mirror of
https://github.com/MarijnDoeve/TijdVoorDeTest.git
synced 2026-07-11 20:38:21 +02:00
test: address PR review feedback
- Scope AbstractControllerWebTestCase::getCandidate/getQuizByName by season code (both Candidate and Quiz are only unique per season, not system-wide) and add a CandidateRepository regression test guarding against same-named candidates in different seasons - Add missing entityManager->clear() before verifying DB state after a POST in PrepareEliminationControllerTest and QuestionBankControllerTest - Add non-owner denial tests for BackofficeController::exportQuiz and QuizQuestionController::edit/reorder, which had IsGranted checks with no test coverage
This commit is contained in:
@@ -42,4 +42,15 @@ final class BackofficeControllerTest extends AbstractControllerWebTestCase
|
||||
|
||||
self::assertResponseRedirects(\sprintf('/backoffice/season/%s', $quiz->season->seasonCode));
|
||||
}
|
||||
|
||||
public function testExportQuizIsDeniedForNonOwner(): void
|
||||
{
|
||||
$this->loginAs('test@example.org');
|
||||
|
||||
$quiz = $this->getQuizByName('Quiz 1');
|
||||
|
||||
$this->client->request(Request::METHOD_GET, \sprintf('/backoffice/quiz/%s/export', $quiz->id));
|
||||
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -52,6 +52,8 @@ final class PrepareEliminationControllerTest extends AbstractControllerWebTestCa
|
||||
$this->assertTrue($response->isRedirect());
|
||||
$this->assertStringContainsString('/backoffice/elimination/', (string) $response->headers->get('Location'));
|
||||
|
||||
$this->entityManager->clear();
|
||||
$quiz = $this->getQuizByName('Quiz 1');
|
||||
$elimination = $this->entityManager->getRepository(Elimination::class)->findOneBy(['quiz' => $quiz]);
|
||||
$this->assertInstanceOf(Elimination::class, $elimination);
|
||||
$this->assertArrayHasKey('Tom', $elimination->data);
|
||||
|
||||
@@ -105,6 +105,7 @@ final class QuestionBankControllerTest extends AbstractControllerWebTestCase
|
||||
]);
|
||||
|
||||
$this->assertResponseRedirects();
|
||||
$this->entityManager->clear();
|
||||
$saved = $this->entityManager->getRepository(BankQuestion::class)->findOneBy(['question' => 'Vraag zonder goed antwoord']);
|
||||
$this->assertInstanceOf(BankQuestion::class, $saved);
|
||||
$this->assertFalse($saved->isCompleteForQuiz);
|
||||
|
||||
@@ -115,4 +115,43 @@ final class QuizQuestionControllerTest extends AbstractControllerWebTestCase
|
||||
$this->assertSame($originalLastId, (string) $reorderedQuestions[0]->id);
|
||||
$this->assertSame($originalFirstId, (string) $reorderedQuestions[\count($reorderedQuestions) - 1]->id);
|
||||
}
|
||||
|
||||
public function testEditIsDeniedForNonOwner(): void
|
||||
{
|
||||
$this->loginAs('test@example.org');
|
||||
|
||||
$quiz = $this->getQuizByName('Quiz 2');
|
||||
$question = $quiz->questions->first();
|
||||
$this->assertInstanceOf(Question::class, $question);
|
||||
|
||||
$this->client->request(Request::METHOD_GET, \sprintf(
|
||||
'/backoffice/season/krtek/quiz/%s/question/%s/edit',
|
||||
$quiz->id,
|
||||
$question->id,
|
||||
));
|
||||
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
public function testReorderIsDeniedForNonOwner(): void
|
||||
{
|
||||
$quiz = $this->getQuizByName('Quiz 2');
|
||||
|
||||
// Scrape a valid CSRF token as the owner before switching to the non-owner account,
|
||||
// since the token is bound to the session, not the logged-in user.
|
||||
$this->loginAs('krtek-admin@example.org');
|
||||
$crawler = $this->client->request(Request::METHOD_GET, \sprintf('/backoffice/season/krtek/quiz/%s/overview', $quiz->id));
|
||||
self::assertResponseIsSuccessful();
|
||||
$csrfToken = $crawler->filter('[data-bo--question-list-csrf-value]')->attr('data-bo--question-list-csrf-value');
|
||||
$this->assertNotEmpty($csrfToken);
|
||||
|
||||
$this->loginAs('test@example.org');
|
||||
|
||||
$this->client->request(Request::METHOD_POST, \sprintf('/backoffice/season/krtek/quiz/%s/questions/reorder', $quiz->id), [
|
||||
'_token' => $csrfToken,
|
||||
'ordering' => array_map(static fn (Question $q): string => (string) $q->id, $quiz->questions->toArray()),
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user