summaryrefslogtreecommitdiff
path: root/tests/units/Core/Security/AuthorizationTest.php
diff options
context:
space:
mode:
Diffstat (limited to 'tests/units/Core/Security/AuthorizationTest.php')
-rw-r--r--tests/units/Core/Security/AuthorizationTest.php39
1 files changed, 39 insertions, 0 deletions
diff --git a/tests/units/Core/Security/AuthorizationTest.php b/tests/units/Core/Security/AuthorizationTest.php
new file mode 100644
index 00000000..70561ad8
--- /dev/null
+++ b/tests/units/Core/Security/AuthorizationTest.php
@@ -0,0 +1,39 @@
+<?php
+
+require_once __DIR__.'/../../Base.php';
+
+use Kanboard\Core\Security\Role;
+use Kanboard\Core\Security\AccessMap;
+use Kanboard\Core\Security\Authorization;
+
+class AuthorizationTest extends Base
+{
+ public function testIsAllowed()
+ {
+ $acl = new AccessMap;
+ $acl->setDefaultRole(Role::APP_USER);
+ $acl->setRoleHierarchy(Role::APP_ADMIN, array(Role::APP_MANAGER, Role::APP_USER));
+ $acl->setRoleHierarchy(Role::APP_MANAGER, array(Role::APP_USER));
+
+ $acl->add('MyController', 'myAction1', Role::APP_MANAGER);
+ $acl->add('MyController', 'myAction2', Role::APP_ADMIN);
+ $acl->add('MyManagerController', '*', Role::APP_MANAGER);
+
+ $authorization = new Authorization($acl);
+
+ $this->assertTrue($authorization->isAllowed('myController', 'myAction1', Role::APP_ADMIN));
+ $this->assertTrue($authorization->isAllowed('myController', 'myAction1', Role::APP_MANAGER));
+ $this->assertFalse($authorization->isAllowed('myController', 'myAction1', Role::APP_USER));
+ $this->assertFalse($authorization->isAllowed('myController', 'myAction1', 'something else'));
+
+ $this->assertTrue($authorization->isAllowed('MyManagerController', 'myAction', Role::APP_ADMIN));
+ $this->assertTrue($authorization->isAllowed('MyManagerController', 'myAction', Role::APP_MANAGER));
+ $this->assertFalse($authorization->isAllowed('MyManagerController', 'myAction', Role::APP_USER));
+ $this->assertFalse($authorization->isAllowed('MyManagerController', 'myAction', 'something else'));
+
+ $this->assertTrue($authorization->isAllowed('MyUserController', 'myAction', Role::APP_ADMIN));
+ $this->assertTrue($authorization->isAllowed('MyUserController', 'myAction', Role::APP_MANAGER));
+ $this->assertTrue($authorization->isAllowed('MyUserController', 'myAction', Role::APP_USER));
+ $this->assertFalse($authorization->isAllowed('MyUserController', 'myAction', 'something else'));
+ }
+}
generated by cgit v1.2.3 (git 2.51.0) at 2025-10-18 03:50:25 +0000