These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * RBAC implementation for HiPanel |
||
4 | * |
||
5 | * @link https://github.com/hiqdev/hipanel-rbac |
||
6 | * @package hipanel-rbac |
||
7 | * @license BSD-3-Clause |
||
8 | * @copyright Copyright (c) 2016-2017, HiQDev (http://hiqdev.com/) |
||
9 | */ |
||
10 | |||
11 | namespace hipanel\rbac\tests\unit; |
||
12 | |||
13 | trait CheckAccessTrait |
||
14 | { |
||
15 | public function setAssignments() |
||
16 | { |
||
17 | foreach ($this->auth->getAllItems() as $item) { |
||
18 | $this->auth->setAssignment($item->name, $item->name); |
||
0 ignored issues
–
show
|
|||
19 | } |
||
20 | } |
||
21 | |||
22 | public function testPermission() |
||
23 | { |
||
24 | foreach ($this->auth->getPermissions() as $user) { |
||
25 | foreach ($this->auth->getPermissions() as $perm) { |
||
26 | $this->assertSame($user->name === $perm->name, $this->auth->checkAccess($user->name, $perm->name)); |
||
27 | } |
||
28 | } |
||
29 | } |
||
30 | |||
31 | public function assertAccesses($userId, array $allowedPermissions) |
||
32 | { |
||
33 | $allPermissions = array_keys($this->auth->getPermissions()); |
||
34 | foreach ($allPermissions as $key => $permission) { |
||
35 | if (strncmp('deny:', $permission, 5) === 0) { |
||
36 | unset($allPermissions[$key]); |
||
37 | } |
||
38 | } |
||
39 | $deniedPermissions = array_diff($allPermissions, $allowedPermissions); |
||
40 | |||
41 | $this->assertAccess($userId, true, $allowedPermissions); |
||
42 | $this->assertAccess($userId, false, $deniedPermissions); |
||
43 | } |
||
44 | |||
45 | public function assertAccess($userId, $isAllowed, array $permissions) |
||
46 | { |
||
47 | foreach ($permissions as $permission) { |
||
48 | $checked = $this->auth->checkAccess($userId, $permission); |
||
49 | if ($checked !== $isAllowed) { |
||
50 | var_dump(compact('userId', 'isAllowed', 'permission')); |
||
51 | } |
||
52 | $this->assertSame($isAllowed, $checked); |
||
53 | } |
||
54 | } |
||
55 | |||
56 | public function testNobody() |
||
57 | { |
||
58 | $this->assertAccesses('role:nobody', [ |
||
59 | 'nothing', |
||
60 | ]); |
||
61 | } |
||
62 | |||
63 | public function testUnauthorized() |
||
64 | { |
||
65 | $this->assertAccesses('', [ |
||
66 | 'restore-password', 'deposit', |
||
67 | ]); |
||
68 | } |
||
69 | |||
70 | public function testClient() |
||
71 | { |
||
72 | $this->assertAccesses('role:client', [ |
||
73 | 'restore-password', 'deposit', |
||
74 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', |
||
75 | 'domain.read', 'domain.update', 'domain.pay', 'domain.push', |
||
76 | 'server.read', 'server.pay', |
||
77 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||
78 | 'bill.read', |
||
79 | ]); |
||
80 | } |
||
81 | |||
82 | View Code Duplication | public function testSupport() |
|
83 | { |
||
84 | $this->assertAccesses('role:support', [ |
||
85 | 'support', |
||
86 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', |
||
87 | 'client.read', |
||
88 | 'domain.read', 'domain.update', |
||
89 | 'server.read', |
||
90 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||
91 | ]); |
||
92 | } |
||
93 | |||
94 | public function testAdmin() |
||
95 | { |
||
96 | $this->assertAccesses('role:admin', [ |
||
97 | 'support', 'admin', |
||
98 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', |
||
99 | 'client.read', |
||
100 | 'domain.read', 'domain.update', |
||
101 | 'server.read', 'server.create', 'server.update', 'server.delete', |
||
102 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||
103 | ]); |
||
104 | } |
||
105 | |||
106 | public function testManager() |
||
107 | { |
||
108 | $this->assertAccesses('role:manager', [ |
||
109 | 'support', 'manage', |
||
110 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', |
||
111 | 'client.read', 'client.create', 'client.update', 'client.delete', |
||
112 | 'bill.read', |
||
113 | 'domain.read', 'domain.update', 'domain.delete', |
||
114 | 'domain.pay', 'domain.push', |
||
115 | 'server.read', 'server.pay', 'server.sell', |
||
116 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||
117 | 'document.read', 'document.create', 'document.update', 'document.delete', 'document.generate', |
||
118 | 'contact.force-verify', |
||
119 | 'mailing.prepare', 'mailing.send', |
||
120 | 'stock.read', 'stock.create', 'stock.update', 'stock.delete', |
||
121 | ]); |
||
122 | } |
||
123 | |||
124 | public function testEmployee() |
||
125 | { |
||
126 | $this->assertAccesses('role:employee', [ |
||
127 | 'restore-password', 'deposit', |
||
128 | 'bill.read', 'employee.read', |
||
129 | ]); |
||
130 | } |
||
131 | |||
132 | public function testMighty() |
||
133 | { |
||
134 | $this->auth->setAssignments('role:admin,role:manager,role:document.master,role:bill.manager,domain.freeze,domain.force-push,domain.delete,employee.read', 'user:mighty'); |
||
135 | |||
136 | $this->assertAccesses('user:mighty', [ |
||
137 | 'support', 'manage', 'admin', |
||
138 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', |
||
139 | 'client.read', 'client.create', 'client.update', 'client.delete', |
||
140 | 'bill.read', 'bill.create', 'bill.update', 'bill.delete', |
||
141 | 'domain.freeze', |
||
142 | 'domain.read', 'domain.update', 'domain.delete', |
||
143 | 'domain.pay', 'domain.push', 'domain.force-push', |
||
144 | 'server.read', 'server.create', 'server.update', 'server.delete', 'server.pay', 'server.sell', |
||
145 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||
146 | 'document.read', 'document.create', 'document.update', 'document.delete', |
||
147 | 'document.generate', 'document.generate-all', |
||
148 | 'contact.force-verify', |
||
149 | 'mailing.prepare', 'mailing.send', |
||
150 | 'stock.read', 'stock.create', 'stock.update', 'stock.delete', |
||
151 | 'employee.read', |
||
152 | ]); |
||
153 | } |
||
154 | |||
155 | View Code Duplication | public function testDeny() |
|
156 | { |
||
157 | $this->auth->setAssignments('role:client,deny:deposit,deny:domain.push,deny:server.pay,deny:server.read', 'user:limited'); |
||
158 | |||
159 | $this->assertAccesses('user:limited', [ |
||
160 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', |
||
161 | 'domain.read', 'domain.update', 'domain.pay', |
||
162 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||
163 | 'restore-password', 'bill.read', |
||
164 | ]); |
||
165 | } |
||
166 | |||
167 | public function testBetaTester() |
||
168 | { |
||
169 | $this->auth->setAssignments('role:beta-tester', 'user:beta-tester'); |
||
170 | |||
171 | $this->assertAccesses('user:beta-tester', [ |
||
172 | 'test.beta', |
||
173 | ]); |
||
174 | } |
||
175 | |||
176 | public function testAlphaTester() |
||
177 | { |
||
178 | $this->auth->setAssignments('role:alpha-tester', 'user:alpha-tester'); |
||
179 | |||
180 | $this->assertAccesses('user:alpha-tester', [ |
||
181 | 'test.alpha', 'test.beta', |
||
182 | ]); |
||
183 | } |
||
184 | } |
||
185 |
In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code:
Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: