package no.dusken.aranea.admin.security;
import no.dusken.aranea.admin.control.EditArticleController;
import no.dusken.aranea.model.Article;
import no.dusken.aranea.service.PageService;
import org.junit.Before;
import org.junit.Test;
import org.springframework.mock.web.MockMultipartHttpServletRequest;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.ServletRequestDataBinder;
import static junit.framework.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.mockito.Mockito.mock;
/**
* @author Marvin B. Lillehaug <lillehau@underdusken.no>
* This collection of tests should test all security related to articles
*/
public class TestArticleSecurity {
private EditArticleController controller;
private PageService service;
@Before
public void setup() {
controller = new EditArticleController();
service = mock(PageService.class);
}
/**
* page.published should not be able to be se through its simpleFormController
*/
@Test
public void testSetPublishedWhenMakingArticle(){
MockMultipartHttpServletRequest request = new MockMultipartHttpServletRequest();
request.addParameter("title", "title");
request.addParameter("summary", "summary");
request.addParameter("text", "text");
request.addParameter("published", "on");
Article a = new Article();
ServletRequestDataBinder binder = new ServletRequestDataBinder(a);
binder.setDisallowedFields(new String[]{"published"});
binder.bind(request);
BindingResult result = binder.getBindingResult();
assertEquals(result.getErrorCount(), 0);
assertEquals(a.getTitle(), "title");
assertEquals(a.getSummary(), "summary");
assertFalse(a.getPublished());
}
}