]> BookStack Code Mirror - bookstack/blob - tests/Permissions/Scenarios/EntityRolePermissions.php
projects / bookstack / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added additional entity_role_permission scenario tests
[bookstack] / tests / Permissions / Scenarios / EntityRolePermissions.php
1 <?php
2
3 namespace Tests\Permissions\Scenarios;
4
5 use BookStack\Auth\User;
6 use BookStack\Entities\Models\Entity;
7 use Tests\TestCase;
8
9 // Cases defined in dev/docs/permission-scenario-testing.md
10
11 class EntityRolePermissions extends TestCase
12 {
13     public function test_01_explicit_allow()
14     {
15         [$user, $role] = $this->users->newUserWithRole();
16         $page = $this->entities->page();
17         $this->permissions->setEntityPermissions($page, ['view'], [$role], false);
18
19         $this->assertVisibleToUser($page, $user);
20     }
21
22     public function test_02_explicit_deny()
23     {
24         [$user, $role] = $this->users->newUserWithRole();
25         $page = $this->entities->page();
26         $this->permissions->setEntityPermissions($page, [], [$role], false);
27
28         $this->assertNotVisibleToUser($page, $user);
29     }
30
31     public function test_03_same_level_conflicting()
32     {
33         [$user, $roleA] = $this->users->newUserWithRole();
34         $roleB = $this->users->attachNewRole($user);
35         $page = $this->entities->page();
36
37         $this->permissions->disableEntityInheritedPermissions($page);
38         $this->permissions->addEntityPermission($page, [], $roleA);
39         $this->permissions->addEntityPermission($page, ['view'], $roleB);
40
41         $this->assertVisibleToUser($page, $user);
42     }
43
44     public function test_20_inherit_allow()
45     {
46         [$user, $roleA] = $this->users->newUserWithRole();
47         $page = $this->entities->pageWithinChapter();
48         $chapter = $page->chapter;
49
50         $this->permissions->disableEntityInheritedPermissions($chapter);
51         $this->permissions->addEntityPermission($chapter, ['view'], $roleA);
52
53         $this->assertVisibleToUser($page, $user);
54     }
55
56     public function test_21_inherit_deny()
57     {
58         [$user, $roleA] = $this->users->newUserWithRole();
59         $page = $this->entities->pageWithinChapter();
60         $chapter = $page->chapter;
61
62         $this->permissions->disableEntityInheritedPermissions($chapter);
63         $this->permissions->addEntityPermission($chapter, [], $roleA);
64
65         $this->assertNotVisibleToUser($page, $user);
66     }
67
68     public function test_22_same_level_conflict_inherit()
69     {
70         [$user, $roleA] = $this->users->newUserWithRole();
71         $roleB = $this->users->attachNewRole($user);
72         $page = $this->entities->pageWithinChapter();
73         $chapter = $page->chapter;
74
75         $this->permissions->disableEntityInheritedPermissions($chapter);
76         $this->permissions->addEntityPermission($chapter, [], $roleA);
77         $this->permissions->addEntityPermission($chapter, ['view'], $roleB);
78
79         $this->assertVisibleToUser($page, $user);
80     }
81
82     public function test_30_child_inherit_override_allow()
83     {
84         [$user, $roleA] = $this->users->newUserWithRole();
85         $page = $this->entities->pageWithinChapter();
86         $chapter = $page->chapter;
87
88         $this->permissions->disableEntityInheritedPermissions($chapter);
89         $this->permissions->addEntityPermission($chapter, [], $roleA);
90         $this->permissions->addEntityPermission($page, ['view'], $roleA);
91
92         $this->assertVisibleToUser($page, $user);
93     }
94
95     public function test_31_child_inherit_override_deny()
96     {
97         [$user, $roleA] = $this->users->newUserWithRole();
98         $page = $this->entities->pageWithinChapter();
99         $chapter = $page->chapter;
100
101         $this->permissions->disableEntityInheritedPermissions($chapter);
102         $this->permissions->addEntityPermission($chapter, ['view'], $roleA);
103         $this->permissions->addEntityPermission($page, [], $roleA);
104
105         $this->assertNotVisibleToUser($page, $user);
106     }
107
108     protected function assertVisibleToUser(Entity $entity, User $user)
109     {
110         $this->actingAs($user);
111         $funcView = userCan($entity->getMorphClass() . '-view', $entity);
112         $queryView = $entity->newQuery()->scopes(['visible'])->find($entity->id) !== null;
113
114         $id = $entity->getMorphClass() . ':' . $entity->id;
115         $msg = "Item [{$id}] should be visible but was not found via ";
116         $msg .= implode(' and ', array_filter([!$funcView ? 'userCan' : '', !$queryView ? 'query' : '']));
117
118         static::assertTrue($funcView && $queryView, $msg);
119     }
120
121     protected function assertNotVisibleToUser(Entity $entity, User $user)
122     {
123         $this->actingAs($user);
124         $funcView = userCan($entity->getMorphClass() . '-view', $entity);
125         $queryView = $entity->newQuery()->scopes(['visible'])->find($entity->id) !== null;
126
127         $id = $entity->getMorphClass() . ':' . $entity->id;
128         $msg = "Item [{$id}] should not be visible but was found via ";
129         $msg .= implode(' and ', array_filter([$funcView ? 'userCan' : '', $queryView ? 'query' : '']));
130
131         static::assertTrue(!$funcView && !$queryView, $msg);
132     }
133 }
The core source code for the BookStack project.