Completed
Push — master ( ae35a3...93d6fb )
by Dmitry
11s
created

CheckAccessTrait::testSuperPowers()   A

Complexity

Conditions 1
Paths 1

Size

Total Lines 4
Code Lines 2

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
cc 1
eloc 2
nc 1
nop 0
dl 0
loc 4
rs 10
c 0
b 0
f 0
1
<?php
2
/**
3
 * RBAC implementation for HiPanel
4
 *
5
 * @link      https://github.com/hiqdev/hipanel-rbac
6
 * @package   hipanel-rbac
7
 * @license   BSD-3-Clause
8
 * @copyright Copyright (c) 2016-2018, HiQDev (http://hiqdev.com/)
9
 */
10
11
namespace hipanel\rbac\tests\unit;
12
13
trait CheckAccessTrait
14
{
15
    public function setAssignments()
16
    {
17
        foreach ($this->auth->getAllItems() as $item) {
18
            $this->auth->setAssignment($item->name, $item->name);
19
        }
20
    }
21
22
    public function testPermission()
23
    {
24
        foreach ($this->auth->getPermissions() as $user) {
25
            foreach ($this->auth->getPermissions() as $perm) {
26
                $this->assertSame($user->name === $perm->name, $this->auth->checkAccess($user->name, $perm->name));
0 ignored issues
show
Bug introduced by Andrii Vasyliev
It seems like assertSame() must be provided by classes using this trait. How about adding it as abstract method to this trait? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-call  annotation

26
                $this->/** @scrutinizer ignore-call */ 
27
                       assertSame($user->name === $perm->name, $this->auth->checkAccess($user->name, $perm->name));
Loading history...
27
            }
28
        }
29
    }
30
31
    public function assertAccesses($userId, array $allowedPermissions)
32
    {
33
        $allPermissions = array_keys($this->auth->getPermissions());
34
        foreach ($allPermissions as $key => $permission) {
35
            if (strncmp('deny:', $permission, 5) === 0) {
36
                unset($allPermissions[$key]);
37
            }
38
        }
39
        $deniedPermissions = array_diff($allPermissions, $allowedPermissions);
40
41
        $this->assertAccess($userId, true, $allowedPermissions);
42
        $this->assertAccess($userId, false, $deniedPermissions);
43
    }
44
45
    public function assertAccess($userId, $isAllowed, array $permissions)
46
    {
47
        foreach ($permissions as $permission) {
48
            $checked = $this->auth->checkAccess($userId, $permission);
49
            if ($checked !== $isAllowed) {
50
                var_dump(compact('userId', 'isAllowed', 'permission'));
0 ignored issues
show
Security Debugging Code introduced by Andrii Vasyliev
var_dump(compact('userId...llowed', 'permission')) looks like debug code. Are you sure you do not want to remove it?
Loading history...
51
            }
52
            $this->assertSame($isAllowed, $checked);
53
        }
54
    }
55
56
    public function testNobody()
57
    {
58
        $this->assertAccesses('role:nobody', [
59
            'nothing',
60
        ]);
61
    }
62
63
    public function testUnauthorized()
64
    {
65
        $this->assertAccesses('', [
66
            'restore-password', 'deposit',
67
        ]);
68
    }
69
70
    public function testClient()
71
    {
72
        $this->assertAccesses('role:client', [
73
            'restore-password', 'deposit', 'have-goods',
74
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close',
75
            'domain.read', 'domain.update', 'domain.pay', 'domain.push',
76
            'dns.create', 'dns.read', 'dns.update', 'dns.delete',
77
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.pay', 'certificate.push',
78
            'document.read', 'document.create', 'document.invoice',
79
            'contact.read', 'contact.create', 'contact.update', 'contact.delete',
80
            'server.read', 'server.pay', 'server.control-power', 'server.control-system', 'server.set-note',
81
            'account.read', 'account.create', 'account.update', 'account.delete',
82
            'bill.read', 'plan.read', 'finance.read', 'price.read',
83
            'backup.read', 'backup.delete',
84
            'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete',
85
            'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete',
86
            'db.read', 'db.create', 'db.update', 'db.delete',
87
            'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete',
88
            'mail.read', 'mail.create', 'mail.update', 'mail.delete',
89
            'request.read', 'request.create', 'request.update', 'request.delete',
90
            'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete',
91
            'ip.read', 'service.read',
92
        ]);
93
    }
94
95
    public function testSupport()
96
    {
97
        $this->assertAccesses('role:support', [
98
            'access-subclients', 'support',
99
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
100
            'client.read', 'client.list',
101
            'domain.read', 'domain.update',
102
            'dns.create', 'dns.read', 'dns.update', 'dns.delete',
103
            'certificate.read', 'certificate.create', 'certificate.update',
104
            'contact.read', 'contact.create', 'contact.update', 'contact.delete',
105
            'server.read', 'server.control-power', 'server.control-system', 'server.set-note',
106
            'account.read', 'account.create', 'account.update', 'account.delete',
107
            'backup.read', 'backup.delete',
108
            'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete',
109
            'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete',
110
            'db.read', 'db.create', 'db.update', 'db.delete',
111
            'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete',
112
            'mail.read', 'mail.create', 'mail.update', 'mail.delete',
113
            'request.read', 'request.create', 'request.update', 'request.delete',
114
            'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete',
115
            'ip.read', 'service.read',
116
        ]);
117
    }
118
119
    public function testAdmin()
120
    {
121
        $this->assertAccesses('role:admin', [
122
            'access-subclients', 'support', 'admin',
123
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
124
            'client.read', 'client.list',
125
            'domain.read', 'domain.update',
126
            'dns.create', 'dns.read', 'dns.update', 'dns.delete',
127
            'certificate.read', 'certificate.create', 'certificate.update',
128
            'contact.read', 'contact.create', 'contact.update', 'contact.delete',
129
            'server.read', 'server.create', 'server.update', 'server.delete', 'server.control-power', 'server.control-system', 'server.wizzard', 'server.set-label', 'server.set-note',
130
            'hub.read', 'hub.create', 'hub.update', 'hub.delete',
131
            'consumption.read',
132
            'stock.read',
133
            'part.read', 'part.create', 'part.update', 'part.delete',
134
            'move.read', 'move.create', 'move.update', 'move.delete',
135
            'model.read', 'model.create', 'model.update', 'model.delete',
136
            'account.read', 'account.create', 'account.update', 'account.delete',
137
            'backup.read', 'backup.delete',
138
            'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete',
139
            'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete',
140
            'db.read', 'db.create', 'db.update', 'db.delete',
141
            'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete',
142
            'mail.read', 'mail.create', 'mail.update', 'mail.delete',
143
            'request.read', 'request.create', 'request.update', 'request.delete',
144
            'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete',
145
            'ip.read', 'ip.create', 'ip.update', 'ip.delete',
146
            'service.read', 'service.create', 'service.update', 'service.delete',
147
        ]);
148
    }
149
150
    public function testAccounter()
151
    {
152
        $this->assertAccesses('role:accounter', [
153
            'access-subclients', 'support', 'manage',
154
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
155
            'client.read', 'client.create', 'client.update', 'client.delete', 'client.list',
156
            'bill.read',
157
            'sale.read', 'sale.delete',
158
            'plan.read', 'plan.create', 'plan.update', 'plan.delete', 'plan.force-read',
159
            'price.read', 'price.create', 'price.update', 'price.delete',
160
            'domain.read', 'domain.update', 'domain.delete',
161
            'domain.pay', 'domain.push',
162
            'dns.create', 'dns.read', 'dns.update', 'dns.delete',
163
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push',
164
            'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify',
165
            'server.read', 'server.pay', 'server.sell', 'server.control-power', 'server.control-system', 'server.enable-block', 'server.disable-block', 'server.set-label', 'server.set-note',
166
            'consumption.read', 'consumption.delete',
167
            'document.read', 'document.create', 'document.update', 'document.delete',
168
            'document.generate', 'document.acceptance', 'document.invoice',
169
            'mailing.prepare', 'mailing.send',
170
            'stock.read',
171
            'hub.read', 'hub.sell',
172
            'part.read', 'part.create', 'part.update', 'part.delete',
173
            'move.read', 'move.create', 'move.update', 'move.delete',
174
            'model.read', 'model.create', 'model.update', 'model.delete',
175
            'account.read', 'account.create', 'account.update', 'account.delete',
176
            'bill.read', 'plan.read', 'finance.read',
177
            'backup.read', 'backup.delete',
178
            'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete',
179
            'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete',
180
            'db.read', 'db.create', 'db.update', 'db.delete',
181
            'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete',
182
            'mail.read', 'mail.create', 'mail.update', 'mail.delete',
183
            'request.read', 'request.create', 'request.update', 'request.delete',
184
            'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete',
185
            'ip.read', 'service.read',
186
        ]);
187
    }
188
189
    public function testManager()
190
    {
191
        $this->assertAccesses('role:manager', [
192
            'access-subclients', 'support', 'manage',
193
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
194
            'client.read', 'client.create', 'client.update', 'client.delete', 'client.list',
195
            'bill.read',
196
            'sale.read', 'sale.delete',
197
            'plan.read', 'plan.create', 'plan.update', 'plan.delete', 'plan.force-read',
198
            'price.read', 'price.create', 'price.update', 'price.delete',
199
            'domain.read', 'domain.update', 'domain.delete',
200
            'domain.pay', 'domain.push',
201
            'dns.create', 'dns.read', 'dns.update', 'dns.delete',
202
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push',
203
            'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify',
204
            'server.read', 'server.pay', 'server.sell', 'server.control-power', 'server.control-system', 'server.enable-block', 'server.disable-block', 'server.set-label', 'server.set-note',
205
            'consumption.read', 'consumption.delete',
206
            'document.read', 'document.create', 'document.update', 'document.delete',
207
            'document.generate', 'document.acceptance', 'document.invoice',
208
            'mailing.prepare', 'mailing.send',
209
            'account.read', 'account.create', 'account.update', 'account.delete',
210
            'bill.read', 'plan.read', 'finance.read',
211
            'backup.read', 'backup.delete',
212
            'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete',
213
            'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete',
214
            'db.read', 'db.create', 'db.update', 'db.delete',
215
            'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete',
216
            'mail.read', 'mail.create', 'mail.update', 'mail.delete',
217
            'request.read', 'request.create', 'request.update', 'request.delete',
218
            'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete',
219
            'ip.read', 'service.read',
220
        ]);
221
    }
222
223
    public function testReseller()
224
    {
225
        $this->assertAccesses('role:reseller', [
226
            'deposit', 'have-goods',
227
            'access-subclients', 'support', 'manage', 'resell',
228
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
229
            'client.read', 'client.create', 'client.update', 'client.delete', 'client.list',
230
            'bill.read', 'bill.create', 'bill.update', 'bill.delete',
231
            'plan.read', 'plan.create', 'plan.update', 'plan.delete', 'plan.force-read',
232
            'price.read', 'price.create', 'price.update', 'price.delete',
233
            'sale.read', 'sale.delete',
234
            'domain.read', 'domain.update', 'domain.delete', 'domain.pay', 'domain.push',
235
            'dns.create', 'dns.read', 'dns.update', 'dns.delete',
236
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push',
237
            'server.read', 'server.pay', 'server.sell', 'server.control-power', 'server.control-system', 'server.enable-block', 'server.disable-block', 'server.set-label', 'server.set-note',
238
            'consumption.read', 'consumption.delete',
239
            'document.read', 'document.create', 'document.update', 'document.delete',
240
            'document.generate', 'document.acceptance', 'document.invoice',
241
            'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify',
242
            'mailing.prepare', 'mailing.send',
243
            'account.read', 'account.create', 'account.update', 'account.delete',
244
            'bill.read', 'plan.read', 'finance.read',
245
            'backup.read', 'backup.delete',
246
            'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete',
247
            'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete',
248
            'db.read', 'db.create', 'db.update', 'db.delete',
249
            'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete',
250
            'mail.read', 'mail.create', 'mail.update', 'mail.delete',
251
            'request.read', 'request.create', 'request.update', 'request.delete',
252
            'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete',
253
            'ip.read', 'service.read',
254
        ]);
255
    }
256
257
    public function testEmployee()
258
    {
259
        $this->assertAccesses('role:employee', [
260
            'restore-password', 'deposit',
261
            'contact.read', 'contact.create', 'contact.update', 'contact.delete',
262
            'document.read', 'document.create', 'document.acceptance',
263
            'bill.read', 'employee.read', 'finance.read',
264
        ]);
265
    }
266
267
    public function testMighty()
268
    {
269
        $this->auth->setAssignments('role:admin,role:manager,role:document.master,role:finance.master,role:stock.master,domain.freeze,domain.force-push,domain.delete,employee.read,domain.force-send-foa,deny:deposit', 'user:mighty');
270
271
        $this->assertAccesses('user:mighty', [
272
            'access-subclients', 'support', 'manage', 'admin',
273
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
274
            'client.read', 'client.create', 'client.update', 'client.delete', 'client.list',
275
            'bill.read', 'bill.create', 'bill.update', 'bill.delete',
276
            'plan.read', 'plan.create', 'plan.update', 'plan.delete', 'plan.force-read',
277
            'price.read', 'price.create', 'price.update', 'price.delete',
278
            'sale.read', 'sale.delete',
279
            'domain.freeze',
280
            'domain.read', 'domain.update', 'domain.delete',
281
            'domain.pay', 'domain.push', 'domain.force-push', 'domain.force-send-foa',
282
            'dns.create', 'dns.read', 'dns.update', 'dns.delete',
283
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push',
284
            'server.read', 'server.create', 'server.update', 'server.delete', 'server.pay', 'server.sell', 'server.control-power', 'server.control-system', 'server.wizzard',
285
            'server.enable-block', 'server.disable-block', 'server.set-label', 'server.set-note',
286
            'hub.read', 'hub.create', 'hub.update', 'hub.delete',
287
            'consumption.read', 'consumption.delete',
288
            'document.read', 'document.create', 'document.update', 'document.delete',
289
            'document.generate', 'document.generate-all',
290
            'document.acceptance', 'document.invoice',
291
            'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify',
292
            'mailing.prepare', 'mailing.send',
293
            'stock.read',
294
            'part.read', 'part.create', 'part.update', 'part.delete',
295
            'move.read', 'move.create', 'move.update', 'move.delete', 'move.read-all',
296
            'model.read', 'model.create', 'model.update', 'model.delete',
297
            'employee.read',
298
            'account.read', 'account.create', 'account.update', 'account.delete',
299
            'bill.read', 'plan.read', 'finance.read',
300
            'backup.read', 'backup.delete',
301
            'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete',
302
            'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete',
303
            'db.read', 'db.create', 'db.update', 'db.delete',
304
            'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete',
305
            'mail.read', 'mail.create', 'mail.update', 'mail.delete',
306
            'request.read', 'request.create', 'request.update', 'request.delete',
307
            'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete',
308
            'ip.read', 'ip.create', 'ip.update', 'ip.delete',
309
            'service.read', 'service.create', 'service.update', 'service.delete',
310
        ]);
311
    }
312
313
    public function testLimited()
314
    {
315
        $this->auth->setAssignments('role:client,deny:deposit,deny:domain.push,deny:server.pay,deny:server.read,deny:server.control-power,deny:server.control-system,deny:server.set-note,deny:ip.read,deny:service.read', 'user:limited');
316
317
        $this->assertAccesses('user:limited', [
318
            'have-goods',
319
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close',
320
            'domain.read', 'domain.update', 'domain.pay',
321
            'dns.create', 'dns.read', 'dns.update', 'dns.delete',
322
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.pay', 'certificate.push',
323
            'document.read', 'document.create', 'document.invoice',
324
            'contact.read', 'contact.create', 'contact.update', 'contact.delete',
325
            'account.read', 'account.create', 'account.update', 'account.delete',
326
            'restore-password', 'bill.read', 'plan.read', 'finance.read', 'price.read',
327
            'backup.read', 'backup.delete',
328
            'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete',
329
            'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete',
330
            'db.read', 'db.create', 'db.update', 'db.delete',
331
            'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete',
332
            'mail.read', 'mail.create', 'mail.update', 'mail.delete',
333
            'request.read', 'request.create', 'request.update', 'request.delete',
334
            'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete',
335
        ]);
336
    }
337
338
    public function testJuniorManager()
339
    {
340
        $this->assertAccesses('role:junior-manager', [
341
            'access-subclients', 'access-reseller',
342
            'client.read', 'server.read', 'consumption.read',
343
            'plan.force-read', 'plan.read', 'document.read', 'finance.read',
344
            'stock.read', 'part.read', 'move.read', 'model.read',
345
            'hub.read',
346
        ]);
347
348
    }
349
350
    public function testBetaTester()
351
    {
352
        $this->auth->setAssignments('role:beta-tester', 'user:beta-tester');
353
354
        $this->assertAccesses('user:beta-tester', [
355
            'test.beta',
356
        ]);
357
    }
358
359
    public function testAlphaTester()
360
    {
361
        $this->auth->setAssignments('role:alpha-tester', 'user:alpha-tester');
362
363
        $this->assertAccesses('user:alpha-tester', [
364
            'test.alpha', 'test.beta',
365
        ]);
366
    }
367
368
    public function testSuperPowers()
369
    {
370
        $this->assertAccesses('role:superpowers', [
371
            'see-no-mans', 'part.sell', 'client.set-others-allowed-ips',
372
        ]);
373
    }
374
}
375