diff --git a/shownieuws.php b/shownieuws.php index 1e3303a..325ea0f 100644 --- a/shownieuws.php +++ b/shownieuws.php @@ -1,79 +1,70 @@ - setFile('CONTENT', 'Templates/shownieuws.tpl'); - $cTPL -> parse(); - - $sQuery = "SELECT n.titel, n.bericht, u.username, n.datum, n.tijd FROM nieuws n, users u - WHERE u.userid = n.userid AND n.nieuwsid='" . add($_GET['id']) . "';"; - if($cResult = mysql_query($sQuery)) - { - $aData = mysql_fetch_assoc($cResult); - $cTPL -> setPlace('TITEL', add($aData['titel'])); - $cTPL -> setPlace('USERNAME', add($aData['username'])); - $cTPL -> setPlace('BERICHT', smiley(strip($aData['bericht']))); - $cTPL -> setPlace('DATUM', add($aData['datum'] . ' ' . $aData['tijd'])); - $cTPL -> parse(); - } - - $cTPL -> setPlace('ID', $_GET['id']); - - $sQuery = "SELECT n.reactieid, n.bericht, u.userid, u.username, n.datum, n.tijd FROM nieuwsreacties n, users u - WHERE n.userid=u.userid AND n.nieuwsid='" . add($_GET['id']) . "' - ORDER BY n.datum, n.tijd;"; - if($cResult = mysql_query($sQuery)) - { - while($aData = mysql_fetch_assoc($cResult)) - { - $cTPL -> setBlock('REACTIES', 'reacties'); - $cTPL -> parse(); - - $cTPL -> setPlace('AUTEUR', add($aData['username'])); - $cTPL -> setPlace('MOMENT', add($aData['datum'] . ' ' . $aData['tijd'])); - $cTPL -> setPlace('REACTIE', bbcode(smiley(strip_tags(strip($aData['bericht']))))); - - if(($cUser -> m_iPermis & 2) || ($aData['userid'] == $cUser -> m_iUserid)) - { - $cTPL -> setBlock('REACTIEEDIT', 'edit'); - $cTPL -> parse(); - $cTPL -> setPlace('REACTIEID', $aData['reactieid']); - } - else - { - $cTPL -> setPlace('REACTIEEDIT', ''); - } - $cTPL -> parse(); - } - } - - $cTPL -> show(); -} -else -{ - header('HTTP/1.0 404 Page not Found'); -} -?> \ No newline at end of file +setFile('CONTENT', 'Templates/shownieuws.tpl'); + $cTPL->parse(); + + $sQuery = "SELECT n.titel, n.bericht, u.username, n.datum, n.tijd FROM nieuws n, users u + WHERE u.userid = n.userid AND n.nieuwsid='" . add($_GET['id']) . "';"; + if ($cResult = mysql_query($sQuery)) { + $aData = mysql_fetch_assoc($cResult); + $cTPL->setPlace('TITEL', add($aData['titel'])); + $cTPL->setPlace('USERNAME', add($aData['username'])); + $cTPL->setPlace('BERICHT', smiley(strip($aData['bericht']))); + $cTPL->setPlace('DATUM', add($aData['datum'] . ' ' . $aData['tijd'])); + $cTPL->parse(); + } + + $cTPL->setPlace('ID', $_GET['id']); + + $sQuery = "SELECT n.reactieid, n.bericht, u.userid, u.username, n.datum, n.tijd FROM nieuwsreacties n, users u + WHERE n.userid=u.userid AND n.nieuwsid='" . add($_GET['id']) . "' + ORDER BY n.datum, n.tijd;"; + if ($cResult = mysql_query($sQuery)) { + while ($aData = mysql_fetch_assoc($cResult)) { + $cTPL->setBlock('REACTIES', 'reacties'); + $cTPL->parse(); + + $cTPL->setPlace('AUTEUR', add($aData['username'])); + $cTPL->setPlace('MOMENT', add($aData['datum'] . ' ' . $aData['tijd'])); + $cTPL->setPlace('REACTIE', bbcode(smiley(strip_tags(strip($aData['bericht']))))); + + if (($cUser->m_iPermis & 2) || ($aData['userid'] == $cUser->m_iUserid)) { + $cTPL->setBlock('REACTIEEDIT', 'edit'); + $cTPL->parse(); + $cTPL->setPlace('REACTIEID', $aData['reactieid']); + } else { + $cTPL->setPlace('REACTIEEDIT', ''); + } + + $cTPL->parse(); + } + } + + $cTPL->show(); +} else { + header('HTTP/1.0 404 Page not Found'); +} diff --git a/tests/Factories/NewsCommentFactory.php b/tests/Factories/NewsCommentFactory.php new file mode 100644 index 0000000..7230cd9 --- /dev/null +++ b/tests/Factories/NewsCommentFactory.php @@ -0,0 +1,22 @@ +prepare($sql); + $query->execute([ + $nieuwsId, + $userId, + $body + ]); + + return $pdo->lastInsertId(); + } +} \ No newline at end of file diff --git a/tests/Pages/ShowNewsTest.php b/tests/Pages/ShowNewsTest.php new file mode 100644 index 0000000..3915ef4 --- /dev/null +++ b/tests/Pages/ShowNewsTest.php @@ -0,0 +1,179 @@ +userId = UserFactory::create( + self::$pdo, + 'Mark', + 'secret', + 'example@example.com', + '127.0.0.1' + ); + + $this->newsId = NewsFactory::create( + self::$pdo, + $this->userId, + 'News item', + 'The content of the news item' + ); + } + + + /** @test */ + public function it_shows_the_requested_newsitem() + { + $page = $this->visitPage( + __DIR__ . '/../../shownieuws.php', + ['id' => $this->newsId] + ); + + $this->assertContains('News item', $page); + $this->assertContains('The content of the news item', $page); + } + + /** @test */ + public function it_shows_comments_under_a_newsitem() + { + NewsCommentFactory::create( + self::$pdo, + $this->newsId, + $this->userId, + 'Nice article!' + ); + + $newsId = NewsFactory::create( + self::$pdo, + $this->newsId, + 'Different news item', + 'Different news item' + ); + NewsCommentFactory::create( + self::$pdo, + $newsId, + $this->userId, + 'Not visible' + ); + + $page = $this->visitPage( + __DIR__ . '/../../shownieuws.php', + ['id' => $this->newsId] + ); + + $this->assertContains('Nice article!', $page); + $this->assertNotContains('Not visible', $page); + } + + /** @test */ + public function it_shows_404_when_no_newsid_is_provided() + { + $page = $this->visitPage( + __DIR__ . '/../../shownieuws.php' + ); + + $this->assertEquals('', $page); + } + + /** @test */ + public function it_shows_404_when_newsid_doesnt_exist() + { + $page = $this->visitPage( + __DIR__ . '/../../shownieuws.php', + ['id' => 999] + ); + + $this->assertEquals('', $page); + } + + /** @test */ + public function it_shows_edit_comment_button_for_users_own_comments() + { + $userId = $this->login(); + + $commentId = NewsCommentFactory::create( + self::$pdo, + $this->newsId, + $userId, + 'Nice article!' + ); + + $page = $this->visitPage( + __DIR__ . '/../../shownieuws.php', + ['id' => $this->newsId] + ); + + $this->assertContains('nieuwsEdit.php?id=' . $commentId, $page); + } + + /** @test */ + public function it_shows_edit_comment_button_for_user_with_permissions() + { + $this->login(Permissions::MANAGE_COMMENTS); + + $commentId = NewsCommentFactory::create( + self::$pdo, + $this->newsId, + $this->userId, + 'Nice article!' + ); + + $page = $this->visitPage( + __DIR__ . '/../../shownieuws.php', + ['id' => $this->newsId] + ); + + $this->assertContains('nieuwsEdit.php?id=' . $commentId, $page); + } + + /** @test */ + public function it_doesnt_show_edit_comment_button_for_not_logged_in_user() + { + $commentId = NewsCommentFactory::create( + self::$pdo, + $this->newsId, + $this->userId, + 'Nice article!' + ); + + $page = $this->visitPage( + __DIR__ . '/../../shownieuws.php', + ['id' => $this->newsId] + ); + + $this->assertNotContains('nieuwsEdit.php?id=' . $commentId, $page); + } + + /** @test */ + public function it_doesnt_show_edit_comment_button_for_other_users_comments() + { + $this->login(); + + $commentId = NewsCommentFactory::create( + self::$pdo, + $this->newsId, + $this->userId, + 'Nice article!' + ); + + $page = $this->visitPage( + __DIR__ . '/../../shownieuws.php', + ['id' => $this->newsId] + ); + + $this->assertNotContains('nieuwsEdit.php?id=' . $commentId, $page); + } +} diff --git a/tests/TestCase.php b/tests/TestCase.php index be789a9..543fa16 100644 --- a/tests/TestCase.php +++ b/tests/TestCase.php @@ -5,7 +5,6 @@ use PHPUnit\Framework\TestCase as BaseTestCase; use Tests\Factories\UserFactory; -use Tests\Pages\IndexTest; class TestCase extends BaseTestCase { @@ -45,11 +44,6 @@ protected function setUp() $this->emptyTables(); } - protected function tearDown() - { - session_abort(); - } - protected static function createDatabaseConnection() { self::$pdo = new \PDO('mysql:host=localhost;dbname=spelcodes', 'homestead', 'secret'); @@ -87,10 +81,12 @@ protected function visitPage($pagePath, array $get = []) $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; $_GET = $get; + session_abort(); ob_start(); include $pagePath; $page = ob_get_contents(); ob_end_clean(); + session_abort(); return $page; }