Fix permission to settings page

This commit is contained in:
Jeremy Benoist 2016-01-22 18:48:04 +01:00
parent 1c7d66645b
commit 07c9b1c98a
2 changed files with 33 additions and 1 deletions

View file

@ -57,5 +57,5 @@ security:
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /(unread|starred|archive).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: /(unread|starred|archive).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_USER }
- { path: ^/settings, roles: ROLE_SUPER_ADMIN } - { path: ^/settings, roles: ROLE_SUPER_ADMIN }
- { path: ^/, roles: ROLE_USER }

View file

@ -0,0 +1,32 @@
<?php
namespace Wallabag\CoreBundle\Tests\Controller;
use Wallabag\CoreBundle\Tests\WallabagCoreTestCase;
/**
* The controller `SettingsController` does not exist.
* This test cover security against the internal settings page managed by CraueConfigBundle
*/
class SettingsControllerTest extends WallabagCoreTestCase
{
public function testSettingsWithAdmin()
{
$this->logInAs('admin');
$client = $this->getClient();
$crawler = $client->request('GET', '/settings');
$this->assertEquals(200, $client->getResponse()->getStatusCode());
}
public function testSettingsWithNormalUser()
{
$this->logInAs('bob');
$client = $this->getClient();
$crawler = $client->request('GET', '/settings');
$this->assertEquals(403, $client->getResponse()->getStatusCode());
}
}