mirror of
https://github.com/wallabag/wallabag.git
synced 2024-12-23 08:06:33 +00:00
Fix permission to settings page
This commit is contained in:
parent
1c7d66645b
commit
07c9b1c98a
2 changed files with 33 additions and 1 deletions
|
@ -57,5 +57,5 @@ security:
|
|||
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
|
||||
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
|
||||
- { path: /(unread|starred|archive).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
|
||||
- { path: ^/, roles: ROLE_USER }
|
||||
- { path: ^/settings, roles: ROLE_SUPER_ADMIN }
|
||||
- { path: ^/, roles: ROLE_USER }
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
<?php
|
||||
|
||||
namespace Wallabag\CoreBundle\Tests\Controller;
|
||||
|
||||
use Wallabag\CoreBundle\Tests\WallabagCoreTestCase;
|
||||
|
||||
/**
|
||||
* The controller `SettingsController` does not exist.
|
||||
* This test cover security against the internal settings page managed by CraueConfigBundle
|
||||
*/
|
||||
class SettingsControllerTest extends WallabagCoreTestCase
|
||||
{
|
||||
public function testSettingsWithAdmin()
|
||||
{
|
||||
$this->logInAs('admin');
|
||||
$client = $this->getClient();
|
||||
|
||||
$crawler = $client->request('GET', '/settings');
|
||||
|
||||
$this->assertEquals(200, $client->getResponse()->getStatusCode());
|
||||
}
|
||||
|
||||
public function testSettingsWithNormalUser()
|
||||
{
|
||||
$this->logInAs('bob');
|
||||
$client = $this->getClient();
|
||||
|
||||
$crawler = $client->request('GET', '/settings');
|
||||
|
||||
$this->assertEquals(403, $client->getResponse()->getStatusCode());
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue