forked from habari/tests
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathtest_acl.php
138 lines (114 loc) · 3.65 KB
/
test_acl.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
<?php
include 'bootstrap.php';
class ACLTest extends UnitTestCase {
private $acl_group;
private $acl_user_alice;
private $acl_user_bob;
public function setup()
{
// create test group and user
$this->acl_group = UserGroup::create( array( 'name' => 'acltest-group' ) );
$this->acl_user_alice = User::create( array( 'username' => 'acl-alice' ) );
$this->acl_user_bob = User::create( array( 'username' => 'acl-bob' ) );
$this->acl_group->add( 'acl-alice' );
$this->acl_group->add( 'acl-bob' );
}
public function test_group_permissions()
{
ACL::create_token( 'acltest', 'A test ACL permission', 'Administration' );
$this->assert_true(
ACL::token_exists( 'acltest' ),
'Could not create acltest permission.'
);
$this->assert_true(
ACL::token_exists( 'acLtEst ' ),
'Permission names are not normalized.'
);
$token_id = ACL::token_id( 'acltest' );
ACL::grant_group( $this->acl_group->id, $token_id, 'full' );
$this->assert_true(
$this->acl_group->can( 'acltest', 'full' ),
'Could not grant acltest permission to acltest-group.'
);
ACL::revoke_group_token( $this->acl_group->id, $token_id );
$this->assert_false(
ACL::group_can( $this->acl_group->id, $token_id, 'full' ),
'Could not revoke acltest permission from acltest-group.'
);
// check alternate means of granting a permission
$this->acl_group->grant( 'acltest', 'full' );
$this->assert_true(
$this->acl_group->can( 'acltest', 'full' ),
'Could not grant acltest permission to acltest-group through UserGroup call.'
);
// full > read/edit
$this->assert_true(
$this->acl_group->can( 'acltest', 'read' ),
"Group with 'full' acltest permission cannot 'read'."
);
$this->assert_true(
$this->acl_group->can( 'acltest', 'edit' ),
"Group with 'full' acltest permission cannot 'edit'."
);
$this->assert_true(
$this->acl_group->can( 'acltest', 'full' ),
"Group with 'full' acltest permission cannot 'full'."
);
$this->assert_exception( 'InvalidArgumentException', "'write' is an invalid token flag." );
$this->acl_group->can( 'acltest', 'write' );
ACL::destroy_token( 'acltest' );
}
public function test_user_permissions()
{
ACL::create_token( 'acltest', 'A test ACL permission', 'Administration' );
$this->acl_user_alice->grant( 'acltest', 'full' );
$this->assert_true(
$this->acl_user_alice->can( 'acltest', 'full' ),
'Could not grant acltest permission to user.'
);
$this->acl_user_alice->revoke( 'acltest' );
// check that members of a group inherit that group's permissions
$this->acl_group->grant( 'acltest', 'full' );
$this->assert_true(
$this->acl_user_alice->can( 'acltest', 'full' ),
'User did not inherit group permissions.'
);
ACL::destroy_token( 'acltest' );
}
/** TODO write test_post_permissions() to verify that sensible default
* Tests permission related aspects of the Posts class
*/
public function test_post_permissions()
{
}
/**
* function test_admin_access
*
**/
public function test_admin_access()
{
// Add acl-alice to the admin group
//(which has been granted admin priviliges in installhandler).
$this->acl_user_alice->add_to_group( 'admin' );
$admin_group = UserGroup::get_by_name('admin');
if ( $admin_group instanceOf UserGroup ) {
$admin_group->update();
}
$this->assert_true(
$this->acl_user_alice->can( 'admin' ),
'Admin user does not have admin permission.'
);
$this->assert_false(
$this->acl_user_bob->can( 'admin' ),
'Unpriviliged user has admin permission.'
);
}
public function teardown()
{
$this->acl_group->delete();
$this->acl_user_alice->delete();
$this->acl_user_bob->delete();
}
}
ACLTest::run_one( 'ACLTest' );
?>