Completed
Push — master ( bce7a2...475e7a )
by Andrii
05:49
created

CheckAccessTrait::testJuniorManager()   A

Complexity

Conditions 1
Paths 1

Size

Total Lines 8
Code Lines 6

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
cc 1
eloc 6
nc 1
nop 0
dl 0
loc 8
rs 10
c 0
b 0
f 0
1
<?php
2
/**
3
 * RBAC implementation for HiPanel
4
 *
5
 * @link      https://github.com/hiqdev/hipanel-rbac
6
 * @package   hipanel-rbac
7
 * @license   BSD-3-Clause
8
 * @copyright Copyright (c) 2016-2018, HiQDev (http://hiqdev.com/)
9
 */
10
11
namespace hipanel\rbac\tests\unit;
12
13
trait CheckAccessTrait
14
{
15
    public function setAssignments()
16
    {
17
        foreach ($this->auth->getAllItems() as $item) {
18
            $this->auth->setAssignment($item->name, $item->name);
19
        }
20
    }
21
22
    public function testPermission()
23
    {
24
        foreach ($this->auth->getPermissions() as $user) {
25
            foreach ($this->auth->getPermissions() as $perm) {
26
                $this->assertSame($user->name === $perm->name, $this->auth->checkAccess($user->name, $perm->name));
0 ignored issues
show
Bug introduced by Andrii Vasyliev
It seems like assertSame() must be provided by classes using this trait. How about adding it as abstract method to this trait? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-call  annotation

26
                $this->/** @scrutinizer ignore-call */ 
27
                       assertSame($user->name === $perm->name, $this->auth->checkAccess($user->name, $perm->name));
Loading history...
27
            }
28
        }
29
    }
30
31
    public function assertAccesses($userId, array $allowedPermissions)
32
    {
33
        $allPermissions = array_keys($this->auth->getPermissions());
34
        foreach ($allPermissions as $key => $permission) {
35
            if (strncmp('deny:', $permission, 5) === 0) {
36
                unset($allPermissions[$key]);
37
            }
38
        }
39
        $deniedPermissions = array_diff($allPermissions, $allowedPermissions);
40
41
        $this->assertAccess($userId, true, $allowedPermissions);
42
        $this->assertAccess($userId, false, $deniedPermissions);
43
    }
44
45
    public function assertAccess($userId, $isAllowed, array $permissions)
46
    {
47
        foreach ($permissions as $permission) {
48
            $checked = $this->auth->checkAccess($userId, $permission);
49
            if ($checked !== $isAllowed) {
50
                var_dump(compact('userId', 'isAllowed', 'permission'));
0 ignored issues
show
Security Debugging Code introduced by Andrii Vasyliev
var_dump(compact('userId...llowed', 'permission')) looks like debug code. Are you sure you do not want to remove it?
Loading history...
51
            }
52
            $this->assertSame($isAllowed, $checked);
53
        }
54
    }
55
56
    public function testNobody()
57
    {
58
        $this->assertAccesses('role:nobody', [
59
            'nothing',
60
        ]);
61
    }
62
63
    public function testUnauthorized()
64
    {
65
        $this->assertAccesses('', [
66
            'restore-password', 'deposit',
67
        ]);
68
    }
69
70
    public function testClient()
71
    {
72
        $this->assertAccesses('role:client', [
73
            'restore-password', 'deposit', 'have-goods',
74
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close',
75
            'domain.read', 'domain.update', 'domain.pay', 'domain.push',
76
            'dns.create', 'dns.read', 'dns.update', 'dns.delete',
77
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.pay', 'certificate.push',
78
            'document.read', 'document.create', 'document.invoice',
79
            'contact.read', 'contact.create', 'contact.update', 'contact.delete',
80
            'server.read', 'server.pay', 'server.control-power', 'server.control-system', 'server.set-note',
81
            'account.read', 'account.create', 'account.update', 'account.delete',
82
            'bill.read', 'plan.read', 'finance.read', 'price.read',
83
            'backup.read', 'backup.delete',
84
            'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete',
85
            'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete',
86
            'db.read', 'db.create', 'db.update', 'db.delete',
87
            'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete',
88
            'mail.read', 'mail.create', 'mail.update', 'mail.delete',
89
            'request.read', 'request.create', 'request.update', 'request.delete',
90
            'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete',
91
            'ip.read', 'service.read',
92
        ]);
93
    }
94
95
    public function testSupport()
96
    {
97
        $this->assertAccesses('role:support', [
98
            'access-subclients', 'support',
99
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
100
            'client.read', 'client.force-read',
101
            'domain.read', 'domain.update',
102
            'dns.create', 'dns.read', 'dns.update', 'dns.delete',
103
            'certificate.read', 'certificate.create', 'certificate.update',
104
            'contact.read', 'contact.create', 'contact.update', 'contact.delete',
105
            'server.read', 'server.control-power', 'server.control-system', 'server.set-note',
106
            'account.read', 'account.create', 'account.update', 'account.delete',
107
            'backup.read', 'backup.delete',
108
            'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete',
109
            'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete',
110
            'db.read', 'db.create', 'db.update', 'db.delete',
111
            'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete',
112
            'mail.read', 'mail.create', 'mail.update', 'mail.delete',
113
            'request.read', 'request.create', 'request.update', 'request.delete',
114
            'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete',
115
            'ip.read', 'service.read',
116
            'plan.read', 'finance.read', 'price.read',
117
        ]);
118
    }
119
120
    public function testAdmin()
121
    {
122
        $this->assertAccesses('role:admin', [
123
            'access-subclients', 'support', 'admin',
124
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
125
            'client.read', 'client.force-read',
126
            'domain.read', 'domain.update',
127
            'dns.create', 'dns.read', 'dns.update', 'dns.delete',
128
            'certificate.read', 'certificate.create', 'certificate.update',
129
            'contact.read', 'contact.create', 'contact.update', 'contact.delete',
130
            'server.read', 'server.create', 'server.update', 'server.delete', 'server.control-power', 'server.control-system', 'server.wizzard', 'server.set-label', 'server.set-note',
131
            'hub.read', 'hub.create', 'hub.update', 'hub.delete',
132
            'consumption.read',
133
            'stock.read',
134
            'part.read', 'part.create', 'part.update', 'part.delete',
135
            'move.read', 'move.create', 'move.update', 'move.delete',
136
            'model.read', 'model.create', 'model.update', 'model.delete',
137
            'account.read', 'account.create', 'account.update', 'account.delete',
138
            'backup.read', 'backup.delete',
139
            'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete',
140
            'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete',
141
            'db.read', 'db.create', 'db.update', 'db.delete',
142
            'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete',
143
            'mail.read', 'mail.create', 'mail.update', 'mail.delete',
144
            'request.read', 'request.create', 'request.update', 'request.delete',
145
            'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete',
146
            'ip.read', 'ip.create', 'ip.update', 'ip.delete',
147
            'service.read', 'service.create', 'service.update', 'service.delete',
148
            'plan.read', 'finance.read', 'price.read',
149
        ]);
150
    }
151
152
    public function testManager()
153
    {
154
        $this->assertAccesses('role:manager', [
155
            'access-subclients', 'support', 'manage',
156
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
157
            'client.read', 'client.create', 'client.update', 'client.delete', 'client.force-read',
158
            'bill.read',
159
            'sale.read', 'sale.delete',
160
            'plan.read', 'plan.create', 'plan.update', 'plan.delete', 'plan.force-read',
161
            'price.read', 'price.create', 'price.update', 'price.delete',
162
            'domain.read', 'domain.update', 'domain.delete',
163
            'domain.pay', 'domain.push',
164
            'dns.create', 'dns.read', 'dns.update', 'dns.delete',
165
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push',
166
            'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify',
167
            'server.read', 'server.pay', 'server.sell', 'server.control-power', 'server.control-system', 'server.enable-block', 'server.disable-block', 'server.set-label', 'server.set-note',
168
            'hub.sell', 'hub.read',
169
            'consumption.read', 'consumption.delete',
170
            'document.read', 'document.create', 'document.update', 'document.delete',
171
            'document.generate', 'document.acceptance', 'document.invoice',
172
            'mailing.prepare', 'mailing.send',
173
            'stock.read',
174
            'part.read', 'part.create', 'part.update', 'part.delete',
175
            'move.read', 'move.create', 'move.update', 'move.delete',
176
            'model.read', 'model.create', 'model.update', 'model.delete',
177
            'account.read', 'account.create', 'account.update', 'account.delete',
178
            'bill.read', 'plan.read', 'finance.read',
179
            'backup.read', 'backup.delete',
180
            'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete',
181
            'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete',
182
            'db.read', 'db.create', 'db.update', 'db.delete',
183
            'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete',
184
            'mail.read', 'mail.create', 'mail.update', 'mail.delete',
185
            'request.read', 'request.create', 'request.update', 'request.delete',
186
            'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete',
187
            'ip.read', 'service.read',
188
        ]);
189
    }
190
191
    public function testReseller()
192
    {
193
        $this->assertAccesses('role:reseller', [
194
            'deposit', 'have-goods',
195
            'access-subclients', 'support', 'manage', 'resell',
196
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
197
            'client.read', 'client.create', 'client.update', 'client.delete', 'client.force-read',
198
            'bill.read', 'bill.create', 'bill.update', 'bill.delete',
199
            'plan.read', 'plan.create', 'plan.update', 'plan.delete', 'plan.force-read',
200
            'price.read', 'price.create', 'price.update', 'price.delete',
201
            'sale.read', 'sale.delete',
202
            'domain.read', 'domain.update', 'domain.delete', 'domain.pay', 'domain.push',
203
            'dns.create', 'dns.read', 'dns.update', 'dns.delete',
204
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push',
205
            'server.read', 'server.pay', 'server.sell', 'server.control-power', 'server.control-system', 'server.enable-block', 'server.disable-block', 'server.set-label', 'server.set-note',
206
            'hub.sell', 'hub.read',
207
            'consumption.read', 'consumption.delete',
208
            'document.read', 'document.create', 'document.update', 'document.delete',
209
            'document.generate', 'document.acceptance', 'document.invoice',
210
            'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify',
211
            'mailing.prepare', 'mailing.send',
212
            'stock.read',
213
            'part.read', 'part.create', 'part.update', 'part.delete',
214
            'move.read', 'move.create', 'move.update', 'move.delete',
215
            'model.read', 'model.create', 'model.update', 'model.delete',
216
            'account.read', 'account.create', 'account.update', 'account.delete',
217
            'bill.read', 'plan.read', 'finance.read',
218
            'backup.read', 'backup.delete',
219
            'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete',
220
            'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete',
221
            'db.read', 'db.create', 'db.update', 'db.delete',
222
            'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete',
223
            'mail.read', 'mail.create', 'mail.update', 'mail.delete',
224
            'request.read', 'request.create', 'request.update', 'request.delete',
225
            'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete',
226
            'ip.read', 'service.read',
227
        ]);
228
    }
229
230
    public function testEmployee()
231
    {
232
        $this->assertAccesses('role:employee', [
233
            'restore-password', 'deposit',
234
            'contact.read', 'contact.create', 'contact.update', 'contact.delete',
235
            'document.read', 'document.create', 'document.acceptance',
236
            'bill.read', 'employee.read', 'finance.read',
237
        ]);
238
    }
239
240
    public function testMighty()
241
    {
242
        $this->auth->setAssignments('role:admin,role:manager,role:document.master,role:finance.master,role:stock.master,domain.freeze,domain.force-push,domain.delete,employee.read,domain.force-send-foa,deny:deposit', 'user:mighty');
243
244
        $this->assertAccesses('user:mighty', [
245
            'access-subclients', 'support', 'manage', 'admin',
246
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
247
            'client.read', 'client.create', 'client.update', 'client.delete', 'client.force-read',
248
            'bill.read', 'bill.create', 'bill.update', 'bill.delete',
249
            'plan.read', 'plan.create', 'plan.update', 'plan.delete', 'plan.force-read',
250
            'price.read', 'price.create', 'price.update', 'price.delete',
251
            'sale.read', 'sale.delete',
252
            'domain.freeze',
253
            'domain.read', 'domain.update', 'domain.delete',
254
            'domain.pay', 'domain.push', 'domain.force-push', 'domain.force-send-foa',
255
            'dns.create', 'dns.read', 'dns.update', 'dns.delete',
256
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push',
257
            'server.read', 'server.create', 'server.update', 'server.delete', 'server.pay', 'server.sell', 'server.control-power', 'server.control-system', 'server.wizzard',
258
            'server.enable-block', 'server.disable-block', 'server.set-label', 'server.set-note',
259
            'hub.sell',
260
            'hub.read', 'hub.create', 'hub.update', 'hub.delete',
261
            'consumption.read', 'consumption.delete',
262
            'document.read', 'document.create', 'document.update', 'document.delete',
263
            'document.generate', 'document.generate-all',
264
            'document.acceptance', 'document.invoice',
265
            'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify',
266
            'mailing.prepare', 'mailing.send',
267
            'stock.read',
268
            'part.read', 'part.create', 'part.update', 'part.delete',
269
            'move.read', 'move.create', 'move.update', 'move.delete', 'move.read-all',
270
            'model.read', 'model.create', 'model.update', 'model.delete',
271
            'employee.read',
272
            'account.read', 'account.create', 'account.update', 'account.delete',
273
            'bill.read', 'plan.read', 'finance.read',
274
            'backup.read', 'backup.delete',
275
            'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete',
276
            'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete',
277
            'db.read', 'db.create', 'db.update', 'db.delete',
278
            'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete',
279
            'mail.read', 'mail.create', 'mail.update', 'mail.delete',
280
            'request.read', 'request.create', 'request.update', 'request.delete',
281
            'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete',
282
            'ip.read', 'ip.create', 'ip.update', 'ip.delete',
283
            'service.read', 'service.create', 'service.update', 'service.delete',
284
        ]);
285
    }
286
287
    public function testLimited()
288
    {
289
        $this->auth->setAssignments('role:client,deny:deposit,deny:domain.push,deny:server.pay,deny:server.read,deny:server.control-power,deny:server.control-system,deny:server.set-note,deny:ip.read,deny:service.read', 'user:limited');
290
291
        $this->assertAccesses('user:limited', [
292
            'have-goods',
293
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close',
294
            'domain.read', 'domain.update', 'domain.pay',
295
            'dns.create', 'dns.read', 'dns.update', 'dns.delete',
296
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.pay', 'certificate.push',
297
            'document.read', 'document.create', 'document.invoice',
298
            'contact.read', 'contact.create', 'contact.update', 'contact.delete',
299
            'account.read', 'account.create', 'account.update', 'account.delete',
300
            'restore-password', 'bill.read', 'plan.read', 'finance.read', 'price.read',
301
            'backup.read', 'backup.delete',
302
            'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete',
303
            'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete',
304
            'db.read', 'db.create', 'db.update', 'db.delete',
305
            'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete',
306
            'mail.read', 'mail.create', 'mail.update', 'mail.delete',
307
            'request.read', 'request.create', 'request.update', 'request.delete',
308
            'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete',
309
        ]);
310
    }
311
312
    public function testJuniorManager()
313
    {
314
        $this->assertAccesses('role:junior-manager', [
315
            'access-subclients', 'access-reseller',
316
            'client.read', 'server.read', 'consumption.read',
317
            'plan.force-read', 'plan.read', 'document.read', 'finance.read',
318
            'stock.read', 'part.read', 'move.read', 'model.read',
319
            'hub.read',
320
        ]);
321
322
    }
323
324
    public function testBetaTester()
325
    {
326
        $this->auth->setAssignments('role:beta-tester', 'user:beta-tester');
327
328
        $this->assertAccesses('user:beta-tester', [
329
            'test.beta',
330
        ]);
331
    }
332
333
    public function testAlphaTester()
334
    {
335
        $this->auth->setAssignments('role:alpha-tester', 'user:alpha-tester');
336
337
        $this->assertAccesses('user:alpha-tester', [
338
            'test.alpha', 'test.beta',
339
        ]);
340
    }
341
}
342