diff --git a/pages/exec.php b/pages/exec.php
index c07eb1c1d..b398a45d0 100644
--- a/pages/exec.php
+++ b/pages/exec.php
@@ -106,7 +106,9 @@ $aModuleDelegatedExecutionPolicy = GetModuleDelegatedExecutionPolicy($sModule);
if (is_null($aModuleDelegatedExecutionPolicy) || !in_array($sPage, $aModuleDelegatedExecutionPolicy)) {
$bForceLoginWhenNoExecutionPolicy = MetaModel::GetConfig()->Get('security.force_login_when_no_execution_policy');
// TODO in N°9343 : remove the conf and this 'if' condition to perform login by default when no execution policy is defined
- LoginWebPage::DoLoginEx();
+ if ($bForceLoginWhenNoExecutionPolicy) {
+ LoginWebPage::DoLoginEx();
+ }
}
if (is_array($aModuleDelegatedExecutionPolicy) && !in_array($sPage, $aModuleDelegatedExecutionPolicy)) {
// if module defined a delegated execution policy but not for the current page, we consider that the page is not allowed to be executed without login
diff --git a/tests/php-unit-tests/integration-tests/login-tests/LoginWebPageTest.php b/tests/php-unit-tests/integration-tests/login-tests/LoginWebPageTest.php
index ae793f556..39b425a77 100644
--- a/tests/php-unit-tests/integration-tests/login-tests/LoginWebPageTest.php
+++ b/tests/php-unit-tests/integration-tests/login-tests/LoginWebPageTest.php
@@ -95,10 +95,64 @@ class LoginWebPageTest extends ItopDataTestCase
public function testNotInExecutionPolicyFileWithoutForceLoginConf()
{
$sPageContent = $this->CallItopUri(
- "pages/exec.php?exec_module=extension-with-execution-policy&exec_page=src/Controller/AnotherFile.php",
+ "pages/exec.php?exec_module=extension-without-execution-policy&exec_page=src/Controller/AnotherFile.php",
+ [],
+ [],
+ true
);
$this->assertStringNotContainsString('iTop login', $sPageContent); // by default (until N°9343) if no execution policy is defined, login is not forced
}
+ public function testNotInExecutionPolicyFileWithoutForceLoginConfButWithExecutionPolicy()
+ {
+ $sPageContent = $this->CallItopUri(
+ "pages/exec.php?exec_module=extension-with-execution-policy&exec_page=src/Controller/AnotherFile.php",
+ [],
+ [],
+ true
+ );
+
+ $this->assertStringContainsString('iTop login', $sPageContent); // Since an execution policy is defined and AnotherFile.php isn't in it, login should be proposed
+ }
+
+ /**
+ * @dataProvider InExecutionPolicyFileWithAdminRequiredProvider
+ *
+ * @throws \Exception
+ */
+ public function testInExecutionPolicyFileWithAdminRequired($iProfileId, $ForbiddenPageShouldBeDisplayed)
+ {
+ // generate random login
+ $sUserLogin = 'user-'.date('YmdHis');
+ $this->CreateUser($sUserLogin, $iProfileId, self::PASSWORD);
+ $this->GivenConfigFileAllowedLoginTypes(explode('|', 'form'));
+
+ $sPageContent = $this->CallItopUri(
+ "pages/exec.php?exec_module=extension-with-execution-policy&exec_page=src/Controller/CheckAnythingButAdminRequired.php",
+ [
+ 'auth_user' => $sUserLogin,
+ 'auth_pwd' => self::PASSWORD,
+ ],
+ [],
+ true
+ );
+ $ForbiddenPageShouldBeDisplayed ?
+ $this->assertStringContainsString('Yo !', $sPageContent) :
+ $this->assertStringNotContainsString('Access restricted to people having administrator privileges', $sPageContent); // in execution policy file (in the module), login should not be proposed, file handle its own policy
+ }
+
+ public function InExecutionPolicyFileWithAdminRequiredProvider()
+ {
+ return [
+ 'Administrator profile' => [
+ self::$aURP_Profiles['Administrator'],
+ true,
+ ],
+ 'ReadOnly profile' => [
+ self::$aURP_Profiles['Service Desk Agent'],
+ false,
+ ],
+ ];
+ }
}
diff --git a/tests/php-unit-tests/integration-tests/login-tests/extension-with-execution-policy/module.extension-with-execution-policy.php b/tests/php-unit-tests/integration-tests/login-tests/extension-with-execution-policy/module.extension-with-execution-policy.php
index 22b819713..bfc1f442c 100644
--- a/tests/php-unit-tests/integration-tests/login-tests/extension-with-execution-policy/module.extension-with-execution-policy.php
+++ b/tests/php-unit-tests/integration-tests/login-tests/extension-with-execution-policy/module.extension-with-execution-policy.php
@@ -19,6 +19,7 @@ SetupWebPage::AddModule(
// Security
'execution_policy' => [
'src/Controller/CheckAnything.php',
+ 'src/Controller/CheckAnythingButAdminRequired.php',
],
// Components
diff --git a/tests/php-unit-tests/integration-tests/login-tests/extension-with-execution-policy/src/Controller/CheckAnythingButAdminRequired.php b/tests/php-unit-tests/integration-tests/login-tests/extension-with-execution-policy/src/Controller/CheckAnythingButAdminRequired.php
new file mode 100644
index 000000000..9ad77ae09
--- /dev/null
+++ b/tests/php-unit-tests/integration-tests/login-tests/extension-with-execution-policy/src/Controller/CheckAnythingButAdminRequired.php
@@ -0,0 +1,5 @@
+