|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* File containing the RoleServiceAuthorizationTest class. |
|
5
|
|
|
* |
|
6
|
|
|
* @copyright Copyright (C) eZ Systems AS. All rights reserved. |
|
7
|
|
|
* @license For full copyright and license information view LICENSE file distributed with this source code. |
|
8
|
|
|
*/ |
|
9
|
|
|
namespace eZ\Publish\API\Repository\Tests; |
|
10
|
|
|
|
|
11
|
|
|
use eZ\Publish\API\Repository\Values\User\Limitation\SubtreeLimitation; |
|
12
|
|
|
|
|
13
|
|
|
/** |
|
14
|
|
|
* Test case for operations in the RoleService using in memory storage. |
|
15
|
|
|
* |
|
16
|
|
|
* @see eZ\Publish\API\Repository\RoleService |
|
17
|
|
|
* @group integration |
|
18
|
|
|
* @group authorization |
|
19
|
|
|
*/ |
|
20
|
|
|
class RoleServiceAuthorizationTest extends BaseTest |
|
21
|
|
|
{ |
|
22
|
|
|
/** |
|
23
|
|
|
* Test for the createRole() method. |
|
24
|
|
|
* |
|
25
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::createRole() |
|
26
|
|
|
* @depends eZ\Publish\API\Repository\Tests\RoleServiceTest::testCreateRole |
|
27
|
|
|
* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testCreateUser |
|
28
|
|
|
*/ |
|
29
|
|
|
public function testCreateRoleThrowsUnauthorizedException() |
|
30
|
|
|
{ |
|
31
|
|
|
$this->expectException(\eZ\Publish\API\Repository\Exceptions\UnauthorizedException::class); |
|
32
|
|
|
|
|
33
|
|
|
$repository = $this->getRepository(); |
|
34
|
|
|
|
|
35
|
|
|
/* BEGIN: Use Case */ |
|
36
|
|
|
$user = $this->createUserVersion1(); |
|
37
|
|
|
|
|
38
|
|
|
// Set "Editor" user as current user. |
|
39
|
|
|
$repository->setCurrentUser($user); |
|
|
|
|
|
|
40
|
|
|
|
|
41
|
|
|
// Get the role service |
|
42
|
|
|
$roleService = $repository->getRoleService(); |
|
43
|
|
|
|
|
44
|
|
|
// Instantiate a role create struct. |
|
45
|
|
|
$roleCreate = $roleService->newRoleCreateStruct('roleName'); |
|
46
|
|
|
|
|
47
|
|
|
// This call will fail with an "UnauthorizedException" |
|
48
|
|
|
$roleService->createRole($roleCreate); |
|
49
|
|
|
/* END: Use Case */ |
|
50
|
|
|
} |
|
51
|
|
|
|
|
52
|
|
|
/** |
|
53
|
|
|
* Test for the loadRole() method. |
|
54
|
|
|
* |
|
55
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::loadRole() |
|
56
|
|
|
* @depends eZ\Publish\API\Repository\Tests\RoleServiceTest::testLoadRole |
|
57
|
|
|
* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testCreateUser |
|
58
|
|
|
*/ |
|
59
|
|
|
public function testLoadRoleThrowsUnauthorizedException() |
|
60
|
|
|
{ |
|
61
|
|
|
$this->expectException(\eZ\Publish\API\Repository\Exceptions\UnauthorizedException::class); |
|
62
|
|
|
|
|
63
|
|
|
$repository = $this->getRepository(); |
|
64
|
|
|
$roleService = $repository->getRoleService(); |
|
65
|
|
|
|
|
66
|
|
|
/* BEGIN: Use Case */ |
|
67
|
|
|
$user = $this->createUserVersion1(); |
|
68
|
|
|
|
|
69
|
|
|
$role = $this->createRole(); |
|
70
|
|
|
|
|
71
|
|
|
// Set "Editor" user as current user. |
|
72
|
|
|
$repository->setCurrentUser($user); |
|
|
|
|
|
|
73
|
|
|
|
|
74
|
|
|
// This call will fail with an "UnauthorizedException" |
|
75
|
|
|
$roleService->loadRole($role->id); |
|
76
|
|
|
/* END: Use Case */ |
|
77
|
|
|
} |
|
78
|
|
|
|
|
79
|
|
|
/** |
|
80
|
|
|
* Test for the loadRoleByIdentifier() method. |
|
81
|
|
|
* |
|
82
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::loadRoleByIdentifier() |
|
83
|
|
|
* @depends eZ\Publish\API\Repository\Tests\RoleServiceTest::testLoadRoleByIdentifier |
|
84
|
|
|
* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testCreateUser |
|
85
|
|
|
*/ |
|
86
|
|
|
public function testLoadRoleByIdentifierThrowsUnauthorizedException() |
|
87
|
|
|
{ |
|
88
|
|
|
$this->expectException(\eZ\Publish\API\Repository\Exceptions\UnauthorizedException::class); |
|
89
|
|
|
|
|
90
|
|
|
$repository = $this->getRepository(); |
|
91
|
|
|
$roleService = $repository->getRoleService(); |
|
92
|
|
|
|
|
93
|
|
|
/* BEGIN: Use Case */ |
|
94
|
|
|
$user = $this->createUserVersion1(); |
|
95
|
|
|
|
|
96
|
|
|
$role = $this->createRole(); |
|
97
|
|
|
|
|
98
|
|
|
// Set "Editor" user as current user. |
|
99
|
|
|
$repository->setCurrentUser($user); |
|
|
|
|
|
|
100
|
|
|
|
|
101
|
|
|
// This call will fail with an "UnauthorizedException" |
|
102
|
|
|
$roleService->loadRoleByIdentifier($role->identifier); |
|
103
|
|
|
/* END: Use Case */ |
|
104
|
|
|
} |
|
105
|
|
|
|
|
106
|
|
|
/** |
|
107
|
|
|
* Test for the loadRoles() method. |
|
108
|
|
|
* |
|
109
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::loadRoles() |
|
110
|
|
|
*/ |
|
111
|
|
|
public function testLoadRolesLoadsEmptyListForAnonymousUser() |
|
112
|
|
|
{ |
|
113
|
|
|
$repository = $this->getRepository(); |
|
114
|
|
|
|
|
115
|
|
|
/* BEGIN: Use Case */ |
|
116
|
|
|
$user = $this->createUserVersion1(); |
|
117
|
|
|
|
|
118
|
|
|
// Set "Editor" user as current user. |
|
119
|
|
|
$repository->setCurrentUser($user); |
|
|
|
|
|
|
120
|
|
|
|
|
121
|
|
|
// Get the role service |
|
122
|
|
|
$roleService = $repository->getRoleService(); |
|
123
|
|
|
/* END: Use Case */ |
|
124
|
|
|
|
|
125
|
|
|
$this->assertEquals([], $roleService->loadRoles()); |
|
126
|
|
|
} |
|
127
|
|
|
|
|
128
|
|
|
/** |
|
129
|
|
|
* Test for the loadRoles() method. |
|
130
|
|
|
* |
|
131
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::loadRoles() |
|
132
|
|
|
*/ |
|
133
|
|
|
public function testLoadRolesForUserWithSubtreeLimitation() |
|
134
|
|
|
{ |
|
135
|
|
|
$repository = $this->getRepository(); |
|
136
|
|
|
$roleService = $repository->getRoleService(); |
|
137
|
|
|
|
|
138
|
|
|
/* BEGIN: Use Case */ |
|
139
|
|
|
// create user that can read/create/delete but cannot edit or content |
|
140
|
|
|
$this->createRoleWithPolicies('roleReader', [ |
|
141
|
|
|
['module' => 'role', 'function' => 'read'], |
|
142
|
|
|
]); |
|
143
|
|
|
|
|
144
|
|
|
$user = $this->createCustomUserWithLogin( |
|
145
|
|
|
'user', |
|
146
|
|
|
'[email protected]', |
|
147
|
|
|
'roleReaders', |
|
148
|
|
|
'roleReader', |
|
149
|
|
|
new SubtreeLimitation(['limitationValues' => ['/1/2/']]) |
|
150
|
|
|
); |
|
151
|
|
|
|
|
152
|
|
|
$repository->getPermissionResolver()->setCurrentUserReference($user); |
|
153
|
|
|
/* END: Use Case */ |
|
154
|
|
|
|
|
155
|
|
|
$this->assertCount(6, $roleService->loadRoles()); |
|
156
|
|
|
} |
|
157
|
|
|
|
|
158
|
|
|
/** |
|
159
|
|
|
* Test for the updateRole() method. |
|
160
|
|
|
* |
|
161
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::updateRole() |
|
162
|
|
|
* @depends eZ\Publish\API\Repository\Tests\RoleServiceTest::testUpdateRole |
|
163
|
|
|
* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testCreateUser |
|
164
|
|
|
*/ |
|
165
|
|
|
public function testUpdateRoleThrowsUnauthorizedException() |
|
166
|
|
|
{ |
|
167
|
|
|
$this->expectException(\eZ\Publish\API\Repository\Exceptions\UnauthorizedException::class); |
|
168
|
|
|
|
|
169
|
|
|
$repository = $this->getRepository(); |
|
170
|
|
|
$roleService = $repository->getRoleService(); |
|
171
|
|
|
|
|
172
|
|
|
/* BEGIN: Use Case */ |
|
173
|
|
|
$user = $this->createUserVersion1(); |
|
174
|
|
|
|
|
175
|
|
|
$role = $this->createRole(); |
|
176
|
|
|
|
|
177
|
|
|
// Set "Editor" user as current user. |
|
178
|
|
|
$repository->setCurrentUser($user); |
|
|
|
|
|
|
179
|
|
|
|
|
180
|
|
|
// Get a new role update struct and set new values |
|
181
|
|
|
$roleUpdateStruct = $roleService->newRoleUpdateStruct(); |
|
182
|
|
|
|
|
183
|
|
|
// @todo uncomment when support for multilingual names and descriptions is added EZP-24776 |
|
184
|
|
|
// $roleUpdateStruct->mainLanguageCode = 'eng-US'; |
|
185
|
|
|
|
|
186
|
|
|
// This call will fail with an "UnauthorizedException" |
|
187
|
|
|
$roleService->updateRole($role, $roleUpdateStruct); |
|
|
|
|
|
|
188
|
|
|
/* END: Use Case */ |
|
189
|
|
|
} |
|
190
|
|
|
|
|
191
|
|
|
/** |
|
192
|
|
|
* Test for the deleteRole() method. |
|
193
|
|
|
* |
|
194
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::deleteRole() |
|
195
|
|
|
* @depends eZ\Publish\API\Repository\Tests\RoleServiceTest::testDeleteRole |
|
196
|
|
|
* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testCreateUser |
|
197
|
|
|
*/ |
|
198
|
|
|
public function testDeleteRoleThrowsUnauthorizedException() |
|
199
|
|
|
{ |
|
200
|
|
|
$this->expectException(\eZ\Publish\API\Repository\Exceptions\UnauthorizedException::class); |
|
201
|
|
|
|
|
202
|
|
|
$repository = $this->getRepository(); |
|
203
|
|
|
$roleService = $repository->getRoleService(); |
|
204
|
|
|
|
|
205
|
|
|
/* BEGIN: Use Case */ |
|
206
|
|
|
$user = $this->createUserVersion1(); |
|
207
|
|
|
|
|
208
|
|
|
$role = $this->createRole(); |
|
209
|
|
|
|
|
210
|
|
|
// Set "Editor" user as current user. |
|
211
|
|
|
$repository->setCurrentUser($user); |
|
|
|
|
|
|
212
|
|
|
|
|
213
|
|
|
// This call will fail with an "UnauthorizedException" |
|
214
|
|
|
$roleService->deleteRole($role); |
|
215
|
|
|
/* END: Use Case */ |
|
216
|
|
|
} |
|
217
|
|
|
|
|
218
|
|
|
/** |
|
219
|
|
|
* Test for the addPolicy() method. |
|
220
|
|
|
* |
|
221
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::addPolicy() |
|
222
|
|
|
* @depends eZ\Publish\API\Repository\Tests\RoleServiceTest::testAddPolicy |
|
223
|
|
|
* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testCreateUser |
|
224
|
|
|
*/ |
|
225
|
|
|
public function testAddPolicyThrowsUnauthorizedException() |
|
226
|
|
|
{ |
|
227
|
|
|
$this->expectException(\eZ\Publish\API\Repository\Exceptions\UnauthorizedException::class); |
|
228
|
|
|
|
|
229
|
|
|
$repository = $this->getRepository(); |
|
230
|
|
|
$roleService = $repository->getRoleService(); |
|
231
|
|
|
|
|
232
|
|
|
/* BEGIN: Use Case */ |
|
233
|
|
|
$user = $this->createUserVersion1(); |
|
234
|
|
|
|
|
235
|
|
|
$role = $this->createRole(); |
|
236
|
|
|
|
|
237
|
|
|
// Set "Editor" user as current user. |
|
238
|
|
|
$repository->setCurrentUser($user); |
|
|
|
|
|
|
239
|
|
|
|
|
240
|
|
|
// This call will fail with an "UnauthorizedException" |
|
241
|
|
|
$roleService->addPolicy( |
|
|
|
|
|
|
242
|
|
|
$role, |
|
243
|
|
|
$roleService->newPolicyCreateStruct('content', 'delete') |
|
244
|
|
|
); |
|
245
|
|
|
/* END: Use Case */ |
|
246
|
|
|
} |
|
247
|
|
|
|
|
248
|
|
|
/** |
|
249
|
|
|
* Test for the updatePolicy() method. |
|
250
|
|
|
* |
|
251
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::updatePolicy() |
|
252
|
|
|
* @depends eZ\Publish\API\Repository\Tests\RoleServiceTest::testUpdatePolicy |
|
253
|
|
|
* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testCreateUser |
|
254
|
|
|
*/ |
|
255
|
|
View Code Duplication |
public function testUpdatePolicyThrowsUnauthorizedException() |
|
256
|
|
|
{ |
|
257
|
|
|
$this->expectException(\eZ\Publish\API\Repository\Exceptions\UnauthorizedException::class); |
|
258
|
|
|
|
|
259
|
|
|
$repository = $this->getRepository(); |
|
260
|
|
|
$roleService = $repository->getRoleService(); |
|
261
|
|
|
|
|
262
|
|
|
/* BEGIN: Use Case */ |
|
263
|
|
|
$user = $this->createUserVersion1(); |
|
264
|
|
|
|
|
265
|
|
|
$role = $this->createRole(); |
|
266
|
|
|
|
|
267
|
|
|
// Get first role policy |
|
268
|
|
|
$policies = $role->getPolicies(); |
|
269
|
|
|
$policy = reset($policies); |
|
270
|
|
|
|
|
271
|
|
|
// Set "Editor" user as current user. |
|
272
|
|
|
$repository->setCurrentUser($user); |
|
|
|
|
|
|
273
|
|
|
|
|
274
|
|
|
// Get a policy update struct and add a limitation |
|
275
|
|
|
$policyUpdate = $roleService->newPolicyUpdateStruct(); |
|
276
|
|
|
$policyUpdate->addLimitation( |
|
277
|
|
|
new SubtreeLimitation( |
|
278
|
|
|
[ |
|
279
|
|
|
'limitationValues' => ['/1/'], |
|
280
|
|
|
] |
|
281
|
|
|
) |
|
282
|
|
|
); |
|
283
|
|
|
|
|
284
|
|
|
// This call will fail with an "UnauthorizedException" |
|
285
|
|
|
$roleService->updatePolicy($policy, $policyUpdate); |
|
|
|
|
|
|
286
|
|
|
/* END: Use Case */ |
|
287
|
|
|
} |
|
288
|
|
|
|
|
289
|
|
|
/** |
|
290
|
|
|
* Test for the removePolicy() method. |
|
291
|
|
|
* |
|
292
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::removePolicy() |
|
293
|
|
|
* @depends eZ\Publish\API\Repository\Tests\RoleServiceTest::testRemovePolicyByRoleDraft |
|
294
|
|
|
* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testCreateUser |
|
295
|
|
|
*/ |
|
296
|
|
View Code Duplication |
public function testRemovePolicyThrowsUnauthorizedException() |
|
297
|
|
|
{ |
|
298
|
|
|
$this->expectException(\eZ\Publish\API\Repository\Exceptions\UnauthorizedException::class); |
|
299
|
|
|
|
|
300
|
|
|
$repository = $this->getRepository(); |
|
301
|
|
|
$roleService = $repository->getRoleService(); |
|
302
|
|
|
|
|
303
|
|
|
/* BEGIN: Use Case */ |
|
304
|
|
|
$user = $this->createUserVersion1(); |
|
305
|
|
|
|
|
306
|
|
|
$roleCreate = $roleService->newRoleCreateStruct('newRole'); |
|
307
|
|
|
|
|
308
|
|
|
// @todo uncomment when support for multilingual names and descriptions is added EZP-24776 |
|
309
|
|
|
// $roleCreate->mainLanguageCode = 'eng-US'; |
|
310
|
|
|
|
|
311
|
|
|
// Create a new role with two policies |
|
312
|
|
|
$roleDraft = $roleService->createRole($roleCreate); |
|
313
|
|
|
$roleService->addPolicyByRoleDraft( |
|
314
|
|
|
$roleDraft, |
|
315
|
|
|
$roleService->newPolicyCreateStruct('content', 'create') |
|
316
|
|
|
); |
|
317
|
|
|
$roleDraft = $roleService->addPolicyByRoleDraft( |
|
318
|
|
|
$roleDraft, |
|
319
|
|
|
$roleService->newPolicyCreateStruct('content', 'delete') |
|
320
|
|
|
); |
|
321
|
|
|
|
|
322
|
|
|
// Set "Editor" user as current user. |
|
323
|
|
|
$repository->setCurrentUser($user); |
|
|
|
|
|
|
324
|
|
|
|
|
325
|
|
|
// This call will fail with an "UnauthorizedException" |
|
326
|
|
|
$roleService->removePolicyByRoleDraft($roleDraft, $roleDraft->getPolicies()[0]); |
|
|
|
|
|
|
327
|
|
|
/* END: Use Case */ |
|
328
|
|
|
} |
|
329
|
|
|
|
|
330
|
|
|
/** |
|
331
|
|
|
* Test for the deletePolicy() method. |
|
332
|
|
|
* |
|
333
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::deletePolicy() |
|
334
|
|
|
* @depends eZ\Publish\API\Repository\Tests\RoleServiceTest::testDeletePolicy |
|
335
|
|
|
* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testCreateUser |
|
336
|
|
|
*/ |
|
337
|
|
|
public function testDeletePolicyThrowsUnauthorizedException() |
|
338
|
|
|
{ |
|
339
|
|
|
$this->expectException(\eZ\Publish\API\Repository\Exceptions\UnauthorizedException::class); |
|
340
|
|
|
|
|
341
|
|
|
$repository = $this->getRepository(); |
|
342
|
|
|
$roleService = $repository->getRoleService(); |
|
343
|
|
|
|
|
344
|
|
|
/* BEGIN: Use Case */ |
|
345
|
|
|
$user = $this->createUserVersion1(); |
|
346
|
|
|
|
|
347
|
|
|
$role = $this->createRole(); |
|
348
|
|
|
|
|
349
|
|
|
// Get first role policy |
|
350
|
|
|
$policies = $role->getPolicies(); |
|
351
|
|
|
$policy = reset($policies); |
|
352
|
|
|
|
|
353
|
|
|
// Set "Editor" user as current user. |
|
354
|
|
|
$repository->setCurrentUser($user); |
|
|
|
|
|
|
355
|
|
|
|
|
356
|
|
|
// This call will fail with an "UnauthorizedException" |
|
357
|
|
|
$roleService->deletePolicy($policy); |
|
|
|
|
|
|
358
|
|
|
/* END: Use Case */ |
|
359
|
|
|
} |
|
360
|
|
|
|
|
361
|
|
|
/** |
|
362
|
|
|
* Test for the assignRoleToUserGroup() method. |
|
363
|
|
|
* |
|
364
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::assignRoleToUserGroup() |
|
365
|
|
|
* @depends eZ\Publish\API\Repository\Tests\RoleServiceTest::testAssignRoleToUserGroup |
|
366
|
|
|
* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testCreateUser |
|
367
|
|
|
*/ |
|
368
|
|
|
public function testAssignRoleToUserGroupThrowsUnauthorizedException() |
|
369
|
|
|
{ |
|
370
|
|
|
$this->expectException(\eZ\Publish\API\Repository\Exceptions\UnauthorizedException::class); |
|
371
|
|
|
|
|
372
|
|
|
$repository = $this->getRepository(); |
|
373
|
|
|
$userService = $repository->getUserService(); |
|
374
|
|
|
$roleService = $repository->getRoleService(); |
|
375
|
|
|
|
|
376
|
|
|
$editorsGroupId = $this->generateId('group', 13); |
|
377
|
|
|
|
|
378
|
|
|
/* BEGIN: Use Case */ |
|
379
|
|
|
$user = $this->createUserVersion1(); |
|
380
|
|
|
|
|
381
|
|
|
$role = $this->createRole(); |
|
382
|
|
|
|
|
383
|
|
|
// Load the "Editors" user group |
|
384
|
|
|
$userGroup = $userService->loadUserGroup($editorsGroupId); |
|
385
|
|
|
|
|
386
|
|
|
// Set "Editor" user as current user. |
|
387
|
|
|
$repository->setCurrentUser($user); |
|
|
|
|
|
|
388
|
|
|
|
|
389
|
|
|
// This call will fail with an "UnauthorizedException" |
|
390
|
|
|
$roleService->assignRoleToUserGroup($role, $userGroup); |
|
391
|
|
|
/* END: Use Case */ |
|
392
|
|
|
} |
|
393
|
|
|
|
|
394
|
|
|
/** |
|
395
|
|
|
* Test for the assignRoleToUserGroup() method. |
|
396
|
|
|
* |
|
397
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::assignRoleToUserGroup($role, $userGroup, $roleLimitation) |
|
398
|
|
|
* @depends eZ\Publish\API\Repository\Tests\RoleServiceTest::testAssignRoleToUserGroup |
|
399
|
|
|
* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testCreateUser |
|
400
|
|
|
*/ |
|
401
|
|
View Code Duplication |
public function testAssignRoleToUserGroupThrowsUnauthorizedExceptionWithRoleLimitationParameter() |
|
402
|
|
|
{ |
|
403
|
|
|
$this->expectException(\eZ\Publish\API\Repository\Exceptions\UnauthorizedException::class); |
|
404
|
|
|
|
|
405
|
|
|
$repository = $this->getRepository(); |
|
406
|
|
|
$userService = $repository->getUserService(); |
|
407
|
|
|
$roleService = $repository->getRoleService(); |
|
408
|
|
|
|
|
409
|
|
|
$editorsGroupId = $this->generateId('group', 13); |
|
410
|
|
|
|
|
411
|
|
|
/* BEGIN: Use Case */ |
|
412
|
|
|
$user = $this->createUserVersion1(); |
|
413
|
|
|
|
|
414
|
|
|
$role = $this->createRole(); |
|
415
|
|
|
|
|
416
|
|
|
// Load the "Editors" user group |
|
417
|
|
|
$userGroup = $userService->loadUserGroup($editorsGroupId); |
|
418
|
|
|
|
|
419
|
|
|
// Set "Editor" user as current user. |
|
420
|
|
|
$repository->setCurrentUser($user); |
|
|
|
|
|
|
421
|
|
|
|
|
422
|
|
|
// Create a subtree role limitation |
|
423
|
|
|
$limitation = new SubtreeLimitation( |
|
424
|
|
|
[ |
|
425
|
|
|
'limitationValues' => ['/1/2/'], |
|
426
|
|
|
] |
|
427
|
|
|
); |
|
428
|
|
|
|
|
429
|
|
|
// This call will fail with an "UnauthorizedException" |
|
430
|
|
|
$roleService->assignRoleToUserGroup($role, $userGroup, $limitation); |
|
431
|
|
|
/* END: Use Case */ |
|
432
|
|
|
} |
|
433
|
|
|
|
|
434
|
|
|
/** |
|
435
|
|
|
* Test for the unassignRoleFromUserGroup() method. |
|
436
|
|
|
* |
|
437
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::unassignRoleFromUserGroup() |
|
438
|
|
|
* @depends eZ\Publish\API\Repository\Tests\RoleServiceTest::testUnassignRoleFromUserGroup |
|
439
|
|
|
* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testCreateUser |
|
440
|
|
|
*/ |
|
441
|
|
|
public function testUnassignRoleFromUserGroupThrowsUnauthorizedException() |
|
442
|
|
|
{ |
|
443
|
|
|
$this->expectException(\eZ\Publish\API\Repository\Exceptions\UnauthorizedException::class); |
|
444
|
|
|
|
|
445
|
|
|
$repository = $this->getRepository(); |
|
446
|
|
|
$userService = $repository->getUserService(); |
|
447
|
|
|
$roleService = $repository->getRoleService(); |
|
448
|
|
|
|
|
449
|
|
|
$editorsGroupId = $this->generateId('group', 13); |
|
450
|
|
|
|
|
451
|
|
|
/* BEGIN: Use Case */ |
|
452
|
|
|
$user = $this->createUserVersion1(); |
|
453
|
|
|
|
|
454
|
|
|
$role = $this->createRole(); |
|
455
|
|
|
|
|
456
|
|
|
// Load the "Editors" user group |
|
457
|
|
|
$userGroup = $userService->loadUserGroup($editorsGroupId); |
|
458
|
|
|
|
|
459
|
|
|
// Assign new role to "Editors" user group |
|
460
|
|
|
$roleService->assignRoleToUserGroup($role, $userGroup); |
|
461
|
|
|
|
|
462
|
|
|
// Set "Editor" user as current user. |
|
463
|
|
|
$repository->setCurrentUser($user); |
|
|
|
|
|
|
464
|
|
|
|
|
465
|
|
|
// This call will fail with an "UnauthorizedException" |
|
466
|
|
|
$roleService->unassignRoleFromUserGroup($role, $userGroup); |
|
|
|
|
|
|
467
|
|
|
/* END: Use Case */ |
|
468
|
|
|
} |
|
469
|
|
|
|
|
470
|
|
|
/** |
|
471
|
|
|
* Test for the assignRoleToUser() method. |
|
472
|
|
|
* |
|
473
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::assignRoleToUser() |
|
474
|
|
|
* @depends eZ\Publish\API\Repository\Tests\RoleServiceTest::testAssignRoleToUser |
|
475
|
|
|
* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testCreateUser |
|
476
|
|
|
*/ |
|
477
|
|
|
public function testAssignRoleToUserThrowsUnauthorizedException() |
|
478
|
|
|
{ |
|
479
|
|
|
$this->expectException(\eZ\Publish\API\Repository\Exceptions\UnauthorizedException::class); |
|
480
|
|
|
|
|
481
|
|
|
$repository = $this->getRepository(); |
|
482
|
|
|
$roleService = $repository->getRoleService(); |
|
483
|
|
|
|
|
484
|
|
|
/* BEGIN: Use Case */ |
|
485
|
|
|
$user = $this->createUserVersion1(); |
|
486
|
|
|
|
|
487
|
|
|
$role = $this->createRole(); |
|
488
|
|
|
|
|
489
|
|
|
// Set "Editor" user as current user. |
|
490
|
|
|
$repository->setCurrentUser($user); |
|
|
|
|
|
|
491
|
|
|
|
|
492
|
|
|
// This call will fail with an "UnauthorizedException" |
|
493
|
|
|
$roleService->assignRoleToUser($role, $user); |
|
494
|
|
|
/* END: Use Case */ |
|
495
|
|
|
} |
|
496
|
|
|
|
|
497
|
|
|
/** |
|
498
|
|
|
* Test for the assignRoleToUser() method. |
|
499
|
|
|
* |
|
500
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::assignRoleToUser($role, $user, $roleLimitation) |
|
501
|
|
|
* @depends eZ\Publish\API\Repository\Tests\RoleServiceTest::testAssignRoleToUser |
|
502
|
|
|
* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testCreateUser |
|
503
|
|
|
*/ |
|
504
|
|
|
public function testAssignRoleToUserThrowsUnauthorizedExceptionWithRoleLimitationParameter() |
|
505
|
|
|
{ |
|
506
|
|
|
$this->expectException(\eZ\Publish\API\Repository\Exceptions\UnauthorizedException::class); |
|
507
|
|
|
|
|
508
|
|
|
$repository = $this->getRepository(); |
|
509
|
|
|
$roleService = $repository->getRoleService(); |
|
510
|
|
|
|
|
511
|
|
|
/* BEGIN: Use Case */ |
|
512
|
|
|
$user = $this->createUserVersion1(); |
|
513
|
|
|
|
|
514
|
|
|
$role = $this->createRole(); |
|
515
|
|
|
|
|
516
|
|
|
// Set "Editor" user as current user. |
|
517
|
|
|
$repository->setCurrentUser($user); |
|
|
|
|
|
|
518
|
|
|
|
|
519
|
|
|
// Create a subtree role limitation |
|
520
|
|
|
$limitation = new SubtreeLimitation( |
|
521
|
|
|
[ |
|
522
|
|
|
'limitationValues' => ['/1/2/'], |
|
523
|
|
|
] |
|
524
|
|
|
); |
|
525
|
|
|
|
|
526
|
|
|
// This call will fail with an "UnauthorizedException" |
|
527
|
|
|
$roleService->assignRoleToUser($role, $user, $limitation); |
|
528
|
|
|
/* END: Use Case */ |
|
529
|
|
|
} |
|
530
|
|
|
|
|
531
|
|
|
/** |
|
532
|
|
|
* Test for the unassignRoleFromUser() method. |
|
533
|
|
|
* |
|
534
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::unassignRoleFromUser() |
|
535
|
|
|
* @depends eZ\Publish\API\Repository\Tests\RoleServiceTest::testUnassignRoleFromUser |
|
536
|
|
|
* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testCreateUser |
|
537
|
|
|
*/ |
|
538
|
|
View Code Duplication |
public function testUnassignRoleFromUserThrowsUnauthorizedException() |
|
539
|
|
|
{ |
|
540
|
|
|
$this->expectException(\eZ\Publish\API\Repository\Exceptions\UnauthorizedException::class); |
|
541
|
|
|
|
|
542
|
|
|
$repository = $this->getRepository(); |
|
543
|
|
|
$roleService = $repository->getRoleService(); |
|
544
|
|
|
|
|
545
|
|
|
/* BEGIN: Use Case */ |
|
546
|
|
|
$user = $this->createUserVersion1(); |
|
547
|
|
|
|
|
548
|
|
|
$role = $this->createRole(); |
|
549
|
|
|
|
|
550
|
|
|
// Assign new role to "Editor" user |
|
551
|
|
|
$roleService->assignRoleToUser($role, $user); |
|
552
|
|
|
|
|
553
|
|
|
// Set "Editor" user as current user. |
|
554
|
|
|
$repository->setCurrentUser($user); |
|
|
|
|
|
|
555
|
|
|
|
|
556
|
|
|
// This call will fail with an "UnauthorizedException" |
|
557
|
|
|
$roleService->unassignRoleFromUser($role, $user); |
|
|
|
|
|
|
558
|
|
|
/* END: Use Case */ |
|
559
|
|
|
} |
|
560
|
|
|
|
|
561
|
|
|
/** |
|
562
|
|
|
* Test for the getRoleAssignments() method. |
|
563
|
|
|
* |
|
564
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::getRoleAssignments() |
|
565
|
|
|
* @depends eZ\Publish\API\Repository\Tests\RoleServiceTest::testGetRoleAssignments |
|
566
|
|
|
* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testCreateUser |
|
567
|
|
|
*/ |
|
568
|
|
|
public function testGetRoleAssignmentsThrowsUnauthorizedException() |
|
569
|
|
|
{ |
|
570
|
|
|
$this->expectException(\eZ\Publish\API\Repository\Exceptions\UnauthorizedException::class); |
|
571
|
|
|
|
|
572
|
|
|
$repository = $this->getRepository(); |
|
573
|
|
|
$roleService = $repository->getRoleService(); |
|
574
|
|
|
|
|
575
|
|
|
/* BEGIN: Use Case */ |
|
576
|
|
|
$user = $this->createUserVersion1(); |
|
577
|
|
|
|
|
578
|
|
|
$role = $this->createRole(); |
|
579
|
|
|
|
|
580
|
|
|
// Set "Editor" user as current user. |
|
581
|
|
|
$repository->setCurrentUser($user); |
|
|
|
|
|
|
582
|
|
|
|
|
583
|
|
|
// This call will fail with an "UnauthorizedException" |
|
584
|
|
|
$roleService->getRoleAssignments($role); |
|
585
|
|
|
/* END: Use Case */ |
|
586
|
|
|
} |
|
587
|
|
|
|
|
588
|
|
|
/** |
|
589
|
|
|
* Test for the getRoleAssignmentsForUser() method. |
|
590
|
|
|
* |
|
591
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::getRoleAssignmentsForUser() |
|
592
|
|
|
*/ |
|
593
|
|
|
public function testGetRoleAssignmentsForUserLoadsEmptyListForAnonymousUser() |
|
594
|
|
|
{ |
|
595
|
|
|
$repository = $this->getRepository(); |
|
596
|
|
|
$roleService = $repository->getRoleService(); |
|
597
|
|
|
|
|
598
|
|
|
/* BEGIN: Use Case */ |
|
599
|
|
|
$user = $this->createUserVersion1(); |
|
600
|
|
|
|
|
601
|
|
|
$this->createRole(); |
|
602
|
|
|
|
|
603
|
|
|
// Set "Editor" user as current user. |
|
604
|
|
|
$repository->getPermissionResolver()->setCurrentUserReference($user); |
|
605
|
|
|
/* END: Use Case */ |
|
606
|
|
|
|
|
607
|
|
|
$this->assertSame([], $roleService->getRoleAssignmentsForUser($user)); |
|
608
|
|
|
} |
|
609
|
|
|
|
|
610
|
|
|
/** |
|
611
|
|
|
* Test for the getRoleAssignmentsForUser() method. |
|
612
|
|
|
* |
|
613
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::getRoleAssignmentsForUser() |
|
614
|
|
|
*/ |
|
615
|
|
|
public function testGetRoleAssignmentsForUserWithSubtreeLimitation() |
|
616
|
|
|
{ |
|
617
|
|
|
$repository = $this->getRepository(); |
|
618
|
|
|
$roleService = $repository->getRoleService(); |
|
619
|
|
|
|
|
620
|
|
|
/* BEGIN: Use Case */ |
|
621
|
|
|
$user = $this->createUserWithPolicies( |
|
622
|
|
|
'trash_test_user', |
|
623
|
|
|
[ |
|
624
|
|
|
['module' => 'role', 'function' => 'read'], |
|
625
|
|
|
], |
|
626
|
|
|
new SubtreeLimitation(['limitationValues' => ['/1/2/']]) |
|
627
|
|
|
); |
|
628
|
|
|
|
|
629
|
|
|
$repository->getPermissionResolver()->setCurrentUserReference($user); |
|
630
|
|
|
/* END: Use Case */ |
|
631
|
|
|
|
|
632
|
|
|
$roleAssignments = $roleService->getRoleAssignmentsForUser($user); |
|
633
|
|
|
$this->assertCount(1, $roleAssignments); |
|
634
|
|
|
|
|
635
|
|
|
$roleAssignment = $roleAssignments[0]; |
|
636
|
|
|
$this->assertSame($user, $roleAssignment->user); |
|
637
|
|
|
} |
|
638
|
|
|
|
|
639
|
|
|
/** |
|
640
|
|
|
* Test for the getRoleAssignmentsForUserGroup() method. |
|
641
|
|
|
* |
|
642
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::getRoleAssignmentsForUserGroup() |
|
643
|
|
|
* @depends eZ\Publish\API\Repository\Tests\RoleServiceTest::testGetRoleAssignmentsForUserGroup |
|
644
|
|
|
* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testCreateUser |
|
645
|
|
|
*/ |
|
646
|
|
|
public function testGetRoleAssignmentsForUserGroupThrowsUnauthorizedException() |
|
647
|
|
|
{ |
|
648
|
|
|
$this->expectException(\eZ\Publish\API\Repository\Exceptions\UnauthorizedException::class); |
|
649
|
|
|
|
|
650
|
|
|
$repository = $this->getRepository(); |
|
651
|
|
|
$roleService = $repository->getRoleService(); |
|
652
|
|
|
$userService = $repository->getUserService(); |
|
653
|
|
|
|
|
654
|
|
|
$editorsGroupId = $this->generateId('group', 13); |
|
655
|
|
|
|
|
656
|
|
|
/* BEGIN: Use Case */ |
|
657
|
|
|
$user = $this->createUserVersion1(); |
|
658
|
|
|
|
|
659
|
|
|
$this->createRole(); |
|
660
|
|
|
|
|
661
|
|
|
// Load the "Editors" user group |
|
662
|
|
|
$userGroup = $userService->loadUserGroup($editorsGroupId); |
|
663
|
|
|
|
|
664
|
|
|
// Set "Editor" user as current user. |
|
665
|
|
|
$repository->setCurrentUser($user); |
|
|
|
|
|
|
666
|
|
|
|
|
667
|
|
|
// This call will fail with an "UnauthorizedException" |
|
668
|
|
|
$roleService->getRoleAssignmentsForUserGroup($userGroup); |
|
669
|
|
|
/* END: Use Case */ |
|
670
|
|
|
} |
|
671
|
|
|
|
|
672
|
|
|
/** |
|
673
|
|
|
* Create a role fixture in a variable named <b>$role</b>,. |
|
674
|
|
|
* |
|
675
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\Role |
|
676
|
|
|
*/ |
|
677
|
|
View Code Duplication |
private function createRole() |
|
678
|
|
|
{ |
|
679
|
|
|
$repository = $this->getRepository(); |
|
680
|
|
|
|
|
681
|
|
|
/* BEGIN: Inline */ |
|
682
|
|
|
// Get the role service |
|
683
|
|
|
$roleService = $repository->getRoleService(); |
|
684
|
|
|
|
|
685
|
|
|
// Get new policy create struct |
|
686
|
|
|
$policyCreate = $roleService->newPolicyCreateStruct('content', '*'); |
|
687
|
|
|
|
|
688
|
|
|
// Get a role create struct instance and set properties |
|
689
|
|
|
$roleCreate = $roleService->newRoleCreateStruct('testRole'); |
|
690
|
|
|
|
|
691
|
|
|
// @todo uncomment when support for multilingual names and descriptions is added EZP-24776 |
|
692
|
|
|
// $roleCreate->mainLanguageCode = 'eng-GB'; |
|
693
|
|
|
|
|
694
|
|
|
$roleCreate->addPolicy($policyCreate); |
|
695
|
|
|
|
|
696
|
|
|
// Create a new role instance. |
|
697
|
|
|
$roleDraft = $roleService->createRole($roleCreate); |
|
698
|
|
|
$roleService->publishRoleDraft($roleDraft); |
|
699
|
|
|
$role = $roleService->loadRole($roleDraft->id); |
|
700
|
|
|
/* END: Inline */ |
|
701
|
|
|
|
|
702
|
|
|
return $role; |
|
703
|
|
|
} |
|
704
|
|
|
} |
|
705
|
|
|
|
ezsystems /
ezpublish-kernel
Loading history...
This method has been deprecated. The supplier of the class has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead.