Merge pull request #421 from marc1706/ticket/420

[ticket/420] Properly check permissions for news module

modules/announcements.php

@@ -130,7 +130,7 @@ class announcements extends module_base
 			$this->config['board3_announcements_day_' . $module_id],
 			'announcements',
 			$start,
-			$this->config['board3_announcements_forum_exclude_' . $module_id]
+			(bool) $this->config['board3_announcements_forum_exclude_' . $module_id]
 		);
 
 		// Any announcements present? If not terminate it here.

modules/news.php

@@ -132,7 +132,7 @@ class news extends module_base
 			0,
 			($this->config['board3_show_all_news_' . $module_id]) ? 'news_all' : 'news',
 			$start,
-			$this->config['board3_news_exclude_' . $module_id]
+			(bool) $this->config['board3_news_exclude_' . $module_id]
 		);
 
 		// Any news present? If not terminate it here.

portal/fetch_posts.php

@@ -440,7 +440,7 @@ class fetch_posts
 	*/
 	protected function set_forum_constraints($forum_from, $disallowed_forums, $invert = false)
 	{
-		if ($invert == true)
+		if ($invert == true || empty($forum_from))
 		{
 			$access_list = array_merge($disallowed_forums, $forum_from);
 			$sql_operator = '<>';

tests/functional/portal_visit_registered_test.php

@@ -106,4 +106,82 @@ class phpbb_functional_portal_visit_registered_test extends \board3\portal\tests
 		$this->assertContains('Administrators', $legend);
 		$this->assertContains('Global moderators', $legend);
 	}
+
+	public function test_setup_hidden_forum()
+	{
+		$this->logout();
+		$this->login();
+		$this->admin_login();
+		$crawler = self::request('GET', 'adm/index.php?i=acp_forums&mode=manage&parent_id=1&sid=' . $this->sid);
+		$form = $crawler->selectButton('Create new forum')->form();
+		$form->setValues(array('forum_name' => 'Hidden forum'));
+		$crawler = self::submit($form);
+
+		// Create the forum
+		$form = $crawler->selectButton('Submit')->form();
+		$form['forum_perm_from']->select(2);
+		$crawler = self::submit($form);
+		$this->assertContains('Forum created successfully', $crawler->text());
+
+		// Hide forum using permissions from registered users
+		$crawler = self::request('GET', 'adm/index.php?i=acp_permissions&mode=setting_group_local&sid=' . $this->sid);
+		$form = $crawler->selectButton('Submit')->form();
+		$group_id = 0;
+		$crawler->filter('option')->each(function ($node) use (&$group_id) {
+			if ($node->text() === 'Registered users')
+			{
+				$group_id = $node->attr('value');
+			}
+		});
+		$form->setValues(array('group_id[0]' => $group_id));
+		$crawler = self::submit($form);
+		$form = $crawler->selectButton('Submit')->form();
+		$forum_id = 0;
+		$crawler->filter('option')->each(function ($node) use (&$forum_id) {
+			if (strpos($node->text(), 'Hidden forum') !== false)
+			{
+				$forum_id = $node->attr('value');
+			}
+		});
+		$form['forum_id']->select($forum_id);
+		$crawler = self::submit($form);
+		$form = $crawler->selectButton('Apply all permissions')->form();
+		$role_id = 0;
+		$crawler->filter('option')->each(function ($node) use (&$role_id) {
+			if ($node->text() === 'No Access')
+			{
+				$role_id = $node->attr('value');
+			}
+		});
+
+		$db = $this->get_db();
+		$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . "
+			WHERE group_id = {$group_id}
+				AND forum_id = {$forum_id}";
+		$db->sql_query($sql);
+		$sql = 'INSERT INTO ' . ACL_GROUPS_TABLE . " (group_id, forum_id, auth_option_id, auth_role_id, auth_setting)
+			VALUES({$group_id}, {$forum_id}, 0, {$role_id}, 0)";
+		$db->sql_query($sql);
+
+		// Create standard registered user
+		$this->create_user('standard-user');
+		$this->add_user_group('REGISTERED_USERS', array('standard-user'));
+		$this->remove_user_group('NEWLY_REGISTERED_USERS', array('standard-user'));
+
+		// Create topic in hidden forum
+		$this->create_topic($forum_id, 'Hidden topic', 'Very very hidden topic (for registered users that is)');
+	}
+
+	/**
+	 * @dependsOn test_setup_hidden_forum
+	 */
+	public function test_news_with_hidden_forum()
+	{
+		$this->logout();
+		$this->login('standard-user');
+		$crawler = self::request('GET', 'index.php');
+		$this->assertNotContains('Hidden forum', $crawler->text());
+		$crawler = self::request('GET', 'app.php/portal');
+		$this->assertNotContains('Hidden topic', $crawler->text());
+	}
 }

tests/unit/event/listener_test.php

@@ -70,7 +70,7 @@ class listener_test extends \phpbb_template_template_test_case
 		$provider = new \phpbb\controller\provider();
 		$provider->find_routing_files($finder);
 		$provider->find(dirname(__FILE__) . '/');
-		$this->controller_helper = new \phpbb_mock_controller_helper($this->template, $this->user, $this->config, $provider, $manager, new \phpbb\symfony_request($request), new \phpbb\filesystem(), '', 'php', dirname(__FILE__) . '/');
+		$this->controller_helper = new \phpbb_mock_controller_helper($this->template, $this->user, $this->config, $provider, $manager, new \phpbb\symfony_request($request), $request, new \phpbb\filesystem(), '', 'php', dirname(__FILE__) . '/');
 
 		$this->path_helper = new \phpbb\path_helper(
 			new \phpbb\symfony_request(

tests/unit/functions/version_check_test.php

@@ -45,7 +45,7 @@ class phpbb_functions_version_check_test extends \board3\portal\tests\testframew
 		$this->config->set('board3_portal_version', $version);
 
 		$this->template = new \board3\portal\tests\mock\template($this);
-		$version_helper = new \phpbb\version_helper($this->cache, $this->config, new \phpbb\user('\phpbb\datetime'));
+		$version_helper = new \phpbb\version_helper($this->cache, $this->config, new \phpbb\file_downloader(), new \phpbb\user('\phpbb\datetime'));
 		$this->version_check = new \board3\portal\includes\version_check($this->version_data, $this->config, $version_helper, $this->template, $this->user);
 	}