1 # Permission Scenario Testing
3 Due to complexity that can arise in the various combinations of permissions, this document details scenarios and their expected results.
5 Test cases are written ability abstract, since all abilities should act the same in theory. Functional test cases may test abilities separate due to implementation differences.
7 Tests are categorised by the most specific element involved in the scenario, where the below list is most specific to least:
9 - User entity permissions.
10 - Role entity permissions.
13 ## General Permission Logical Rules
15 The below are some general rules we follow to standardise the behaviour of permissions in the platform:
17 - Most specific permission application (as above) take priority and can deny less specific permissions.
18 - Parent user/role entity permissions that may be inherited, are considered to essentially be applied on the item they are inherited to unless a lower level has its own permission rule for an already specific role/user.
19 - Where both grant and deny exist at the same specificity, we side towards grant.
23 TODO - Role & entity-role interplay
24 TODO - Role & entity-user interplay
25 TODO - Role content relations?
26 TODO - Role system permissions?
28 ### Content Role Permissions
30 These are tests related to item/entity permissions that are set only at a role level.
34 - Role A has role all-page permission.
37 User granted page permission.
41 - Role A has no page permission.
44 User denied page permission.
46 #### test_10_allow_on_own_with_own
48 - Role A has role own-page permission.
50 - User is owner of page.
52 User granted page permission.
54 #### test_11_deny_on_other_with_own
56 - Role A has role own-page permission.
58 - User is not owner of page.
60 User denied page permission.
62 #### test_20_multiple_role_conflicting_all
64 - Role A has role all-page permission.
65 - Role B has no page permission.
66 - User has Role A & B.
68 User granted page permission.
70 #### test_21_multiple_role_conflicting_own
72 - Role A has role own-page permission.
73 - Role B has no page permission.
74 - User has Role A & B.
75 - User is owner of page.
77 User granted page permission.
81 ### Entity Role Permissions
83 These are tests related to entity-level role-specific permission overrides.
85 #### test_01_explicit_allow
87 - Page permissions have inherit disabled.
88 - Role A has entity allow page permission.
91 User granted page permission.
93 #### test_02_explicit_deny
95 - Page permissions have inherit disabled.
96 - Role A has entity deny page permission.
99 User denied page permission.
101 #### test_03_same_level_conflicting
103 - Page permissions have inherit disabled.
104 - Role A has entity allow page permission.
105 - Role B has entity deny page permission.
106 - User has both Role A & B.
108 User granted page permission.
109 Explicit grant overrides entity deny at same level.
111 #### test_20_inherit_allow
113 - Page permissions have inherit enabled.
114 - Chapter permissions has inherit disabled.
115 - Role A has entity allow chapter permission.
118 User granted page permission.
120 #### test_21_inherit_deny
122 - Page permissions have inherit enabled.
123 - Chapter permissions has inherit disabled.
124 - Role A has entity deny chapter permission.
127 User denied page permission.
129 #### test_22_same_level_conflict_inherit
131 - Page permissions have inherit enabled.
132 - Chapter permissions has inherit disabled.
133 - Role A has entity deny chapter permission.
134 - Role B has entity allow chapter permission.
135 - User has both Role A & B.
137 User granted page permission.
139 #### test_30_child_inherit_override_allow
141 - Page permissions have inherit enabled.
142 - Chapter permissions has inherit disabled.
143 - Role A has entity deny chapter permission.
144 - Role A has entity allow page permission.
147 User granted page permission.
149 #### test_31_child_inherit_override_deny
151 - Page permissions have inherit enabled.
152 - Chapter permissions has inherit disabled.
153 - Role A has entity allow chapter permission.
154 - Role A has entity deny page permission.
157 User denied page permission.
159 #### test_40_multi_role_inherit_conflict_override_deny
161 - Page permissions have inherit enabled.
162 - Chapter permissions has inherit disabled.
163 - Role A has entity deny page permission.
164 - Role B has entity allow chapter permission.
165 - User has Role A & B.
167 User granted page permission.
169 #### test_41_multi_role_inherit_conflict_retain_allow
171 - Page permissions have inherit enabled.
172 - Chapter permissions has inherit disabled.
173 - Role A has entity allow page permission.
174 - Role B has entity deny chapter permission.
175 - User has Role A & B.
177 User granted page permission.
181 ### Entity User Permissions
183 These are tests related to entity-level user-specific permission overrides.
185 #### test_01_explicit_allow
187 - Page permissions have inherit disabled.
188 - User has entity allow page permission.
190 User granted page permission.
192 #### test_02_explicit_deny
194 - Page permissions have inherit disabled.
195 - User has entity deny page permission.
197 User denied page permission.
199 #### test_10_allow_inherit
201 - Page permissions have inherit enabled.
202 - Chapter permissions have inherit disabled.
203 - User has entity allow chapter permission.
205 User granted page permission.
207 #### test_11_deny_inherit
209 - Page permissions have inherit enabled.
210 - Chapter permissions have inherit disabled.
211 - User has entity deny chapter permission.
213 User denied page permission.
215 #### test_12_allow_inherit_override
217 - Page permissions have inherit enabled.
218 - Chapter permissions have inherit disabled.
219 - User has entity deny chapter permission.
220 - User has entity allow page permission.
222 User granted page permission.
224 #### test_13_deny_inherit_override
226 - Page permissions have inherit enabled.
227 - Chapter permissions have inherit disabled.
228 - User has entity allow chapter permission.
229 - User has entity deny page permission.
231 User denied page permission.
233 #### test_40_entity_role_override_allow
235 - Page permissions have inherit disabled.
236 - User has entity allow page permission.
237 - Role A has entity deny page permission.
240 User granted page permission.
242 #### test_41_entity_role_override_deny
244 - Page permissions have inherit disabled.
245 - User has entity deny page permission.
246 - Role A has entity allow page permission.
249 User denied page permission.
251 #### test_42_entity_role_override_allow_via_inherit
253 - Page permissions have inherit enabled.
254 - Chapter permissions have inherit disabled.
255 - User has entity allow chapter permission.
256 - Role A has entity deny page permission.
259 User granted page permission.
261 #### test_43_entity_role_override_deny_via_inherit
263 - Page permissions have inherit enabled.
264 - Chapter permissions have inherit disabled.
265 - User has entity deny chapter permission.
266 - Role A has entity allow page permission.
269 User denied page permission.
projects / bookstack / blob