REST: add write access checks to BasicAccess

[lhc/web/wiklou.git] / tests / phpunit / includes / Rest / BasicAccess / MWBasicRequestAuthorizerTest.php

diff --git a/tests/phpunit/includes/Rest/BasicAccess/MWBasicRequestAuthorizerTest.php b/tests/phpunit/includes/Rest/BasicAccess/MWBasicRequestAuthorizerTest.php
index 5a16434..076ff36 100644 (file)
--- a/tests/phpunit/includes/Rest/BasicAccess/MWBasicRequestAuthorizerTest.php
+++ b/tests/phpunit/includes/Rest/BasicAccess/MWBasicRequestAuthorizerTest.php
@@ -5,6 +5,7 @@ namespace MediaWiki\Tests\Rest\BasicAccess;
 use GuzzleHttp\Psr7\Uri;
 use MediaWiki\Permissions\PermissionManager;
 use MediaWiki\Rest\BasicAccess\MWBasicAuthorizer;
+use MediaWiki\Rest\Handler;
 use MediaWiki\Rest\RequestData;
 use MediaWiki\Rest\ResponseFactory;
 use MediaWiki\Rest\Router;
@@ -70,4 +71,40 @@ class MWBasicRequestAuthorizerTest extends MediaWikiTestCase {
                $response = $router->execute( $request );
                $this->assertSame( 200, $response->getStatusCode() );
        }
+
+       public static function writeHandlerFactory() {
+               return new class extends Handler {
+                       public function needsWriteAccess() {
+                               return true;
+                       }
+
+                       public function execute() {
+                               return '';
+                       }
+               };
+       }
+
+       public function testWriteDenied() {
+               $router = $this->createRouter( [ 'read' => true, 'writeapi' => false ] );
+               $request = new RequestData( [
+                       'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
+               ] );
+               $response = $router->execute( $request );
+               $this->assertSame( 403, $response->getStatusCode() );
+
+               $body = $response->getBody();
+               $body->rewind();
+               $data = json_decode( $body->getContents(), true );
+               $this->assertSame( 'rest-write-denied', $data['error'] );
+       }
+
+       public function testWriteAllowed() {
+               $router = $this->createRouter( [ 'read' => true, 'writeapi' => true ] );
+               $request = new RequestData( [
+                       'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
+               ] );
+               $response = $router->execute( $request );
+
+               $this->assertSame( 200, $response->getStatusCode() );
+       }
 }