From 73b3354b128293edb0a21418336c89d8d47d9c55 Mon Sep 17 00:00:00 2001
From: nathangray <nathangray.bsc+github@gmail.com>
Date: Mon, 27 Aug 2018 16:00:04 -0600
Subject: [PATCH] Automatic tests for admin_cmd_acl

---
 admin/inc/class.admin_cmd_acl.inc.php |   2 +-
 admin/tests/AclCommandTest.php        | 316 ++++++++++++++++++++++++++
 admin/tests/CommandBase.php           |  25 ++
 3 files changed, 342 insertions(+), 1 deletion(-)
 create mode 100644 admin/tests/AclCommandTest.php
 create mode 100644 admin/tests/CommandBase.php

diff --git a/admin/inc/class.admin_cmd_acl.inc.php b/admin/inc/class.admin_cmd_acl.inc.php
index 835e78ff40..9601df106c 100644
--- a/admin/inc/class.admin_cmd_acl.inc.php
+++ b/admin/inc/class.admin_cmd_acl.inc.php
@@ -64,7 +64,7 @@ class admin_cmd_acl extends admin_cmd
 
 
 		$old_rights = (int)$GLOBALS['egw']->acl->get_specific_rights_for_account($account_id, $location, $app);
-		$new_rights = $old_rights + (($this->allow ? 1 : -1) * $rights);
+		$new_rights = max(0,$old_rights + (($this->allow ? 1 : -1) * $rights));
 
 		$this->set = $new_rights;
 		$this->old = $old_rights;
diff --git a/admin/tests/AclCommandTest.php b/admin/tests/AclCommandTest.php
new file mode 100644
index 0000000000..dac9aeb894
--- /dev/null
+++ b/admin/tests/AclCommandTest.php
@@ -0,0 +1,316 @@
+<?php
+
+/**
+ * Tests for ACL command
+ *
+ * @link http://www.egroupware.org
+ * @author Nathan Gray
+ * @copyright (c) 2018  Nathan Gray
+ * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
+ */
+
+// test base providing common stuff
+require_once __DIR__.'/CommandBase.php';
+
+use EGroupware\Api\Acl;
+
+class AclCommandTest extends CommandBase {
+
+	// Use the same app for everything
+	const APP = 'addressbook';
+
+	// Group ID for testing
+	protected $group_id;
+
+	// User for testing
+	protected $account_id;
+
+	/**
+	 * Create accounts for testing
+	 */
+	public function setUp()
+	{
+		parent::setUp();
+
+		admin_cmd::_instanciate_accounts();
+
+		$group = array('set' => array(
+			'account_lid' => 'ACL Test Group',
+			'account_members' => $GLOBALS['egw_info']['user']['account_id']
+		));
+
+		if($group_id = $GLOBALS['egw']->accounts->name2id($group['set']['account_lid']))
+		{
+			// Already exists, something went wrong
+			$GLOBALS['egw']->accounts->delete($group_id);
+		}
+		$group_cmd = new admin_cmd_edit_group($group);
+		$group_cmd->comment = 'Needed for unit test ' . $this->getName();
+		$group_cmd->run();
+		$this->group_id = $group_cmd->account;
+		$this->assertNotEmpty($this->group_id, 'Did not create test group account');
+
+		// Make a new user so we have clean ACL, and it doesn't matter if something
+		// goes wrong
+		$account = array(
+			'account_lid' => 'acl_test',
+			'account_firstname' => 'Alice',
+			'account_middlename' => 'Charles Lima',
+			'account_lastname' => 'Test',
+			'account_primary_group' => $this->group_id,
+			'account_groups' => array($this->group_id)
+		);
+
+		if(($account_id = $GLOBALS['egw']->accounts->name2id($account['account_lid'])))
+		{
+			// Delete if there in case something went wrong
+			$GLOBALS['egw']->accounts->delete($account_id);
+		}
+
+		$command = new admin_cmd_edit_user(false, $account);
+		$command->comment = 'Needed for unit test ' . $this->getName();
+		$command->run();
+		$this->account_id = $command->account;
+		$this->assertNotEmpty($this->account_id, 'Did not create test user account');
+	}
+
+	public function tearDown()
+	{
+		// Delete the accounts we created
+		if($this->group_id)
+		{
+			$GLOBALS['egw']->accounts->delete($this->group_id);
+		}
+		if($this->account_id)
+		{
+			$GLOBALS['egw']->accounts->delete($this->account_id);
+		}
+		parent::tearDown();
+	}
+
+	/**
+	 * Test giving a user access to another user's data
+	 */
+	public function testAddForUserWhenEmpty()
+	{
+		// Set up
+		$data = array(
+			'allow' => true,
+			'account' => $this->account_id,
+			'app' => static::APP,
+			'location' => $GLOBALS['egw_info']['user']['account_id'],
+			'rights' => Acl::ADD,
+			'comment' => 'Giving add rights as part of unit test ' . $this->getName()
+		);
+		$command = new admin_cmd_acl($data);
+		$command->run();
+
+		// Check
+		$acl = new Acl($this->account_id);
+		$this->assertTrue($acl->check($data['location'], Acl::ADD, static::APP));
+		$this->assertEquals($data['rights'], $acl->get_specific_rights($data['location'], $data['app']));
+	}
+
+	/**
+	 * Test removing access to another user's data
+	 */
+	public function testRemoveForUserToEmpty()
+	{
+		// Set up
+		$acl = new Acl($this->account_id);
+		$acl->add_repository(static::APP, $GLOBALS['egw_info']['user']['account_id'], $this->account_id, Acl::ADD);
+		$acl->read_repository();
+
+		$data = array(
+			'allow' => false,
+			'account' => $this->account_id,
+			'app' => static::APP,
+			'location' => $GLOBALS['egw_info']['user']['account_id'],
+			'rights' => Acl::ADD,
+			'comment' => 'Removing add rights as part of unit test ' . $this->getName()
+		);
+		$command = new admin_cmd_acl($data);
+		$command->run();
+
+		// Check
+		$acl->read_repository();
+		$this->assertFalse($acl->check($data['location'], Acl::ADD, static::APP));
+		$this->assertEquals(0, $acl->get_specific_rights($data['location'], $data['app']));
+	}
+
+	/**
+	 * Test adding access when there are already permissions
+	 */
+	public function testAddForUser()
+	{
+		// Set up
+		$acl = new Acl($this->account_id);
+		$acl->add_repository(static::APP, $GLOBALS['egw_info']['user']['account_id'], $this->account_id, Acl::READ|Acl::ADD|Acl::EDIT);
+		$acl->read_repository();
+
+		// Run - remove delete
+		$data = array(
+			'allow' => true,
+			'account' => $this->account_id,
+			'app' => static::APP,
+			'location' => $GLOBALS['egw_info']['user']['account_id'],
+			'rights' => Acl::DELETE,
+			'comment' => 'Giving delete rights as part of unit test ' . $this->getName()
+		);
+		$command = new admin_cmd_acl($data);
+		$command->run();
+
+		// Check
+		$acl = new Acl($this->account_id);
+		$this->assertTrue($acl->check($data['location'], Acl::READ, static::APP));
+		$this->assertTrue($acl->check($data['location'], Acl::ADD, static::APP));
+		$this->assertTrue($acl->check($data['location'], Acl::EDIT, static::APP));
+		$this->assertTrue($acl->check($data['location'], Acl::DELETE, static::APP));
+		$this->assertEquals(Acl::READ|Acl::ADD|Acl::EDIT|Acl::DELETE, $acl->get_specific_rights($data['location'], $data['app']));
+	}
+
+	/**
+	 * Test removing access when there are already permissions, and leaving some
+	 */
+	public function testRemoveForUser()
+	{
+		// Set up
+		$acl = new Acl($this->account_id);
+		$acl->add_repository(static::APP, $GLOBALS['egw_info']['user']['account_id'], $this->account_id, Acl::READ|Acl::ADD|Acl::EDIT|Acl::DELETE);
+		$acl->read_repository();
+
+		// Run - remove delete
+		$data = array(
+			'allow' => false,
+			'account' => $this->account_id,
+			'app' => static::APP,
+			'location' => $GLOBALS['egw_info']['user']['account_id'],
+			'rights' => Acl::DELETE,
+			'comment' => 'Removing delete rights as part of unit test ' . $this->getName()
+		);
+		$command = new admin_cmd_acl($data);
+		$command->run();
+
+		// Check
+		$acl = new Acl($this->account_id);
+		$this->assertTrue($acl->check($data['location'], Acl::READ, static::APP));
+		$this->assertTrue($acl->check($data['location'], Acl::ADD, static::APP));
+		$this->assertTrue($acl->check($data['location'], Acl::EDIT, static::APP));
+		$this->assertFalse($acl->check($data['location'], Acl::DELETE, static::APP));
+		$this->assertEquals(Acl::READ|Acl::ADD|Acl::EDIT, $acl->get_specific_rights($data['location'], $data['app']));
+	}
+
+	/**
+	 * Test giving a group access to a user's data
+	 */
+	public function testAddForGroupWhenEmpty()
+	{
+		// Set up
+		$data = array(
+			'allow' => true,
+			'account' => $this->group_id,
+			'app' => static::APP,
+			'location' => $GLOBALS['egw_info']['user']['account_id'],
+			'rights' => Acl::ADD,
+			'comment' => 'Giving add rights to a group as part of unit test ' . $this->getName()
+		);
+		$command = new admin_cmd_acl($data);
+		$command->run();
+
+		// Check group
+		$acl = new Acl($this->group_id);
+		$this->assertTrue($acl->check($data['location'], Acl::ADD, static::APP));
+		$this->assertEquals($data['rights'], $acl->get_specific_rights($data['location'], $data['app']));
+
+		// Check that user gets it too
+		$acl = new Acl($this->account_id);
+		$this->assertTrue($acl->check($data['location'], Acl::ADD, static::APP));
+		$this->assertEquals($data['rights'], $acl->get_rights($data['location'], $data['app']));
+	}
+
+	/**
+	 * Test removing group access
+	 */
+	public function testRemoveForGroupToEmpty()
+	{
+		// Set up
+		$acl = new Acl($this->group_id);
+		$acl->add_repository(static::APP, $GLOBALS['egw_info']['user']['account_id'], $this->group_id, Acl::ADD);
+		$acl->read_repository();
+
+		$data = array(
+			'allow' => false,
+			'account' => $this->group_id,
+			'app' => static::APP,
+			'location' => $GLOBALS['egw_info']['user']['account_id'],
+			'rights' => Acl::ADD,
+			'comment' => 'Removing add rights from a group as part of unit test ' . $this->getName()
+		);
+		$command = new admin_cmd_acl($data);
+		$command->run();
+
+		// Check group
+		$acl = new Acl($this->group_id);
+		$this->assertFalse($acl->check($data['location'], Acl::ADD, static::APP));
+		$this->assertEquals(0, $acl->get_specific_rights($data['location'], $data['app']));
+
+		// Check that user gets it too
+		$acl = new Acl($this->account_id);
+		$acl->read_repository();
+		$this->assertFalse($acl->check($data['location'], Acl::ADD, static::APP));
+		$this->assertEquals(0, $acl->get_rights($data['location'], $data['app']));
+	}
+
+
+	/**
+	 * Test adding access to a non-numeric location, such as a category or a
+	 * specific record.
+	 */
+	public function testAddForEntry()
+	{
+		// Set up
+		$data = array(
+			'allow' => true,
+			'account' => $this->account_id,
+			'app' => static::APP,
+			'location' => 'A' . $GLOBALS['egw_info']['user']['person_id'],
+			'rights' => Acl::EDIT,
+			'comment' => 'Adding edit rights as part of unit test ' . $this->getName()
+		);
+		$command = new admin_cmd_acl($data);
+		$command->run();
+
+		// Check
+		$acl = new Acl($this->account_id);
+		$this->assertTrue($acl->check($data['location'], Acl::EDIT, static::APP));
+		$this->assertEquals($data['rights'], $acl->get_specific_rights($data['location'], $data['app']));
+	}
+
+	/**
+	 * Test removing access from a non-numeric location, such as a category or a
+	 * specific record.
+	 */
+	public function testRemoveForEntry()
+	{
+		// Set up
+		$acl = new Acl($this->account_id);
+		$acl->add_repository(static::APP, 'A' . $GLOBALS['egw_info']['user']['person_id'], $this->account_id, Acl::ADD);
+		$acl->read_repository();
+
+		$data = array(
+			'allow' => false,
+			'account' => $this->account_id,
+			'app' => static::APP,
+			'location' => 'A' . $GLOBALS['egw_info']['user']['person_id'],
+			'rights' => Acl::ADD,
+			'comment' => 'Removing add rights as part of unit test ' . $this->getName()
+		);
+		$command = new admin_cmd_acl($data);
+		$command->run();
+
+		// Check
+		$acl->read_repository();
+		$this->assertFalse($acl->check($data['location'], Acl::ADD, static::APP));
+		$this->assertEquals(0, $acl->get_specific_rights($data['location'], $data['app']));
+	}
+}
diff --git a/admin/tests/CommandBase.php b/admin/tests/CommandBase.php
new file mode 100644
index 0000000000..f98ddc6ab4
--- /dev/null
+++ b/admin/tests/CommandBase.php
@@ -0,0 +1,25 @@
+<?php
+/**
+ * EGroupware Api: Application test base class
+ *
+ * @link http://www.stylite.de
+ * @package api
+ * @subpackage test
+ * @author Nathan Gray
+ * @copyright (c) 2016 Nathan Gray
+ * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
+ * @version $Id$
+ */
+
+require_once realpath(__DIR__.'/../../api/tests/LoggedInTest.php');	// Application test base
+
+
+/**
+ * Base class for admin command tests
+ *
+ * Extend this class to test one command.
+ */
+abstract class CommandBase extends EGroupware\Api\LoggedInTest
+{
+	// Nothing here yet
+}
\ No newline at end of file