Completed
Push — master ( 7ef8dd...06019f )
by Andrii
03:01
created

CheckAccessTrait::assertAccesses()   A

Complexity

Conditions 3
Paths 3

Size

Total Lines 13
Code Lines 8

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
c 0
b 0
f 0
dl 0
loc 13
rs 9.4285
cc 3
eloc 8
nc 3
nop 2
1
<?php
2
/**
3
 * RBAC implementation for HiPanel
4
 *
5
 * @link      https://github.com/hiqdev/hipanel-rbac
6
 * @package   hipanel-rbac
7
 * @license   BSD-3-Clause
8
 * @copyright Copyright (c) 2016-2017, HiQDev (http://hiqdev.com/)
9
 */
10
11
namespace hipanel\rbac\tests\unit;
12
13
trait CheckAccessTrait
14
{
15
    public function setAssignments()
16
    {
17
        foreach ($this->auth->getAllItems() as $item) {
18
            $this->auth->setAssignment($item->name, $item->name);
0 ignored issues
show
Bug introduced by
The property auth does not exist. Did you maybe forget to declare it?

In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code:

class MyClass { }

$x = new MyClass();
$x->foo = true;

Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion:

class MyClass {
    public $foo;
}

$x = new MyClass();
$x->foo = true;
Loading history...
19
        }
20
    }
21
22
    public function testPermission()
23
    {
24
        foreach ($this->auth->getPermissions() as $user) {
25
            foreach ($this->auth->getPermissions() as $perm) {
26
                $this->assertSame($user->name === $perm->name, $this->auth->checkAccess($user->name, $perm->name));
0 ignored issues
show
Bug introduced by
It seems like assertSame() must be provided by classes using this trait. How about adding it as abstract method to this trait?

This check looks for methods that are used by a trait but not required by it.

To illustrate, let’s look at the following code example

trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}

The trait Idable provides a method equalsId that in turn relies on the method getId(). If this method does not exist on a class mixing in this trait, the method will fail.

Adding the getId() as an abstract method to the trait will make sure it is available.

Loading history...
27
            }
28
        }
29
    }
30
31
    public function assertAccesses($userId, array $allowedPermissions)
32
    {
33
        $allPermissions = array_keys($this->auth->getPermissions());
34
        foreach ($allPermissions as $key => $permission) {
35
            if (strncmp('deny:', $permission, 5) === 0) {
36
                unset($allPermissions[$key]);
37
            }
38
        }
39
        $deniedPermissions = array_diff($allPermissions, $allowedPermissions);
40
41
        $this->assertAccess($userId, true, $allowedPermissions);
42
        $this->assertAccess($userId, false, $deniedPermissions);
43
    }
44
45
    public function assertAccess($userId, $isAllowed, array $permissions)
46
    {
47
        foreach ($permissions as $permission) {
48
            $checked = $this->auth->checkAccess($userId, $permission);
49
            if ($checked !== $isAllowed) {
50
                var_dump(compact('userId', 'isAllowed', 'permission'));
0 ignored issues
show
Security Debugging Code introduced by
var_dump(compact('userId...lowed', 'permission')); looks like debug code. Are you sure you do not want to remove it? This might expose sensitive data.
Loading history...
51
            }
52
            $this->assertSame($isAllowed, $checked);
0 ignored issues
show
Bug introduced by
It seems like assertSame() must be provided by classes using this trait. How about adding it as abstract method to this trait?

This check looks for methods that are used by a trait but not required by it.

To illustrate, let’s look at the following code example

trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}

The trait Idable provides a method equalsId that in turn relies on the method getId(). If this method does not exist on a class mixing in this trait, the method will fail.

Adding the getId() as an abstract method to the trait will make sure it is available.

Loading history...
53
        }
54
    }
55
56
    public function testNobody()
57
    {
58
        $this->assertAccesses('role:nobody', [
59
            'nothing',
60
        ]);
61
    }
62
63
    public function testUnauthorized()
64
    {
65
        $this->assertAccesses('', [
66
            'restore-password', 'deposit',
67
        ]);
68
    }
69
70 View Code Duplication
    public function testClient()
0 ignored issues
show
Duplication introduced by
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
71
    {
72
        $this->assertAccesses('role:client', [
73
            'restore-password', 'deposit', 'have-goods',
74
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close',
75
            'domain.read', 'domain.update', 'domain.pay', 'domain.push',
76
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.pay', 'certificate.push',
77
            'server.read', 'server.pay',
78
            'account.read', 'account.create', 'account.update', 'account.delete',
79
            'bill.read', 'plan.read',
80
        ]);
81
    }
82
83 View Code Duplication
    public function testSupport()
0 ignored issues
show
Duplication introduced by
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
84
    {
85
        $this->assertAccesses('role:support', [
86
            'access-subclients', 'support',
87
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
88
            'client.read',
89
            'domain.read', 'domain.update',
90
            'certificate.read', 'certificate.create', 'certificate.update',
91
            'server.read',
92
            'account.read', 'account.create', 'account.update', 'account.delete',
93
            'plan.read',
94
        ]);
95
    }
96
97 View Code Duplication
    public function testAdmin()
0 ignored issues
show
Duplication introduced by
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
98
    {
99
        $this->assertAccesses('role:admin', [
100
            'access-subclients', 'support', 'admin',
101
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
102
            'client.read',
103
            'domain.read', 'domain.update',
104
            'certificate.read', 'certificate.create', 'certificate.update',
105
            'server.read', 'server.create', 'server.update', 'server.delete',
106
            'account.read', 'account.create', 'account.update', 'account.delete',
107
            'plan.read',
108
        ]);
109
    }
110
111
    public function testManager()
112
    {
113
        $this->assertAccesses('role:manager', [
114
            'access-subclients', 'support', 'manage',
115
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
116
            'client.read', 'client.create', 'client.update', 'client.delete',
117
            'bill.read',
118
            'plan.read', 'plan.create', 'plan.update', 'plan.delete',
119
            'domain.read', 'domain.update', 'domain.delete',
120
            'domain.pay', 'domain.push',
121
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push',
122
            'server.read', 'server.pay', 'server.sell',
123
            'account.read', 'account.create', 'account.update', 'account.delete',
124
            'document.read', 'document.create', 'document.update', 'document.delete', 'document.generate',
125
            'contact.force-verify',
126
            'mailing.prepare', 'mailing.send',
127
            'part.read', 'part.create', 'part.update', 'part.delete',
128
            'move.read', 'move.create', 'move.update', 'move.delete',
129
            'model.read', 'model.create', 'model.update', 'model.delete',
130
        ]);
131
    }
132
133
    public function testReseller()
134
    {
135
        $this->assertAccesses('role:reseller', [
136
            'deposit', 'have-goods',
137
            'access-subclients', 'support', 'manage', 'resell',
138
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
139
            'client.read', 'client.create', 'client.update', 'client.delete',
140
            'bill.read', 'bill.create', 'bill.update', 'bill.delete',
141
            'plan.read', 'plan.create', 'plan.update', 'plan.delete',
142
            'domain.read', 'domain.update', 'domain.delete', 'domain.pay', 'domain.push',
143
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push',
144
            'server.read', 'server.pay', 'server.sell',
145
            'account.read', 'account.create', 'account.update', 'account.delete',
146
            'document.read', 'document.create', 'document.update', 'document.delete', 'document.generate',
147
            'contact.force-verify',
148
            'mailing.prepare', 'mailing.send',
149
            'part.read', 'part.create', 'part.update', 'part.delete',
150
            'move.read', 'move.create', 'move.update', 'move.delete',
151
            'model.read', 'model.create', 'model.update', 'model.delete',
152
        ]);
153
    }
154
155
    public function testEmployee()
156
    {
157
        $this->assertAccesses('role:employee', [
158
            'restore-password', 'deposit',
159
            'bill.read', 'employee.read',
160
        ]);
161
    }
162
163
    public function testMighty()
164
    {
165
        $this->auth->setAssignments('role:admin,role:manager,role:document.master,role:bill.manager,domain.freeze,domain.force-push,domain.delete,employee.read', 'user:mighty');
166
167
        $this->assertAccesses('user:mighty', [
168
            'access-subclients', 'support', 'manage', 'admin',
169
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
170
            'client.read', 'client.create', 'client.update', 'client.delete',
171
            'bill.read', 'bill.create', 'bill.update', 'bill.delete',
172
            'plan.read', 'plan.create', 'plan.update', 'plan.delete',
173
            'domain.freeze',
174
            'domain.read', 'domain.update', 'domain.delete',
175
            'domain.pay', 'domain.push', 'domain.force-push',
176
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push',
177
            'server.read', 'server.create', 'server.update', 'server.delete', 'server.pay', 'server.sell',
178
            'account.read', 'account.create', 'account.update', 'account.delete',
179
            'document.read', 'document.create', 'document.update', 'document.delete',
180
            'document.generate', 'document.generate-all',
181
            'contact.force-verify',
182
            'mailing.prepare', 'mailing.send',
183
            'part.read', 'part.create', 'part.update', 'part.delete',
184
            'move.read', 'move.create', 'move.update', 'move.delete',
185
            'model.read', 'model.create', 'model.update', 'model.delete',
186
            'employee.read',
187
        ]);
188
    }
189
190 View Code Duplication
    public function testLimited()
0 ignored issues
show
Duplication introduced by
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
191
    {
192
        $this->auth->setAssignments('role:client,deny:deposit,deny:domain.push,deny:server.pay,deny:server.read', 'user:limited');
193
194
        $this->assertAccesses('user:limited', [
195
            'have-goods',
196
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close',
197
            'domain.read', 'domain.update', 'domain.pay',
198
            'certificate.read', 'certificate.create', 'certificate.update', 'certificate.pay', 'certificate.push',
199
            'account.read', 'account.create', 'account.update', 'account.delete',
200
            'restore-password', 'bill.read', 'plan.read',
201
        ]);
202
    }
203
204
    public function testBetaTester()
205
    {
206
        $this->auth->setAssignments('role:beta-tester', 'user:beta-tester');
207
208
        $this->assertAccesses('user:beta-tester', [
209
            'test.beta',
210
        ]);
211
    }
212
213
    public function testAlphaTester()
214
    {
215
        $this->auth->setAssignments('role:alpha-tester', 'user:alpha-tester');
216
217
        $this->assertAccesses('user:alpha-tester', [
218
            'test.alpha', 'test.beta',
219
        ]);
220
    }
221
}
222