BookStack Code Mirror - bookstack/blob - tests/Permissions/Scenarios/EntityRolePermissionsTest.php

1 <?php

3 namespace Tests\Permissions\Scenarios;

5 class EntityRolePermissionsTest extends PermissionScenarioTestCase

6 {

7 public function test_01_explicit_allow()

8 {

9 [$user, $role] = $this->users->newUserWithRole();

10 $page = $this->entities->page();

11 $this->permissions->setEntityPermissions($page, ['view'], [$role], false);

13 $this->assertVisibleToUser($page, $user);

14 }

16 public function test_02_explicit_deny()

17 {

18 [$user, $role] = $this->users->newUserWithRole();

19 $page = $this->entities->page();

20 $this->permissions->setEntityPermissions($page, [], [$role], false);

22 $this->assertNotVisibleToUser($page, $user);

23 }

25 public function test_03_same_level_conflicting()

26 {

27 [$user, $roleA] = $this->users->newUserWithRole();

28 $roleB = $this->users->attachNewRole($user);

29 $page = $this->entities->page();

31 $this->permissions->disableEntityInheritedPermissions($page);

32 $this->permissions->addEntityPermission($page, [], $roleA);

33 $this->permissions->addEntityPermission($page, ['view'], $roleB);

35 $this->assertVisibleToUser($page, $user);

36 }

38 public function test_20_inherit_allow()

39 {

40 [$user, $roleA] = $this->users->newUserWithRole();

41 $page = $this->entities->pageWithinChapter();

42 $chapter = $page->chapter;

44 $this->permissions->disableEntityInheritedPermissions($chapter);

45 $this->permissions->addEntityPermission($chapter, ['view'], $roleA);

47 $this->assertVisibleToUser($page, $user);

48 }

50 public function test_21_inherit_deny()

51 {

52 [$user, $roleA] = $this->users->newUserWithRole();

53 $page = $this->entities->pageWithinChapter();

54 $chapter = $page->chapter;

56 $this->permissions->disableEntityInheritedPermissions($chapter);

57 $this->permissions->addEntityPermission($chapter, [], $roleA);

59 $this->assertNotVisibleToUser($page, $user);

60 }

62 public function test_22_same_level_conflict_inherit()

63 {

64 [$user, $roleA] = $this->users->newUserWithRole();

65 $roleB = $this->users->attachNewRole($user);

66 $page = $this->entities->pageWithinChapter();

67 $chapter = $page->chapter;

69 $this->permissions->disableEntityInheritedPermissions($chapter);

70 $this->permissions->addEntityPermission($chapter, [], $roleA);

71 $this->permissions->addEntityPermission($chapter, ['view'], $roleB);

73 $this->assertVisibleToUser($page, $user);

74 }

76 public function test_30_child_inherit_override_allow()

77 {

78 [$user, $roleA] = $this->users->newUserWithRole();

79 $page = $this->entities->pageWithinChapter();

80 $chapter = $page->chapter;

82 $this->permissions->disableEntityInheritedPermissions($chapter);

83 $this->permissions->addEntityPermission($chapter, [], $roleA);

84 $this->permissions->addEntityPermission($page, ['view'], $roleA);

86 $this->assertVisibleToUser($page, $user);

87 }

89 public function test_31_child_inherit_override_deny()

90 {

91 [$user, $roleA] = $this->users->newUserWithRole();

92 $page = $this->entities->pageWithinChapter();

93 $chapter = $page->chapter;

95 $this->permissions->disableEntityInheritedPermissions($chapter);

96 $this->permissions->addEntityPermission($chapter, ['view'], $roleA);

97 $this->permissions->addEntityPermission($page, [], $roleA);

99 $this->assertNotVisibleToUser($page, $user);

100 }

101

102 public function test_40_multi_role_inherit_conflict_override_deny()

103 {

104 [$user, $roleA] = $this->users->newUserWithRole();

105 $roleB = $this->users->attachNewRole($user);

106 $page = $this->entities->pageWithinChapter();

107 $chapter = $page->chapter;

108

109 $this->permissions->disableEntityInheritedPermissions($chapter);

110 $this->permissions->addEntityPermission($page, [], $roleA);

111 $this->permissions->addEntityPermission($chapter, ['view'], $roleB);

112

113 $this->assertVisibleToUser($page, $user);

114 }

115

116 public function test_41_multi_role_inherit_conflict_retain_allow()

117 {

118 [$user, $roleA] = $this->users->newUserWithRole();

119 $roleB = $this->users->attachNewRole($user);

120 $page = $this->entities->pageWithinChapter();

121 $chapter = $page->chapter;

122

123 $this->permissions->disableEntityInheritedPermissions($chapter);

124 $this->permissions->addEntityPermission($page, ['view'], $roleA);

125 $this->permissions->addEntityPermission($chapter, [], $roleB);

126

127 $this->assertVisibleToUser($page, $user);

128 }

129

130 public function test_50_role_override_allow()

131 {

132 [$user, $roleA] = $this->users->newUserWithRole();

133 $page = $this->entities->page();

134 $this->permissions->addEntityPermission($page, ['view'], $roleA);

135

136 $this->assertVisibleToUser($page, $user);

137 }

138

139 public function test_51_role_override_deny()

140 {

141 [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);

142 $page = $this->entities->page();

143 $this->permissions->addEntityPermission($page, [], $roleA);

144

145 $this->assertNotVisibleToUser($page, $user);

146 }

147

148 public function test_60_inherited_role_override_allow()

149 {

150 [$user, $roleA] = $this->users->newUserWithRole([], []);

151 $page = $this->entities->pageWithinChapter();

152 $chapter = $page->chapter;

153 $this->permissions->addEntityPermission($chapter, ['view'], $roleA);

154

155 $this->assertVisibleToUser($page, $user);

156 }

157

158 public function test_61_inherited_role_override_deny()

159 {

160 [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);

161 $page = $this->entities->pageWithinChapter();

162 $chapter = $page->chapter;

163 $this->permissions->addEntityPermission($chapter, [], $roleA);

164

165 $this->assertNotVisibleToUser($page, $user);

166 }

167

168 public function test_62_inherited_role_override_deny_on_own()

169 {

170 [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']);

171 $page = $this->entities->pageWithinChapter();

172 $chapter = $page->chapter;

173 $this->permissions->addEntityPermission($chapter, [], $roleA);

174 $this->permissions->changeEntityOwner($page, $user);

175

176 $this->assertNotVisibleToUser($page, $user);

177 }

178

179 public function test_70_multi_role_inheriting_deny()

180 {

181 [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);

182 $roleB = $this->users->attachNewRole($user);

183 $page = $this->entities->page();

184

185 $this->permissions->addEntityPermission($page, [], $roleB);

186

187 $this->assertNotVisibleToUser($page, $user);

188 }

189

190 public function test_75_multi_role_inherited_deny_via_parent()

191 {

192 [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);

193 $roleB = $this->users->attachNewRole($user);

194 $page = $this->entities->pageWithinChapter();

195 $chapter = $page->chapter;

196

197 $this->permissions->addEntityPermission($chapter, [], $roleB);

198

199 $this->assertNotVisibleToUser($page, $user);

200 }

201

202 public function test_80_fallback_override_allow()

203 {

204 [$user, $roleA] = $this->users->newUserWithRole();

205 $page = $this->entities->page();

206

207 $this->permissions->setFallbackPermissions($page, []);

208 $this->permissions->addEntityPermission($page, ['view'], $roleA);

209

210 $this->assertVisibleToUser($page, $user);

211 }

212 public function test_81_fallback_override_deny()

213 {

214 [$user, $roleA] = $this->users->newUserWithRole();

215 $page = $this->entities->page();

216

217 $this->permissions->setFallbackPermissions($page, ['view']);

218 $this->permissions->addEntityPermission($page, [], $roleA);

219

220 $this->assertNotVisibleToUser($page, $user);

221 }

222

223 public function test_84_fallback_override_allow_multi_role()

224 {

225 [$user, $roleA] = $this->users->newUserWithRole();

226 $roleB = $this->users->attachNewRole($user);

227 $page = $this->entities->page();

228

229 $this->permissions->setFallbackPermissions($page, []);

230 $this->permissions->addEntityPermission($page, ['view'], $roleA);

231

232 $this->assertVisibleToUser($page, $user);

233 }

234

235 public function test_85_fallback_override_deny_multi_role()

236 {

237 [$user, $roleA] = $this->users->newUserWithRole();

238 $roleB = $this->users->attachNewRole($user);

239 $page = $this->entities->page();

240

241 $this->permissions->setFallbackPermissions($page, ['view']);

242 $this->permissions->addEntityPermission($page, [], $roleA);

243

244 $this->assertNotVisibleToUser($page, $user);

245 }

246

247 public function test_86_fallback_override_allow_inherit()

248 {

249 [$user, $roleA] = $this->users->newUserWithRole();

250 $page = $this->entities->page();

251 $chapter = $page->chapter;

252

253 $this->permissions->setFallbackPermissions($chapter, []);

254 $this->permissions->addEntityPermission($chapter, ['view'], $roleA);

255

256 $this->assertVisibleToUser($page, $user);

257 }

258

259 public function test_87_fallback_override_deny_inherit()

260 {

261 [$user, $roleA] = $this->users->newUserWithRole();

262 $page = $this->entities->page();

263 $chapter = $page->chapter;

264

265 $this->permissions->setFallbackPermissions($chapter, ['view']);

266 $this->permissions->addEntityPermission($chapter, [], $roleA);

267

268 $this->assertNotVisibleToUser($page, $user);

269 }

270

271 public function test_88_fallback_override_allow_multi_role_inherit()

272 {

273 [$user, $roleA] = $this->users->newUserWithRole();

274 $roleB = $this->users->attachNewRole($user);

275 $page = $this->entities->page();

276 $chapter = $page->chapter;

277

278 $this->permissions->setFallbackPermissions($chapter, []);

279 $this->permissions->addEntityPermission($chapter, ['view'], $roleA);

280

281 $this->assertVisibleToUser($page, $user);

282 }

283

284 public function test_89_fallback_override_deny_multi_role_inherit()

285 {

286 [$user, $roleA] = $this->users->newUserWithRole();

287 $roleB = $this->users->attachNewRole($user);

288 $page = $this->entities->page();

289 $chapter = $page->chapter;

290

291 $this->permissions->setFallbackPermissions($chapter, ['view']);

292 $this->permissions->addEntityPermission($chapter, [], $roleA);

293

294 $this->assertNotVisibleToUser($page, $user);

295 }

296

297 public function test_90_fallback_overrides_parent_entity_role_deny()

298 {

299 [$user, $roleA] = $this->users->newUserWithRole();

300 $page = $this->entities->page();

301 $chapter = $page->chapter;

302

303 $this->permissions->setFallbackPermissions($chapter, []);

304 $this->permissions->setFallbackPermissions($page, []);

305 $this->permissions->addEntityPermission($chapter, ['view'], $roleA);

306

307 $this->assertNotVisibleToUser($page, $user);

308 }

309

310 public function test_91_fallback_overrides_parent_entity_role_inherit()

311 {

312 [$user, $roleA] = $this->users->newUserWithRole();

313 $page = $this->entities->page();

314 $chapter = $page->chapter;

315 $book = $page->book;

316

317 $this->permissions->setFallbackPermissions($book, []);

318 $this->permissions->setFallbackPermissions($chapter, []);

319 $this->permissions->addEntityPermission($book, ['view'], $roleA);

320

321 $this->assertNotVisibleToUser($page, $user);

322 }

323 }