogin($this->admin_user1);
41
    // Catpure the session_id as the redirects in the request ditch it.
42
    $session_id = $this->session_id;
43
    $this->assertBatchedExportEqual($path, $expected, 'Batched access export matched expected output.');
44

    
45
    // Remove all the test data, so future exports will be different.
46
    db_truncate('views_test')->execute();
47
    $this->resetAll();
48

    
49
    // Assert that we can re-download directly when supplying the token.
50
    // We rely on this being the first export in this test class.
51
    // Restore the session_id from above so we can use drupalGetToken.
52
    $this->session_id = $session_id;
53
    $token = $this->drupalGetToken('views_data_export/1');
54
    $this->drupalGet($path, array('query' => array('eid' => 1, 'download' => 1, 'token' => $token)));
55
    $output = $this->drupalGetContent();
56
    $this->assertEqual($this->normaliseString($output), $expected, 'Re-download of export file by original user is possible with session token.');
57

    
58
    // Assert that we cannot re-download directly without supplying the token.
59
    // We rely on this being the first export in this test class.
60
    $this->drupalGet($path, array('query' => array('eid' => 1, 'download' => 1)));
61
    $output = $this->drupalGetContent();
62
    $this->assertEqual($this->normaliseString($output), '', 'Re-download of export file by original user is not possible.');
63

    
64
    // Assert that someone else can't download our file.
65
    // We rely on this being the first export in this test class.
66
    $this->drupalLogin($this->admin_user2);
67
    $this->drupalGet($path, array('query' => array('eid' => 1, 'download' => 1, 'token' => $token)));
68
    $output = $this->drupalGetContent();
69
    $this->assertEqual($this->normaliseString($output), '', 'Re-download of export file by different user is not possible.');
70
  }
71

    
72
  /**
73
   * Overrides DrupalWebTestCase::drupalGetToken() to support the hash salt.
74
   *
75
   * @todo Remove when http://drupal.org/node/1555862 is fixed in core.
76
   */
77
  protected function drupalGetToken($value = '') {
78
    $private_key = drupal_get_private_key();
79
    return drupal_hmac_base64($value, $this->session_id . $private_key . drupal_get_hash_salt());
80
  }
81

    
82
  /**
83
   * Build and return a basic view of the views_test table.
84
   *
85
   * @return view
86
   */
87
  protected function getBasicExportView() {
88
    views_include('view');
89

    
90
    // Create the basic view.
91
    $view = new view();
92
    $view->vid = 'new';
93
    $view->base_table = 'views_test';
94

    
95
    // Set up the fields we need.
96
    $display = $view->new_display('default', 'Master', 'default');
97

    
98
    $display->override_option('fields', array(
99
      'id' => array(
100
        'id' => 'id',
101
        'table' => 'views_test',
102
        'field' => 'id',
103
        'relationship' => 'none',
104
      ),
105
      'name' => array(
106
        'id' => 'name',
107
        'table' => 'views_test',
108
        'field' => 'name',
109
        'relationship' => 'none',
110
      ),
111
      'age' => array(
112
        'id' => 'age',
113
        'table' => 'views_test',
114
        'field' => 'age',
115
        'relationship' => 'none',
116
      ),
117
    ));
118

    
119
    // Set up the sort order.
120
    $display->override_option('sorts', array(
121
      'id' => array(
122
        'order' => 'ASC',
123
        'id' => 'id',
124
        'table' => 'views_test',
125
        'field' => 'id',
126
        'relationship' => 'none',
127
      ),
128
    ));
129

    
130
    // Set up the pager.
131
    $display->override_option('pager', array(
132
      'type' => 'none',
133
      'options' => array('offset' => 0),
134
    ));
135

    
136
    return $view;
137
  }
138

    
139
  protected function getStylePluginName() {
140
    return 'views_data_export_txt';
141
  }
142

    
143
  protected function getExportView($path = 'vde_test') {
144
    // Create the basic view.
145
    $view = $this->getBasicExportView();
146

    
147
    $display = $view->new_display('views_data_export', 'Data export', 'vde_test');
148
    $display->override_option('style_plugin', $this->getStylePluginName());
149
    $display->override_option('path', $path);
150

    
151
    $expected = '[ID]
152

    
153
1
154
[Name]
155

    
156
John
157
[Age]
158

    
159
25
160
----------------------------------------
161

    
162
[ID]
163

    
164
2
165
[Name]
166

    
167
George
168
[Age]
169

    
170
27
171
----------------------------------------
172

    
173
[ID]
174

    
175
3
176
[Name]
177

    
178
Ringo
179
[Age]
180

    
181
28
182
----------------------------------------
183

    
184
[ID]
185

    
186
4
187
[Name]
188

    
189
Paul
190
[Age]
191

    
192
26
193
----------------------------------------
194

    
195
[ID]
196

    
197
5
198
[Name]
199

    
200
Meredith
201
[Age]
202

    
203
30
204
----------------------------------------';
205

    
206
    return array(&$view, $expected);
207
  }
208
}