ezsystems /
ezpublish-kernel
| @@ 194-227 (lines=34) @@ | ||
| 191 | * @see \eZ\Publish\API\Repository\SectionService::assignSection() |
|
| 192 | * @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException |
|
| 193 | */ |
|
| 194 | public function testAssignSectionThrowsUnauthorizedException() |
|
| 195 | { |
|
| 196 | $repository = $this->getRepository(); |
|
| 197 | ||
| 198 | $standardSectionId = $this->generateId('section', 1); |
|
| 199 | $anonymousUserId = $this->generateId('user', 10); |
|
| 200 | /* BEGIN: Use Case */ |
|
| 201 | // $anonymousUserId is the ID of the "Anonymous" user in a eZ |
|
| 202 | // Publish demo installation. |
|
| 203 | // $standardSectionId is the ID of the "Standard" section in a eZ |
|
| 204 | // Publish demo installation. |
|
| 205 | ||
| 206 | // RemoteId of the "Media" page of an eZ Publish demo installation |
|
| 207 | $mediaRemoteId = 'a6e35cbcb7cd6ae4b691f3eee30cd262'; |
|
| 208 | ||
| 209 | $userService = $repository->getUserService(); |
|
| 210 | $contentService = $repository->getContentService(); |
|
| 211 | $sectionService = $repository->getSectionService(); |
|
| 212 | ||
| 213 | // Load a content info instance |
|
| 214 | $contentInfo = $contentService->loadContentInfoByRemoteId( |
|
| 215 | $mediaRemoteId |
|
| 216 | ); |
|
| 217 | ||
| 218 | // Load the "Standard" section |
|
| 219 | $section = $sectionService->loadSection($standardSectionId); |
|
| 220 | ||
| 221 | // Set anonymous user |
|
| 222 | $repository->setCurrentUser($userService->loadUser($anonymousUserId)); |
|
| 223 | ||
| 224 | // This call will fail with a "UnauthorizedException" |
|
| 225 | $sectionService->assignSection($contentInfo, $section); |
|
| 226 | /* END: Use Case */ |
|
| 227 | } |
|
| 228 | ||
| 229 | /** |
|
| 230 | * Test for the deleteSection() method. |
|
| @@ 589-621 (lines=33) @@ | ||
| 586 | * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testHasAccessForCurrentUserYes |
|
| 587 | * @expectedException \eZ\Publish\API\Repository\Exceptions\NotFoundException |
|
| 588 | */ |
|
| 589 | public function testCanUserForAdministratorUser() |
|
| 590 | { |
|
| 591 | $repository = $this->getRepository(); |
|
| 592 | ||
| 593 | $administratorUserId = $this->generateId('user', 14); |
|
| 594 | $homeId = $this->generateId('object', 57); |
|
| 595 | ||
| 596 | /* BEGIN: Use Case */ |
|
| 597 | // $administratorUserId contains the ID of the administrator user |
|
| 598 | // $homeId contains the ID of the "Home" frontpage |
|
| 599 | ||
| 600 | $contentService = $repository->getContentService(); |
|
| 601 | $userService = $repository->getUserService(); |
|
| 602 | ||
| 603 | // Load administrator user |
|
| 604 | $administratorUser = $userService->loadUser($administratorUserId); |
|
| 605 | ||
| 606 | // Set administrator user as current user |
|
| 607 | $repository->setCurrentUser($administratorUser); |
|
| 608 | ||
| 609 | // Load the ContentInfo for "Home" frontpage |
|
| 610 | $contentInfo = $contentService->loadContentInfo($homeId); |
|
| 611 | ||
| 612 | // This call will return true |
|
| 613 | $canUser = $repository->canUser('content', 'remove', $contentInfo); |
|
| 614 | ||
| 615 | // Performing an action having necessary permissions will succeed |
|
| 616 | $contentService->deleteContent($contentInfo); |
|
| 617 | /* END: Use Case */ |
|
| 618 | ||
| 619 | $this->assertTrue($canUser); |
|
| 620 | $contentService->loadContent($homeId); |
|
| 621 | } |
|
| 622 | ||
| 623 | /** |
|
| 624 | * Test for the canUser() method. |
|
| @@ 261-295 (lines=35) @@ | ||
| 258 | * @depends eZ\Publish\API\Repository\Tests\PermissionResolverTest::testHasAccessForCurrentUserNo |
|
| 259 | * @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException |
|
| 260 | */ |
|
| 261 | public function testCanUserForAnonymousUserNo() |
|
| 262 | { |
|
| 263 | $repository = $this->getRepository(); |
|
| 264 | ||
| 265 | $homeId = $this->generateId('object', 57); |
|
| 266 | ||
| 267 | $anonymousUserId = $this->generateId('user', 10); |
|
| 268 | /* BEGIN: Use Case */ |
|
| 269 | // $anonymousUserId is the ID of the "Anonymous" user in a eZ |
|
| 270 | // Publish demo installation. |
|
| 271 | // $homeId contains the ID of the "Home" frontpage |
|
| 272 | ||
| 273 | $contentService = $repository->getContentService(); |
|
| 274 | $userService = $repository->getUserService(); |
|
| 275 | $permissionResolver = $repository->getPermissionResolver(); |
|
| 276 | ||
| 277 | // Load anonymous user |
|
| 278 | $anonymousUser = $userService->loadUser($anonymousUserId); |
|
| 279 | ||
| 280 | // Set anonymous user as current user reference |
|
| 281 | $permissionResolver->setCurrentUserReference($anonymousUser); |
|
| 282 | ||
| 283 | // Load the ContentInfo for "Home" frontpage |
|
| 284 | $contentInfo = $contentService->loadContentInfo($homeId); |
|
| 285 | ||
| 286 | // This call will return false because anonymous user does not have access |
|
| 287 | // to content removal and hence no permission to remove given content |
|
| 288 | $canUser = $permissionResolver->canUser('content', 'remove', $contentInfo); |
|
| 289 | ||
| 290 | // Performing an action without necessary permissions will fail with "UnauthorizedException" |
|
| 291 | if (!$canUser) { |
|
| 292 | $contentService->deleteContent($contentInfo); |
|
| 293 | } |
|
| 294 | /* END: Use Case */ |
|
| 295 | } |
|
| 296 | ||
| 297 | /** |
|
| 298 | * Test for the canUser() method. |
|
| @@ 386-418 (lines=33) @@ | ||
| 383 | * @depends eZ\Publish\API\Repository\Tests\PermissionResolverTest::testHasAccessLimited |
|
| 384 | * @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException |
|
| 385 | */ |
|
| 386 | public function testCanUserWithLimitationNo() |
|
| 387 | { |
|
| 388 | $repository = $this->getRepository(); |
|
| 389 | ||
| 390 | $administratorUserId = $this->generateId('user', 14); |
|
| 391 | ||
| 392 | /* BEGIN: Use Case */ |
|
| 393 | // $administratorUserId contains the ID of the administrator user |
|
| 394 | ||
| 395 | $user = $this->createUserVersion1(); |
|
| 396 | ||
| 397 | $permissionResolver = $repository->getPermissionResolver(); |
|
| 398 | ||
| 399 | // Set created user as current user reference |
|
| 400 | $permissionResolver->setCurrentUserReference($user); |
|
| 401 | ||
| 402 | $userService = $repository->getUserService(); |
|
| 403 | ||
| 404 | // Load administrator user using UserService, this does not check for permissions |
|
| 405 | $administratorUser = $userService->loadUser($administratorUserId); |
|
| 406 | ||
| 407 | // This call will return false as user with Editor role does not have |
|
| 408 | // permission to read "Users" subtree |
|
| 409 | $canUser = $permissionResolver->canUser('content', 'read', $administratorUser); |
|
| 410 | ||
| 411 | $contentService = $repository->getContentService(); |
|
| 412 | ||
| 413 | // Performing an action without necessary permissions will fail with "UnauthorizedException" |
|
| 414 | if (!$canUser) { |
|
| 415 | $content = $contentService->loadContent($administratorUserId); |
|
| 416 | } |
|
| 417 | /* END: Use Case */ |
|
| 418 | } |
|
| 419 | ||
| 420 | /** |
|
| 421 | * Test for the canUser() method. |
|
