1 | <?php |
||||||
2 | /** |
||||||
3 | * RBAC implementation for HiPanel |
||||||
4 | * |
||||||
5 | * @link https://github.com/hiqdev/hipanel-rbac |
||||||
6 | * @package hipanel-rbac |
||||||
7 | * @license BSD-3-Clause |
||||||
8 | * @copyright Copyright (c) 2016-2020, HiQDev (http://hiqdev.com/) |
||||||
9 | */ |
||||||
10 | |||||||
11 | namespace hipanel\rbac\tests\unit; |
||||||
12 | |||||||
13 | trait CheckAccessTrait |
||||||
14 | { |
||||||
15 | public function setAssignments() |
||||||
16 | { |
||||||
17 | foreach ($this->auth->getAllItems() as $item) { |
||||||
18 | $this->auth->setAssignment($item->name, $item->name); |
||||||
19 | } |
||||||
20 | } |
||||||
21 | |||||||
22 | public function assertAccesses($userId, array $allowedPermissions) |
||||||
23 | { |
||||||
24 | $deniedPermissions = array_diff($this->getAllPermissions(), $allowedPermissions); |
||||||
25 | |||||||
26 | $this->assertAccess($userId, true, $allowedPermissions); |
||||||
27 | $this->assertAccess($userId, false, $deniedPermissions); |
||||||
28 | } |
||||||
29 | |||||||
30 | public function assertAccess($userId, $isAllowed, array $permissions) |
||||||
31 | { |
||||||
32 | foreach ($permissions as $permission) { |
||||||
33 | $checked = $this->auth->checkAccess($userId, $permission); |
||||||
34 | if ($checked !== $isAllowed) { |
||||||
35 | var_dump(compact('userId', 'isAllowed', 'permission')); |
||||||
0 ignored issues
–
show
Security
Debugging Code
introduced
by
Loading history...
|
|||||||
36 | } |
||||||
37 | $this->assertSame($isAllowed, $checked); |
||||||
0 ignored issues
–
show
It seems like
assertSame() must be provided by classes using this trait. How about adding it as abstract method to this trait?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||||
38 | } |
||||||
39 | } |
||||||
40 | |||||||
41 | protected $allPermissions; |
||||||
42 | |||||||
43 | protected function getAllPermissions() |
||||||
44 | { |
||||||
45 | if (empty($this->allPermissions)) { |
||||||
46 | $this->allPermissions = array_keys($this->auth->getPermissions()); |
||||||
47 | foreach ($this->allPermissions as $key => $permission) { |
||||||
48 | if (strncmp('deny:', $permission, 5) === 0) { |
||||||
49 | unset($this->allPermissions[$key]); |
||||||
50 | } |
||||||
51 | } |
||||||
52 | } |
||||||
53 | |||||||
54 | return $this->allPermissions; |
||||||
55 | } |
||||||
56 | |||||||
57 | public function testNobody() |
||||||
58 | { |
||||||
59 | $this->assertAccesses('role:nobody', [ |
||||||
60 | 'nothing', |
||||||
61 | ]); |
||||||
62 | } |
||||||
63 | |||||||
64 | public function testUnauthorized() |
||||||
65 | { |
||||||
66 | $this->assertAccesses('', [ |
||||||
67 | 'restore-password', 'deposit', 'server.pay', 'plan.read', |
||||||
68 | ]); |
||||||
69 | } |
||||||
70 | |||||||
71 | public function testClient() |
||||||
72 | { |
||||||
73 | $this->assertAccesses('role:client', [ |
||||||
74 | 'restore-password', 'deposit', 'have-goods', |
||||||
75 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', |
||||||
76 | 'domain.read', 'domain.update', 'domain.pay', 'domain.push', 'domain.delete-agp', 'domain.set-nss', |
||||||
77 | 'dns.create', 'dns.read', 'dns.update', 'dns.delete', |
||||||
78 | 'certificate.read', 'certificate.create', 'certificate.update', 'certificate.pay', 'certificate.push', |
||||||
79 | 'document.read', 'document.create', 'document.invoice', |
||||||
80 | 'contact.read', 'contact.create', 'contact.update', 'contact.delete', |
||||||
81 | 'server.read', 'server.pay', 'server.control-power', 'server.control-system', 'server.set-note', |
||||||
82 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||||||
83 | 'bill.read', 'plan.read', 'finance.read', 'price.read', 'sale.read', |
||||||
84 | 'backup.read', 'backup.delete', |
||||||
85 | 'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete', |
||||||
86 | 'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete', |
||||||
87 | 'db.read', 'db.create', 'db.update', 'db.delete', |
||||||
88 | 'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete', 'hdomain.set-dns', |
||||||
89 | 'mail.read', 'mail.create', 'mail.update', 'mail.delete', |
||||||
90 | 'request.read', 'request.create', 'request.update', 'request.delete', |
||||||
91 | 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', |
||||||
92 | 'ip.read', 'service.read', 'client.notify', |
||||||
93 | ]); |
||||||
94 | } |
||||||
95 | |||||||
96 | public function testSupport() |
||||||
97 | { |
||||||
98 | $this->assertAccesses('role:support', [ |
||||||
99 | 'access-subclients', 'support', |
||||||
100 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', |
||||||
101 | 'client.read', 'client.list', |
||||||
102 | 'domain.read', 'domain.update', 'domain.delete-agp', 'domain.set-nss', |
||||||
103 | 'dns.create', 'dns.read', 'dns.update', 'dns.delete', |
||||||
104 | 'certificate.read', 'certificate.create', 'certificate.update', |
||||||
105 | 'contact.read', 'contact.create', 'contact.update', 'contact.delete', |
||||||
106 | 'server.read', 'server.control-power', 'server.control-system', 'server.set-note', |
||||||
107 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||||||
108 | 'backup.read', 'backup.delete', |
||||||
109 | 'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete', |
||||||
110 | 'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete', |
||||||
111 | 'db.read', 'db.create', 'db.update', 'db.delete', |
||||||
112 | 'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete', 'hdomain.set-dns', |
||||||
113 | 'mail.read', 'mail.create', 'mail.update', 'mail.delete', |
||||||
114 | 'request.read', 'request.create', 'request.update', 'request.delete', |
||||||
115 | 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', |
||||||
116 | 'ip.read', 'service.read', |
||||||
117 | ]); |
||||||
118 | } |
||||||
119 | |||||||
120 | public function testAdmin() |
||||||
121 | { |
||||||
122 | $this->assertAccesses('role:admin', [ |
||||||
123 | 'access-subclients', 'support', 'admin', |
||||||
124 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', |
||||||
125 | 'client.read', 'client.list', |
||||||
126 | 'domain.read', 'domain.update', 'domain.delete-agp', 'domain.set-nss', |
||||||
127 | 'dns.create', 'dns.read', 'dns.update', 'dns.delete', |
||||||
128 | 'certificate.read', 'certificate.create', 'certificate.update', |
||||||
129 | 'contact.read', 'contact.create', 'contact.update', 'contact.delete', |
||||||
130 | |||||||
131 | 'server.read', 'server.create', 'server.update', 'server.delete', 'server.control-power', |
||||||
132 | 'server.control-system', 'server.wizzard', 'server.set-label', 'server.set-note', 'server.manage-settings', |
||||||
133 | 'server.see-label', |
||||||
134 | |||||||
135 | 'hub.read', 'hub.create', 'hub.update', 'hub.delete', |
||||||
136 | 'consumption.read', |
||||||
137 | 'stock.read', |
||||||
138 | 'part.read-all-hierarchy', |
||||||
139 | 'part.read', 'part.create', 'part.update', 'part.delete', |
||||||
140 | 'move.read', 'move.create', 'move.update', 'move.delete', 'move.get-directions', |
||||||
141 | 'order.read', |
||||||
142 | 'model.read', 'model.create', 'model.update', 'model.delete', |
||||||
143 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||||||
144 | 'backup.read', 'backup.delete', |
||||||
145 | 'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete', |
||||||
146 | 'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete', |
||||||
147 | 'db.read', 'db.create', 'db.update', 'db.delete', |
||||||
148 | 'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete', 'hdomain.set-dns', |
||||||
149 | 'mail.read', 'mail.create', 'mail.update', 'mail.delete', |
||||||
150 | 'request.read', 'request.create', 'request.update', 'request.delete', |
||||||
151 | 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', |
||||||
152 | 'ip.read', 'ip.create', 'ip.update', 'ip.delete', |
||||||
153 | 'service.read', 'service.create', 'service.update', 'service.delete', |
||||||
154 | ]); |
||||||
155 | } |
||||||
156 | |||||||
157 | public function testAccounter() |
||||||
158 | { |
||||||
159 | $this->assertAccesses('role:accounter', [ |
||||||
160 | 'access-subclients', 'support', 'manage', 'access-reseller', |
||||||
161 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', |
||||||
162 | 'client.read', 'client.create', 'client.update', 'client.delete', 'client.list', |
||||||
163 | 'client.set-tmp-pwd', 'contact.set-verified', 'client.block', 'client.unblock', |
||||||
164 | 'client.get-note', 'client.set-note', 'client.set-description', |
||||||
165 | 'bill.read', |
||||||
166 | 'purse.update', 'purse.read', |
||||||
167 | 'sale.read', 'sale.delete', 'sale.create', 'sale.update', |
||||||
168 | 'plan.read', 'plan.create', 'plan.update', 'plan.delete', 'plan.force-read', |
||||||
169 | 'price.read', 'price.create', 'price.update', 'price.delete', |
||||||
170 | 'domain.read', 'domain.update', 'domain.delete', |
||||||
171 | 'domain.pay', 'domain.push', 'domain.delete-agp', 'domain.set-nss', |
||||||
172 | 'dns.create', 'dns.read', 'dns.update', 'dns.delete', |
||||||
173 | 'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push', |
||||||
174 | 'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify', |
||||||
175 | 'server.read', 'server.pay', 'server.sell', 'server.control-power', 'server.control-system', 'server.enable-block', 'server.disable-block', 'server.set-label', 'server.set-note', 'server.see-label', |
||||||
176 | 'consumption.read', 'consumption.update', 'consumption.delete', |
||||||
177 | 'document.read', 'document.create', 'document.update', 'document.delete', |
||||||
178 | 'document.generate', 'document.acceptance', 'document.invoice', |
||||||
179 | 'mailing.prepare', 'mailing.send', |
||||||
180 | 'stock.read', |
||||||
181 | 'part.read-all-hierarchy', |
||||||
182 | 'hub.read', 'hub.sell', |
||||||
183 | 'part.read', 'part.create', 'part.update', 'part.delete', |
||||||
184 | 'move.read', 'move.create', 'move.update', 'move.delete', 'move.get-directions', |
||||||
185 | 'model.read', 'model.create', 'model.update', 'model.delete', |
||||||
186 | 'order.read', |
||||||
187 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||||||
188 | 'bill.read', 'plan.read', 'finance.read', |
||||||
189 | 'backup.read', 'backup.delete', |
||||||
190 | 'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete', |
||||||
191 | 'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete', |
||||||
192 | 'db.read', 'db.create', 'db.update', 'db.delete', |
||||||
193 | 'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete', 'hdomain.set-dns', |
||||||
194 | 'mail.read', 'mail.create', 'mail.update', 'mail.delete', |
||||||
195 | 'request.read', 'request.create', 'request.update', 'request.delete', |
||||||
196 | 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', |
||||||
197 | 'ip.read', 'service.read', 'client.notify', |
||||||
198 | ]); |
||||||
199 | } |
||||||
200 | |||||||
201 | public function testManager() |
||||||
202 | { |
||||||
203 | $this->assertAccesses('role:manager', [ |
||||||
204 | 'access-subclients', 'support', 'manage', 'access-reseller', |
||||||
205 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', |
||||||
206 | 'client.read', 'client.create', 'client.update', 'client.delete', 'client.list', |
||||||
207 | 'client.set-tmp-pwd', 'contact.set-verified', 'client.block', 'client.unblock', |
||||||
208 | 'client.get-note', 'client.set-note', 'client.set-description', |
||||||
209 | 'bill.read', |
||||||
210 | 'purse.update', 'purse.read', |
||||||
211 | 'sale.read', 'sale.delete', 'sale.create', 'sale.update', |
||||||
212 | 'plan.read', 'plan.create', 'plan.update', 'plan.delete', 'plan.force-read', |
||||||
213 | 'price.read', 'price.create', 'price.update', 'price.delete', |
||||||
214 | 'domain.read', 'domain.update', 'domain.delete', 'domain.delete-agp', 'domain.set-nss', |
||||||
215 | 'domain.pay', 'domain.push', |
||||||
216 | 'dns.create', 'dns.read', 'dns.update', 'dns.delete', |
||||||
217 | 'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push', |
||||||
218 | 'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify', |
||||||
219 | 'server.read', 'server.pay', 'server.sell', 'server.control-power', 'server.control-system', 'server.enable-block', 'server.disable-block', 'server.set-label', 'server.set-note', |
||||||
220 | 'server.see-label', |
||||||
221 | 'consumption.read', 'consumption.update', 'consumption.delete', |
||||||
222 | 'document.read', 'document.create', 'document.update', 'document.delete', |
||||||
223 | 'document.generate', 'document.acceptance', 'document.invoice', |
||||||
224 | 'mailing.prepare', 'mailing.send', |
||||||
225 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||||||
226 | 'bill.read', 'plan.read', 'finance.read', |
||||||
227 | 'backup.read', 'backup.delete', |
||||||
228 | 'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete', |
||||||
229 | 'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete', |
||||||
230 | 'db.read', 'db.create', 'db.update', 'db.delete', |
||||||
231 | 'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete', 'hdomain.set-dns', |
||||||
232 | 'mail.read', 'mail.create', 'mail.update', 'mail.delete', |
||||||
233 | 'request.read', 'request.create', 'request.update', 'request.delete', |
||||||
234 | 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', |
||||||
235 | 'ip.read', 'service.read', 'client.notify', |
||||||
236 | ]); |
||||||
237 | } |
||||||
238 | |||||||
239 | public function testReseller() |
||||||
240 | { |
||||||
241 | $this->assertAccesses('role:reseller', [ |
||||||
242 | 'deposit', 'have-goods', |
||||||
243 | 'access-subclients', 'support', 'manage', 'resell', |
||||||
244 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', |
||||||
245 | 'client.read', 'client.create', 'client.update', 'client.delete', 'client.list', |
||||||
246 | 'client.set-tmp-pwd', 'contact.set-verified', 'client.block', 'client.unblock', |
||||||
247 | 'client.get-note', 'client.set-note', 'client.set-description', |
||||||
248 | 'bill.read', 'bill.create', 'bill.update', 'bill.delete', |
||||||
249 | 'plan.read', 'plan.create', 'plan.update', 'plan.delete', 'plan.force-read', |
||||||
250 | 'price.read', 'price.create', 'price.update', 'price.delete', |
||||||
251 | 'sale.read', 'sale.delete', 'sale.create', 'sale.update', |
||||||
252 | 'purse.update', 'purse.read', 'purse.create', |
||||||
253 | 'domain.read', 'domain.update', 'domain.delete', 'domain.pay', 'domain.push', 'domain.delete-agp', 'domain.set-nss', |
||||||
254 | 'dns.create', 'dns.read', 'dns.update', 'dns.delete', |
||||||
255 | 'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push', |
||||||
256 | 'server.read', 'server.pay', 'server.sell', 'server.control-power', 'server.control-system', 'server.enable-block', 'server.disable-block', 'server.set-label', 'server.set-note', |
||||||
257 | 'server.see-label', |
||||||
258 | 'consumption.read', 'consumption.update', 'consumption.delete', |
||||||
259 | 'document.read', 'document.create', 'document.update', 'document.delete', |
||||||
260 | 'document.generate', 'document.acceptance', 'document.invoice', |
||||||
261 | 'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify', |
||||||
262 | 'mailing.prepare', 'mailing.send', |
||||||
263 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||||||
264 | 'bill.read', 'plan.read', 'finance.read', |
||||||
265 | 'backup.read', 'backup.delete', |
||||||
266 | 'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete', |
||||||
267 | 'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete', |
||||||
268 | 'db.read', 'db.create', 'db.update', 'db.delete', |
||||||
269 | 'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete', 'hdomain.set-dns', |
||||||
270 | 'mail.read', 'mail.create', 'mail.update', 'mail.delete', |
||||||
271 | 'request.read', 'request.create', 'request.update', 'request.delete', |
||||||
272 | 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', |
||||||
273 | 'ip.read', 'service.read', 'client.notify', |
||||||
274 | 'integration.read', 'integration.create', 'integration.update', 'integration.delete', |
||||||
275 | ]); |
||||||
276 | } |
||||||
277 | |||||||
278 | public function testEmployee() |
||||||
279 | { |
||||||
280 | $this->assertAccesses('role:employee', [ |
||||||
281 | 'restore-password', 'deposit', |
||||||
282 | 'contact.read', 'contact.create', 'contact.update', 'contact.delete', |
||||||
283 | 'document.read', 'document.create', 'document.acceptance', |
||||||
284 | 'bill.read', 'employee.read', 'finance.read', |
||||||
285 | ]); |
||||||
286 | } |
||||||
287 | |||||||
288 | public function testMighty() |
||||||
289 | { |
||||||
290 | $this->auth->setAssignments('role:admin,role:manager,role:document.master,role:finance.master,role:stock.master,role:config.manager,domain.freeze,domain.force-push,domain.delete,employee.read,domain.force-send-foa,deny:deposit', 'user:mighty'); |
||||||
291 | |||||||
292 | $this->assertAccesses('user:mighty', [ |
||||||
293 | 'access-subclients', 'access-reseller', |
||||||
294 | 'support', 'manage', 'admin', |
||||||
295 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', |
||||||
296 | 'client.read', 'client.create', 'client.update', 'client.delete', 'client.list', |
||||||
297 | 'client.set-tmp-pwd', 'contact.set-verified', 'client.block', 'client.unblock', |
||||||
298 | 'client.get-note', 'client.set-note', 'client.set-description', |
||||||
299 | 'bill.read', 'bill.create', 'bill.update', 'bill.delete', |
||||||
300 | 'plan.read', 'plan.create', 'plan.update', 'plan.delete', 'plan.force-read', |
||||||
301 | 'price.read', 'price.create', 'price.update', 'price.delete', |
||||||
302 | 'sale.read', 'sale.delete', 'sale.create', 'sale.update', |
||||||
303 | 'domain.freeze', |
||||||
304 | 'domain.read', 'domain.update', 'domain.delete', 'domain.delete-agp', 'domain.set-nss', |
||||||
305 | 'domain.pay', 'domain.push', 'domain.force-push', 'domain.force-send-foa', |
||||||
306 | 'dns.create', 'dns.read', 'dns.update', 'dns.delete', |
||||||
307 | 'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push', |
||||||
308 | |||||||
309 | 'server.read', 'server.create', 'server.update', 'server.delete', 'server.pay', 'server.sell', |
||||||
310 | 'server.control-power', 'server.control-system', 'server.wizzard', 'server.manage-settings', |
||||||
311 | |||||||
312 | 'purse.update', 'purse.read', 'purse.create', |
||||||
313 | |||||||
314 | 'server.enable-block', 'server.disable-block', 'server.set-label', 'server.set-note', 'server.see-label', |
||||||
315 | 'hub.read', 'hub.create', 'hub.update', 'hub.delete', |
||||||
316 | 'config.read', 'config.create', 'config.update', 'config.delete', |
||||||
317 | 'consumption.read', 'consumption.update', 'consumption.delete', |
||||||
318 | 'document.read', 'document.create', 'document.update', 'document.delete', |
||||||
319 | 'document.generate', 'document.generate-all', |
||||||
320 | 'document.acceptance', 'document.invoice', |
||||||
321 | 'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify', |
||||||
322 | 'mailing.prepare', 'mailing.send', |
||||||
323 | 'stock.read', |
||||||
324 | 'part.read-all-hierarchy', |
||||||
325 | 'part.read', 'part.create', 'part.update', 'part.delete', |
||||||
326 | 'order.read', 'order.read', 'order.create', 'order.update', 'order.delete', 'order.read-profits', |
||||||
327 | 'move.read', 'move.create', 'move.update', 'move.delete', 'move.read-all', 'move.get-directions', |
||||||
328 | 'model.read', 'model.create', 'model.update', 'model.delete', |
||||||
329 | 'employee.read', 'client.notify', |
||||||
330 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||||||
331 | 'bill.read', 'plan.read', 'finance.read', |
||||||
332 | 'backup.read', 'backup.delete', |
||||||
333 | 'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete', |
||||||
334 | 'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete', |
||||||
335 | 'db.read', 'db.create', 'db.update', 'db.delete', |
||||||
336 | 'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete', 'hdomain.set-dns', |
||||||
337 | 'mail.read', 'mail.create', 'mail.update', 'mail.delete', |
||||||
338 | 'request.read', 'request.create', 'request.update', 'request.delete', |
||||||
339 | 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', |
||||||
340 | 'ip.read', 'ip.create', 'ip.update', 'ip.delete', |
||||||
341 | 'service.read', 'service.create', 'service.update', 'service.delete', |
||||||
342 | ]); |
||||||
343 | } |
||||||
344 | |||||||
345 | public function testConsumptionMaster(): void |
||||||
346 | { |
||||||
347 | $this->assertAccesses('role:consumption.master', [ |
||||||
348 | 'consumption.read', 'consumption.update', 'consumption.delete', |
||||||
349 | 'consumption.read-all', |
||||||
350 | ]); |
||||||
351 | } |
||||||
352 | |||||||
353 | public function testAlmighty() |
||||||
354 | { |
||||||
355 | $this->assertAccesses('role:almighty', [ |
||||||
356 | 'access-subclients', 'access-reseller', |
||||||
357 | 'support', 'manage', 'admin', |
||||||
358 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', |
||||||
359 | 'client.read', 'client.create', 'client.update', 'client.delete', 'client.list', |
||||||
360 | 'client.set-tmp-pwd', 'contact.set-verified', 'client.block', 'client.unblock', |
||||||
361 | 'client.get-note', 'client.set-note', 'client.set-description', |
||||||
362 | 'bill.read', 'bill.create', 'bill.update', 'bill.delete', |
||||||
363 | 'plan.read', 'plan.create', 'plan.update', 'plan.delete', 'plan.force-read', |
||||||
364 | 'price.read', 'price.create', 'price.update', 'price.delete', |
||||||
365 | 'sale.read', 'sale.delete', 'sale.create', 'sale.update', |
||||||
366 | 'domain.freeze', |
||||||
367 | 'domain.read', 'domain.update', 'domain.delete', 'domain.delete-agp', 'domain.set-nss', |
||||||
368 | 'domain.pay', 'domain.push', 'domain.force-push', 'domain.force-send-foa', |
||||||
369 | 'dns.create', 'dns.read', 'dns.update', 'dns.delete', |
||||||
370 | 'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push', |
||||||
371 | |||||||
372 | 'server.read', 'server.create', 'server.update', 'server.delete', 'server.pay', 'server.sell', |
||||||
373 | 'server.control-power', 'server.control-system', 'server.wizzard', 'server.manage-settings', |
||||||
374 | |||||||
375 | 'purse.update', 'purse.read', 'purse.create', |
||||||
376 | |||||||
377 | 'server.enable-block', 'server.disable-block', 'server.set-label', 'server.set-note', 'server.see-label', |
||||||
378 | 'hub.read', 'hub.create', 'hub.update', 'hub.delete', |
||||||
379 | 'config.read', 'config.create', 'config.update', 'config.delete', |
||||||
380 | 'consumption.read', 'consumption.update', 'consumption.delete', |
||||||
381 | 'document.read', 'document.create', 'document.update', 'document.delete', |
||||||
382 | 'document.generate', 'document.generate-all', |
||||||
383 | 'document.acceptance', 'document.invoice', |
||||||
384 | 'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify', |
||||||
385 | 'mailing.prepare', 'mailing.send', |
||||||
386 | 'stock.read', |
||||||
387 | 'part.read-all-hierarchy', |
||||||
388 | 'part.read', 'part.create', 'part.update', 'part.delete', |
||||||
389 | 'order.read', 'order.read', 'order.create', 'order.update', 'order.delete', 'order.read-profits', |
||||||
390 | 'move.read', 'move.create', 'move.update', 'move.delete', 'move.read-all', 'move.get-directions', |
||||||
391 | 'model.read', 'model.create', 'model.update', 'model.delete', |
||||||
392 | 'employee.read', 'client.notify', |
||||||
393 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||||||
394 | 'bill.read', 'plan.read', 'finance.read', |
||||||
395 | 'backup.read', 'backup.delete', |
||||||
396 | 'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete', |
||||||
397 | 'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete', |
||||||
398 | 'db.read', 'db.create', 'db.update', 'db.delete', |
||||||
399 | 'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete', 'hdomain.set-dns', |
||||||
400 | 'mail.read', 'mail.create', 'mail.update', 'mail.delete', |
||||||
401 | 'request.read', 'request.create', 'request.update', 'request.delete', |
||||||
402 | 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', |
||||||
403 | 'ip.read', 'ip.create', 'ip.update', 'ip.delete', |
||||||
404 | 'service.read', 'service.create', 'service.update', 'service.delete', |
||||||
405 | ]); |
||||||
406 | } |
||||||
407 | |||||||
408 | public function testLimited() |
||||||
409 | { |
||||||
410 | $this->auth->setAssignments('role:client,deny:deposit,deny:domain.push,deny:server.pay,deny:server.read,deny:server.control-power,deny:server.control-system,deny:server.set-note,deny:ip.read,deny:service.read,deny:domain.delete-agp,deny:domain.set-nss', 'user:limited'); |
||||||
411 | |||||||
412 | $this->assertAccesses('user:limited', [ |
||||||
413 | 'have-goods', |
||||||
414 | 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', |
||||||
415 | 'domain.read', 'domain.update', 'domain.pay', |
||||||
416 | 'dns.create', 'dns.read', 'dns.update', 'dns.delete', |
||||||
417 | 'certificate.read', 'certificate.create', 'certificate.update', 'certificate.pay', 'certificate.push', |
||||||
418 | 'document.read', 'document.create', 'document.invoice', |
||||||
419 | 'contact.read', 'contact.create', 'contact.update', 'contact.delete', |
||||||
420 | 'account.read', 'account.create', 'account.update', 'account.delete', |
||||||
421 | 'restore-password', 'bill.read', 'plan.read', 'finance.read', 'price.read', 'sale.read', |
||||||
422 | 'backup.read', 'backup.delete', |
||||||
423 | 'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete', |
||||||
424 | 'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete', |
||||||
425 | 'db.read', 'db.create', 'db.update', 'db.delete', |
||||||
426 | 'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete', 'hdomain.set-dns', |
||||||
427 | 'mail.read', 'mail.create', 'mail.update', 'mail.delete', |
||||||
428 | 'request.read', 'request.create', 'request.update', 'request.delete', |
||||||
429 | 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', 'client.notify', |
||||||
430 | ]); |
||||||
431 | } |
||||||
432 | |||||||
433 | public function testJuniorManager() |
||||||
434 | { |
||||||
435 | $this->assertAccesses('role:junior-manager', [ |
||||||
436 | 'access-subclients', 'access-reseller', |
||||||
437 | 'client.read', 'server.read', 'consumption.read', |
||||||
438 | 'plan.force-read', 'plan.read', 'document.read', 'finance.read', |
||||||
439 | 'stock.read', 'part.read', 'move.read', 'model.read', 'order.read', 'move.get-directions', |
||||||
440 | 'hub.read', 'client.list', 'contact.read', 'bill.read', |
||||||
441 | ]); |
||||||
442 | } |
||||||
443 | |||||||
444 | public function testBetaTester() |
||||||
445 | { |
||||||
446 | $this->auth->setAssignments('role:beta-tester', 'user:beta-tester'); |
||||||
447 | |||||||
448 | $this->assertAccesses('user:beta-tester', [ |
||||||
449 | 'test.beta', |
||||||
450 | ]); |
||||||
451 | } |
||||||
452 | |||||||
453 | public function testAlphaTester() |
||||||
454 | { |
||||||
455 | $this->auth->setAssignments('role:alpha-tester', 'user:alpha-tester'); |
||||||
456 | |||||||
457 | $this->assertAccesses('user:alpha-tester', [ |
||||||
458 | 'test.alpha', 'test.beta', |
||||||
459 | ]); |
||||||
460 | } |
||||||
461 | |||||||
462 | public function testSuperPowers() |
||||||
463 | { |
||||||
464 | $this->assertAccesses('role:superpowers', [ |
||||||
465 | 'see-no-mans', 'part.sell', 'client.set-others-allowed-ips', |
||||||
466 | ]); |
||||||
467 | } |
||||||
468 | } |
||||||
469 |