You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
289 lines
8.9 KiB
289 lines
8.9 KiB
<?php |
|
|
|
namespace yiiunit\framework\rbac; |
|
|
|
use yii\rbac\Item; |
|
use yii\rbac\Permission; |
|
use yii\rbac\PhpManager; |
|
use yii\rbac\Role; |
|
use yiiunit\TestCase; |
|
|
|
/** |
|
* ManagerTestCase |
|
*/ |
|
abstract class ManagerTestCase extends TestCase |
|
{ |
|
/** |
|
* @var \yii\rbac\ManagerInterface |
|
*/ |
|
protected $auth; |
|
|
|
/** |
|
* @return \yii\rbac\ManagerInterface |
|
*/ |
|
abstract protected function createManager(); |
|
|
|
public function testCreateRole() |
|
{ |
|
$role = $this->auth->createRole('admin'); |
|
$this->assertTrue($role instanceof Role); |
|
$this->assertEquals(Item::TYPE_ROLE, $role->type); |
|
$this->assertEquals('admin', $role->name); |
|
} |
|
|
|
public function testCreatePermission() |
|
{ |
|
$permission = $this->auth->createPermission('edit post'); |
|
$this->assertTrue($permission instanceof Permission); |
|
$this->assertEquals(Item::TYPE_PERMISSION, $permission->type); |
|
$this->assertEquals('edit post', $permission->name); |
|
} |
|
|
|
public function testAdd() |
|
{ |
|
$role = $this->auth->createRole('admin'); |
|
$role->description = 'administrator'; |
|
$this->assertTrue($this->auth->add($role)); |
|
|
|
$permission = $this->auth->createPermission('edit post'); |
|
$permission->description = 'edit a post'; |
|
$this->assertTrue($this->auth->add($permission)); |
|
|
|
$rule = new AuthorRule(['name' => 'is author', 'reallyReally' => true]); |
|
$this->assertTrue($this->auth->add($rule)); |
|
|
|
// todo: check duplication of name |
|
} |
|
|
|
public function testGetChildren() |
|
{ |
|
$user = $this->auth->createRole('user'); |
|
$this->auth->add($user); |
|
$this->assertCount(0, $this->auth->getChildren($user->name)); |
|
|
|
$changeName = $this->auth->createPermission('changeName'); |
|
$this->auth->add($changeName); |
|
$this->auth->addChild($user, $changeName); |
|
$this->assertCount(1, $this->auth->getChildren($user->name)); |
|
} |
|
|
|
public function testGetRule() |
|
{ |
|
$this->prepareData(); |
|
|
|
$rule = $this->auth->getRule('isAuthor'); |
|
$this->assertInstanceOf('yii\rbac\Rule', $rule); |
|
$this->assertEquals('isAuthor', $rule->name); |
|
|
|
$rule = $this->auth->getRule('nonExisting'); |
|
$this->assertNull($rule); |
|
} |
|
|
|
public function testAddRule() |
|
{ |
|
$this->prepareData(); |
|
|
|
$ruleName = 'isReallyReallyAuthor'; |
|
$rule = new AuthorRule(['name' => $ruleName, 'reallyReally' => true]); |
|
$this->auth->add($rule); |
|
|
|
$rule = $this->auth->getRule($ruleName); |
|
$this->assertEquals($ruleName, $rule->name); |
|
$this->assertEquals(true, $rule->reallyReally); |
|
} |
|
|
|
public function testUpdateRule() |
|
{ |
|
$this->prepareData(); |
|
|
|
$rule = $this->auth->getRule('isAuthor'); |
|
$rule->name = "newName"; |
|
$rule->reallyReally = false; |
|
$this->auth->update('isAuthor', $rule); |
|
|
|
$rule = $this->auth->getRule('isAuthor'); |
|
$this->assertEquals(null, $rule); |
|
|
|
$rule = $this->auth->getRule('newName'); |
|
$this->assertEquals("newName", $rule->name); |
|
$this->assertEquals(false, $rule->reallyReally); |
|
|
|
$rule->reallyReally = true; |
|
$this->auth->update('newName', $rule); |
|
|
|
$rule = $this->auth->getRule('newName'); |
|
$this->assertEquals(true, $rule->reallyReally); |
|
} |
|
|
|
public function testGetRules() |
|
{ |
|
$this->prepareData(); |
|
|
|
$rule = new AuthorRule(['name' => 'isReallyReallyAuthor', 'reallyReally' => true]); |
|
$this->auth->add($rule); |
|
|
|
$rules = $this->auth->getRules(); |
|
|
|
$ruleNames = []; |
|
foreach ($rules as $rule) { |
|
$ruleNames[] = $rule->name; |
|
} |
|
|
|
$this->assertContains('isReallyReallyAuthor', $ruleNames); |
|
$this->assertContains('isAuthor', $ruleNames); |
|
} |
|
|
|
public function testRemoveRule() |
|
{ |
|
$this->prepareData(); |
|
|
|
$this->auth->remove($this->auth->getRule('isAuthor')); |
|
$rules = $this->auth->getRules(); |
|
|
|
$this->assertEmpty($rules); |
|
} |
|
|
|
public function testCheckAccess() |
|
{ |
|
$this->prepareData(); |
|
|
|
$testSuites = [ |
|
'reader A' => [ |
|
'createPost' => false, |
|
'readPost' => true, |
|
'updatePost' => false, |
|
'updateAnyPost' => false, |
|
], |
|
'author B' => [ |
|
'createPost' => true, |
|
'readPost' => true, |
|
'updatePost' => true, |
|
'updateAnyPost' => false, |
|
], |
|
'admin C' => [ |
|
'createPost' => true, |
|
'readPost' => true, |
|
'updatePost' => false, |
|
'updateAnyPost' => true, |
|
], |
|
]; |
|
|
|
$params = ['authorID' => 'author B']; |
|
|
|
foreach ($testSuites as $user => $tests) { |
|
foreach ($tests as $permission => $result) { |
|
$this->assertEquals($result, $this->auth->checkAccess($user, $permission, $params), "Checking $user can $permission"); |
|
} |
|
} |
|
} |
|
|
|
protected function prepareData() |
|
{ |
|
$rule = new AuthorRule; |
|
$this->auth->add($rule); |
|
|
|
$createPost = $this->auth->createPermission('createPost'); |
|
$createPost->description = 'create a post'; |
|
$this->auth->add($createPost); |
|
|
|
$readPost = $this->auth->createPermission('readPost'); |
|
$readPost->description = 'read a post'; |
|
$this->auth->add($readPost); |
|
|
|
$updatePost = $this->auth->createPermission('updatePost'); |
|
$updatePost->description = 'update a post'; |
|
$updatePost->ruleName = $rule->name; |
|
$this->auth->add($updatePost); |
|
|
|
$updateAnyPost = $this->auth->createPermission('updateAnyPost'); |
|
$updateAnyPost->description = 'update any post'; |
|
$this->auth->add($updateAnyPost); |
|
|
|
$reader = $this->auth->createRole('reader'); |
|
$this->auth->add($reader); |
|
$this->auth->addChild($reader, $readPost); |
|
|
|
$author = $this->auth->createRole('author'); |
|
$this->auth->add($author); |
|
$this->auth->addChild($author, $createPost); |
|
$this->auth->addChild($author, $updatePost); |
|
$this->auth->addChild($author, $reader); |
|
|
|
$admin = $this->auth->createRole('admin'); |
|
$this->auth->add($admin); |
|
$this->auth->addChild($admin, $author); |
|
$this->auth->addChild($admin, $updateAnyPost); |
|
|
|
$this->auth->assign($reader, 'reader A'); |
|
$this->auth->assign($author, 'author B'); |
|
$this->auth->assign($admin, 'admin C'); |
|
} |
|
|
|
public function testGetPermissionsByRole() |
|
{ |
|
$this->prepareData(); |
|
$roles = $this->auth->getPermissionsByRole('admin'); |
|
$expectedPermissions = ['createPost', 'updatePost', 'readPost', 'updateAnyPost']; |
|
$this->assertEquals(count($roles), count($expectedPermissions)); |
|
foreach ($expectedPermissions as $permission) { |
|
$this->assertTrue($roles[$permission] instanceof Permission); |
|
} |
|
} |
|
|
|
public function testGetPermissionsByUser() |
|
{ |
|
$this->prepareData(); |
|
$roles = $this->auth->getPermissionsByUser('author B'); |
|
$expectedPermissions = ['createPost', 'updatePost', 'readPost']; |
|
$this->assertEquals(count($roles), count($expectedPermissions)); |
|
foreach ($expectedPermissions as $permission) { |
|
$this->assertTrue($roles[$permission] instanceof Permission); |
|
} |
|
} |
|
|
|
public function testGetRolesByUser() |
|
{ |
|
$this->prepareData(); |
|
$roles = $this->auth->getRolesByUser('reader A'); |
|
$this->assertTrue(reset($roles) instanceof Role); |
|
$this->assertEquals($roles['reader']->name, 'reader'); |
|
} |
|
|
|
public function testAssignMultipleRoles() |
|
{ |
|
$this->prepareData(); |
|
|
|
$reader = $this->auth->getRole('reader'); |
|
$author = $this->auth->getRole('author'); |
|
$this->auth->assign($reader, 'readingAuthor'); |
|
$this->auth->assign($author, 'readingAuthor'); |
|
|
|
$this->auth = $this->createManager(); |
|
|
|
$roles = $this->auth->getRolesByUser('readingAuthor'); |
|
$roleNames = []; |
|
foreach ($roles as $role) { |
|
$roleNames[] = $role->name; |
|
} |
|
|
|
$this->assertContains('reader', $roleNames, 'Roles should contain reader. Currently it has: ' . implode(', ', $roleNames)); |
|
$this->assertContains('author', $roleNames, 'Roles should contain author. Currently it has: ' . implode(', ', $roleNames)); |
|
} |
|
|
|
public function testAssignmentsToIntegerId() |
|
{ |
|
$this->prepareData(); |
|
|
|
$reader = $this->auth->getRole('reader'); |
|
$author = $this->auth->getRole('author'); |
|
$this->auth->assign($reader, 42); |
|
$this->auth->assign($author, 1337); |
|
$this->auth->assign($reader, 1337); |
|
|
|
$this->auth = $this->createManager(); |
|
|
|
$this->assertEquals(0, count($this->auth->getAssignments(0))); |
|
$this->assertEquals(1, count($this->auth->getAssignments(42))); |
|
$this->assertEquals(2, count($this->auth->getAssignments(1337))); |
|
} |
|
}
|
|
|