Completed
Push — impl-EZP-26000-permission-look... ( 500ba3...2240ed )
by André
43:59
created

testGetCurrentUserReferenceReturnsAnonymousUserReference()   B

Complexity

Conditions 1
Paths 1

Size

Total Lines 26
Code Lines 13

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
dl 0
loc 26
c 0
b 0
f 0
cc 1
eloc 13
nc 1
nop 0
rs 8.8571
1
<?php
2
3
/**
4
 * @copyright Copyright (C) eZ Systems AS. All rights reserved.
5
 * @license For full copyright and license information view LICENSE file distributed with this source code.
6
 */
7
namespace eZ\Publish\API\Repository\Tests;
8
9
use eZ\Publish\Core\Repository\Values\User\UserReference;
10
11
/**
12
 *  Test case for operations in the PermissionResolver.
13
 *
14
 * @see \eZ\Publish\API\Repository\PermissionResolver
15
 * @group integration
16
 * @group permission
17
 */
18
class PermissionResolverTest extends BaseTest
19
{
20
    /**
21
     * Test for the getCurrentUser() method.
22
     *
23
     * @see \eZ\Publish\API\Repository\PermissionResolver::getCurrentUserReference()
24
     */
25
    public function testGetCurrentUserReferenceReturnsAnonymousUserReference()
26
    {
27
        $repository = $this->getRepository();
28
        $anonymousUserId = $this->generateId('user', 10);
29
        $repository->getPermissionResolver()->setCurrentUserReference(
30
            new UserReference($anonymousUserId)
31
        );
32
33
        /* BEGIN: Use Case */
34
        // $anonymousUserId is the ID of the "Anonymous" user in a eZ
35
        // Publish demo installation.
36
        // Only a UserReference has previously been set to the $repository
37
38
        $permissionResolver = $repository->getPermissionResolver();
39
        $anonymousUserReference = $permissionResolver->getCurrentUserReference();
40
        /* END: Use Case */
41
42
        $this->assertInstanceOf(
43
            'eZ\Publish\API\Repository\Values\User\UserReference',
44
            $anonymousUserReference
45
        );
46
        $this->assertEquals(
47
            $anonymousUserReference->getUserId(),
48
            $repository->getUserService()->loadUser($anonymousUserId)->id
49
        );
50
    }
51
52
    /**
53
     * Test for the setCurrentUser() method.
54
     *
55
     * @see \eZ\Publish\API\Repository\PermissionResolver::setCurrentUserReference()
56
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetUserService
57
     */
58 View Code Duplication
    public function testSetCurrentUserReference()
59
    {
60
        $repository = $this->getRepository();
61
        $repository->getPermissionResolver()->setCurrentUserReference(
62
            new UserReference(
63
                $this->generateId('user', 10)
64
            )
65
        );
66
67
        $administratorUserId = $this->generateId('user', 14);
68
69
        /* BEGIN: Use Case */
70
        // $administratorUserId contains the ID of the administrator user
71
72
        $permissionResolver = $repository->getPermissionResolver();
73
74
        $userService = $repository->getUserService();
75
76
        // Load administrator user
77
        $administratorUser = $userService->loadUser($administratorUserId);
78
79
        // Set administrator user as current user reference
80
        $permissionResolver->setCurrentUserReference($administratorUser);
81
        /* END: Use Case */
82
83
        $this->assertEquals(
84
            $administratorUserId,
85
            $permissionResolver->getCurrentUserReference()->getUserId()
86
        );
87
88
        $this->assertSame(
89
            $administratorUser,
90
            $permissionResolver->getCurrentUserReference()
91
        );
92
    }
93
94
    /**
95
     * Test for the hasAccess() method.
96
     *
97
     * @see \eZ\Publish\API\Repository\PermissionResolver::hasAccess()
98
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetUserService
99
     */
100 View Code Duplication
    public function testHasAccessWithAnonymousUserNo()
101
    {
102
        $repository = $this->getRepository();
103
104
        $anonymousUserId = $this->generateId('user', 10);
105
106
        /* BEGIN: Use Case */
107
        // $anonymousUserId is the ID of the "Anonymous" user in a eZ
108
        // Publish demo installation.
109
110
        $userService = $repository->getUserService();
111
        $permissionResolver = $repository->getPermissionResolver();
112
113
        // Load anonymous user
114
        $anonymousUser = $userService->loadUser($anonymousUserId);
115
116
        // This call will return false because anonymous user does not have access
117
        // to content removal
118
        $hasAccess = $permissionResolver->hasAccess('content', 'remove', $anonymousUser);
119
        /* END: Use Case */
120
121
        $this->assertFalse($hasAccess);
122
    }
123
124
    /**
125
     * Test for the hasAccess() method.
126
     *
127
     * @see \eZ\Publish\API\Repository\PermissionResolver::hasAccess()
128
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetUserService
129
     * @depends eZ\Publish\API\Repository\Tests\PermissionResolverTest::testHasAccessWithAnonymousUserNo
130
     */
131 View Code Duplication
    public function testHasAccessForCurrentUserNo()
132
    {
133
        $repository = $this->getRepository();
134
135
        $anonymousUserId = $this->generateId('user', 10);
136
137
        /* BEGIN: Use Case */
138
        // $anonymousUserId is the ID of the "Anonymous" user in a eZ
139
        // Publish demo installation.
140
141
        $userService = $repository->getUserService();
142
        $permissionResolver = $repository->getPermissionResolver();
143
144
        // Load anonymous user
145
        $anonymousUser = $userService->loadUser($anonymousUserId);
146
147
        // Set anonymous user as current user reference
148
        $permissionResolver->setCurrentUserReference($anonymousUser);
149
150
        // This call will return false because anonymous user does not have access
151
        // to content removal
152
        $hasAccess = $permissionResolver->hasAccess('content', 'remove');
153
        /* END: Use Case */
154
155
        $this->assertFalse($hasAccess);
156
    }
157
158
    /**
159
     * Test for the hasAccess() method.
160
     *
161
     * @see \eZ\Publish\API\Repository\PermissionResolver::hasAccess()
162
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetUserService
163
     */
164 View Code Duplication
    public function testHasAccessWithAdministratorUser()
165
    {
166
        $repository = $this->getRepository();
167
168
        $administratorUserId = $this->generateId('user', 14);
169
170
        /* BEGIN: Use Case */
171
        // $administratorUserId contains the ID of the administrator user
172
173
        $userService = $repository->getUserService();
174
        $permissionResolver = $repository->getPermissionResolver();
175
176
        // Load administrator user
177
        $administratorUser = $userService->loadUser($administratorUserId);
178
179
        // This call will return true
180
        $hasAccess = $permissionResolver->hasAccess('content', 'read', $administratorUser);
181
        /* END: Use Case */
182
183
        $this->assertTrue($hasAccess);
184
    }
185
186
    /**
187
     * Test for the hasAccess() method.
188
     *
189
     * @see \eZ\Publish\API\Repository\PermissionResolver::hasAccess()
190
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetUserService
191
     * @depends eZ\Publish\API\Repository\Tests\PermissionResolverTest::testSetCurrentUserReference
192
     * @depends eZ\Publish\API\Repository\Tests\PermissionResolverTest::testHasAccessWithAdministratorUser
193
     */
194 View Code Duplication
    public function testHasAccessForCurrentUserYes()
195
    {
196
        $repository = $this->getRepository();
197
198
        $administratorUserId = $this->generateId('user', 14);
199
200
        /* BEGIN: Use Case */
201
        // $administratorUserId contains the ID of the administrator user
202
203
        $userService = $repository->getUserService();
204
        $permissionResolver = $repository->getPermissionResolver();
205
206
        // Load administrator user
207
        $administratorUser = $userService->loadUser($administratorUserId);
208
209
        // Set administrator user as current user reference
210
        $permissionResolver->setCurrentUserReference($administratorUser);
211
212
        // This call will return true
213
        $hasAccess = $permissionResolver->hasAccess('content', 'read');
214
        /* END: Use Case */
215
216
        $this->assertTrue($hasAccess);
217
    }
218
219
    /**
220
     * Test for the hasAccess() method.
221
     *
222
     * @see \eZ\Publish\API\Repository\PermissionResolver::hasAccess()
223
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetUserService
224
     * @depends eZ\Publish\API\Repository\Tests\PermissionResolverTest::testSetCurrentUserReference
225
     */
226 View Code Duplication
    public function testHasAccessLimited()
227
    {
228
        $repository = $this->getRepository();
229
230
        /* BEGIN: Use Case */
231
        $user = $this->createUserVersion1();
232
233
        $permissionResolver = $repository->getPermissionResolver();
234
235
        // Set created user as current user reference
236
        $permissionResolver->setCurrentUserReference($user);
237
238
        // This call will return an array of permission sets describing user's access
239
        // to reading content
240
        $permissionSets = $permissionResolver->hasAccess('content', 'read');
241
        /* END: Use Case */
242
243
        $this->assertInternalType(
244
            'array',
245
            $permissionSets
246
        );
247
        $this->assertNotEmpty($permissionSets);
248
    }
249
250
    /**
251
     * Test for the canUser() method.
252
     *
253
     * @see \eZ\Publish\API\Repository\PermissionResolver::canUser()
254
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetUserService
255
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetContentService
256
     * @depends eZ\Publish\API\Repository\Tests\PermissionResolverTest::testHasAccessForCurrentUserNo
257
     * @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException
258
     */
259 View Code Duplication
    public function testCanUserForAnonymousUserNo()
260
    {
261
        $repository = $this->getRepository();
262
263
        $homeId = $this->generateId('object', 57);
264
265
        $anonymousUserId = $this->generateId('user', 10);
266
        /* BEGIN: Use Case */
267
        // $anonymousUserId is the ID of the "Anonymous" user in a eZ
268
        // Publish demo installation.
269
        // $homeId contains the ID of the "Home" frontpage
270
271
        $contentService = $repository->getContentService();
272
        $userService = $repository->getUserService();
273
        $permissionResolver = $repository->getPermissionResolver();
274
275
        // Load anonymous user
276
        $anonymousUser = $userService->loadUser($anonymousUserId);
277
278
        // Set anonymous user as current user reference
279
        $permissionResolver->setCurrentUserReference($anonymousUser);
280
281
        // Load the ContentInfo for "Home" frontpage
282
        $contentInfo = $contentService->loadContentInfo($homeId);
283
284
        // This call will return false because anonymous user does not have access
285
        // to content removal and hence no permission to remove given content
286
        $canUser = $permissionResolver->canUser('content', 'remove', $contentInfo);
287
288
        // Performing an action without necessary permissions will fail with "UnauthorizedException"
289
        if (!$canUser) {
290
            $contentService->deleteContent($contentInfo);
291
        }
292
        /* END: Use Case */
293
    }
294
295
    /**
296
     * Test for the canUser() method.
297
     *
298
     * @see \eZ\Publish\API\Repository\PermissionResolver::canUser()
299
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetUserService
300
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetContentService
301
     * @depends eZ\Publish\API\Repository\Tests\PermissionResolverTest::testHasAccessForCurrentUserYes
302
     * @expectedException \eZ\Publish\API\Repository\Exceptions\NotFoundException
303
     */
304 View Code Duplication
    public function testCanUserForAdministratorUser()
305
    {
306
        $repository = $this->getRepository();
307
308
        $administratorUserId = $this->generateId('user', 14);
309
        $homeId = $this->generateId('object', 57);
310
311
        /* BEGIN: Use Case */
312
        // $administratorUserId contains the ID of the administrator user
313
        // $homeId contains the ID of the "Home" frontpage
314
315
        $contentService = $repository->getContentService();
316
        $userService = $repository->getUserService();
317
        $permissionResolver = $repository->getPermissionResolver();
318
319
        // Load administrator user
320
        $administratorUser = $userService->loadUser($administratorUserId);
321
322
        // Set administrator user as current user reference
323
        $permissionResolver->setCurrentUserReference($administratorUser);
324
325
        // Load the ContentInfo for "Home" frontpage
326
        $contentInfo = $contentService->loadContentInfo($homeId);
327
328
        // This call will return true
329
        $canUser = $permissionResolver->canUser('content', 'remove', $contentInfo);
330
331
        // Performing an action having necessary permissions will succeed
332
        $contentService->deleteContent($contentInfo);
333
        /* END: Use Case */
334
335
        $this->assertTrue($canUser);
336
        $contentService->loadContent($homeId);
337
    }
338
339
    /**
340
     * Test for the canUser() method.
341
     *
342
     * @see \eZ\Publish\API\Repository\PermissionResolver::canUser()
343
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetUserService
344
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetContentService
345
     * @depends eZ\Publish\API\Repository\Tests\PermissionResolverTest::testHasAccessLimited
346
     */
347 View Code Duplication
    public function testCanUserWithLimitationYes()
348
    {
349
        $repository = $this->getRepository();
350
351
        $imagesFolderId = $this->generateId('object', 49);
352
353
        /* BEGIN: Use Case */
354
        // $imagesFolderId contains the ID of the "Images" folder
355
356
        $user = $this->createUserVersion1();
357
358
        $permissionResolver = $repository->getPermissionResolver();
359
360
        // Set created user as current user reference
361
        $permissionResolver->setCurrentUserReference($user);
362
363
        $contentService = $repository->getContentService();
364
365
        // Performing an action having necessary permissions will succeed
366
        $imagesFolder = $contentService->loadContent($imagesFolderId);
367
368
        // This call will return true
369
        $canUser = $permissionResolver->canUser('content', 'read', $imagesFolder);
370
        /* END: Use Case */
371
372
        $this->assertTrue($canUser);
373
    }
374
375
    /**
376
     * Test for the canUser() method.
377
     *
378
     * @see \eZ\Publish\API\Repository\PermissionResolver::canUser()
379
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetUserService
380
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetContentService
381
     * @depends eZ\Publish\API\Repository\Tests\PermissionResolverTest::testHasAccessLimited
382
     * @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException
383
     */
384 View Code Duplication
    public function testCanUserWithLimitationNo()
385
    {
386
        $repository = $this->getRepository();
387
388
        $administratorUserId = $this->generateId('user', 14);
389
390
        /* BEGIN: Use Case */
391
        // $administratorUserId contains the ID of the administrator user
392
393
        $user = $this->createUserVersion1();
394
395
        $permissionResolver = $repository->getPermissionResolver();
396
397
        // Set created user as current user reference
398
        $permissionResolver->setCurrentUserReference($user);
399
400
        $userService = $repository->getUserService();
401
402
        // Load administrator user using UserService, this does not check for permissions
403
        $administratorUser = $userService->loadUser($administratorUserId);
404
405
        // This call will return false as user with Editor role does not have
406
        // permission to read "Users" subtree
407
        $canUser = $permissionResolver->canUser('content', 'read', $administratorUser);
408
409
        $contentService = $repository->getContentService();
410
411
        // Performing an action without necessary permissions will fail with "UnauthorizedException"
412
        if (!$canUser) {
413
            $content = $contentService->loadContent($administratorUserId);
0 ignored issues
show
Unused Code introduced by
$content is not used, you could remove the assignment.

This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.

$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.

Loading history...
414
        }
415
        /* END: Use Case */
416
    }
417
418
    /**
419
     * Test for the canUser() method.
420
     *
421
     * @see \eZ\Publish\API\Repository\PermissionResolver::canUser()
422
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetUserService
423
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetContentTypeService
424
     * @depends eZ\Publish\API\Repository\Tests\PermissionResolverTest::testSetCurrentUserReference
425
     * @depends eZ\Publish\API\Repository\Tests\PermissionResolverTest::testHasAccessLimited
426
     * @expectedException \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException
427
     */
428 View Code Duplication
    public function testCanUserThrowsInvalidArgumentException()
429
    {
430
        $repository = $this->getRepository();
431
432
        $userGroupContentTypeId = $this->generateId('type', 3);
433
434
        /* BEGIN: Use Case */
435
        // $userGroupContentTypeId contains the ID of the "UserGroup" ContentType
436
437
        $user = $this->createUserVersion1();
438
439
        $permissionResolver = $repository->getPermissionResolver();
440
441
        // Set created user as current user reference
442
        $permissionResolver->setCurrentUserReference($user);
443
444
        $contentTypeService = $repository->getContentTypeService();
445
446
        // Load the "UserGroup" ContentType
447
        $userGroupContentType = $contentTypeService->loadContentType($userGroupContentTypeId);
448
449
        // This call will throw "InvalidArgumentException" because $userGroupContentType
450
        // is an instance of \eZ\Publish\API\Repository\Values\ContentType\ContentType,
451
        // which can not be checked for user access
452
        $canUser = $permissionResolver->canUser('content', 'create', $userGroupContentType);
0 ignored issues
show
Unused Code introduced by
$canUser is not used, you could remove the assignment.

This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.

$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.

Loading history...
453
        /* END: Use Case */
454
    }
455
456
    /**
457
     * Test for the canUser() method.
458
     *
459
     * @see \eZ\Publish\API\Repository\PermissionResolver::canUser()
460
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetUserService
461
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetContentService
462
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetContentTypeService
463
     * @depends eZ\Publish\API\Repository\Tests\PermissionResolverTest::testHasAccessLimited
464
     */
465 View Code Duplication
    public function testCanUserWithTargetYes()
466
    {
467
        $repository = $this->getRepository();
468
469
        $homeLocationId = $this->generateId('location', 2);
470
471
        /* BEGIN: Use Case */
472
        // $homeLocationId contains the ID of the "Home" location
473
474
        $user = $this->createUserVersion1();
475
476
        $permissionResolver = $repository->getPermissionResolver();
477
478
        // Set created user as current user reference
479
        $permissionResolver->setCurrentUserReference($user);
480
481
        $contentTypeService = $repository->getContentTypeService();
482
483
        $contentType = $contentTypeService->loadContentTypeByIdentifier('forums');
484
485
        $contentService = $repository->getContentService();
486
487
        $contentCreateStruct = $contentService->newContentCreateStruct($contentType, 'eng-US');
488
        $contentCreateStruct->setField('title', 'My awesome forums');
489
        $contentCreateStruct->remoteId = 'abcdef0123456789abcdef0123456789';
490
        $contentCreateStruct->alwaysAvailable = true;
491
492
        $locationService = $repository->getLocationService();
493
        $locationCreateStruct = $locationService->newLocationCreateStruct($homeLocationId);
494
495
        // This call will return true
496
        $canUser = $permissionResolver->canUser(
497
            'content',
498
            'create',
499
            $contentCreateStruct,
500
            [$locationCreateStruct]
501
        );
502
503
        // Performing an action having necessary permissions will succeed
504
        $contentDraft = $contentService->createContent(
505
            $contentCreateStruct,
506
            array($locationCreateStruct)
507
        );
508
        /* END: Use Case */
509
510
        $this->assertTrue($canUser);
511
        $this->assertEquals(
512
            'My awesome forums',
513
            $contentDraft->getFieldValue('title')->text
514
        );
515
    }
516
517
    /**
518
     * Test for the canUser() method.
519
     *
520
     * @see \eZ\Publish\API\Repository\PermissionResolver::canUser()
521
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetUserService
522
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetContentService
523
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetContentTypeService
524
     * @depends eZ\Publish\API\Repository\Tests\PermissionResolverTest::testHasAccessLimited
525
     * @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException
526
     */
527 View Code Duplication
    public function testCanUserWithTargetNo()
528
    {
529
        $repository = $this->getRepository();
530
531
        $homeLocationId = $this->generateId('location', 2);
532
533
        /* BEGIN: Use Case */
534
        // $homeLocationId contains the ID of the "Home" frontpage location
535
536
        $user = $this->createUserVersion1();
537
538
        $permissionResolver = $repository->getPermissionResolver();
539
540
        // Set created user as current user reference
541
        $permissionResolver->setCurrentUserReference($user);
542
543
        $contentTypeService = $repository->getContentTypeService();
544
545
        $contentType = $contentTypeService->loadContentTypeByIdentifier('forum');
546
547
        $contentService = $repository->getContentService();
548
549
        $contentCreateStruct = $contentService->newContentCreateStruct($contentType, 'eng-US');
550
        $contentCreateStruct->setField('name', 'My awesome forum');
551
        $contentCreateStruct->remoteId = 'abcdef0123456789abcdef0123456789';
552
        $contentCreateStruct->alwaysAvailable = true;
553
554
        $locationService = $repository->getLocationService();
555
        $locationCreateStruct = $locationService->newLocationCreateStruct($homeLocationId);
556
557
        // This call will return false because user with Editor role has permission to
558
        // create "forum" type content only under "folder" type content.
559
        $canUser = $permissionResolver->canUser(
560
            'content',
561
            'create',
562
            $contentCreateStruct,
563
            [$locationCreateStruct]
564
        );
565
566
        // Performing an action without necessary permissions will fail with "UnauthorizedException"
567
        if (!$canUser) {
568
            $contentDraft = $contentService->createContent(
0 ignored issues
show
Unused Code introduced by
$contentDraft is not used, you could remove the assignment.

This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.

$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.

Loading history...
569
                $contentCreateStruct,
570
                array($locationCreateStruct)
571
            );
572
        }
573
        /* END: Use Case */
574
    }
575
576
    /**
577
     * Test for the canUser() method.
578
     *
579
     * @see \eZ\Publish\API\Repository\PermissionResolver::canUser()
580
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetUserService
581
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetContentService
582
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetContentTypeService
583
     * @depends eZ\Publish\API\Repository\Tests\PermissionResolverTest::testHasAccessLimited
584
     */
585 View Code Duplication
    public function testCanUserWithMultipleTargetsYes()
586
    {
587
        $repository = $this->getRepository();
588
589
        $imagesLocationId = $this->generateId('location', 51);
590
        $filesLocationId = $this->generateId('location', 52);
591
592
        /* BEGIN: Use Case */
593
        // $imagesLocationId contains the ID of the "Images" location
594
        // $filesLocationId contains the ID of the "Files" location
595
596
        $user = $this->createUserVersion1();
597
598
        $permissionResolver = $repository->getPermissionResolver();
599
600
        // Set created user as current user reference
601
        $permissionResolver->setCurrentUserReference($user);
602
603
        $contentTypeService = $repository->getContentTypeService();
604
605
        $contentType = $contentTypeService->loadContentTypeByIdentifier('folder');
606
607
        $contentService = $repository->getContentService();
608
609
        $contentCreateStruct = $contentService->newContentCreateStruct($contentType, 'eng-US');
610
        $contentCreateStruct->setField('name', 'My multipurpose folder');
611
        $contentCreateStruct->remoteId = 'abcdef0123456789abcdef0123456789';
612
        $contentCreateStruct->alwaysAvailable = true;
613
614
        $locationService = $repository->getLocationService();
615
        $locationCreateStruct1 = $locationService->newLocationCreateStruct($imagesLocationId);
616
        $locationCreateStruct2 = $locationService->newLocationCreateStruct($filesLocationId);
617
        $locationCreateStructs = array($locationCreateStruct1, $locationCreateStruct2);
618
619
        // This call will return true
620
        $canUser = $permissionResolver->canUser(
621
            'content',
622
            'create',
623
            $contentCreateStruct,
624
            $locationCreateStructs
625
        );
626
627
        // Performing an action having necessary permissions will succeed
628
        $contentDraft = $contentService->createContent($contentCreateStruct, $locationCreateStructs);
629
        /* END: Use Case */
630
631
        $this->assertTrue($canUser);
632
        $this->assertEquals(
633
            'My multipurpose folder',
634
            $contentDraft->getFieldValue('name')->text
635
        );
636
    }
637
638
    /**
639
     * Test for the canUser() method.
640
     *
641
     * @see \eZ\Publish\API\Repository\PermissionResolver::canUser()
642
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetUserService
643
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetContentService
644
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetContentTypeService
645
     * @depends eZ\Publish\API\Repository\Tests\PermissionResolverTest::testHasAccessLimited
646
     * @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException
647
     */
648 View Code Duplication
    public function testCanUserWithMultipleTargetsNo()
649
    {
650
        $repository = $this->getRepository();
651
652
        $homeLocationId = $this->generateId('location', 2);
653
        $administratorUsersLocationId = $this->generateId('location', 13);
654
655
        /* BEGIN: Use Case */
656
        // $homeLocationId contains the ID of the "Home" location
657
        // $administratorUsersLocationId contains the ID of the "Administrator users" location
658
659
        $user = $this->createUserVersion1();
660
661
        $permissionResolver = $repository->getPermissionResolver();
662
663
        // Set created user as current user reference
664
        $permissionResolver->setCurrentUserReference($user);
665
666
        $contentTypeService = $repository->getContentTypeService();
667
668
        $contentType = $contentTypeService->loadContentTypeByIdentifier('forums');
669
670
        $contentService = $repository->getContentService();
671
672
        $contentCreateStruct = $contentService->newContentCreateStruct($contentType, 'eng-US');
673
        $contentCreateStruct->setField('name', 'My awesome forums');
674
        $contentCreateStruct->remoteId = 'abcdef0123456789abcdef0123456789';
675
        $contentCreateStruct->alwaysAvailable = true;
676
677
        $locationService = $repository->getLocationService();
678
        $locationCreateStruct1 = $locationService->newLocationCreateStruct($homeLocationId);
679
        $locationCreateStruct2 = $locationService->newLocationCreateStruct($administratorUsersLocationId);
680
        $locationCreateStructs = array($locationCreateStruct1, $locationCreateStruct2);
681
682
        // This call will return false because user with Editor role does not have permission to
683
        // create content in the "Administrator users" location subtree
684
        $canUser = $permissionResolver->canUser(
685
            'content',
686
            'create',
687
            $contentCreateStruct,
688
            $locationCreateStructs
689
        );
690
691
        // Performing an action without necessary permissions will fail with "UnauthorizedException"
692
        if (!$canUser) {
693
            $contentDraft = $contentService->createContent($contentCreateStruct, $locationCreateStructs);
0 ignored issues
show
Unused Code introduced by
$contentDraft is not used, you could remove the assignment.

This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.

$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.

Loading history...
694
        }
695
        /* END: Use Case */
696
    }
697
698
    /**
699
     * Test for the canUser() method.
700
     *
701
     * @see \eZ\Publish\API\Repository\PermissionResolver::canUser()
702
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetUserService
703
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetContentService
704
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetContentTypeService
705
     * @depends eZ\Publish\API\Repository\Tests\RepositoryTest::testGetURLAliasService
706
     * @depends eZ\Publish\API\Repository\Tests\PermissionResolverTest::testSetCurrentUserReference
707
     * @depends eZ\Publish\API\Repository\Tests\PermissionResolverTest::testHasAccessLimited
708
     * @expectedException \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException
709
     */
710 View Code Duplication
    public function testCanUserWithTargetThrowsInvalidArgumentException()
711
    {
712
        $repository = $this->getRepository();
713
714
        /* BEGIN: Use Case */
715
        $user = $this->createUserVersion1();
716
717
        $permissionResolver = $repository->getPermissionResolver();
718
719
        // Set created user as current user reference
720
        $permissionResolver->setCurrentUserReference($user);
721
722
        $contentTypeService = $repository->getContentTypeService();
723
724
        $contentType = $contentTypeService->loadContentTypeByIdentifier('forum');
725
726
        $contentService = $repository->getContentService();
727
728
        $contentCreateStruct = $contentService->newContentCreateStruct($contentType, 'eng-US');
729
        $contentCreateStruct->setField('name', 'My awesome forum');
730
        $contentCreateStruct->remoteId = 'abcdef0123456789abcdef0123456789';
731
        $contentCreateStruct->alwaysAvailable = true;
732
733
        $urlAliasService = $repository->getURLAliasService();
734
        $rootUrlAlias = $urlAliasService->lookup('/');
735
736
        // This call will throw "InvalidArgumentException" because $rootAlias is not a valid target object
737
        $canUser = $permissionResolver->canUser(
0 ignored issues
show
Unused Code introduced by
$canUser is not used, you could remove the assignment.

This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.

$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.

Loading history...
738
            'content',
739
            'create',
740
            $contentCreateStruct,
741
            [$rootUrlAlias]
742
        );
743
        /* END: Use Case */
744
    }
745
746
    /**
747
     * Test for the canUser() method.
748
     *
749
     * @see \eZ\Publish\API\Repository\PermissionResolver::canUser()
750
     * @expectedException \eZ\Publish\API\Repository\Exceptions\BadStateException
751
     */
752
    public function testCanUserThrowsBadStateException()
753
    {
754
        $this->markTestIncomplete(
755
            'Cannot be tested on current fixture since policy with unsupported limitation value is not available.'
756
        );
757
    }
758
}
759