These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * RBAC implementation for HiPanel |
||
4 | * |
||
5 | * @link https://github.com/hiqdev/hipanel-rbac |
||
6 | * @package hipanel-rbac |
||
7 | * @license BSD-3-Clause |
||
8 | * @copyright Copyright (c) 2016-2017, HiQDev (http://hiqdev.com/) |
||
9 | */ |
||
10 | |||
11 | namespace hipanel\rbac\tests\unit; |
||
12 | |||
13 | trait CheckAccessTrait |
||
14 | { |
||
15 | public function setAssignments() |
||
16 | { |
||
17 | foreach ($this->auth->getAllItems() as $item) { |
||
18 | $this->auth->setAssignment($item->name, $item->name); |
||
19 | } |
||
20 | } |
||
21 | |||
22 | public function testPermission() |
||
23 | { |
||
24 | foreach ($this->auth->getPermissions() as $user) { |
||
25 | foreach ($this->auth->getPermissions() as $perm) { |
||
26 | $this->assertSame($user->name === $perm->name, $this->auth->checkAccess($user->name, $perm->name)); |
||
27 | } |
||
28 | } |
||
29 | } |
||
30 | |||
31 | public function assertAccesses($userId, array $allowedPermissions) |
||
32 | { |
||
33 | $allPermissions = array_keys($this->auth->getPermissions()); |
||
34 | foreach ($allPermissions as $key => $permission) { |
||
35 | if (strncmp('deny:', $permission, 5) === 0) { |
||
36 | unset($allPermissions[$key]); |
||
37 | } |
||
38 | } |
||
39 | $deniedPermissions = array_diff($allPermissions, $allowedPermissions); |
||
40 | |||
41 | $this->assertAccess($userId, true, $allowedPermissions); |
||
42 | $this->assertAccess($userId, false, $deniedPermissions); |
||
43 | } |
||
44 | |||
45 | public function assertAccess($userId, $isAllowed, array $permissions) |
||
46 | { |
||
47 | foreach ($permissions as $permission) { |
||
48 | $checked = $this->auth->checkAccess($userId, $permission); |
||
49 | if ($checked !== $isAllowed) { |
||
50 | var_dump(compact('userId', 'isAllowed', 'permission')); |
||
51 | } |
||
52 | $this->assertSame($isAllowed, $checked); |
||
53 | } |
||
54 | } |
||
55 | |||
56 | public function testUnauthorized() |
||
57 | { |
||
58 | $this->assertAccesses('', [ |
||
59 | 'restore-password', 'deposit', |
||
60 | ]); |
||
61 | } |
||
62 | |||
63 | View Code Duplication | public function testClient() |
|
0 ignored issues
–
show
|
|||
64 | { |
||
65 | $this->assertAccesses('role:client', [ |
||
66 | 'restore-password', 'deposit', |
||
67 | 'domain.pay', 'domain.push', 'server.pay', |
||
68 | 'bill.read', |
||
69 | ]); |
||
70 | } |
||
71 | |||
72 | public function testSupport() |
||
73 | { |
||
74 | $this->assertAccesses('role:support', [ |
||
75 | 'support', |
||
76 | ]); |
||
77 | } |
||
78 | |||
79 | public function testManager() |
||
80 | { |
||
81 | $this->assertAccesses('role:manager', [ |
||
82 | 'support', 'manage', |
||
83 | 'bill.read', |
||
84 | 'domain.pay', 'domain.push', |
||
85 | 'server.pay', 'server.sell', |
||
86 | 'document.read', 'document.create', 'document.update', 'document.delete', |
||
87 | 'document.manage', 'document.generate', |
||
88 | 'contact.force-verify', |
||
89 | 'mailing.prepare', 'mailing.send', |
||
90 | 'stock.read', 'stock.create', 'stock.update', 'stock.delete', |
||
91 | ]); |
||
92 | } |
||
93 | |||
94 | View Code Duplication | public function testEmployee() |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
95 | { |
||
96 | $this->assertAccesses('role:employee', [ |
||
97 | 'restore-password', 'deposit', |
||
98 | 'domain.pay', 'domain.push', 'server.pay', |
||
99 | 'bill.read', |
||
100 | 'employee.read', |
||
101 | ]); |
||
102 | } |
||
103 | |||
104 | public function testMighty() |
||
105 | { |
||
106 | $this->auth->setAssignments('role:admin,role:manager,role:document.master,role:bill.manager,domain.freeze,domain.force-push,domain.delete,employee.read', 'user:mighty'); |
||
107 | |||
108 | $this->assertAccesses('user:mighty', [ |
||
109 | 'support', 'manage', 'admin', |
||
110 | 'bill.read', 'bill.create', 'bill.update', 'bill.delete', |
||
111 | 'domain.freeze', 'domain.push', 'domain.force-push', 'domain.delete', |
||
112 | 'domain.pay', 'server.pay', 'server.sell', |
||
113 | 'document.read', 'document.create', 'document.update', 'document.delete', |
||
114 | 'document.manage', 'document.generate', 'document.generate-all', |
||
115 | 'contact.force-verify', |
||
116 | 'mailing.prepare', 'mailing.send', |
||
117 | 'stock.read', 'stock.create', 'stock.update', 'stock.delete', |
||
118 | 'employee.read', |
||
119 | ]); |
||
120 | } |
||
121 | |||
122 | public function testDeny() |
||
123 | { |
||
124 | $this->auth->setAssignments('role:client,deny:deposit,deny:domain.push,deny:server.pay', 'user:limited'); |
||
125 | |||
126 | $this->assertAccesses('user:limited', [ |
||
127 | 'restore-password', 'domain.pay', 'bill.read', |
||
128 | ]); |
||
129 | } |
||
130 | |||
131 | public function testBetaTester() |
||
132 | { |
||
133 | $this->auth->setAssignments('role:beta-tester', 'user:beta-tester'); |
||
134 | |||
135 | $this->assertAccesses('user:beta-tester', [ |
||
136 | 'test.beta', |
||
137 | ]); |
||
138 | } |
||
139 | |||
140 | public function testAlphaTester() |
||
141 | { |
||
142 | $this->auth->setAssignments('role:alpha-tester', 'user:alpha-tester'); |
||
143 | |||
144 | $this->assertAccesses('user:alpha-tester', [ |
||
145 | 'test.alpha', 'test.beta', |
||
146 | ]); |
||
147 | } |
||
148 | } |
||
149 |
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.