Issues in CheckAccessTrait.php - Fixed Issues - Inspection of "added `document.read` permission to client" - hiqdev/hipanel-rbac - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 9a014a...d69705 )

by Andrii

created 2018-02-07 09:26 UTC

tests/unit/CheckAccessTrait.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * RBAC implementation for HiPanel
 *
 * @link      https://github.com/hiqdev/hipanel-rbac
 * @package   hipanel-rbac
 * @license   BSD-3-Clause
 * @copyright Copyright (c) 2016-2017, HiQDev (http://hiqdev.com/)
 */

namespace hipanel\rbac\tests\unit;

trait CheckAccessTrait
{
    public function setAssignments()
    {
        foreach ($this->auth->getAllItems() as $item) {
            $this->auth->setAssignment($item->name, $item->name);
        }
    }

    public function testPermission()
    {
        foreach ($this->auth->getPermissions() as $user) {
            foreach ($this->auth->getPermissions() as $perm) {
                $this->assertSame($user->name === $perm->name, $this->auth->checkAccess($user->name, $perm->name));
            }
        }
    }

    public function assertAccesses($userId, array $allowedPermissions)
    {
        $allPermissions = array_keys($this->auth->getPermissions());
        foreach ($allPermissions as $key => $permission) {
            if (strncmp('deny:', $permission, 5) === 0) {
                unset($allPermissions[$key]);
            }
        }
        $deniedPermissions = array_diff($allPermissions, $allowedPermissions);

        $this->assertAccess($userId, true, $allowedPermissions);
        $this->assertAccess($userId, false, $deniedPermissions);
    }

    public function assertAccess($userId, $isAllowed, array $permissions)
    {
        foreach ($permissions as $permission) {
            $checked = $this->auth->checkAccess($userId, $permission);
            if ($checked !== $isAllowed) {
                var_dump(compact('userId', 'isAllowed', 'permission'));
            }
            $this->assertSame($isAllowed, $checked);
        }
    }

    public function testNobody()
    {
        $this->assertAccesses('role:nobody', [
            'nothing',
        ]);
    }

    public function testUnauthorized()
    {
        $this->assertAccesses('', [
            'restore-password', 'deposit',
        ]);
    }

    public function testClient()
    {
        $this->assertAccesses('role:client', [
            'restore-password', 'deposit', 'have-goods',
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close',
            'domain.read', 'domain.update', 'domain.pay', 'domain.push',
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.pay', 'certificate.push',
            'client.read',
            'contact.read', 'contact.create', 'contact.update', 'contact.delete',
            'server.read', 'server.pay',
            'account.read', 'account.create', 'account.update', 'account.delete',
            'bill.read', 'plan.read',
        ]);
    }

    public function testSupport()
    {
        $this->assertAccesses('role:support', [
            'access-subclients', 'support',
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
            'client.read',
            'domain.read', 'domain.update',
            'certificate.read', 'certificate.create', 'certificate.update',
            'contact.read',
            'server.read',
            'account.read', 'account.create', 'account.update', 'account.delete',
            'plan.read',
        ]);
    }

    public function testAdmin()

    {
        $this->assertAccesses('role:admin', [
            'access-subclients', 'support', 'admin',
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
            'client.read',
            'domain.read', 'domain.update',
            'certificate.read', 'certificate.create', 'certificate.update',
            'contact.read',
            'server.read', 'server.create', 'server.update', 'server.delete',
            'account.read', 'account.create', 'account.update', 'account.delete',
            'plan.read',
        ]);
    }

    public function testManager()
    {
        $this->assertAccesses('role:manager', [
            'access-subclients', 'support', 'manage',
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
            'client.read', 'client.create', 'client.update', 'client.delete',
            'bill.read',
            'plan.read', 'plan.create', 'plan.update', 'plan.delete',
            'domain.read', 'domain.update', 'domain.delete',
            'domain.pay', 'domain.push',
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push',
            'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify',
            'server.read', 'server.pay', 'server.sell',
            'account.read', 'account.create', 'account.update', 'account.delete',
            'document.read', 'document.create', 'document.update', 'document.delete', 'document.generate',
            'mailing.prepare', 'mailing.send',
            'part.read', 'part.create', 'part.update', 'part.delete',
            'move.read', 'move.create', 'move.update', 'move.delete',
            'model.read', 'model.create', 'model.update', 'model.delete',
        ]);
    }

    public function testReseller()
    {
        $this->assertAccesses('role:reseller', [
            'deposit', 'have-goods',
            'access-subclients', 'support', 'manage', 'resell',
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
            'client.read', 'client.create', 'client.update', 'client.delete',
            'bill.read', 'bill.create', 'bill.update', 'bill.delete',
            'plan.read', 'plan.create', 'plan.update', 'plan.delete',
            'domain.read', 'domain.update', 'domain.delete', 'domain.pay', 'domain.push',
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push',
            'server.read', 'server.pay', 'server.sell',
            'account.read', 'account.create', 'account.update', 'account.delete',
            'document.read', 'document.create', 'document.update', 'document.delete', 'document.generate',
            'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify',
            'mailing.prepare', 'mailing.send',
            'part.read', 'part.create', 'part.update', 'part.delete',
            'move.read', 'move.create', 'move.update', 'move.delete',
            'model.read', 'model.create', 'model.update', 'model.delete',
        ]);
    }

    public function testEmployee()
    {
        $this->assertAccesses('role:employee', [
            'restore-password', 'deposit',
            'contact.read', 'contact.create', 'contact.update', 'contact.delete',
            'bill.read', 'client.read', 'employee.read',
        ]);
    }

    public function testMighty()
    {
        $this->auth->setAssignments('role:admin,role:manager,role:document.master,role:bill.manager,domain.freeze,domain.force-push,domain.delete,employee.read', 'user:mighty');

        $this->assertAccesses('user:mighty', [
            'access-subclients', 'support', 'manage', 'admin',
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
            'client.read', 'client.create', 'client.update', 'client.delete',
            'bill.read', 'bill.create', 'bill.update', 'bill.delete',
            'plan.read', 'plan.create', 'plan.update', 'plan.delete',
            'domain.freeze',
            'domain.read', 'domain.update', 'domain.delete',
            'domain.pay', 'domain.push', 'domain.force-push',
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push',
            'server.read', 'server.create', 'server.update', 'server.delete', 'server.pay', 'server.sell',
            'account.read', 'account.create', 'account.update', 'account.delete',
            'document.read', 'document.create', 'document.update', 'document.delete',
            'document.generate', 'document.generate-all',
            'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify',
            'mailing.prepare', 'mailing.send',
            'part.read', 'part.create', 'part.update', 'part.delete',
            'move.read', 'move.create', 'move.update', 'move.delete',
            'model.read', 'model.create', 'model.update', 'model.delete',
            'employee.read',
        ]);
    }

    public function testLimited()

    {
        $this->auth->setAssignments('role:client,deny:deposit,deny:domain.push,deny:server.pay,deny:server.read', 'user:limited');

        $this->assertAccesses('user:limited', [
            'have-goods',
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close',
            'domain.read', 'domain.update', 'domain.pay',
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.pay', 'certificate.push',
            'client.read',
            'contact.read', 'contact.create', 'contact.update', 'contact.delete',
            'account.read', 'account.create', 'account.update', 'account.delete',
            'restore-password', 'bill.read', 'plan.read',
        ]);
    }

    public function testBetaTester()
    {
        $this->auth->setAssignments('role:beta-tester', 'user:beta-tester');

        $this->assertAccesses('user:beta-tester', [
            'test.beta',
        ]);
    }

    public function testAlphaTester()
    {
        $this->auth->setAssignments('role:alpha-tester', 'user:alpha-tester');

        $this->assertAccesses('user:alpha-tester', [
            'test.alpha', 'test.beta',
        ]);
    }
}


1		<?php
2		/**
3		* RBAC implementation for HiPanel
4		*
5		* @link https://github.com/hiqdev/hipanel-rbac
6		* @package hipanel-rbac
7		* @license BSD-3-Clause
8		* @copyright Copyright (c) 2016-2017, HiQDev (http://hiqdev.com/)
9		*/
10
11		namespace hipanel\rbac\tests\unit;
12
13		trait CheckAccessTrait
14		{
15		public function setAssignments()
16		{
17		foreach ($this->auth->getAllItems() as $item) {
18		$this->auth->setAssignment($item->name, $item->name);
19		}
20		}
21
22		public function testPermission()
23		{
24		foreach ($this->auth->getPermissions() as $user) {
25		foreach ($this->auth->getPermissions() as $perm) {
26		$this->assertSame($user->name === $perm->name, $this->auth->checkAccess($user->name, $perm->name));
27		}
28		}
29		}
30
31		public function assertAccesses($userId, array $allowedPermissions)
32		{
33		$allPermissions = array_keys($this->auth->getPermissions());
34		foreach ($allPermissions as $key => $permission) {
35		if (strncmp('deny:', $permission, 5) === 0) {
36		unset($allPermissions[$key]);
37		}
38		}
39		$deniedPermissions = array_diff($allPermissions, $allowedPermissions);
40
41		$this->assertAccess($userId, true, $allowedPermissions);
42		$this->assertAccess($userId, false, $deniedPermissions);
43		}
44
45		public function assertAccess($userId, $isAllowed, array $permissions)
46		{
47		foreach ($permissions as $permission) {
48		$checked = $this->auth->checkAccess($userId, $permission);
49		if ($checked !== $isAllowed) {
50		var_dump(compact('userId', 'isAllowed', 'permission'));
51		}
52		$this->assertSame($isAllowed, $checked);
53		}
54		}
55
56		public function testNobody()
57		{
58		$this->assertAccesses('role:nobody', [
59		'nothing',
60		]);
61		}
62
63		public function testUnauthorized()
64		{
65		$this->assertAccesses('', [
66		'restore-password', 'deposit',
67		]);
68		}
69
70		public function testClient()
71		{
72		$this->assertAccesses('role:client', [
73		'restore-password', 'deposit', 'have-goods',
74		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close',
75		'domain.read', 'domain.update', 'domain.pay', 'domain.push',
76		'certificate.read', 'certificate.create', 'certificate.update', 'certificate.pay', 'certificate.push',
77		'client.read',
78		'contact.read', 'contact.create', 'contact.update', 'contact.delete',
79		'server.read', 'server.pay',
80		'account.read', 'account.create', 'account.update', 'account.delete',
81		'bill.read', 'plan.read',
82		]);
83		}
84
85		public function testSupport()
86		{
87		$this->assertAccesses('role:support', [
88		'access-subclients', 'support',
89		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
90		'client.read',
91		'domain.read', 'domain.update',
92		'certificate.read', 'certificate.create', 'certificate.update',
93		'contact.read',
94		'server.read',
95		'account.read', 'account.create', 'account.update', 'account.delete',
96		'plan.read',
97		]);
98		}
99
100	View Code Duplication	public function testAdmin()
		0 ignored issues – show Duplication introduced 2017-12-18 15:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
101		{
102		$this->assertAccesses('role:admin', [
103		'access-subclients', 'support', 'admin',
104		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
105		'client.read',
106		'domain.read', 'domain.update',
107		'certificate.read', 'certificate.create', 'certificate.update',
108		'contact.read',
109		'server.read', 'server.create', 'server.update', 'server.delete',
110		'account.read', 'account.create', 'account.update', 'account.delete',
111		'plan.read',
112		]);
113		}
114
115		public function testManager()
116		{
117		$this->assertAccesses('role:manager', [
118		'access-subclients', 'support', 'manage',
119		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
120		'client.read', 'client.create', 'client.update', 'client.delete',
121		'bill.read',
122		'plan.read', 'plan.create', 'plan.update', 'plan.delete',
123		'domain.read', 'domain.update', 'domain.delete',
124		'domain.pay', 'domain.push',
125		'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push',
126		'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify',
127		'server.read', 'server.pay', 'server.sell',
128		'account.read', 'account.create', 'account.update', 'account.delete',
129		'document.read', 'document.create', 'document.update', 'document.delete', 'document.generate',
130		'mailing.prepare', 'mailing.send',
131		'part.read', 'part.create', 'part.update', 'part.delete',
132		'move.read', 'move.create', 'move.update', 'move.delete',
133		'model.read', 'model.create', 'model.update', 'model.delete',
134		]);
135		}
136
137		public function testReseller()
138		{
139		$this->assertAccesses('role:reseller', [
140		'deposit', 'have-goods',
141		'access-subclients', 'support', 'manage', 'resell',
142		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
143		'client.read', 'client.create', 'client.update', 'client.delete',
144		'bill.read', 'bill.create', 'bill.update', 'bill.delete',
145		'plan.read', 'plan.create', 'plan.update', 'plan.delete',
146		'domain.read', 'domain.update', 'domain.delete', 'domain.pay', 'domain.push',
147		'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push',
148		'server.read', 'server.pay', 'server.sell',
149		'account.read', 'account.create', 'account.update', 'account.delete',
150		'document.read', 'document.create', 'document.update', 'document.delete', 'document.generate',
151		'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify',
152		'mailing.prepare', 'mailing.send',
153		'part.read', 'part.create', 'part.update', 'part.delete',
154		'move.read', 'move.create', 'move.update', 'move.delete',
155		'model.read', 'model.create', 'model.update', 'model.delete',
156		]);
157		}
158
159		public function testEmployee()
160		{
161		$this->assertAccesses('role:employee', [
162		'restore-password', 'deposit',
163		'contact.read', 'contact.create', 'contact.update', 'contact.delete',
164		'bill.read', 'client.read', 'employee.read',
165		]);
166		}
167
168		public function testMighty()
169		{
170		$this->auth->setAssignments('role:admin,role:manager,role:document.master,role:bill.manager,domain.freeze,domain.force-push,domain.delete,employee.read', 'user:mighty');
171
172		$this->assertAccesses('user:mighty', [
173		'access-subclients', 'support', 'manage', 'admin',
174		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
175		'client.read', 'client.create', 'client.update', 'client.delete',
176		'bill.read', 'bill.create', 'bill.update', 'bill.delete',
177		'plan.read', 'plan.create', 'plan.update', 'plan.delete',
178		'domain.freeze',
179		'domain.read', 'domain.update', 'domain.delete',
180		'domain.pay', 'domain.push', 'domain.force-push',
181		'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push',
182		'server.read', 'server.create', 'server.update', 'server.delete', 'server.pay', 'server.sell',
183		'account.read', 'account.create', 'account.update', 'account.delete',
184		'document.read', 'document.create', 'document.update', 'document.delete',
185		'document.generate', 'document.generate-all',
186		'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify',
187		'mailing.prepare', 'mailing.send',
188		'part.read', 'part.create', 'part.update', 'part.delete',
189		'move.read', 'move.create', 'move.update', 'move.delete',
190		'model.read', 'model.create', 'model.update', 'model.delete',
191		'employee.read',
192		]);
193		}
194
195	View Code Duplication	public function testLimited()
		0 ignored issues – show Duplication introduced 2017-12-13 16:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
196		{
197		$this->auth->setAssignments('role:client,deny:deposit,deny:domain.push,deny:server.pay,deny:server.read', 'user:limited');
198
199		$this->assertAccesses('user:limited', [
200		'have-goods',
201		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close',
202		'domain.read', 'domain.update', 'domain.pay',
203		'certificate.read', 'certificate.create', 'certificate.update', 'certificate.pay', 'certificate.push',
204		'client.read',
205		'contact.read', 'contact.create', 'contact.update', 'contact.delete',
206		'account.read', 'account.create', 'account.update', 'account.delete',
207		'restore-password', 'bill.read', 'plan.read',
208		]);
209		}
210
211		public function testBetaTester()
212		{
213		$this->auth->setAssignments('role:beta-tester', 'user:beta-tester');
214
215		$this->assertAccesses('user:beta-tester', [
216		'test.beta',
217		]);
218		}
219
220		public function testAlphaTester()
221		{
222		$this->auth->setAssignments('role:alpha-tester', 'user:alpha-tester');
223
224		$this->assertAccesses('user:alpha-tester', [
225		'test.alpha', 'test.beta',
226		]);
227		}
228		}
229

hiqdev / hipanel-rbac

Push — master ( 9a014a...d69705 )

tests/unit/CheckAccessTrait.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like