These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * RBAC implementation for HiPanel |
||
4 | * |
||
5 | * @link https://github.com/hiqdev/hipanel-rbac |
||
6 | * @package hipanel-rbac |
||
7 | * @license BSD-3-Clause |
||
8 | * @copyright Copyright (c) 2016-2017, HiQDev (http://hiqdev.com/) |
||
9 | */ |
||
10 | |||
11 | namespace hipanel\rbac\tests\unit; |
||
12 | |||
13 | trait CheckAccessTrait |
||
14 | { |
||
15 | public function setAssignments() |
||
16 | { |
||
17 | foreach ($this->auth->getAllItems() as $item) { |
||
18 | $this->auth->setAssignment($item->name, $item->name); |
||
19 | } |
||
20 | } |
||
21 | |||
22 | public function testPermission() |
||
23 | { |
||
24 | foreach ($this->auth->getPermissions() as $user) { |
||
25 | foreach ($this->auth->getPermissions() as $perm) { |
||
26 | $this->assertSame($user->name === $perm->name, $this->auth->checkAccess($user->name, $perm->name)); |
||
27 | } |
||
28 | } |
||
29 | } |
||
30 | |||
31 | public function assertAccesses($userId, array $allowedPermissions) |
||
32 | { |
||
33 | $allPermissions = array_keys($this->auth->getPermissions()); |
||
34 | foreach ($allPermissions as $key => $permission) { |
||
35 | if (strncmp('deny:', $permission, 5) === 0) { |
||
36 | unset($allPermissions[$key]); |
||
37 | } |
||
38 | } |
||
39 | $deniedPermissions = array_diff($allPermissions, $allowedPermissions); |
||
40 | |||
41 | $this->assertAccess($userId, true, $allowedPermissions); |
||
42 | $this->assertAccess($userId, false, $deniedPermissions); |
||
43 | } |
||
44 | |||
45 | public function assertAccess($userId, $isAllowed, array $permissions) |
||
46 | { |
||
47 | foreach ($permissions as $permission) { |
||
48 | $checked = $this->auth->checkAccess($userId, $permission); |
||
49 | if ($checked !== $isAllowed) { |
||
50 | var_dump(compact('userId', 'isAllowed', 'permission')); |
||
51 | } |
||
52 | $this->assertSame($isAllowed, $checked); |
||
53 | } |
||
54 | } |
||
55 | |||
56 | public function testNobody() |
||
57 | { |
||
58 | $this->assertAccesses('role:nobody', [ |
||
59 | 'nothing', |
||
60 | ]); |
||
61 | } |
||
62 | |||
63 | public function testUnauthorized() |
||
64 | { |
||
65 | $this->assertAccesses('', [ |
||
66 | 'restore-password', 'deposit', |
||
67 | ]); |
||
68 | } |
||
69 | |||
70 | public function testClient() |
||
71 | { |
||
72 | $this->assertAccesses('role:client', [ |
||
73 | 'restore-password', 'deposit', 'have-goods', |
||
74 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', |
||
75 | 'domain.read', 'domain.update', 'domain.pay', 'domain.push', |
||
76 | 'certificate.read', 'certificate.create', 'certificate.update', 'certificate.pay', 'certificate.push', |
||
77 | 'client.read', |
||
78 | 'contact.read', 'contact.create', 'contact.update', 'contact.delete', |
||
79 | 'server.read', 'server.pay', |
||
80 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||
81 | 'bill.read', 'plan.read', |
||
82 | ]); |
||
83 | } |
||
84 | |||
85 | public function testSupport() |
||
86 | { |
||
87 | $this->assertAccesses('role:support', [ |
||
88 | 'access-subclients', 'support', |
||
89 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', |
||
90 | 'client.read', |
||
91 | 'domain.read', 'domain.update', |
||
92 | 'certificate.read', 'certificate.create', 'certificate.update', |
||
93 | 'contact.read', |
||
94 | 'server.read', |
||
95 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||
96 | 'plan.read', |
||
97 | ]); |
||
98 | } |
||
99 | |||
100 | View Code Duplication | public function testAdmin() |
|
0 ignored issues
–
show
|
|||
101 | { |
||
102 | $this->assertAccesses('role:admin', [ |
||
103 | 'access-subclients', 'support', 'admin', |
||
104 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', |
||
105 | 'client.read', |
||
106 | 'domain.read', 'domain.update', |
||
107 | 'certificate.read', 'certificate.create', 'certificate.update', |
||
108 | 'contact.read', |
||
109 | 'server.read', 'server.create', 'server.update', 'server.delete', |
||
110 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||
111 | 'plan.read', |
||
112 | ]); |
||
113 | } |
||
114 | |||
115 | public function testManager() |
||
116 | { |
||
117 | $this->assertAccesses('role:manager', [ |
||
118 | 'access-subclients', 'support', 'manage', |
||
119 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', |
||
120 | 'client.read', 'client.create', 'client.update', 'client.delete', |
||
121 | 'bill.read', |
||
122 | 'plan.read', 'plan.create', 'plan.update', 'plan.delete', |
||
123 | 'domain.read', 'domain.update', 'domain.delete', |
||
124 | 'domain.pay', 'domain.push', |
||
125 | 'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push', |
||
126 | 'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify', |
||
127 | 'server.read', 'server.pay', 'server.sell', |
||
128 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||
129 | 'document.read', 'document.create', 'document.update', 'document.delete', 'document.generate', |
||
130 | 'mailing.prepare', 'mailing.send', |
||
131 | 'part.read', 'part.create', 'part.update', 'part.delete', |
||
132 | 'move.read', 'move.create', 'move.update', 'move.delete', |
||
133 | 'model.read', 'model.create', 'model.update', 'model.delete', |
||
134 | ]); |
||
135 | } |
||
136 | |||
137 | public function testReseller() |
||
138 | { |
||
139 | $this->assertAccesses('role:reseller', [ |
||
140 | 'deposit', 'have-goods', |
||
141 | 'access-subclients', 'support', 'manage', 'resell', |
||
142 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', |
||
143 | 'client.read', 'client.create', 'client.update', 'client.delete', |
||
144 | 'bill.read', 'bill.create', 'bill.update', 'bill.delete', |
||
145 | 'plan.read', 'plan.create', 'plan.update', 'plan.delete', |
||
146 | 'domain.read', 'domain.update', 'domain.delete', 'domain.pay', 'domain.push', |
||
147 | 'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push', |
||
148 | 'server.read', 'server.pay', 'server.sell', |
||
149 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||
150 | 'document.read', 'document.create', 'document.update', 'document.delete', 'document.generate', |
||
151 | 'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify', |
||
152 | 'mailing.prepare', 'mailing.send', |
||
153 | 'part.read', 'part.create', 'part.update', 'part.delete', |
||
154 | 'move.read', 'move.create', 'move.update', 'move.delete', |
||
155 | 'model.read', 'model.create', 'model.update', 'model.delete', |
||
156 | ]); |
||
157 | } |
||
158 | |||
159 | public function testEmployee() |
||
160 | { |
||
161 | $this->assertAccesses('role:employee', [ |
||
162 | 'restore-password', 'deposit', |
||
163 | 'contact.read', 'contact.create', 'contact.update', 'contact.delete', |
||
164 | 'bill.read', 'client.read', 'employee.read', |
||
165 | ]); |
||
166 | } |
||
167 | |||
168 | public function testMighty() |
||
169 | { |
||
170 | $this->auth->setAssignments('role:admin,role:manager,role:document.master,role:bill.manager,domain.freeze,domain.force-push,domain.delete,employee.read', 'user:mighty'); |
||
171 | |||
172 | $this->assertAccesses('user:mighty', [ |
||
173 | 'access-subclients', 'support', 'manage', 'admin', |
||
174 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', |
||
175 | 'client.read', 'client.create', 'client.update', 'client.delete', |
||
176 | 'bill.read', 'bill.create', 'bill.update', 'bill.delete', |
||
177 | 'plan.read', 'plan.create', 'plan.update', 'plan.delete', |
||
178 | 'domain.freeze', |
||
179 | 'domain.read', 'domain.update', 'domain.delete', |
||
180 | 'domain.pay', 'domain.push', 'domain.force-push', |
||
181 | 'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push', |
||
182 | 'server.read', 'server.create', 'server.update', 'server.delete', 'server.pay', 'server.sell', |
||
183 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||
184 | 'document.read', 'document.create', 'document.update', 'document.delete', |
||
185 | 'document.generate', 'document.generate-all', |
||
186 | 'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify', |
||
187 | 'mailing.prepare', 'mailing.send', |
||
188 | 'part.read', 'part.create', 'part.update', 'part.delete', |
||
189 | 'move.read', 'move.create', 'move.update', 'move.delete', |
||
190 | 'model.read', 'model.create', 'model.update', 'model.delete', |
||
191 | 'employee.read', |
||
192 | ]); |
||
193 | } |
||
194 | |||
195 | View Code Duplication | public function testLimited() |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
196 | { |
||
197 | $this->auth->setAssignments('role:client,deny:deposit,deny:domain.push,deny:server.pay,deny:server.read', 'user:limited'); |
||
198 | |||
199 | $this->assertAccesses('user:limited', [ |
||
200 | 'have-goods', |
||
201 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', |
||
202 | 'domain.read', 'domain.update', 'domain.pay', |
||
203 | 'certificate.read', 'certificate.create', 'certificate.update', 'certificate.pay', 'certificate.push', |
||
204 | 'client.read', |
||
205 | 'contact.read', 'contact.create', 'contact.update', 'contact.delete', |
||
206 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||
207 | 'restore-password', 'bill.read', 'plan.read', |
||
208 | ]); |
||
209 | } |
||
210 | |||
211 | public function testBetaTester() |
||
212 | { |
||
213 | $this->auth->setAssignments('role:beta-tester', 'user:beta-tester'); |
||
214 | |||
215 | $this->assertAccesses('user:beta-tester', [ |
||
216 | 'test.beta', |
||
217 | ]); |
||
218 | } |
||
219 | |||
220 | public function testAlphaTester() |
||
221 | { |
||
222 | $this->auth->setAssignments('role:alpha-tester', 'user:alpha-tester'); |
||
223 | |||
224 | $this->assertAccesses('user:alpha-tester', [ |
||
225 | 'test.alpha', 'test.beta', |
||
226 | ]); |
||
227 | } |
||
228 | } |
||
229 |
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.