xima-media
diff --git a/‎Classes/Controller/AjaxController.php‎
Lines changed: 10 additions & 4 deletions b/‎Classes/Controller/AjaxController.php‎
Lines changed: 10 additions & 4 deletions
diff --git a/‎Resources/Public/JavaScript/frontend_edit.js‎
Lines changed: 28 additions & 13 deletions b/‎Resources/Public/JavaScript/frontend_edit.js‎
Lines changed: 28 additions & 13 deletions
diff --git a/‎Tests/Unit/Service/Authentication/BackendUserServiceTest.php‎
Lines changed: 233 additions & 0 deletions b/‎Tests/Unit/Service/Authentication/BackendUserServiceTest.php‎
Lines changed: 233 additions & 0 deletions
@@ -93,12 +93,18 @@ public function editInformationAction(ServerRequestInterface $request): JsonResp
 
         $params = $request->getQueryParams();
 
-        $pid = (int) ($params['pid'] ?? 0);
-        if (0 === $pid) {
-            return new JsonResponse(['error' => 'Missing required parameter: pid'], 400);
+        $pidParam = $params['pid'] ?? null;
+        $pid = filter_var($pidParam, \FILTER_VALIDATE_INT, ['options' => ['min_range' => 1]]);
+        if (false === $pid) {
+            return new JsonResponse(['error' => 'Missing or invalid parameter: pid must be a positive integer'], 400);
+        }
+
+        $languageParam = $params['language'] ?? 0;
+        $languageUid = filter_var($languageParam, \FILTER_VALIDATE_INT, ['options' => ['min_range' => 0]]);
+        if (false === $languageUid) {
+            return new JsonResponse(['error' => 'Invalid parameter: language must be a non-negative integer'], 400);
         }
 
-        $languageUid = (int) ($params['language'] ?? 0);
         $returnUrl = (string) ($params['returnUrl'] ?? '');
         if ('' === $returnUrl) {
             return new JsonResponse(['error' => 'Missing required parameter: returnUrl'], 400);
 
@@ -772,6 +772,7 @@
    */
   const DataService = {
     getClosestContentElement(element) {
+      if (!element) return null;
       while (element && !element.id.match(/c\d+/)) {
         element = element.parentElement;
       }
@@ -834,7 +835,8 @@
     async fetchContentElements(dataItems) {
       const config = document.getElementById('frontend-edit-toolbar-config');
       if (!config) {
-        throw new Error('Frontend edit configuration not found');
+        Logger.log('Frontend edit configuration element not found', null, 'warn');
+        return {};
       }
 
       const editInfoUrl = config.dataset.editInfoUrl;
@@ -849,21 +851,27 @@
 
       Logger.log('Sending request to backend', { url: url.toString() });
 
-      const response = await fetch(url.toString(), {
-        cache: 'no-cache',
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify(dataItems)
-      });
+      try {
+        const response = await fetch(url.toString(), {
+          cache: 'no-cache',
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify(dataItems)
+        });
 
-      if (!response.ok) {
-        throw new Error('Failed to fetch content elements');
-      }
+        if (!response.ok) {
+          throw new Error('Failed to fetch content elements');
+        }
 
-      const data = await response.json();
-      Logger.log(`Backend response received with ${Object.keys(data).length} content element(s)`);
+        const data = await response.json();
+        Logger.log(`Backend response received with ${Object.keys(data).length} content element(s)`);
 
-      return data;
+        return data;
+      } catch (error) {
+        Notification.show({ title: 'Frontend Edit', message: 'Failed to load edit information', severity: 'error' });
+        Logger.log('Failed to fetch content elements', { error: error.message }, 'error');
+        return {};
+      }
     }
   };
 
@@ -880,6 +888,12 @@
       let failed = 0;
 
       for (let [uid, contentElement] of Object.entries(jsonResponse)) {
+        if (!contentElement || !contentElement.menu || !contentElement.element) {
+          Logger.log(`Skipping content element c${uid}: missing menu or element data`, null, 'warn');
+          failed++;
+          continue;
+        }
+
         let idElement = document.querySelector(`#c${uid}`);
 
         // Handle translation mapping
@@ -1065,6 +1079,7 @@
           error: error.message,
           stack: error.stack
         }, 'error');
+        Notification.show({ title: 'Frontend Edit', message: 'Initialization error', severity: 'warning' });
       }
     },
 
 
@@ -0,0 +1,233 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of the "xima_typo3_frontend_edit" TYPO3 CMS extension.
+ *
+ * (c) 2024-2026 Konrad Michalik <hej@konradmichalik.dev>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Xima\XimaTypo3FrontendEdit\Tests\Unit\Service\Authentication;
+
+use PHPUnit\Framework\Attributes\{CoversClass, Test};
+use PHPUnit\Framework\TestCase;
+use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
+use Xima\XimaTypo3FrontendEdit\Configuration;
+use Xima\XimaTypo3FrontendEdit\Service\Authentication\BackendUserService;
+
+/**
+ * BackendUserServiceTest.
+ *
+ * @author Konrad Michalik <hej@konradmichalik.dev>
+ * @license GPL-2.0-or-later
+ */
+#[CoversClass(BackendUserService::class)]
+final class BackendUserServiceTest extends TestCase
+{
+    protected function tearDown(): void
+    {
+        unset($GLOBALS['BE_USER']);
+    }
+
+    #[Test]
+    public function getBackendUserReturnsNullWhenNotSet(): void
+    {
+        unset($GLOBALS['BE_USER']);
+
+        $service = new BackendUserService();
+
+        self::assertNull($service->getBackendUser());
+    }
+
+    #[Test]
+    public function getBackendUserReturnsBackendUserFromGlobals(): void
+    {
+        $backendUser = $this->createMock(BackendUserAuthentication::class);
+        $backendUser->user = ['uid' => 1];
+        $GLOBALS['BE_USER'] = $backendUser;
+
+        $service = new BackendUserService();
+
+        self::assertSame($backendUser, $service->getBackendUser());
+    }
+
+    #[Test]
+    public function getBackendUserCachesResult(): void
+    {
+        $backendUser = $this->createMock(BackendUserAuthentication::class);
+        $backendUser->user = ['uid' => 1];
+        $GLOBALS['BE_USER'] = $backendUser;
+
+        $service = new BackendUserService();
+
+        $first = $service->getBackendUser();
+        $second = $service->getBackendUser();
+
+        self::assertSame($first, $second);
+    }
+
+    #[Test]
+    public function hasPageAccessReturnsFalseWhenNoBackendUser(): void
+    {
+        unset($GLOBALS['BE_USER']);
+
+        $service = new BackendUserService();
+
+        self::assertFalse($service->hasPageAccess(1));
+    }
+
+    #[Test]
+    public function hasPageAccessReturnsFalseWhenUserDataIsNull(): void
+    {
+        $backendUser = $this->createMock(BackendUserAuthentication::class);
+        $backendUser->user = null;
+        $GLOBALS['BE_USER'] = $backendUser;
+
+        $service = new BackendUserService();
+
+        self::assertFalse($service->hasPageAccess(1));
+    }
+
+    #[Test]
+    public function hasRecordEditAccessReturnsFalseWhenNoBackendUser(): void
+    {
+        unset($GLOBALS['BE_USER']);
+
+        $service = new BackendUserService();
+
+        self::assertFalse($service->hasRecordEditAccess('tt_content', ['uid' => 1]));
+    }
+
+    #[Test]
+    public function hasRecordEditAccessReturnsFalseWhenUserDataIsNull(): void
+    {
+        $backendUser = $this->createMock(BackendUserAuthentication::class);
+        $backendUser->user = null;
+        $GLOBALS['BE_USER'] = $backendUser;
+
+        $service = new BackendUserService();
+
+        self::assertFalse($service->hasRecordEditAccess('tt_content', ['uid' => 1]));
+    }
+
+    #[Test]
+    public function isFrontendEditDisabledReturnsTrueWhenNoBackendUser(): void
+    {
+        unset($GLOBALS['BE_USER']);
+
+        $service = new BackendUserService();
+
+        self::assertTrue($service->isFrontendEditDisabled());
+    }
+
+    #[Test]
+    public function isFrontendEditDisabledReturnsTrueWhenUserDataIsNull(): void
+    {
+        $backendUser = $this->createMock(BackendUserAuthentication::class);
+        $backendUser->user = null;
+        $GLOBALS['BE_USER'] = $backendUser;
+
+        $service = new BackendUserService();
+
+        self::assertTrue($service->isFrontendEditDisabled());
+    }
+
+    #[Test]
+    public function isFrontendEditDisabledReturnsFalseByDefault(): void
+    {
+        $backendUser = $this->createMock(BackendUserAuthentication::class);
+        $backendUser->user = ['uid' => 1];
+        $backendUser->uc = [];
+        $GLOBALS['BE_USER'] = $backendUser;
+
+        $service = new BackendUserService();
+
+        self::assertFalse($service->isFrontendEditDisabled());
+    }
+
+    #[Test]
+    public function isFrontendEditDisabledReturnsTrueWhenUcKeyIsSet(): void
+    {
+        $backendUser = $this->createMock(BackendUserAuthentication::class);
+        $backendUser->user = ['uid' => 1];
+        $backendUser->uc = [Configuration::UC_KEY_DISABLED => true];
+        $GLOBALS['BE_USER'] = $backendUser;
+
+        $service = new BackendUserService();
+
+        self::assertTrue($service->isFrontendEditDisabled());
+    }
+
+    #[Test]
+    public function isFrontendEditAllowedReturnsFalseWhenNoBackendUser(): void
+    {
+        unset($GLOBALS['BE_USER']);
+
+        $service = new BackendUserService();
+
+        self::assertFalse($service->isFrontendEditAllowed());
+    }
+
+    #[Test]
+    public function isFrontendEditAllowedReturnsFalseWhenUserDataIsNull(): void
+    {
+        $backendUser = $this->createMock(BackendUserAuthentication::class);
+        $backendUser->user = null;
+        $GLOBALS['BE_USER'] = $backendUser;
+
+        $service = new BackendUserService();
+
+        self::assertFalse($service->isFrontendEditAllowed());
+    }
+
+    #[Test]
+    public function isFrontendEditAllowedReturnsTrueByDefault(): void
+    {
+        $backendUser = $this->createMock(BackendUserAuthentication::class);
+        $backendUser->user = ['uid' => 1];
+        $backendUser->method('getTSConfig')->willReturn([]);
+        $GLOBALS['BE_USER'] = $backendUser;
+
+        $service = new BackendUserService();
+
+        self::assertTrue($service->isFrontendEditAllowed());
+    }
+
+    #[Test]
+    public function isFrontendEditAllowedReturnsFalseWhenDisabledViaTsConfig(): void
+    {
+        $backendUser = $this->createMock(BackendUserAuthentication::class);
+        $backendUser->user = ['uid' => 1];
+        $backendUser->method('getTSConfig')->willReturn([
+            Configuration::USER_TSCONFIG_KEY => [
+                Configuration::USER_TSCONFIG_DISABLED => '1',
+            ],
+        ]);
+        $GLOBALS['BE_USER'] = $backendUser;
+
+        $service = new BackendUserService();
+
+        self::assertFalse($service->isFrontendEditAllowed());
+    }
+
+    #[Test]
+    public function isFrontendEditAllowedReturnsTrueWhenExplicitlyEnabled(): void
+    {
+        $backendUser = $this->createMock(BackendUserAuthentication::class);
+        $backendUser->user = ['uid' => 1];
+        $backendUser->method('getTSConfig')->willReturn([
+            Configuration::USER_TSCONFIG_KEY => [
+                Configuration::USER_TSCONFIG_DISABLED => '0',
+            ],
+        ]);
+        $GLOBALS['BE_USER'] = $backendUser;
+
+        $service = new BackendUserService();
+
+        self::assertTrue($service->isFrontendEditAllowed());
+    }
+}