diff options
| -rw-r--r-- | app/Helper/UserHelper.php | 8 | ||||
| -rw-r--r-- | tests/units/Helper/UserHelperTest.php | 15 |
2 files changed, 23 insertions, 0 deletions
diff --git a/app/Helper/UserHelper.php b/app/Helper/UserHelper.php index ae3efe1d..ab259a62 100644 --- a/app/Helper/UserHelper.php +++ b/app/Helper/UserHelper.php @@ -107,6 +107,10 @@ class UserHelper extends Base */ public function hasAccess($controller, $action) { + if (! $this->userSession->isLogged()) { + return false; + } + $key = 'app_access:'.$controller.$action; $result = $this->memoryCache->get($key); @@ -128,6 +132,10 @@ class UserHelper extends Base */ public function hasProjectAccess($controller, $action, $project_id) { + if (! $this->userSession->isLogged()) { + return false; + } + if ($this->userSession->isAdmin()) { return true; } diff --git a/tests/units/Helper/UserHelperTest.php b/tests/units/Helper/UserHelperTest.php index 10bbc58e..d5bd1789 100644 --- a/tests/units/Helper/UserHelperTest.php +++ b/tests/units/Helper/UserHelperTest.php @@ -31,6 +31,12 @@ class UserHelperTest extends Base $this->assertEquals('Project Viewer', $helper->getRoleName(Role::PROJECT_VIEWER)); } + public function testHasAccessWithoutSession() + { + $helper = new UserHelper($this->container); + $this->assertFalse($helper->hasAccess('UserCreationController', 'create')); + } + public function testHasAccessForAdmins() { $helper = new UserHelper($this->container); @@ -73,6 +79,15 @@ class UserHelperTest extends Base $this->assertTrue($helper->hasAccess('ProjectCreationController', 'createPrivate')); } + public function testHasProjectAccessWithoutSession() + { + $helper = new UserHelper($this->container); + $project = new ProjectModel($this->container); + + $this->assertEquals(1, $project->create(array('name' => 'My project'))); + $this->assertFalse($helper->hasProjectAccess('ProjectEditController', 'edit', 1)); + } + public function testHasProjectAccessForAdmins() { $helper = new UserHelper($this->container); |