forked from extern/egroupware
337 lines
10 KiB
PHP
337 lines
10 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Tests for ACL command
|
|
*
|
|
* @link http://www.egroupware.org
|
|
* @author Nathan Gray
|
|
* @copyright (c) 2018 Nathan Gray
|
|
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
|
*/
|
|
|
|
// test base providing common stuff
|
|
require_once __DIR__.'/CommandBase.php';
|
|
|
|
use EGroupware\Api\Acl;
|
|
|
|
class AclCommandTest extends CommandBase {
|
|
|
|
// Use the same app for everything
|
|
const APP = 'addressbook';
|
|
|
|
// Group ID for testing
|
|
protected $group_id;
|
|
|
|
// User for testing
|
|
protected $account_id;
|
|
|
|
/**
|
|
* Create accounts for testing
|
|
*/
|
|
public function setUp()
|
|
{
|
|
parent::setUp();
|
|
|
|
admin_cmd::_instanciate_accounts();
|
|
|
|
$group = array('set' => array(
|
|
'account_lid' => 'ACL Test Group',
|
|
'account_members' => $GLOBALS['egw_info']['user']['account_id']
|
|
));
|
|
|
|
if($group_id = $GLOBALS['egw']->accounts->name2id($group['set']['account_lid']))
|
|
{
|
|
// Already exists, something went wrong
|
|
$GLOBALS['egw']->accounts->delete($group_id);
|
|
}
|
|
$group_cmd = new admin_cmd_edit_group($group);
|
|
$group_cmd->comment = 'Needed for unit test ' . $this->getName();
|
|
$group_cmd->run();
|
|
$this->group_id = $group_cmd->account;
|
|
$this->assertNotEmpty($this->group_id, 'Did not create test group account');
|
|
|
|
// Make a new user so we have clean ACL, and it doesn't matter if something
|
|
// goes wrong
|
|
$account = array(
|
|
'account_lid' => 'acl_test',
|
|
'account_firstname' => 'Alice',
|
|
'account_middlename' => 'Charles Lima',
|
|
'account_lastname' => 'Test',
|
|
'account_primary_group' => $this->group_id,
|
|
'account_groups' => array($this->group_id)
|
|
);
|
|
|
|
if(($account_id = $GLOBALS['egw']->accounts->name2id($account['account_lid'])))
|
|
{
|
|
// Delete if there in case something went wrong
|
|
$GLOBALS['egw']->accounts->delete($account_id);
|
|
}
|
|
|
|
$command = new admin_cmd_edit_user(false, $account);
|
|
$command->comment = 'Needed for unit test ' . $this->getName();
|
|
$command->run();
|
|
$this->account_id = $command->account;
|
|
$this->assertNotEmpty($this->account_id, 'Did not create test user account');
|
|
}
|
|
|
|
public function tearDown()
|
|
{
|
|
// Delete the accounts we created
|
|
if($this->group_id)
|
|
{
|
|
$GLOBALS['egw']->accounts->delete($this->group_id);
|
|
}
|
|
if($this->account_id)
|
|
{
|
|
$GLOBALS['egw']->accounts->delete($this->account_id);
|
|
}
|
|
parent::tearDown();
|
|
}
|
|
|
|
/**
|
|
* Test giving a user access to another user's data
|
|
*/
|
|
public function testAddForUserWhenEmpty()
|
|
{
|
|
// Set up
|
|
$data = array(
|
|
'allow' => true,
|
|
'account' => $this->account_id,
|
|
'app' => static::APP,
|
|
'location' => $GLOBALS['egw_info']['user']['account_id'],
|
|
'rights' => Acl::ADD,
|
|
'comment' => 'Giving add rights as part of unit test ' . $this->getName()
|
|
);
|
|
$command = new admin_cmd_acl($data);
|
|
$command->run();
|
|
|
|
// Check
|
|
$acl = new Acl($this->account_id);
|
|
$this->assertTrue($acl->check($data['location'], Acl::ADD, static::APP));
|
|
$this->assertEquals($data['rights'], $acl->get_specific_rights($data['location'], $data['app']));
|
|
}
|
|
|
|
/**
|
|
* Test removing access to another user's data
|
|
*/
|
|
public function testRemoveForUserToEmpty()
|
|
{
|
|
// Set up
|
|
$acl = new Acl($this->account_id);
|
|
$acl->add_repository(static::APP, $GLOBALS['egw_info']['user']['account_id'], $this->account_id, Acl::ADD);
|
|
$acl->read_repository();
|
|
|
|
$data = array(
|
|
'allow' => false,
|
|
'account' => $this->account_id,
|
|
'app' => static::APP,
|
|
'location' => $GLOBALS['egw_info']['user']['account_id'],
|
|
'rights' => Acl::ADD,
|
|
'comment' => 'Removing add rights as part of unit test ' . $this->getName()
|
|
);
|
|
$command = new admin_cmd_acl($data);
|
|
$command->run();
|
|
|
|
// Check
|
|
$acl->read_repository();
|
|
$this->assertFalse($acl->check($data['location'], Acl::ADD, static::APP));
|
|
$this->assertEquals(0, $acl->get_specific_rights($data['location'], $data['app']));
|
|
}
|
|
|
|
/**
|
|
* Test adding access when there are already permissions
|
|
*/
|
|
public function testAddForUser()
|
|
{
|
|
// Set up
|
|
$acl = new Acl($this->account_id);
|
|
$acl->add_repository(static::APP, $GLOBALS['egw_info']['user']['account_id'], $this->account_id, Acl::READ|Acl::ADD|Acl::EDIT);
|
|
$acl->read_repository();
|
|
|
|
// Run - remove delete
|
|
$data = array(
|
|
'allow' => true,
|
|
'account' => $this->account_id,
|
|
'app' => static::APP,
|
|
'location' => $GLOBALS['egw_info']['user']['account_id'],
|
|
'rights' => Acl::DELETE,
|
|
'comment' => 'Giving delete rights as part of unit test ' . $this->getName()
|
|
);
|
|
$command = new admin_cmd_acl($data);
|
|
$command->run();
|
|
|
|
// Check
|
|
$acl = new Acl($this->account_id);
|
|
$this->assertTrue($acl->check($data['location'], Acl::READ, static::APP));
|
|
$this->assertTrue($acl->check($data['location'], Acl::ADD, static::APP));
|
|
$this->assertTrue($acl->check($data['location'], Acl::EDIT, static::APP));
|
|
$this->assertTrue($acl->check($data['location'], Acl::DELETE, static::APP));
|
|
$this->assertEquals(Acl::READ|Acl::ADD|Acl::EDIT|Acl::DELETE, $acl->get_specific_rights($data['location'], $data['app']));
|
|
}
|
|
|
|
/**
|
|
* Test removing access when there are already permissions, and leaving some
|
|
*/
|
|
public function testRemoveForUser()
|
|
{
|
|
// Set up
|
|
$acl = new Acl($this->account_id);
|
|
$acl->add_repository(static::APP, $GLOBALS['egw_info']['user']['account_id'], $this->account_id, Acl::READ|Acl::ADD|Acl::EDIT|Acl::DELETE);
|
|
$acl->read_repository();
|
|
|
|
// Run - remove delete
|
|
$data = array(
|
|
'allow' => false,
|
|
'account' => $this->account_id,
|
|
'app' => static::APP,
|
|
'location' => $GLOBALS['egw_info']['user']['account_id'],
|
|
'rights' => Acl::DELETE,
|
|
'comment' => 'Removing delete rights as part of unit test ' . $this->getName()
|
|
);
|
|
$command = new admin_cmd_acl($data);
|
|
$command->run();
|
|
|
|
// Check
|
|
$acl = new Acl($this->account_id);
|
|
$this->assertTrue($acl->check($data['location'], Acl::READ, static::APP));
|
|
$this->assertTrue($acl->check($data['location'], Acl::ADD, static::APP));
|
|
$this->assertTrue($acl->check($data['location'], Acl::EDIT, static::APP));
|
|
$this->assertFalse($acl->check($data['location'], Acl::DELETE, static::APP));
|
|
$this->assertEquals(Acl::READ|Acl::ADD|Acl::EDIT, $acl->get_specific_rights($data['location'], $data['app']));
|
|
}
|
|
|
|
/**
|
|
* Test giving a group access to a user's data
|
|
*/
|
|
public function testAddForGroupWhenEmpty()
|
|
{
|
|
// Set up
|
|
$data = array(
|
|
'allow' => true,
|
|
'account' => $this->group_id,
|
|
'app' => static::APP,
|
|
'location' => $GLOBALS['egw_info']['user']['account_id'],
|
|
'rights' => Acl::ADD,
|
|
'comment' => 'Giving add rights to a group as part of unit test ' . $this->getName()
|
|
);
|
|
$command = new admin_cmd_acl($data);
|
|
$command->run();
|
|
|
|
// Check group
|
|
$acl = new Acl($this->group_id);
|
|
$this->assertTrue($acl->check($data['location'], Acl::ADD, static::APP));
|
|
$this->assertEquals($data['rights'], $acl->get_specific_rights($data['location'], $data['app']));
|
|
|
|
// Check that user gets it too
|
|
$acl = new Acl($this->account_id);
|
|
$this->assertTrue($acl->check($data['location'], Acl::ADD, static::APP));
|
|
$this->assertEquals($data['rights'], $acl->get_rights($data['location'], $data['app']));
|
|
}
|
|
|
|
/**
|
|
* Test removing group access
|
|
*/
|
|
public function testRemoveForGroupToEmpty()
|
|
{
|
|
echo "\n== DEBUG ==\n";
|
|
echo "Server ACL default: " . $GLOBALS['egw_info']['server']['acl_default']."\n";
|
|
// Set up
|
|
$acl = new Acl($this->group_id);
|
|
$acl->add_repository(static::APP, $GLOBALS['egw_info']['user']['account_id'], $this->group_id, Acl::ADD);
|
|
$acl->read_repository();
|
|
$this->assertTrue($acl->check($GLOBALS['egw_info']['user']['account_id'], Acl::ADD, static::APP));
|
|
|
|
echo "\nBefore:\n";
|
|
var_dump($acl->get_all_rights($GLOBALS['egw_info']['user']['account_id']));
|
|
$data = array(
|
|
'allow' => false,
|
|
'account' => $this->group_id,
|
|
'app' => static::APP,
|
|
'location' => $GLOBALS['egw_info']['user']['account_id'],
|
|
'rights' => Acl::ADD,
|
|
'comment' => 'Removing add rights from a group as part of unit test ' . $this->getName()
|
|
);
|
|
$command = new admin_cmd_acl($data);
|
|
$command->run();
|
|
|
|
echo "Data:\n";
|
|
var_dump($data);
|
|
// Check group
|
|
$acl = new Acl($this->group_id);
|
|
$acl->read_repository();
|
|
echo "Rights:\n";
|
|
var_dump($acl->get_all_rights($data['location'], static::APP));
|
|
$this->assertFalse($acl->check($data['location'], Acl::ADD, static::APP));
|
|
$this->assertEquals(0, $acl->get_specific_rights($data['location'], $data['app']));
|
|
|
|
// Check that user gets it too
|
|
$acl = new Acl($this->account_id);
|
|
$acl->read_repository();
|
|
if($GLOBALS['egw_info']['server']['acl_default'] != 'deny')
|
|
{
|
|
echo "DEBUG: Default allow\n";
|
|
$this->assertTrue($acl->check($data['location'], Acl::ADD, static::APP));
|
|
}
|
|
else
|
|
{
|
|
// Default is deny
|
|
echo "DEBUG: Default deny\n";
|
|
$this->assertFalse($acl->check($data['location'], Acl::ADD, static::APP));
|
|
}
|
|
$this->assertEquals(0, $acl->get_rights($data['location'], $data['app']));
|
|
}
|
|
|
|
|
|
/**
|
|
* Test adding access to a non-numeric location, such as a category or a
|
|
* specific record.
|
|
*/
|
|
public function testAddForEntry()
|
|
{
|
|
// Set up
|
|
$data = array(
|
|
'allow' => true,
|
|
'account' => $this->account_id,
|
|
'app' => static::APP,
|
|
'location' => 'A' . $GLOBALS['egw_info']['user']['person_id'],
|
|
'rights' => Acl::EDIT,
|
|
'comment' => 'Adding edit rights as part of unit test ' . $this->getName()
|
|
);
|
|
$command = new admin_cmd_acl($data);
|
|
$command->run();
|
|
|
|
// Check
|
|
$acl = new Acl($this->account_id);
|
|
$this->assertTrue($acl->check($data['location'], Acl::EDIT, static::APP));
|
|
$this->assertEquals($data['rights'], $acl->get_specific_rights($data['location'], $data['app']));
|
|
}
|
|
|
|
/**
|
|
* Test removing access from a non-numeric location, such as a category or a
|
|
* specific record.
|
|
*/
|
|
public function testRemoveForEntry()
|
|
{
|
|
// Set up
|
|
$acl = new Acl($this->account_id);
|
|
$acl->add_repository(static::APP, 'A' . $GLOBALS['egw_info']['user']['person_id'], $this->account_id, Acl::ADD);
|
|
$acl->read_repository();
|
|
|
|
$data = array(
|
|
'allow' => false,
|
|
'account' => $this->account_id,
|
|
'app' => static::APP,
|
|
'location' => 'A' . $GLOBALS['egw_info']['user']['person_id'],
|
|
'rights' => Acl::ADD,
|
|
'comment' => 'Removing add rights as part of unit test ' . $this->getName()
|
|
);
|
|
$command = new admin_cmd_acl($data);
|
|
$command->run();
|
|
|
|
// Check
|
|
$acl->read_repository();
|
|
$this->assertFalse($acl->check($data['location'], Acl::ADD, static::APP));
|
|
$this->assertEquals(0, $acl->get_specific_rights($data['location'], $data['app']));
|
|
}
|
|
}
|