forked from Wavyzz/dolibarr
Add more phpunit tests
This commit is contained in:
Laurent Destailleur
@@ -61,11 +61,14 @@ if (($object->id != $user->id) && !$user->hasRight('user', 'user', 'lire')) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
$permissiontoedit = ((($object->id == $user->id) && $user->hasRight('user', 'self', 'creer')) || $user->hasRight('user', 'user', 'creer'));
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
*/
|
||||
|
||||
if ($action == 'update') {
|
||||
if ($action == 'update' && $permissiontoedit) {
|
||||
$tmparray = array();
|
||||
$tmparray['USER_PUBLIC_HIDE_PHOTO'] = (GETPOST('USER_PUBLIC_HIDE_PHOTO') ? 1 : 0);
|
||||
$tmparray['USER_PUBLIC_HIDE_JOBPOSITION'] = (GETPOST('USER_PUBLIC_HIDE_JOBPOSITION') ? 1 : 0);
|
||||
@@ -82,7 +85,7 @@ if ($action == 'update') {
|
||||
dol_set_user_param($db, $conf, $object, $tmparray);
|
||||
}
|
||||
|
||||
if ($action == 'setUSER_ENABLE_PUBLIC') {
|
||||
if ($action == 'setUSER_ENABLE_PUBLIC' && $permissiontoedit) {
|
||||
if (GETPOST('value')) {
|
||||
$tmparray = array('USER_ENABLE_PUBLIC' => 1);
|
||||
} else {
|
||||
|
||||
@@ -91,9 +91,7 @@ class CodingPhpTest extends CommonClassTest
|
||||
// File functions are needed
|
||||
include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
|
||||
|
||||
|
||||
$excludeRegexList
|
||||
= array(
|
||||
$excludeRegexList = array(
|
||||
'\/includes\/',
|
||||
'\/install\/doctemplates\/websites\/',
|
||||
'\/custom\/',
|
||||
@@ -627,6 +625,42 @@ class CodingPhpTest extends CommonClassTest
|
||||
break;
|
||||
}
|
||||
$this->assertTrue($ok, 'Found a CURDATE\(\) in code. Do not use this SQL method in file '.$file['relativename'].'. You must use the PHP function dol_now() instead.');
|
||||
|
||||
|
||||
// Test we don't have if ($action == 'xxx'... without test on permission
|
||||
// We do not test on file into admin, protection is done on page on user->admin
|
||||
if (!preg_match('/admin\//', $file['fullname'])
|
||||
&& !preg_match('/\.tpl\.php/', $file['fullname'])
|
||||
&& !preg_match('/\.lib\.php/', $file['fullname'])
|
||||
&& !preg_match('/\.inc\.php/', $file['fullname'])
|
||||
&& !preg_match('/\.class\.php/', $file['fullname'])
|
||||
&& !preg_match('/NORUN$/', $file['fullname'])) {
|
||||
$ok = true;
|
||||
$matches = array();
|
||||
|
||||
// Get to part of string to use for analysis
|
||||
$reg = array();
|
||||
if (preg_match('/\*\s+Action(.*)\*\s+View/ims', $filecontentorigin, $reg)) {
|
||||
$filecontentaction = $reg[1];
|
||||
} else {
|
||||
$filecontentaction = $filecontent;
|
||||
}
|
||||
|
||||
preg_match_all('/if\s*\(\s*\$action\s*==\s*[\'"][a-z]+[\'"].*/', $filecontentaction, $matches, PREG_SET_ORDER);
|
||||
foreach ($matches as $key => $val) {
|
||||
if (!preg_match('/\$user->hasR/', $val[0])
|
||||
&& !preg_match('/\$permission/', $val[0])
|
||||
&& !preg_match('/\$usercan/', $val[0])
|
||||
&& !preg_match('/\$canedit/', $val[0])
|
||||
&& !preg_match('/already done/i', $val[0])
|
||||
&& !preg_match('/not required/i', $val[0])) {
|
||||
$ok = false;
|
||||
print "Line: ".$val[0]."\n";
|
||||
break;
|
||||
}
|
||||
}
|
||||
$this->assertTrue($ok, 'Found a test on action without check on permission and without comment to say this is expected, in file '.$file['relativename'].'.');
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user