BookStack Code Mirror - bookstack/blob - tests/Permissions/Scenarios/EntityRolePermissionsTest.php

   1 <?php
   2
   3 namespace Tests\Permissions\Scenarios;
   4
   5 class EntityRolePermissionsTest extends PermissionScenarioTestCase
   6 {
   7     public function test_01_explicit_allow()
   8     {
   9         [$user, $role] = $this->users->newUserWithRole();
  10         $page = $this->entities->page();
  11         $this->permissions->setEntityPermissions($page, ['view'], [$role], false);
  12
  13         $this->assertVisibleToUser($page, $user);
  14     }
  15
  16     public function test_02_explicit_deny()
  17     {
  18         [$user, $role] = $this->users->newUserWithRole();
  19         $page = $this->entities->page();
  20         $this->permissions->setEntityPermissions($page, [], [$role], false);
  21
  22         $this->assertNotVisibleToUser($page, $user);
  23     }
  24
  25     public function test_03_same_level_conflicting()
  26     {
  27         [$user, $roleA] = $this->users->newUserWithRole();
  28         $roleB = $this->users->attachNewRole($user);
  29         $page = $this->entities->page();
  30
  31         $this->permissions->disableEntityInheritedPermissions($page);
  32         $this->permissions->addEntityPermission($page, [], $roleA);
  33         $this->permissions->addEntityPermission($page, ['view'], $roleB);
  34
  35         $this->assertVisibleToUser($page, $user);
  36     }
  37
  38     public function test_20_inherit_allow()
  39     {
  40         [$user, $roleA] = $this->users->newUserWithRole();
  41         $page = $this->entities->pageWithinChapter();
  42         $chapter = $page->chapter;
  43
  44         $this->permissions->disableEntityInheritedPermissions($chapter);
  45         $this->permissions->addEntityPermission($chapter, ['view'], $roleA);
  46
  47         $this->assertVisibleToUser($page, $user);
  48     }
  49
  50     public function test_21_inherit_deny()
  51     {
  52         [$user, $roleA] = $this->users->newUserWithRole();
  53         $page = $this->entities->pageWithinChapter();
  54         $chapter = $page->chapter;
  55
  56         $this->permissions->disableEntityInheritedPermissions($chapter);
  57         $this->permissions->addEntityPermission($chapter, [], $roleA);
  58
  59         $this->assertNotVisibleToUser($page, $user);
  60     }
  61
  62     public function test_22_same_level_conflict_inherit()
  63     {
  64         [$user, $roleA] = $this->users->newUserWithRole();
  65         $roleB = $this->users->attachNewRole($user);
  66         $page = $this->entities->pageWithinChapter();
  67         $chapter = $page->chapter;
  68
  69         $this->permissions->disableEntityInheritedPermissions($chapter);
  70         $this->permissions->addEntityPermission($chapter, [], $roleA);
  71         $this->permissions->addEntityPermission($chapter, ['view'], $roleB);
  72
  73         $this->assertVisibleToUser($page, $user);
  74     }
  75
  76     public function test_30_child_inherit_override_allow()
  77     {
  78         [$user, $roleA] = $this->users->newUserWithRole();
  79         $page = $this->entities->pageWithinChapter();
  80         $chapter = $page->chapter;
  81
  82         $this->permissions->disableEntityInheritedPermissions($chapter);
  83         $this->permissions->addEntityPermission($chapter, [], $roleA);
  84         $this->permissions->addEntityPermission($page, ['view'], $roleA);
  85
  86         $this->assertVisibleToUser($page, $user);
  87     }
  88
  89     public function test_31_child_inherit_override_deny()
  90     {
  91         [$user, $roleA] = $this->users->newUserWithRole();
  92         $page = $this->entities->pageWithinChapter();
  93         $chapter = $page->chapter;
  94
  95         $this->permissions->disableEntityInheritedPermissions($chapter);
  96         $this->permissions->addEntityPermission($chapter, ['view'], $roleA);
  97         $this->permissions->addEntityPermission($page, [], $roleA);
  98
  99         $this->assertNotVisibleToUser($page, $user);
 100     }
 101
 102     public function test_40_multi_role_inherit_conflict_override_deny()
 103     {
 104         [$user, $roleA] = $this->users->newUserWithRole();
 105         $roleB = $this->users->attachNewRole($user);
 106         $page = $this->entities->pageWithinChapter();
 107         $chapter = $page->chapter;
 108
 109         $this->permissions->disableEntityInheritedPermissions($chapter);
 110         $this->permissions->addEntityPermission($page, [], $roleA);
 111         $this->permissions->addEntityPermission($chapter, ['view'], $roleB);
 112
 113         $this->assertVisibleToUser($page, $user);
 114     }
 115
 116     public function test_41_multi_role_inherit_conflict_retain_allow()
 117     {
 118         [$user, $roleA] = $this->users->newUserWithRole();
 119         $roleB = $this->users->attachNewRole($user);
 120         $page = $this->entities->pageWithinChapter();
 121         $chapter = $page->chapter;
 122
 123         $this->permissions->disableEntityInheritedPermissions($chapter);
 124         $this->permissions->addEntityPermission($page, ['view'], $roleA);
 125         $this->permissions->addEntityPermission($chapter, [], $roleB);
 126
 127         $this->assertVisibleToUser($page, $user);
 128     }
 129
 130     public function test_50_role_override_allow()
 131     {
 132         [$user, $roleA] = $this->users->newUserWithRole();
 133         $page = $this->entities->page();
 134         $this->permissions->addEntityPermission($page, ['view'], $roleA);
 135
 136         $this->assertVisibleToUser($page, $user);
 137     }
 138
 139     public function test_51_role_override_deny()
 140     {
 141         [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
 142         $page = $this->entities->page();
 143         $this->permissions->addEntityPermission($page, [], $roleA);
 144
 145         $this->assertNotVisibleToUser($page, $user);
 146     }
 147
 148     public function test_60_inherited_role_override_allow()
 149     {
 150         [$user, $roleA] = $this->users->newUserWithRole([], []);
 151         $page = $this->entities->pageWithinChapter();
 152         $chapter = $page->chapter;
 153         $this->permissions->addEntityPermission($chapter, ['view'], $roleA);
 154
 155         $this->assertVisibleToUser($page, $user);
 156     }
 157
 158     public function test_61_inherited_role_override_deny()
 159     {
 160         [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
 161         $page = $this->entities->pageWithinChapter();
 162         $chapter = $page->chapter;
 163         $this->permissions->addEntityPermission($chapter, [], $roleA);
 164
 165         $this->assertNotVisibleToUser($page, $user);
 166     }
 167
 168     public function test_62_inherited_role_override_deny_on_own()
 169     {
 170         [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']);
 171         $page = $this->entities->pageWithinChapter();
 172         $chapter = $page->chapter;
 173         $this->permissions->addEntityPermission($chapter, [], $roleA);
 174         $this->permissions->changeEntityOwner($page, $user);
 175
 176         $this->assertNotVisibleToUser($page, $user);
 177     }
 178
 179     public function test_70_multi_role_inheriting_deny()
 180     {
 181         [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
 182         $roleB = $this->users->attachNewRole($user);
 183         $page = $this->entities->page();
 184
 185         $this->permissions->addEntityPermission($page, [], $roleB);
 186
 187         $this->assertNotVisibleToUser($page, $user);
 188     }
 189
 190     public function test_80_multi_role_inherited_deny_via_parent()
 191     {
 192         [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
 193         $roleB = $this->users->attachNewRole($user);
 194         $page = $this->entities->pageWithinChapter();
 195         $chapter = $page->chapter;
 196
 197         $this->permissions->addEntityPermission($chapter, [], $roleB);
 198
 199         $this->assertNotVisibleToUser($page, $user);
 200     }
 201 }