Rewrite of the authentication and authorization system

author: Frederic Guillot <fred@kanboard.net> 2015-12-05 20:31:27 -0500
committer: Frederic Guillot <fred@kanboard.net> 2015-12-05 20:31:27 -0500
commit: e9fedf3e5cd63aea4da7a71f6647ee427c62fa49 (patch)
tree: abc2de5aebace4a2d7c94805552264dab6b10bc7 /tests/units/Core/Security/AuthorizationTest.php
parent: 346b8312e5ac877ce3192c2db3a26b500018bbb5 (diff)
1 files changed, 18 insertions, 7 deletions
diff --git a/tests/units/Core/Security/AuthorizationTest.php b/tests/units/Core/Security/AuthorizationTest.php
index ffeb3741..70561ad8 100644
--- a/tests/units/Core/Security/AuthorizationTest.php
+++ b/tests/units/Core/Security/AuthorizationTest.php
@@ -12,17 +12,28 @@ class AuthorizationTest extends Base
     {
         $acl = new AccessMap;
         $acl->setDefaultRole(Role::APP_USER);
-        $acl->add('MyController', 'myAction1', array(Role::APP_ADMIN, Role::APP_MANAGER));
-        $acl->add('MyController', 'myAction2', array(Role::APP_ADMIN));
-        $acl->add('MyAdminController', '*', array(Role::APP_MANAGER));
+        $acl->setRoleHierarchy(Role::APP_ADMIN, array(Role::APP_MANAGER, Role::APP_USER));
+        $acl->setRoleHierarchy(Role::APP_MANAGER, array(Role::APP_USER));
+
+        $acl->add('MyController', 'myAction1', Role::APP_MANAGER);
+        $acl->add('MyController', 'myAction2', Role::APP_ADMIN);
+        $acl->add('MyManagerController', '*', Role::APP_MANAGER);
 
         $authorization = new Authorization($acl);
+
         $this->assertTrue($authorization->isAllowed('myController', 'myAction1', Role::APP_ADMIN));
         $this->assertTrue($authorization->isAllowed('myController', 'myAction1', Role::APP_MANAGER));
         $this->assertFalse($authorization->isAllowed('myController', 'myAction1', Role::APP_USER));
-        $this->assertTrue($authorization->isAllowed('anotherController', 'anotherAction', Role::APP_USER));
-        $this->assertTrue($authorization->isAllowed('MyAdminController', 'myAction', Role::APP_MANAGER));
-        $this->assertFalse($authorization->isAllowed('MyAdminController', 'myAction', Role::APP_ADMIN));
-        $this->assertFalse($authorization->isAllowed('MyAdminController', 'myAction', 'something else'));
+        $this->assertFalse($authorization->isAllowed('myController', 'myAction1', 'something else'));
+
+        $this->assertTrue($authorization->isAllowed('MyManagerController', 'myAction', Role::APP_ADMIN));
+        $this->assertTrue($authorization->isAllowed('MyManagerController', 'myAction', Role::APP_MANAGER));
+        $this->assertFalse($authorization->isAllowed('MyManagerController', 'myAction', Role::APP_USER));
+        $this->assertFalse($authorization->isAllowed('MyManagerController', 'myAction', 'something else'));
+
+        $this->assertTrue($authorization->isAllowed('MyUserController', 'myAction', Role::APP_ADMIN));
+        $this->assertTrue($authorization->isAllowed('MyUserController', 'myAction', Role::APP_MANAGER));
+        $this->assertTrue($authorization->isAllowed('MyUserController', 'myAction', Role::APP_USER));
+        $this->assertFalse($authorization->isAllowed('MyUserController', 'myAction', 'something else'));
     }
 }
author	Frederic Guillot <fred@kanboard.net>	2015-12-05 20:31:27 -0500
committer	Frederic Guillot <fred@kanboard.net>	2015-12-05 20:31:27 -0500
commit	e9fedf3e5cd63aea4da7a71f6647ee427c62fa49 (patch)
tree	abc2de5aebace4a2d7c94805552264dab6b10bc7 /tests/units/Core/Security/AuthorizationTest.php
parent	346b8312e5ac877ce3192c2db3a26b500018bbb5 (diff)