Issues in CheckAccessTrait.php - All Issues - Inspection of "removed `document.manage` permission" - hiqdev/hipanel-rbac - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( b0c8b3...539d50 )

by Andrii

created 2017-12-13 16:33 UTC

tests/unit/CheckAccessTrait.php (1 issue)

Labels

Bug 1

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * RBAC implementation for HiPanel
 *
 * @link      https://github.com/hiqdev/hipanel-rbac
 * @package   hipanel-rbac
 * @license   BSD-3-Clause
 * @copyright Copyright (c) 2016-2017, HiQDev (http://hiqdev.com/)
 */

namespace hipanel\rbac\tests\unit;

trait CheckAccessTrait
{
    public function setAssignments()
    {
        foreach ($this->auth->getAllItems() as $item) {
            $this->auth->setAssignment($item->name, $item->name);
class MyClass { }

$x = new MyClass();
$x->foo = true;
        }
    }

    public function testPermission()
    {
        foreach ($this->auth->getPermissions() as $user) {
            foreach ($this->auth->getPermissions() as $perm) {
                $this->assertSame($user->name === $perm->name, $this->auth->checkAccess($user->name, $perm->name));
            }
        }
    }

    public function assertAccesses($userId, array $allowedPermissions)
    {
        $allPermissions = array_keys($this->auth->getPermissions());
        foreach ($allPermissions as $key => $permission) {
            if (strncmp('deny:', $permission, 5) === 0) {
                unset($allPermissions[$key]);
            }
        }
        $deniedPermissions = array_diff($allPermissions, $allowedPermissions);

        $this->assertAccess($userId, true, $allowedPermissions);
        $this->assertAccess($userId, false, $deniedPermissions);
    }

    public function assertAccess($userId, $isAllowed, array $permissions)
    {
        foreach ($permissions as $permission) {
            $checked = $this->auth->checkAccess($userId, $permission);
            if ($checked !== $isAllowed) {
                var_dump(compact('userId', 'isAllowed', 'permission'));
            }
            $this->assertSame($isAllowed, $checked);
        }
    }

    public function testNobody()
    {
        $this->assertAccesses('role:nobody', [
            'nothing',
        ]);
    }

    public function testUnauthorized()
    {
        $this->assertAccesses('', [
            'restore-password', 'deposit',
        ]);
    }

    public function testClient()
    {
        $this->assertAccesses('role:client', [
            'restore-password', 'deposit',
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close',
            'domain.read', 'domain.update', 'domain.pay', 'domain.push',
            'server.read', 'server.pay',
            'account.read', 'account.create', 'account.update', 'account.delete',
            'bill.read',
        ]);
    }

    public function testSupport()
    {
        $this->assertAccesses('role:support', [
            'support',
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
            'client.read',
            'domain.read', 'domain.update',
            'server.read',
            'account.read', 'account.create', 'account.update', 'account.delete',
        ]);
    }

    public function testAdmin()
    {
        $this->assertAccesses('role:admin', [
            'support', 'admin',
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
            'client.read',
            'domain.read', 'domain.update',
            'server.read', 'server.create', 'server.update', 'server.delete',
            'account.read', 'account.create', 'account.update', 'account.delete',
        ]);
    }

    public function testManager()
    {
        $this->assertAccesses('role:manager', [
            'support', 'manage',
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
            'client.read', 'client.create', 'client.update', 'client.delete',
            'bill.read',
            'domain.read', 'domain.update', 'domain.delete',
            'domain.pay', 'domain.push',
            'server.read', 'server.pay', 'server.sell',
            'account.read', 'account.create', 'account.update', 'account.delete',
            'document.read', 'document.create', 'document.update', 'document.delete', 'document.generate',
            'contact.force-verify',
            'mailing.prepare', 'mailing.send',
            'stock.read', 'stock.create', 'stock.update', 'stock.delete',
        ]);
    }

    public function testEmployee()
    {
        $this->assertAccesses('role:employee', [
            'restore-password', 'deposit',
            'bill.read', 'employee.read',
        ]);
    }

    public function testMighty()
    {
        $this->auth->setAssignments('role:admin,role:manager,role:document.master,role:bill.manager,domain.freeze,domain.force-push,domain.delete,employee.read', 'user:mighty');

        $this->assertAccesses('user:mighty', [
            'support', 'manage', 'admin',
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
            'client.read', 'client.create', 'client.update', 'client.delete',
            'bill.read', 'bill.create', 'bill.update', 'bill.delete',
            'domain.freeze',
            'domain.read', 'domain.update', 'domain.delete',
            'domain.pay', 'domain.push', 'domain.force-push',
            'server.read', 'server.create', 'server.update', 'server.delete', 'server.pay', 'server.sell',
            'account.read', 'account.create', 'account.update', 'account.delete',
            'document.read', 'document.create', 'document.update', 'document.delete',
            'document.generate', 'document.generate-all',
            'contact.force-verify',
            'mailing.prepare', 'mailing.send',
            'stock.read', 'stock.create', 'stock.update', 'stock.delete',
            'employee.read',
        ]);
    }

    public function testDeny()
    {
        $this->auth->setAssignments('role:client,deny:deposit,deny:domain.push,deny:server.pay,deny:server.read', 'user:limited');

        $this->assertAccesses('user:limited', [
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close',
            'domain.read', 'domain.update', 'domain.pay',
            'account.read', 'account.create', 'account.update', 'account.delete',
            'restore-password', 'bill.read',
        ]);
    }

    public function testBetaTester()
    {
        $this->auth->setAssignments('role:beta-tester', 'user:beta-tester');

        $this->assertAccesses('user:beta-tester', [
            'test.beta',
        ]);
    }

    public function testAlphaTester()
    {
        $this->auth->setAssignments('role:alpha-tester', 'user:alpha-tester');

        $this->assertAccesses('user:alpha-tester', [
            'test.alpha', 'test.beta',
        ]);
    }
}


1		<?php
2		/**
3		* RBAC implementation for HiPanel
4		*
5		* @link https://github.com/hiqdev/hipanel-rbac
6		* @package hipanel-rbac
7		* @license BSD-3-Clause
8		* @copyright Copyright (c) 2016-2017, HiQDev (http://hiqdev.com/)
9		*/
10
11		namespace hipanel\rbac\tests\unit;
12
13		trait CheckAccessTrait
14		{
15		public function setAssignments()
16		{
17		foreach ($this->auth->getAllItems() as $item) {
18		$this->auth->setAssignment($item->name, $item->name);
		0 ignored issues – show Bug introduced 2016-11-04 10:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `auth` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
19		}
20		}
21
22		public function testPermission()
23		{
24		foreach ($this->auth->getPermissions() as $user) {
25		foreach ($this->auth->getPermissions() as $perm) {
26		$this->assertSame($user->name === $perm->name, $this->auth->checkAccess($user->name, $perm->name));
27		}
28		}
29		}
30
31		public function assertAccesses($userId, array $allowedPermissions)
32		{
33		$allPermissions = array_keys($this->auth->getPermissions());
34		foreach ($allPermissions as $key => $permission) {
35		if (strncmp('deny:', $permission, 5) === 0) {
36		unset($allPermissions[$key]);
37		}
38		}
39		$deniedPermissions = array_diff($allPermissions, $allowedPermissions);
40
41		$this->assertAccess($userId, true, $allowedPermissions);
42		$this->assertAccess($userId, false, $deniedPermissions);
43		}
44
45		public function assertAccess($userId, $isAllowed, array $permissions)
46		{
47		foreach ($permissions as $permission) {
48		$checked = $this->auth->checkAccess($userId, $permission);
49		if ($checked !== $isAllowed) {
50		var_dump(compact('userId', 'isAllowed', 'permission'));
51		}
52		$this->assertSame($isAllowed, $checked);
53		}
54		}
55
56		public function testNobody()
57		{
58		$this->assertAccesses('role:nobody', [
59		'nothing',
60		]);
61		}
62
63		public function testUnauthorized()
64		{
65		$this->assertAccesses('', [
66		'restore-password', 'deposit',
67		]);
68		}
69
70		public function testClient()
71		{
72		$this->assertAccesses('role:client', [
73		'restore-password', 'deposit',
74		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close',
75		'domain.read', 'domain.update', 'domain.pay', 'domain.push',
76		'server.read', 'server.pay',
77		'account.read', 'account.create', 'account.update', 'account.delete',
78		'bill.read',
79		]);
80		}
81
82	View Code Duplication	public function testSupport()
83		{
84		$this->assertAccesses('role:support', [
85		'support',
86		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
87		'client.read',
88		'domain.read', 'domain.update',
89		'server.read',
90		'account.read', 'account.create', 'account.update', 'account.delete',
91		]);
92		}
93
94		public function testAdmin()
95		{
96		$this->assertAccesses('role:admin', [
97		'support', 'admin',
98		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
99		'client.read',
100		'domain.read', 'domain.update',
101		'server.read', 'server.create', 'server.update', 'server.delete',
102		'account.read', 'account.create', 'account.update', 'account.delete',
103		]);
104		}
105
106		public function testManager()
107		{
108		$this->assertAccesses('role:manager', [
109		'support', 'manage',
110		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
111		'client.read', 'client.create', 'client.update', 'client.delete',
112		'bill.read',
113		'domain.read', 'domain.update', 'domain.delete',
114		'domain.pay', 'domain.push',
115		'server.read', 'server.pay', 'server.sell',
116		'account.read', 'account.create', 'account.update', 'account.delete',
117		'document.read', 'document.create', 'document.update', 'document.delete', 'document.generate',
118		'contact.force-verify',
119		'mailing.prepare', 'mailing.send',
120		'stock.read', 'stock.create', 'stock.update', 'stock.delete',
121		]);
122		}
123
124		public function testEmployee()
125		{
126		$this->assertAccesses('role:employee', [
127		'restore-password', 'deposit',
128		'bill.read', 'employee.read',
129		]);
130		}
131
132		public function testMighty()
133		{
134		$this->auth->setAssignments('role:admin,role:manager,role:document.master,role:bill.manager,domain.freeze,domain.force-push,domain.delete,employee.read', 'user:mighty');
135
136		$this->assertAccesses('user:mighty', [
137		'support', 'manage', 'admin',
138		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
139		'client.read', 'client.create', 'client.update', 'client.delete',
140		'bill.read', 'bill.create', 'bill.update', 'bill.delete',
141		'domain.freeze',
142		'domain.read', 'domain.update', 'domain.delete',
143		'domain.pay', 'domain.push', 'domain.force-push',
144		'server.read', 'server.create', 'server.update', 'server.delete', 'server.pay', 'server.sell',
145		'account.read', 'account.create', 'account.update', 'account.delete',
146		'document.read', 'document.create', 'document.update', 'document.delete',
147		'document.generate', 'document.generate-all',
148		'contact.force-verify',
149		'mailing.prepare', 'mailing.send',
150		'stock.read', 'stock.create', 'stock.update', 'stock.delete',
151		'employee.read',
152		]);
153		}
154
155	View Code Duplication	public function testDeny()
156		{
157		$this->auth->setAssignments('role:client,deny:deposit,deny:domain.push,deny:server.pay,deny:server.read', 'user:limited');
158
159		$this->assertAccesses('user:limited', [
160		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close',
161		'domain.read', 'domain.update', 'domain.pay',
162		'account.read', 'account.create', 'account.update', 'account.delete',
163		'restore-password', 'bill.read',
164		]);
165		}
166
167		public function testBetaTester()
168		{
169		$this->auth->setAssignments('role:beta-tester', 'user:beta-tester');
170
171		$this->assertAccesses('user:beta-tester', [
172		'test.beta',
173		]);
174		}
175
176		public function testAlphaTester()
177		{
178		$this->auth->setAssignments('role:alpha-tester', 'user:alpha-tester');
179
180		$this->assertAccesses('user:alpha-tester', [
181		'test.alpha', 'test.beta',
182		]);
183		}
184		}
185

hiqdev / hipanel-rbac

Push — master ( b0c8b3...539d50 )

tests/unit/CheckAccessTrait.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like