From 28bc4246bff405367c9e5640bca356b307962026 Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <contact@fredericguillot.com>
Date: Sat, 1 Mar 2014 19:51:09 -0500
Subject: Add acl and access list for projects

---
 tests/AclTest.php     | 118 ++++++++++++++++++++++++++++++++++++++++++++++++++
 tests/ProjectTest.php |  63 +++++++++++++++++++++++++++
 2 files changed, 181 insertions(+)
 create mode 100644 tests/AclTest.php
 create mode 100644 tests/ProjectTest.php

(limited to 'tests')

diff --git a/tests/AclTest.php b/tests/AclTest.php
new file mode 100644
index 00000000..0996a51f
--- /dev/null
+++ b/tests/AclTest.php
@@ -0,0 +1,118 @@
+<?php
+
+require_once __DIR__.'/../models/base.php';
+require_once __DIR__.'/../models/acl.php';
+
+use Model\Acl;
+
+class AclTest extends PHPUnit_Framework_TestCase
+{
+    public function setUp()
+    {
+        defined('DB_FILENAME') or define('DB_FILENAME', ':memory:');
+    }
+
+    public function testAllowedAction()
+    {
+        $acl_rules = array(
+            'controller1' => array('action1', 'action3'),
+        );
+
+        $acl = new Acl;
+        $this->assertTrue($acl->isAllowedAction($acl_rules, 'controller1', 'action1'));
+        $this->assertTrue($acl->isAllowedAction($acl_rules, 'controller1', 'action3'));
+        $this->assertFalse($acl->isAllowedAction($acl_rules, 'controller1', 'action2'));
+        $this->assertFalse($acl->isAllowedAction($acl_rules, 'controller2', 'action2'));
+        $this->assertFalse($acl->isAllowedAction($acl_rules, 'controller2', 'action3'));
+    }
+
+    public function testIsAdmin()
+    {
+        $acl = new Acl;
+
+        $_SESSION = array();
+        $this->assertFalse($acl->isAdminUser());
+
+        $_SESSION = array('user' => array());
+        $this->assertFalse($acl->isAdminUser());
+
+        $_SESSION = array('user' => array('is_admin' => true));
+        $this->assertFalse($acl->isAdminUser());
+
+        $_SESSION = array('user' => array('is_admin' => '0'));
+        $this->assertFalse($acl->isAdminUser());
+
+        $_SESSION = array('user' => array('is_admin' => '2'));
+        $this->assertFalse($acl->isAdminUser());
+
+        $_SESSION = array('user' => array('is_admin' => '1'));
+        $this->assertTrue($acl->isAdminUser());
+    }
+
+    public function testIsUser()
+    {
+        $acl = new Acl;
+
+        $_SESSION = array();
+        $this->assertFalse($acl->isRegularUser());
+
+        $_SESSION = array('user' => array());
+        $this->assertFalse($acl->isRegularUser());
+
+        $_SESSION = array('user' => array('is_admin' => true));
+        $this->assertFalse($acl->isRegularUser());
+
+        $_SESSION = array('user' => array('is_admin' => '1'));
+        $this->assertFalse($acl->isRegularUser());
+
+        $_SESSION = array('user' => array('is_admin' => '2'));
+        $this->assertFalse($acl->isRegularUser());
+
+        $_SESSION = array('user' => array('is_admin' => '0'));
+        $this->assertTrue($acl->isRegularUser());
+    }
+
+    public function testIsPageAllowed()
+    {
+        $acl = new Acl;
+
+        // Public access
+        $_SESSION = array();
+        $this->assertFalse($acl->isPageAccessAllowed('user', 'create'));
+        $this->assertFalse($acl->isPageAccessAllowed('user', 'save'));
+        $this->assertFalse($acl->isPageAccessAllowed('user', 'remove'));
+        $this->assertFalse($acl->isPageAccessAllowed('user', 'confirm'));
+        $this->assertFalse($acl->isPageAccessAllowed('app', 'index'));
+        $this->assertFalse($acl->isPageAccessAllowed('user', 'index'));
+        $this->assertTrue($acl->isPageAccessAllowed('user', 'login'));
+        $this->assertTrue($acl->isPageAccessAllowed('user', 'check'));
+        $this->assertTrue($acl->isPageAccessAllowed('task', 'add'));
+        $this->assertTrue($acl->isPageAccessAllowed('board', 'readonly'));
+
+        // Regular user
+        $_SESSION = array('user' => array('is_admin' => '0'));
+        $this->assertFalse($acl->isPageAccessAllowed('user', 'create'));
+        $this->assertFalse($acl->isPageAccessAllowed('user', 'save'));
+        $this->assertFalse($acl->isPageAccessAllowed('user', 'remove'));
+        $this->assertFalse($acl->isPageAccessAllowed('user', 'confirm'));
+        $this->assertTrue($acl->isPageAccessAllowed('app', 'index'));
+        $this->assertTrue($acl->isPageAccessAllowed('user', 'index'));
+        $this->assertTrue($acl->isPageAccessAllowed('user', 'login'));
+        $this->assertTrue($acl->isPageAccessAllowed('user', 'check'));
+        $this->assertTrue($acl->isPageAccessAllowed('task', 'add'));
+        $this->assertTrue($acl->isPageAccessAllowed('board', 'readonly'));
+
+        // Admin user
+        $_SESSION = array('user' => array('is_admin' => '1'));
+        $this->assertTrue($acl->isPageAccessAllowed('user', 'create'));
+        $this->assertTrue($acl->isPageAccessAllowed('user', 'save'));
+        $this->assertTrue($acl->isPageAccessAllowed('user', 'remove'));
+        $this->assertTrue($acl->isPageAccessAllowed('user', 'confirm'));
+        $this->assertTrue($acl->isPageAccessAllowed('app', 'index'));
+        $this->assertTrue($acl->isPageAccessAllowed('user', 'index'));
+        $this->assertTrue($acl->isPageAccessAllowed('user', 'login'));
+        $this->assertTrue($acl->isPageAccessAllowed('user', 'check'));
+        $this->assertTrue($acl->isPageAccessAllowed('task', 'add'));
+        $this->assertTrue($acl->isPageAccessAllowed('board', 'readonly'));
+    }
+}
diff --git a/tests/ProjectTest.php b/tests/ProjectTest.php
new file mode 100644
index 00000000..6eb39f52
--- /dev/null
+++ b/tests/ProjectTest.php
@@ -0,0 +1,63 @@
+<?php
+
+require_once __DIR__.'/../lib/translator.php';
+require_once __DIR__.'/../models/base.php';
+require_once __DIR__.'/../models/board.php';
+require_once __DIR__.'/../models/user.php';
+require_once __DIR__.'/../models/project.php';
+
+use Model\Project;
+use Model\User;
+
+class ProjectTest extends PHPUnit_Framework_TestCase
+{
+    public function setUp()
+    {
+        defined('DB_FILENAME') or define('DB_FILENAME', ':memory:');
+    }
+
+    public function testCreation()
+    {
+        $p = new Project;
+        $this->assertEquals(1, $p->create(array('name' => 'UnitTest')));
+        $this->assertNotEmpty($p->getById(1));
+    }
+
+    public function testAllowUsers()
+    {
+        $p = new Project;
+
+        // Everybody is allowed
+        $this->assertEmpty($p->getAllowedUsers(1));
+        $this->assertTrue($p->isUserAllowed(1, 1));
+
+        // Allow one user
+        $this->assertTrue($p->allowUser(1, 1));
+        $this->assertFalse($p->allowUser(50, 1));
+        $this->assertFalse($p->allowUser(1, 50));
+        $this->assertEquals(array('1' => 'admin'), $p->getAllowedUsers(1));
+        $this->assertTrue($p->isUserAllowed(1, 1));
+
+        // Disallow one user
+        $this->assertTrue($p->revokeUser(1, 1));
+        $this->assertEmpty($p->getAllowedUsers(1));
+        $this->assertTrue($p->isUserAllowed(1, 1));
+
+        // Allow/disallow many users
+        $user = new User;
+        $user->create(array('username' => 'unittest', 'password' => 'unittest'));
+
+        $this->assertTrue($p->allowUser(1, 1));
+        $this->assertTrue($p->allowUser(1, 2));
+
+        $this->assertEquals(array('1' => 'admin', '2' => 'unittest'), $p->getAllowedUsers(1));
+        $this->assertTrue($p->isUserAllowed(1, 1));
+        $this->assertTrue($p->isUserAllowed(1, 2));
+
+        $this->assertTrue($p->revokeUser(1, 1));
+
+        $this->assertEquals(array('2' => 'unittest'), $p->getAllowedUsers(1));
+        $this->assertFalse($p->isUserAllowed(1, 1));
+        $this->assertTrue($p->isUserAllowed(1, 2));
+    }
+}
-- 
cgit v1.2.3