summaryrefslogtreecommitdiff
path: root/tests/units/Model/AclTest.php
diff options
context:
space:
mode:
Diffstat (limited to 'tests/units/Model/AclTest.php')
-rw-r--r--tests/units/Model/AclTest.php293
1 files changed, 293 insertions, 0 deletions
diff --git a/tests/units/Model/AclTest.php b/tests/units/Model/AclTest.php
new file mode 100644
index 00000000..fef03990
--- /dev/null
+++ b/tests/units/Model/AclTest.php
@@ -0,0 +1,293 @@
+<?php
+
+require_once __DIR__.'/../Base.php';
+
+use Core\Session;
+use Model\Acl;
+use Model\Project;
+use Model\ProjectPermission;
+use Model\User;
+
+class AclTest extends Base
+{
+ public function testMatchAcl()
+ {
+ $acl_rules = array(
+ 'controller1' => array('action1', 'action3'),
+ 'controller3' => '*',
+ 'controller5' => '-',
+ 'controller6' => array(),
+ );
+
+ $acl = new Acl($this->container);
+ $this->assertTrue($acl->matchAcl($acl_rules, 'controller1', 'aCtiOn1'));
+ $this->assertTrue($acl->matchAcl($acl_rules, 'controller1', 'action1'));
+ $this->assertTrue($acl->matchAcl($acl_rules, 'controller1', 'action3'));
+ $this->assertFalse($acl->matchAcl($acl_rules, 'controller1', 'action2'));
+ $this->assertFalse($acl->matchAcl($acl_rules, 'controller2', 'action2'));
+ $this->assertFalse($acl->matchAcl($acl_rules, 'controller2', 'action3'));
+ $this->assertTrue($acl->matchAcl($acl_rules, 'controller3', 'anything'));
+ $this->assertFalse($acl->matchAcl($acl_rules, 'controller4', 'anything'));
+ $this->assertFalse($acl->matchAcl($acl_rules, 'controller5', 'anything'));
+ $this->assertFalse($acl->matchAcl($acl_rules, 'controller6', 'anything'));
+ }
+
+ public function testPublicActions()
+ {
+ $acl = new Acl($this->container);
+ $this->assertTrue($acl->isPublicAction('task', 'readonly'));
+ $this->assertTrue($acl->isPublicAction('board', 'readonly'));
+ $this->assertFalse($acl->isPublicAction('board', 'show'));
+ $this->assertTrue($acl->isPublicAction('feed', 'project'));
+ $this->assertTrue($acl->isPublicAction('feed', 'user'));
+ $this->assertTrue($acl->isPublicAction('ical', 'project'));
+ $this->assertTrue($acl->isPublicAction('ical', 'user'));
+ $this->assertTrue($acl->isPublicAction('oauth', 'github'));
+ $this->assertTrue($acl->isPublicAction('oauth', 'google'));
+ $this->assertTrue($acl->isPublicAction('auth', 'login'));
+ $this->assertTrue($acl->isPublicAction('auth', 'check'));
+ $this->assertTrue($acl->isPublicAction('auth', 'captcha'));
+ }
+
+ public function testAdminActions()
+ {
+ $acl = new Acl($this->container);
+ $this->assertFalse($acl->isAdminAction('board', 'show'));
+ $this->assertFalse($acl->isAdminAction('task', 'show'));
+ $this->assertTrue($acl->isAdminAction('config', 'api'));
+ $this->assertTrue($acl->isAdminAction('config', 'anything'));
+ $this->assertTrue($acl->isAdminAction('config', 'anything'));
+ $this->assertTrue($acl->isAdminAction('user', 'save'));
+ }
+
+ public function testProjectAdminActions()
+ {
+ $acl = new Acl($this->container);
+ $this->assertFalse($acl->isProjectAdminAction('config', 'save'));
+ $this->assertFalse($acl->isProjectAdminAction('user', 'index'));
+ $this->assertTrue($acl->isProjectAdminAction('project', 'remove'));
+ }
+
+ public function testProjectManagerActions()
+ {
+ $acl = new Acl($this->container);
+ $this->assertFalse($acl->isProjectManagerAction('board', 'readonly'));
+ $this->assertFalse($acl->isProjectManagerAction('project', 'remove'));
+ $this->assertFalse($acl->isProjectManagerAction('project', 'show'));
+ $this->assertTrue($acl->isProjectManagerAction('project', 'disable'));
+ $this->assertTrue($acl->isProjectManagerAction('category', 'index'));
+ $this->assertTrue($acl->isProjectManagerAction('project', 'users'));
+ $this->assertFalse($acl->isProjectManagerAction('app', 'index'));
+ }
+
+ public function testPageAccessNoSession()
+ {
+ $acl = new Acl($this->container);
+ $session = new Session;
+ $session = array();
+
+ $this->assertFalse($acl->isAllowed('board', 'readonly'));
+ $this->assertFalse($acl->isAllowed('task', 'show'));
+ $this->assertFalse($acl->isAllowed('config', 'application'));
+ $this->assertFalse($acl->isAllowed('project', 'users'));
+ $this->assertFalse($acl->isAllowed('task', 'remove'));
+ $this->assertTrue($acl->isAllowed('app', 'index'));
+ }
+
+ public function testPageAccessEmptySession()
+ {
+ $acl = new Acl($this->container);
+ $session = new Session;
+ $session['user'] = array();
+
+ $this->assertFalse($acl->isAllowed('board', 'readonly'));
+ $this->assertFalse($acl->isAllowed('task', 'show'));
+ $this->assertFalse($acl->isAllowed('config', 'application'));
+ $this->assertFalse($acl->isAllowed('project', 'users'));
+ $this->assertFalse($acl->isAllowed('task', 'remove'));
+ $this->assertTrue($acl->isAllowed('app', 'index'));
+ }
+
+ public function testPageAccessAdminUser()
+ {
+ $acl = new Acl($this->container);
+ $session = new Session;
+
+ $session['user'] = array(
+ 'is_admin' => true,
+ );
+
+ $this->assertTrue($acl->isAllowed('board', 'readonly'));
+ $this->assertTrue($acl->isAllowed('task', 'readonly'));
+ $this->assertTrue($acl->isAllowed('webhook', 'github'));
+ $this->assertTrue($acl->isAllowed('task', 'show'));
+ $this->assertTrue($acl->isAllowed('task', 'update'));
+ $this->assertTrue($acl->isAllowed('config', 'application'));
+ $this->assertTrue($acl->isAllowed('project', 'show'));
+ $this->assertTrue($acl->isAllowed('project', 'users'));
+ $this->assertTrue($acl->isAllowed('project', 'remove'));
+ $this->assertTrue($acl->isAllowed('category', 'edit'));
+ $this->assertTrue($acl->isAllowed('task', 'remove'));
+ $this->assertTrue($acl->isAllowed('app', 'index'));
+ }
+
+ public function testPageAccessProjectAdmin()
+ {
+ $acl = new Acl($this->container);
+ $p = new Project($this->container);
+ $pp = new ProjectPermission($this->container);
+ $u = new User($this->container);
+ $session = new Session;
+
+ // We create our user
+ $this->assertEquals(2, $u->create(array('username' => 'unittest', 'password' => 'unittest')));
+
+ // We create a project and set our user as project manager
+ $this->assertEquals(1, $p->create(array('name' => 'UnitTest')));
+ $this->assertTrue($pp->addMember(1, 2));
+ $this->assertTrue($pp->isMember(1, 2));
+ $this->assertFalse($pp->isManager(1, 2));
+
+ // We fake a session for him
+ $session['user'] = array(
+ 'id' => 2,
+ 'is_admin' => false,
+ 'is_project_admin' => true,
+ );
+
+ $this->assertTrue($acl->isAllowed('board', 'readonly', 1));
+ $this->assertTrue($acl->isAllowed('task', 'readonly', 1));
+ $this->assertTrue($acl->isAllowed('webhook', 'github', 1));
+ $this->assertTrue($acl->isAllowed('task', 'show', 1));
+ $this->assertFalse($acl->isAllowed('task', 'show', 2));
+ $this->assertTrue($acl->isAllowed('task', 'update', 1));
+ $this->assertTrue($acl->isAllowed('project', 'show', 1));
+ $this->assertFalse($acl->isAllowed('config', 'application', 1));
+
+ $this->assertTrue($acl->isAllowed('project', 'users', 1));
+ $this->assertFalse($acl->isAllowed('project', 'users', 2));
+
+ $this->assertTrue($acl->isAllowed('project', 'remove', 1));
+ $this->assertFalse($acl->isAllowed('project', 'remove', 2));
+
+ $this->assertTrue($acl->isAllowed('category', 'edit', 1));
+ $this->assertTrue($acl->isAllowed('task', 'remove', 1));
+ $this->assertTrue($acl->isAllowed('app', 'index', 1));
+ }
+
+ public function testPageAccessProjectManager()
+ {
+ $acl = new Acl($this->container);
+ $p = new Project($this->container);
+ $pp = new ProjectPermission($this->container);
+ $u = new User($this->container);
+ $session = new Session;
+
+ // We create our user
+ $this->assertEquals(2, $u->create(array('username' => 'unittest', 'password' => 'unittest')));
+
+ // We create a project and set our user as project manager
+ $this->assertEquals(1, $p->create(array('name' => 'UnitTest'), 2, true));
+ $this->assertTrue($pp->isMember(1, 2));
+ $this->assertTrue($pp->isManager(1, 2));
+
+ // We fake a session for him
+ $session['user'] = array(
+ 'id' => 2,
+ 'is_admin' => false,
+ );
+
+ $this->assertTrue($acl->isAllowed('board', 'readonly', 1));
+ $this->assertTrue($acl->isAllowed('task', 'readonly', 1));
+ $this->assertTrue($acl->isAllowed('webhook', 'github', 1));
+ $this->assertTrue($acl->isAllowed('task', 'show', 1));
+ $this->assertFalse($acl->isAllowed('task', 'show', 2));
+ $this->assertTrue($acl->isAllowed('task', 'update', 1));
+ $this->assertTrue($acl->isAllowed('project', 'show', 1));
+ $this->assertFalse($acl->isAllowed('config', 'application', 1));
+
+ $this->assertTrue($acl->isAllowed('project', 'users', 1));
+ $this->assertFalse($acl->isAllowed('project', 'users', 2));
+
+ $this->assertFalse($acl->isAllowed('project', 'remove', 1));
+ $this->assertFalse($acl->isAllowed('project', 'remove', 2));
+
+ $this->assertTrue($acl->isAllowed('category', 'edit', 1));
+ $this->assertTrue($acl->isAllowed('task', 'remove', 1));
+ $this->assertTrue($acl->isAllowed('app', 'index', 1));
+ }
+
+ public function testPageAccessMember()
+ {
+ $acl = new Acl($this->container);
+ $p = new Project($this->container);
+ $pp = new ProjectPermission($this->container);
+ $u = new User($this->container);
+
+ // We create our user
+ $this->assertEquals(2, $u->create(array('username' => 'unittest', 'password' => 'unittest')));
+
+ // We create a project and set our user as member
+ $this->assertEquals(1, $p->create(array('name' => 'UnitTest1')));
+ $this->assertEquals(2, $p->create(array('name' => 'UnitTest2')));
+ $this->assertTrue($pp->addMember(1, 2));
+ $this->assertTrue($pp->isMember(1, 2));
+ $this->assertFalse($pp->isManager(1, 2));
+
+ $session = new Session;
+
+ $session['user'] = array(
+ 'id' => 2,
+ 'is_admin' => false,
+ );
+
+ $this->assertTrue($acl->isAllowed('board', 'readonly', 1));
+ $this->assertTrue($acl->isAllowed('task', 'readonly', 1));
+ $this->assertTrue($acl->isAllowed('webhook', 'github', 1));
+ $this->assertFalse($acl->isAllowed('board', 'show', 2));
+ $this->assertTrue($acl->isAllowed('board', 'show', 1));
+ $this->assertFalse($acl->isAllowed('task', 'show', 2));
+ $this->assertTrue($acl->isAllowed('task', 'show', 1));
+ $this->assertTrue($acl->isAllowed('task', 'update', 1));
+ $this->assertTrue($acl->isAllowed('project', 'show', 1));
+ $this->assertFalse($acl->isAllowed('config', 'application', 1));
+ $this->assertFalse($acl->isAllowed('project', 'users', 1));
+ $this->assertTrue($acl->isAllowed('task', 'remove', 1));
+ $this->assertFalse($acl->isAllowed('task', 'remove', 2));
+ $this->assertTrue($acl->isAllowed('app', 'index', 1));
+ }
+
+ public function testPageAccessNotMember()
+ {
+ $acl = new Acl($this->container);
+ $p = new Project($this->container);
+ $pp = new ProjectPermission($this->container);
+ $u = new User($this->container);
+
+ // We create our user
+ $this->assertEquals(2, $u->create(array('username' => 'unittest', 'password' => 'unittest')));
+
+ // We create a project and set our user as member
+ $this->assertEquals(1, $p->create(array('name' => 'UnitTest1')));
+ $this->assertEquals(2, $p->create(array('name' => 'UnitTest2')));
+ $this->assertFalse($pp->isMember(1, 2));
+ $this->assertFalse($pp->isManager(1, 2));
+
+ $session = new Session;
+
+ $session['user'] = array(
+ 'id' => 2,
+ 'is_admin' => false,
+ );
+
+ $this->assertFalse($acl->isAllowed('board', 'show', 2));
+ $this->assertFalse($acl->isAllowed('board', 'show', 1));
+ $this->assertFalse($acl->isAllowed('task', 'show', 1));
+ $this->assertFalse($acl->isAllowed('task', 'update', 1));
+ $this->assertFalse($acl->isAllowed('project', 'show', 1));
+ $this->assertFalse($acl->isAllowed('config', 'application', 1));
+ $this->assertFalse($acl->isAllowed('project', 'users', 1));
+ $this->assertFalse($acl->isAllowed('task', 'remove', 1));
+ $this->assertTrue($acl->isAllowed('app', 'index', 1));
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-28 03:22:50 +0000