123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208 |
- <?php
- /**
- * Test class for access checks for VDE downloads.
- *
- * Views Data Export enforces that a previously exported file may only be
- * re-downloaded by the user that created the export. We test for that with
- * this class.
- */
- class ViewsDataExportAccessTest extends ViewsDataExportBaseTest {
- protected $profile = 'testing';
- public static function getInfo() {
- return array(
- 'name' => 'Access to temp files',
- 'description' => 'Check access to created export files.',
- 'group' => 'Views Data Export',
- );
- }
- /**
- * Test that VDE export can only be downloaded by the user that created them.
- */
- public function testExportedTempFileAccess() {
- $this->admin_user1 = $this->drupalCreateUser();
- $this->admin_user2 = $this->drupalCreateUser();
- // Run a batched export.
- $path = 'vde_test/' . $this->randomName();
- list($view, $expected) = $this->getExportView($path);
- $display = &$view->display['vde_test']->handler;
- // Set this view to be batched.
- $display->override_option('use_batch', 'batch');
- // Save this view so we can hit the path.
- $view->save();
- // Ensure that the menu router system is rebuilt on the next page load.
- variable_set('menu_rebuild_needed', TRUE);
- $this->drupalLogin($this->admin_user1);
- // Catpure the session_id as the redirects in the request ditch it.
- $session_id = $this->session_id;
- $this->assertBatchedExportEqual($path, $expected, 'Batched access export matched expected output.');
- // Remove all the test data, so future exports will be different.
- db_truncate('views_test')->execute();
- $this->resetAll();
- // Assert that we can re-download directly when supplying the token.
- // We rely on this being the first export in this test class.
- // Restore the session_id from above so we can use drupalGetToken.
- $this->session_id = $session_id;
- $token = $this->drupalGetToken('views_data_export/1');
- $this->drupalGet($path, array('query' => array('eid' => 1, 'download' => 1, 'token' => $token)));
- $output = $this->drupalGetContent();
- $this->assertEqual($this->normaliseString($output), $expected, 'Re-download of export file by original user is possible with session token.');
- // Assert that we cannot re-download directly without supplying the token.
- // We rely on this being the first export in this test class.
- $this->drupalGet($path, array('query' => array('eid' => 1, 'download' => 1)));
- $output = $this->drupalGetContent();
- $this->assertEqual($this->normaliseString($output), '', 'Re-download of export file by original user is not possible.');
- // Assert that someone else can't download our file.
- // We rely on this being the first export in this test class.
- $this->drupalLogin($this->admin_user2);
- $this->drupalGet($path, array('query' => array('eid' => 1, 'download' => 1, 'token' => $token)));
- $output = $this->drupalGetContent();
- $this->assertEqual($this->normaliseString($output), '', 'Re-download of export file by different user is not possible.');
- }
- /**
- * Overrides DrupalWebTestCase::drupalGetToken() to support the hash salt.
- *
- * @todo Remove when http://drupal.org/node/1555862 is fixed in core.
- */
- protected function drupalGetToken($value = '') {
- $private_key = drupal_get_private_key();
- return drupal_hmac_base64($value, $this->session_id . $private_key . drupal_get_hash_salt());
- }
- /**
- * Build and return a basic view of the views_test table.
- *
- * @return view
- */
- protected function getBasicExportView() {
- views_include('view');
- // Create the basic view.
- $view = new view();
- $view->vid = 'new';
- $view->base_table = 'views_test';
- // Set up the fields we need.
- $display = $view->new_display('default', 'Master', 'default');
- $display->override_option('fields', array(
- 'id' => array(
- 'id' => 'id',
- 'table' => 'views_test',
- 'field' => 'id',
- 'relationship' => 'none',
- ),
- 'name' => array(
- 'id' => 'name',
- 'table' => 'views_test',
- 'field' => 'name',
- 'relationship' => 'none',
- ),
- 'age' => array(
- 'id' => 'age',
- 'table' => 'views_test',
- 'field' => 'age',
- 'relationship' => 'none',
- ),
- ));
- // Set up the sort order.
- $display->override_option('sorts', array(
- 'id' => array(
- 'order' => 'ASC',
- 'id' => 'id',
- 'table' => 'views_test',
- 'field' => 'id',
- 'relationship' => 'none',
- ),
- ));
- // Set up the pager.
- $display->override_option('pager', array(
- 'type' => 'none',
- 'options' => array('offset' => 0),
- ));
- return $view;
- }
- protected function getStylePluginName() {
- return 'views_data_export_txt';
- }
- protected function getExportView($path = 'vde_test') {
- // Create the basic view.
- $view = $this->getBasicExportView();
- $display = $view->new_display('views_data_export', 'Data export', 'vde_test');
- $display->override_option('style_plugin', $this->getStylePluginName());
- $display->override_option('path', $path);
- $expected = '[ID]
- 1
- [Name]
- John
- [Age]
- 25
- ----------------------------------------
- [ID]
- 2
- [Name]
- George
- [Age]
- 27
- ----------------------------------------
- [ID]
- 3
- [Name]
- Ringo
- [Age]
- 28
- ----------------------------------------
- [ID]
- 4
- [Name]
- Paul
- [Age]
- 26
- ----------------------------------------
- [ID]
- 5
- [Name]
- Meredith
- [Age]
- 30
- ----------------------------------------';
- return array(&$view, $expected);
- }
- }
|