mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-23 07:09:20 +01:00
Automatic tests for admin_cmd_acl
This commit is contained in:
parent
06413e1506
commit
73b3354b12
@ -64,7 +64,7 @@ class admin_cmd_acl extends admin_cmd
|
|||||||
|
|
||||||
|
|
||||||
$old_rights = (int)$GLOBALS['egw']->acl->get_specific_rights_for_account($account_id, $location, $app);
|
$old_rights = (int)$GLOBALS['egw']->acl->get_specific_rights_for_account($account_id, $location, $app);
|
||||||
$new_rights = $old_rights + (($this->allow ? 1 : -1) * $rights);
|
$new_rights = max(0,$old_rights + (($this->allow ? 1 : -1) * $rights));
|
||||||
|
|
||||||
$this->set = $new_rights;
|
$this->set = $new_rights;
|
||||||
$this->old = $old_rights;
|
$this->old = $old_rights;
|
||||||
|
316
admin/tests/AclCommandTest.php
Normal file
316
admin/tests/AclCommandTest.php
Normal file
@ -0,0 +1,316 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tests for ACL command
|
||||||
|
*
|
||||||
|
* @link http://www.egroupware.org
|
||||||
|
* @author Nathan Gray
|
||||||
|
* @copyright (c) 2018 Nathan Gray
|
||||||
|
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
||||||
|
*/
|
||||||
|
|
||||||
|
// test base providing common stuff
|
||||||
|
require_once __DIR__.'/CommandBase.php';
|
||||||
|
|
||||||
|
use EGroupware\Api\Acl;
|
||||||
|
|
||||||
|
class AclCommandTest extends CommandBase {
|
||||||
|
|
||||||
|
// Use the same app for everything
|
||||||
|
const APP = 'addressbook';
|
||||||
|
|
||||||
|
// Group ID for testing
|
||||||
|
protected $group_id;
|
||||||
|
|
||||||
|
// User for testing
|
||||||
|
protected $account_id;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create accounts for testing
|
||||||
|
*/
|
||||||
|
public function setUp()
|
||||||
|
{
|
||||||
|
parent::setUp();
|
||||||
|
|
||||||
|
admin_cmd::_instanciate_accounts();
|
||||||
|
|
||||||
|
$group = array('set' => array(
|
||||||
|
'account_lid' => 'ACL Test Group',
|
||||||
|
'account_members' => $GLOBALS['egw_info']['user']['account_id']
|
||||||
|
));
|
||||||
|
|
||||||
|
if($group_id = $GLOBALS['egw']->accounts->name2id($group['set']['account_lid']))
|
||||||
|
{
|
||||||
|
// Already exists, something went wrong
|
||||||
|
$GLOBALS['egw']->accounts->delete($group_id);
|
||||||
|
}
|
||||||
|
$group_cmd = new admin_cmd_edit_group($group);
|
||||||
|
$group_cmd->comment = 'Needed for unit test ' . $this->getName();
|
||||||
|
$group_cmd->run();
|
||||||
|
$this->group_id = $group_cmd->account;
|
||||||
|
$this->assertNotEmpty($this->group_id, 'Did not create test group account');
|
||||||
|
|
||||||
|
// Make a new user so we have clean ACL, and it doesn't matter if something
|
||||||
|
// goes wrong
|
||||||
|
$account = array(
|
||||||
|
'account_lid' => 'acl_test',
|
||||||
|
'account_firstname' => 'Alice',
|
||||||
|
'account_middlename' => 'Charles Lima',
|
||||||
|
'account_lastname' => 'Test',
|
||||||
|
'account_primary_group' => $this->group_id,
|
||||||
|
'account_groups' => array($this->group_id)
|
||||||
|
);
|
||||||
|
|
||||||
|
if(($account_id = $GLOBALS['egw']->accounts->name2id($account['account_lid'])))
|
||||||
|
{
|
||||||
|
// Delete if there in case something went wrong
|
||||||
|
$GLOBALS['egw']->accounts->delete($account_id);
|
||||||
|
}
|
||||||
|
|
||||||
|
$command = new admin_cmd_edit_user(false, $account);
|
||||||
|
$command->comment = 'Needed for unit test ' . $this->getName();
|
||||||
|
$command->run();
|
||||||
|
$this->account_id = $command->account;
|
||||||
|
$this->assertNotEmpty($this->account_id, 'Did not create test user account');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function tearDown()
|
||||||
|
{
|
||||||
|
// Delete the accounts we created
|
||||||
|
if($this->group_id)
|
||||||
|
{
|
||||||
|
$GLOBALS['egw']->accounts->delete($this->group_id);
|
||||||
|
}
|
||||||
|
if($this->account_id)
|
||||||
|
{
|
||||||
|
$GLOBALS['egw']->accounts->delete($this->account_id);
|
||||||
|
}
|
||||||
|
parent::tearDown();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test giving a user access to another user's data
|
||||||
|
*/
|
||||||
|
public function testAddForUserWhenEmpty()
|
||||||
|
{
|
||||||
|
// Set up
|
||||||
|
$data = array(
|
||||||
|
'allow' => true,
|
||||||
|
'account' => $this->account_id,
|
||||||
|
'app' => static::APP,
|
||||||
|
'location' => $GLOBALS['egw_info']['user']['account_id'],
|
||||||
|
'rights' => Acl::ADD,
|
||||||
|
'comment' => 'Giving add rights as part of unit test ' . $this->getName()
|
||||||
|
);
|
||||||
|
$command = new admin_cmd_acl($data);
|
||||||
|
$command->run();
|
||||||
|
|
||||||
|
// Check
|
||||||
|
$acl = new Acl($this->account_id);
|
||||||
|
$this->assertTrue($acl->check($data['location'], Acl::ADD, static::APP));
|
||||||
|
$this->assertEquals($data['rights'], $acl->get_specific_rights($data['location'], $data['app']));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test removing access to another user's data
|
||||||
|
*/
|
||||||
|
public function testRemoveForUserToEmpty()
|
||||||
|
{
|
||||||
|
// Set up
|
||||||
|
$acl = new Acl($this->account_id);
|
||||||
|
$acl->add_repository(static::APP, $GLOBALS['egw_info']['user']['account_id'], $this->account_id, Acl::ADD);
|
||||||
|
$acl->read_repository();
|
||||||
|
|
||||||
|
$data = array(
|
||||||
|
'allow' => false,
|
||||||
|
'account' => $this->account_id,
|
||||||
|
'app' => static::APP,
|
||||||
|
'location' => $GLOBALS['egw_info']['user']['account_id'],
|
||||||
|
'rights' => Acl::ADD,
|
||||||
|
'comment' => 'Removing add rights as part of unit test ' . $this->getName()
|
||||||
|
);
|
||||||
|
$command = new admin_cmd_acl($data);
|
||||||
|
$command->run();
|
||||||
|
|
||||||
|
// Check
|
||||||
|
$acl->read_repository();
|
||||||
|
$this->assertFalse($acl->check($data['location'], Acl::ADD, static::APP));
|
||||||
|
$this->assertEquals(0, $acl->get_specific_rights($data['location'], $data['app']));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test adding access when there are already permissions
|
||||||
|
*/
|
||||||
|
public function testAddForUser()
|
||||||
|
{
|
||||||
|
// Set up
|
||||||
|
$acl = new Acl($this->account_id);
|
||||||
|
$acl->add_repository(static::APP, $GLOBALS['egw_info']['user']['account_id'], $this->account_id, Acl::READ|Acl::ADD|Acl::EDIT);
|
||||||
|
$acl->read_repository();
|
||||||
|
|
||||||
|
// Run - remove delete
|
||||||
|
$data = array(
|
||||||
|
'allow' => true,
|
||||||
|
'account' => $this->account_id,
|
||||||
|
'app' => static::APP,
|
||||||
|
'location' => $GLOBALS['egw_info']['user']['account_id'],
|
||||||
|
'rights' => Acl::DELETE,
|
||||||
|
'comment' => 'Giving delete rights as part of unit test ' . $this->getName()
|
||||||
|
);
|
||||||
|
$command = new admin_cmd_acl($data);
|
||||||
|
$command->run();
|
||||||
|
|
||||||
|
// Check
|
||||||
|
$acl = new Acl($this->account_id);
|
||||||
|
$this->assertTrue($acl->check($data['location'], Acl::READ, static::APP));
|
||||||
|
$this->assertTrue($acl->check($data['location'], Acl::ADD, static::APP));
|
||||||
|
$this->assertTrue($acl->check($data['location'], Acl::EDIT, static::APP));
|
||||||
|
$this->assertTrue($acl->check($data['location'], Acl::DELETE, static::APP));
|
||||||
|
$this->assertEquals(Acl::READ|Acl::ADD|Acl::EDIT|Acl::DELETE, $acl->get_specific_rights($data['location'], $data['app']));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test removing access when there are already permissions, and leaving some
|
||||||
|
*/
|
||||||
|
public function testRemoveForUser()
|
||||||
|
{
|
||||||
|
// Set up
|
||||||
|
$acl = new Acl($this->account_id);
|
||||||
|
$acl->add_repository(static::APP, $GLOBALS['egw_info']['user']['account_id'], $this->account_id, Acl::READ|Acl::ADD|Acl::EDIT|Acl::DELETE);
|
||||||
|
$acl->read_repository();
|
||||||
|
|
||||||
|
// Run - remove delete
|
||||||
|
$data = array(
|
||||||
|
'allow' => false,
|
||||||
|
'account' => $this->account_id,
|
||||||
|
'app' => static::APP,
|
||||||
|
'location' => $GLOBALS['egw_info']['user']['account_id'],
|
||||||
|
'rights' => Acl::DELETE,
|
||||||
|
'comment' => 'Removing delete rights as part of unit test ' . $this->getName()
|
||||||
|
);
|
||||||
|
$command = new admin_cmd_acl($data);
|
||||||
|
$command->run();
|
||||||
|
|
||||||
|
// Check
|
||||||
|
$acl = new Acl($this->account_id);
|
||||||
|
$this->assertTrue($acl->check($data['location'], Acl::READ, static::APP));
|
||||||
|
$this->assertTrue($acl->check($data['location'], Acl::ADD, static::APP));
|
||||||
|
$this->assertTrue($acl->check($data['location'], Acl::EDIT, static::APP));
|
||||||
|
$this->assertFalse($acl->check($data['location'], Acl::DELETE, static::APP));
|
||||||
|
$this->assertEquals(Acl::READ|Acl::ADD|Acl::EDIT, $acl->get_specific_rights($data['location'], $data['app']));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test giving a group access to a user's data
|
||||||
|
*/
|
||||||
|
public function testAddForGroupWhenEmpty()
|
||||||
|
{
|
||||||
|
// Set up
|
||||||
|
$data = array(
|
||||||
|
'allow' => true,
|
||||||
|
'account' => $this->group_id,
|
||||||
|
'app' => static::APP,
|
||||||
|
'location' => $GLOBALS['egw_info']['user']['account_id'],
|
||||||
|
'rights' => Acl::ADD,
|
||||||
|
'comment' => 'Giving add rights to a group as part of unit test ' . $this->getName()
|
||||||
|
);
|
||||||
|
$command = new admin_cmd_acl($data);
|
||||||
|
$command->run();
|
||||||
|
|
||||||
|
// Check group
|
||||||
|
$acl = new Acl($this->group_id);
|
||||||
|
$this->assertTrue($acl->check($data['location'], Acl::ADD, static::APP));
|
||||||
|
$this->assertEquals($data['rights'], $acl->get_specific_rights($data['location'], $data['app']));
|
||||||
|
|
||||||
|
// Check that user gets it too
|
||||||
|
$acl = new Acl($this->account_id);
|
||||||
|
$this->assertTrue($acl->check($data['location'], Acl::ADD, static::APP));
|
||||||
|
$this->assertEquals($data['rights'], $acl->get_rights($data['location'], $data['app']));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test removing group access
|
||||||
|
*/
|
||||||
|
public function testRemoveForGroupToEmpty()
|
||||||
|
{
|
||||||
|
// Set up
|
||||||
|
$acl = new Acl($this->group_id);
|
||||||
|
$acl->add_repository(static::APP, $GLOBALS['egw_info']['user']['account_id'], $this->group_id, Acl::ADD);
|
||||||
|
$acl->read_repository();
|
||||||
|
|
||||||
|
$data = array(
|
||||||
|
'allow' => false,
|
||||||
|
'account' => $this->group_id,
|
||||||
|
'app' => static::APP,
|
||||||
|
'location' => $GLOBALS['egw_info']['user']['account_id'],
|
||||||
|
'rights' => Acl::ADD,
|
||||||
|
'comment' => 'Removing add rights from a group as part of unit test ' . $this->getName()
|
||||||
|
);
|
||||||
|
$command = new admin_cmd_acl($data);
|
||||||
|
$command->run();
|
||||||
|
|
||||||
|
// Check group
|
||||||
|
$acl = new Acl($this->group_id);
|
||||||
|
$this->assertFalse($acl->check($data['location'], Acl::ADD, static::APP));
|
||||||
|
$this->assertEquals(0, $acl->get_specific_rights($data['location'], $data['app']));
|
||||||
|
|
||||||
|
// Check that user gets it too
|
||||||
|
$acl = new Acl($this->account_id);
|
||||||
|
$acl->read_repository();
|
||||||
|
$this->assertFalse($acl->check($data['location'], Acl::ADD, static::APP));
|
||||||
|
$this->assertEquals(0, $acl->get_rights($data['location'], $data['app']));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test adding access to a non-numeric location, such as a category or a
|
||||||
|
* specific record.
|
||||||
|
*/
|
||||||
|
public function testAddForEntry()
|
||||||
|
{
|
||||||
|
// Set up
|
||||||
|
$data = array(
|
||||||
|
'allow' => true,
|
||||||
|
'account' => $this->account_id,
|
||||||
|
'app' => static::APP,
|
||||||
|
'location' => 'A' . $GLOBALS['egw_info']['user']['person_id'],
|
||||||
|
'rights' => Acl::EDIT,
|
||||||
|
'comment' => 'Adding edit rights as part of unit test ' . $this->getName()
|
||||||
|
);
|
||||||
|
$command = new admin_cmd_acl($data);
|
||||||
|
$command->run();
|
||||||
|
|
||||||
|
// Check
|
||||||
|
$acl = new Acl($this->account_id);
|
||||||
|
$this->assertTrue($acl->check($data['location'], Acl::EDIT, static::APP));
|
||||||
|
$this->assertEquals($data['rights'], $acl->get_specific_rights($data['location'], $data['app']));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test removing access from a non-numeric location, such as a category or a
|
||||||
|
* specific record.
|
||||||
|
*/
|
||||||
|
public function testRemoveForEntry()
|
||||||
|
{
|
||||||
|
// Set up
|
||||||
|
$acl = new Acl($this->account_id);
|
||||||
|
$acl->add_repository(static::APP, 'A' . $GLOBALS['egw_info']['user']['person_id'], $this->account_id, Acl::ADD);
|
||||||
|
$acl->read_repository();
|
||||||
|
|
||||||
|
$data = array(
|
||||||
|
'allow' => false,
|
||||||
|
'account' => $this->account_id,
|
||||||
|
'app' => static::APP,
|
||||||
|
'location' => 'A' . $GLOBALS['egw_info']['user']['person_id'],
|
||||||
|
'rights' => Acl::ADD,
|
||||||
|
'comment' => 'Removing add rights as part of unit test ' . $this->getName()
|
||||||
|
);
|
||||||
|
$command = new admin_cmd_acl($data);
|
||||||
|
$command->run();
|
||||||
|
|
||||||
|
// Check
|
||||||
|
$acl->read_repository();
|
||||||
|
$this->assertFalse($acl->check($data['location'], Acl::ADD, static::APP));
|
||||||
|
$this->assertEquals(0, $acl->get_specific_rights($data['location'], $data['app']));
|
||||||
|
}
|
||||||
|
}
|
25
admin/tests/CommandBase.php
Normal file
25
admin/tests/CommandBase.php
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* EGroupware Api: Application test base class
|
||||||
|
*
|
||||||
|
* @link http://www.stylite.de
|
||||||
|
* @package api
|
||||||
|
* @subpackage test
|
||||||
|
* @author Nathan Gray
|
||||||
|
* @copyright (c) 2016 Nathan Gray
|
||||||
|
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
||||||
|
* @version $Id$
|
||||||
|
*/
|
||||||
|
|
||||||
|
require_once realpath(__DIR__.'/../../api/tests/LoggedInTest.php'); // Application test base
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Base class for admin command tests
|
||||||
|
*
|
||||||
|
* Extend this class to test one command.
|
||||||
|
*/
|
||||||
|
abstract class CommandBase extends EGroupware\Api\LoggedInTest
|
||||||
|
{
|
||||||
|
// Nothing here yet
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user