Completed
Push — master ( b21a89...27844f )
by Andrii
02:23
created

CheckAccessTrait::testAlphaTester()   A

Complexity

Conditions 1
Paths 1

Size

Total Lines 8
Code Lines 4

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
c 0
b 0
f 0
dl 0
loc 8
rs 9.4285
cc 1
eloc 4
nc 1
nop 0
1
<?php
2
/**
3
 * RBAC implementation for HiPanel
4
 *
5
 * @link      https://github.com/hiqdev/hipanel-rbac
6
 * @package   hipanel-rbac
7
 * @license   BSD-3-Clause
8
 * @copyright Copyright (c) 2016-2017, HiQDev (http://hiqdev.com/)
9
 */
10
11
namespace hipanel\rbac\tests\unit;
12
13
trait CheckAccessTrait
14
{
15
    public function setAssignments()
16
    {
17
        foreach ($this->auth->getAllItems() as $item) {
18
            $this->auth->setAssignment($item->name, $item->name);
0 ignored issues
show
Bug introduced by Andrii Vasyliev
The property auth does not exist. Did you maybe forget to declare it?

In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code:

class MyClass { }

$x = new MyClass();
$x->foo = true;

Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion:

class MyClass {
    public $foo;
}

$x = new MyClass();
$x->foo = true;
Loading history...
19
        }
20
    }
21
22
    public function testPermission()
23
    {
24
        foreach ($this->auth->getPermissions() as $user) {
25
            foreach ($this->auth->getPermissions() as $perm) {
26
                $this->assertSame($user->name === $perm->name, $this->auth->checkAccess($user->name, $perm->name));
0 ignored issues
show
Bug introduced by Andrii Vasyliev
It seems like assertSame() must be provided by classes using this trait. How about adding it as abstract method to this trait?

This check looks for methods that are used by a trait but not required by it.

To illustrate, let’s look at the following code example

trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}

The trait Idable provides a method equalsId that in turn relies on the method getId(). If this method does not exist on a class mixing in this trait, the method will fail.

Adding the getId() as an abstract method to the trait will make sure it is available.

Loading history...
27
            }
28
        }
29
    }
30
31
    public function assertAccesses($userId, array $allowedPermissions)
32
    {
33
        $allPermissions = array_keys($this->auth->getPermissions());
34
        foreach ($allPermissions as $key => $permission) {
35
            if (strncmp('deny:', $permission, 5) === 0) {
36
                unset($allPermissions[$key]);
37
            }
38
        }
39
        $deniedPermissions = array_diff($allPermissions, $allowedPermissions);
40
41
        $this->assertAccess($userId, true, $allowedPermissions);
42
        $this->assertAccess($userId, false, $deniedPermissions);
43
    }
44
45
    public function assertAccess($userId, $isAllowed, array $permissions)
46
    {
47
        foreach ($permissions as $permission) {
48
            $checked = $this->auth->checkAccess($userId, $permission);
49
            if ($checked !== $isAllowed) {
50
                var_dump(compact('userId', 'isAllowed', 'permission'));
0 ignored issues
show
Security Debugging Code introduced by Andrii Vasyliev
var_dump(compact('userId...lowed', 'permission')); looks like debug code. Are you sure you do not want to remove it? This might expose sensitive data.
Loading history...
51
            }
52
            $this->assertSame($isAllowed, $checked);
0 ignored issues
show
Bug introduced by Andrii Vasyliev
It seems like assertSame() must be provided by classes using this trait. How about adding it as abstract method to this trait?

This check looks for methods that are used by a trait but not required by it.

To illustrate, let’s look at the following code example

trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}

The trait Idable provides a method equalsId that in turn relies on the method getId(). If this method does not exist on a class mixing in this trait, the method will fail.

Adding the getId() as an abstract method to the trait will make sure it is available.

Loading history...
53
        }
54
    }
55
56
    public function testUnauthorized()
57
    {
58
        $this->assertAccesses('', [
59
            'restore-password', 'deposit',
60
        ]);
61
    }
62
63
    public function testClient()
64
    {
65
        $this->assertAccesses('role:client', [
66
            'restore-password', 'deposit',
67
            'domain.pay', 'domain.push', 'server.pay',
68
        ]);
69
    }
70
71
    public function testSupport()
72
    {
73
        $this->assertAccesses('role:support', [
74
            'support',
75
        ]);
76
    }
77
78
    public function testManager()
79
    {
80
        $this->assertAccesses('role:manager', [
81
            'support', 'manage',
82
            'domain.pay', 'domain.push',
83
            'server.pay', 'server.sell',
84
            'document.manage', 'document.generate',
85
            'contact.force-verify',
86
            'mailing.prepare', 'mailing.send',
87
        ]);
88
    }
89
90
    public function testEmployee()
91
    {
92
        $this->assertAccesses('role:employee', [
93
            'restore-password', 'deposit',
94
            'domain.pay', 'domain.push', 'server.pay',
95
            'employee.read',
96
        ]);
97
    }
98
99
    public function testMighty()
100
    {
101
        $this->auth->setAssignments('role:admin,role:manager,role:document.master,bill.create,domain.freeze,domain.force-push,domain.delete,employee.read', 'user:mighty');
102
103
        $this->assertAccesses('user:mighty', [
104
            'support', 'manage', 'admin',
105
            'employee.read', 'bill.create',
106
            'domain.freeze', 'domain.push', 'domain.force-push', 'domain.delete',
107
            'domain.pay', 'server.pay', 'server.sell',
108
            'document.manage', 'document.generate', 'document.generate-all',
109
            'contact.force-verify',
110
            'mailing.prepare', 'mailing.send',
111
        ]);
112
    }
113
114
    public function testDeny()
115
    {
116
        $this->auth->setAssignments('role:client,deny:deposit,deny:domain.push,deny:server.pay', 'user:limited');
117
118
        $this->assertAccesses('user:limited', [
119
            'restore-password',
120
            'domain.pay',
121
        ]);
122
    }
123
124
    public function testBetaTester()
125
    {
126
        $this->auth->setAssignments('role:beta-tester', 'user:beta-tester');
127
128
        $this->assertAccesses('user:beta-tester', [
129
            'test.beta',
130
        ]);
131
    }
132
133
    public function testAlphaTester()
134
    {
135
        $this->auth->setAssignments('role:alpha-tester', 'user:alpha-tester');
136
137
        $this->assertAccesses('user:alpha-tester', [
138
            'test.alpha', 'test.beta',
139
        ]);
140
    }
141
}
142