Add generic authorization class

author: Frederic Guillot <fred@kanboard.net> 2015-11-27 16:24:21 -0500
committer: Frederic Guillot <fred@kanboard.net> 2015-11-27 16:24:21 -0500
commit: 91bdf6aaf3cda52a43c35ce22f5e25537684cb56 (patch)
tree: 567631b186191508d7cc40f914ffe83740f0d355 /tests
parent: 19706944dc94c4fe1784af434f5f2e27a3c8130c (diff)
2 files changed, 50 insertions, 0 deletions
diff --git a/tests/units/Core/Security/AccessMapTest.php b/tests/units/Core/Security/AccessMapTest.php
new file mode 100644
index 00000000..ab74e036
--- /dev/null
+++ b/tests/units/Core/Security/AccessMapTest.php
@@ -0,0 +1,22 @@
+<?php
+
+require_once __DIR__.'/../../Base.php';
+
+use Kanboard\Core\Security\AccessMap;
+
+class AccessMapTest extends Base
+{
+    public function testGetRoles()
+    {
+        $acl = new AccessMap;
+        $acl->setDefaultRole('role3');
+        $acl->add('MyController', 'myAction1', array('role1', 'role2'));
+        $acl->add('MyController', 'myAction2', array('role1'));
+        $acl->add('MyAdminController', '*', array('role2'));
+
+        $this->assertEquals(array('role1', 'role2'), $acl->getRoles('mycontroller', 'MyAction1'));
+        $this->assertEquals(array('role1'), $acl->getRoles('mycontroller', 'MyAction2'));
+        $this->assertEquals(array('role2'), $acl->getRoles('Myadmincontroller', 'MyAction'));
+        $this->assertEquals(array('role3'), $acl->getRoles('AnotherController', 'ActionNotFound'));
+    }
+}
diff --git a/tests/units/Core/Security/AuthorizationTest.php b/tests/units/Core/Security/AuthorizationTest.php
new file mode 100644
index 00000000..ffeb3741
--- /dev/null
+++ b/tests/units/Core/Security/AuthorizationTest.php
@@ -0,0 +1,28 @@
+<?php
+
+require_once __DIR__.'/../../Base.php';
+
+use Kanboard\Core\Security\Role;
+use Kanboard\Core\Security\AccessMap;
+use Kanboard\Core\Security\Authorization;
+
+class AuthorizationTest extends Base
+{
+    public function testIsAllowed()
+    {
+        $acl = new AccessMap;
+        $acl->setDefaultRole(Role::APP_USER);
+        $acl->add('MyController', 'myAction1', array(Role::APP_ADMIN, Role::APP_MANAGER));
+        $acl->add('MyController', 'myAction2', array(Role::APP_ADMIN));
+        $acl->add('MyAdminController', '*', array(Role::APP_MANAGER));
+
+        $authorization = new Authorization($acl);
+        $this->assertTrue($authorization->isAllowed('myController', 'myAction1', Role::APP_ADMIN));
+        $this->assertTrue($authorization->isAllowed('myController', 'myAction1', Role::APP_MANAGER));
+        $this->assertFalse($authorization->isAllowed('myController', 'myAction1', Role::APP_USER));
+        $this->assertTrue($authorization->isAllowed('anotherController', 'anotherAction', Role::APP_USER));
+        $this->assertTrue($authorization->isAllowed('MyAdminController', 'myAction', Role::APP_MANAGER));
+        $this->assertFalse($authorization->isAllowed('MyAdminController', 'myAction', Role::APP_ADMIN));
+        $this->assertFalse($authorization->isAllowed('MyAdminController', 'myAction', 'something else'));
+    }
+}
author	Frederic Guillot <fred@kanboard.net>	2015-11-27 16:24:21 -0500
committer	Frederic Guillot <fred@kanboard.net>	2015-11-27 16:24:21 -0500
commit	91bdf6aaf3cda52a43c35ce22f5e25537684cb56 (patch)
tree	567631b186191508d7cc40f914ffe83740f0d355 /tests
parent	19706944dc94c4fe1784af434f5f2e27a3c8130c (diff)