BookStack Code Mirror - bookstack/blob - tests/Permissions/Scenarios/EntityRolePermissionsTest.php

1 <?php

3 namespace Tests\Permissions\Scenarios;

5 class EntityRolePermissionsTest extends PermissionScenarioTestCase

6 {

7 public function test_01_explicit_allow()

8 {

9 [$user, $role] = $this->users->newUserWithRole();

10 $page = $this->entities->page();

11 $this->permissions->setEntityPermissions($page, ['view'], [$role], false);

13 $this->assertVisibleToUser($page, $user);

14 }

16 public function test_02_explicit_deny()

17 {

18 [$user, $role] = $this->users->newUserWithRole();

19 $page = $this->entities->page();

20 $this->permissions->setEntityPermissions($page, [], [$role], false);

22 $this->assertNotVisibleToUser($page, $user);

23 }

25 public function test_03_same_level_conflicting()

26 {

27 [$user, $roleA] = $this->users->newUserWithRole();

28 $roleB = $this->users->attachNewRole($user);

29 $page = $this->entities->page();

31 $this->permissions->disableEntityInheritedPermissions($page);

32 $this->permissions->addEntityPermission($page, [], $roleA);

33 $this->permissions->addEntityPermission($page, ['view'], $roleB);

35 $this->assertVisibleToUser($page, $user);

36 }

38 public function test_20_inherit_allow()

39 {

40 [$user, $roleA] = $this->users->newUserWithRole();

41 $page = $this->entities->pageWithinChapter();

42 $chapter = $page->chapter;

44 $this->permissions->disableEntityInheritedPermissions($chapter);

45 $this->permissions->addEntityPermission($chapter, ['view'], $roleA);

47 $this->assertVisibleToUser($page, $user);

48 }

50 public function test_21_inherit_deny()

51 {

52 [$user, $roleA] = $this->users->newUserWithRole();

53 $page = $this->entities->pageWithinChapter();

54 $chapter = $page->chapter;

56 $this->permissions->disableEntityInheritedPermissions($chapter);

57 $this->permissions->addEntityPermission($chapter, [], $roleA);

59 $this->assertNotVisibleToUser($page, $user);

60 }

62 public function test_22_same_level_conflict_inherit()

63 {

64 [$user, $roleA] = $this->users->newUserWithRole();

65 $roleB = $this->users->attachNewRole($user);

66 $page = $this->entities->pageWithinChapter();

67 $chapter = $page->chapter;

69 $this->permissions->disableEntityInheritedPermissions($chapter);

70 $this->permissions->addEntityPermission($chapter, [], $roleA);

71 $this->permissions->addEntityPermission($chapter, ['view'], $roleB);

73 $this->assertVisibleToUser($page, $user);

74 }

76 public function test_30_child_inherit_override_allow()

77 {

78 [$user, $roleA] = $this->users->newUserWithRole();

79 $page = $this->entities->pageWithinChapter();

80 $chapter = $page->chapter;

82 $this->permissions->disableEntityInheritedPermissions($chapter);

83 $this->permissions->addEntityPermission($chapter, [], $roleA);

84 $this->permissions->addEntityPermission($page, ['view'], $roleA);

86 $this->assertVisibleToUser($page, $user);

87 }

89 public function test_31_child_inherit_override_deny()

90 {

91 [$user, $roleA] = $this->users->newUserWithRole();

92 $page = $this->entities->pageWithinChapter();

93 $chapter = $page->chapter;

95 $this->permissions->disableEntityInheritedPermissions($chapter);

96 $this->permissions->addEntityPermission($chapter, ['view'], $roleA);

97 $this->permissions->addEntityPermission($page, [], $roleA);

99 $this->assertNotVisibleToUser($page, $user);

100 }

101

102 public function test_40_multi_role_inherit_conflict_override_deny()

103 {

104 [$user, $roleA] = $this->users->newUserWithRole();

105 $roleB = $this->users->attachNewRole($user);

106 $page = $this->entities->pageWithinChapter();

107 $chapter = $page->chapter;

108

109 $this->permissions->disableEntityInheritedPermissions($chapter);

110 $this->permissions->addEntityPermission($page, [], $roleA);

111 $this->permissions->addEntityPermission($chapter, ['view'], $roleB);

112

113 $this->assertVisibleToUser($page, $user);

114 }

115

116 public function test_41_multi_role_inherit_conflict_retain_allow()

117 {

118 [$user, $roleA] = $this->users->newUserWithRole();

119 $roleB = $this->users->attachNewRole($user);

120 $page = $this->entities->pageWithinChapter();

121 $chapter = $page->chapter;

122

123 $this->permissions->disableEntityInheritedPermissions($chapter);

124 $this->permissions->addEntityPermission($page, ['view'], $roleA);

125 $this->permissions->addEntityPermission($chapter, [], $roleB);

126

127 $this->assertVisibleToUser($page, $user);

128 }

129

130 public function test_50_role_override_allow()

131 {

132 [$user, $roleA] = $this->users->newUserWithRole();

133 $page = $this->entities->page();

134 $this->permissions->addEntityPermission($page, ['view'], $roleA);

135

136 $this->assertVisibleToUser($page, $user);

137 }

138

139 public function test_51_role_override_deny()

140 {

141 [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);

142 $page = $this->entities->page();

143 $this->permissions->addEntityPermission($page, [], $roleA);

144

145 $this->assertNotVisibleToUser($page, $user);

146 }

147

148 public function test_60_inherited_role_override_allow()

149 {

150 [$user, $roleA] = $this->users->newUserWithRole([], []);

151 $page = $this->entities->pageWithinChapter();

152 $chapter = $page->chapter;

153 $this->permissions->addEntityPermission($chapter, ['view'], $roleA);

154

155 $this->assertVisibleToUser($page, $user);

156 }

157

158 public function test_61_inherited_role_override_deny()

159 {

160 [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);

161 $page = $this->entities->pageWithinChapter();

162 $chapter = $page->chapter;

163 $this->permissions->addEntityPermission($chapter, [], $roleA);

164

165 $this->assertNotVisibleToUser($page, $user);

166 }

167

168 public function test_62_inherited_role_override_deny_on_own()

169 {

170 [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']);

171 $page = $this->entities->pageWithinChapter();

172 $chapter = $page->chapter;

173 $this->permissions->addEntityPermission($chapter, [], $roleA);

174 $this->permissions->changeEntityOwner($page, $user);

175

176 $this->assertNotVisibleToUser($page, $user);

177 }

178

179 public function test_70_multi_role_inheriting_deny()

180 {

181 [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);

182 $roleB = $this->users->attachNewRole($user);

183 $page = $this->entities->page();

184

185 $this->permissions->addEntityPermission($page, [], $roleB);

186

187 $this->assertNotVisibleToUser($page, $user);

188 }

189

190 public function test_71_multi_role_inheriting_deny_on_own()

191 {

192 [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']);

193 $roleB = $this->users->attachNewRole($user);

194 $page = $this->entities->page();

195 $this->permissions->changeEntityOwner($page, $user);

196

197 $this->permissions->addEntityPermission($page, [], $roleB);

198

199 $this->assertNotVisibleToUser($page, $user);

200 }

201

202

203 public function test_75_multi_role_inherited_deny_via_parent()

204 {

205 [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);

206 $roleB = $this->users->attachNewRole($user);

207 $page = $this->entities->pageWithinChapter();

208 $chapter = $page->chapter;

209

210 $this->permissions->addEntityPermission($chapter, [], $roleB);

211

212 $this->assertNotVisibleToUser($page, $user);

213 }

214

215 public function test_76_multi_role_inherited_deny_via_parent_on_own()

216 {

217 [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']);

218 $roleB = $this->users->attachNewRole($user);

219 $page = $this->entities->pageWithinChapter();

220 $chapter = $page->chapter;

221 $this->permissions->changeEntityOwner($page, $user);

222

223 $this->permissions->addEntityPermission($chapter, [], $roleB);

224

225 $this->assertNotVisibleToUser($page, $user);

226 }

227

228 public function test_80_fallback_override_allow()

229 {

230 [$user, $roleA] = $this->users->newUserWithRole();

231 $page = $this->entities->page();

232

233 $this->permissions->setFallbackPermissions($page, []);

234 $this->permissions->addEntityPermission($page, ['view'], $roleA);

235

236 $this->assertVisibleToUser($page, $user);

237 }

238 public function test_81_fallback_override_deny()

239 {

240 [$user, $roleA] = $this->users->newUserWithRole();

241 $page = $this->entities->page();

242

243 $this->permissions->setFallbackPermissions($page, ['view']);

244 $this->permissions->addEntityPermission($page, [], $roleA);

245

246 $this->assertNotVisibleToUser($page, $user);

247 }

248

249 public function test_84_fallback_override_allow_multi_role()

250 {

251 [$user, $roleA] = $this->users->newUserWithRole();

252 $roleB = $this->users->attachNewRole($user);

253 $page = $this->entities->page();

254

255 $this->permissions->setFallbackPermissions($page, []);

256 $this->permissions->addEntityPermission($page, ['view'], $roleA);

257

258 $this->assertVisibleToUser($page, $user);

259 }

260

261 public function test_85_fallback_override_deny_multi_role()

262 {

263 [$user, $roleA] = $this->users->newUserWithRole();

264 $roleB = $this->users->attachNewRole($user);

265 $page = $this->entities->page();

266

267 $this->permissions->setFallbackPermissions($page, ['view']);

268 $this->permissions->addEntityPermission($page, [], $roleA);

269

270 $this->assertNotVisibleToUser($page, $user);

271 }

272

273 public function test_86_fallback_override_allow_inherit()

274 {

275 [$user, $roleA] = $this->users->newUserWithRole();

276 $page = $this->entities->page();

277 $chapter = $page->chapter;

278

279 $this->permissions->setFallbackPermissions($chapter, []);

280 $this->permissions->addEntityPermission($chapter, ['view'], $roleA);

281

282 $this->assertVisibleToUser($page, $user);

283 }

284

285 public function test_87_fallback_override_deny_inherit()

286 {

287 [$user, $roleA] = $this->users->newUserWithRole();

288 $page = $this->entities->page();

289 $chapter = $page->chapter;

290

291 $this->permissions->setFallbackPermissions($chapter, ['view']);

292 $this->permissions->addEntityPermission($chapter, [], $roleA);

293

294 $this->assertNotVisibleToUser($page, $user);

295 }

296

297 public function test_88_fallback_override_allow_multi_role_inherit()

298 {

299 [$user, $roleA] = $this->users->newUserWithRole();

300 $roleB = $this->users->attachNewRole($user);

301 $page = $this->entities->page();

302 $chapter = $page->chapter;

303

304 $this->permissions->setFallbackPermissions($chapter, []);

305 $this->permissions->addEntityPermission($chapter, ['view'], $roleA);

306

307 $this->assertVisibleToUser($page, $user);

308 }

309

310 public function test_89_fallback_override_deny_multi_role_inherit()

311 {

312 [$user, $roleA] = $this->users->newUserWithRole();

313 $roleB = $this->users->attachNewRole($user);

314 $page = $this->entities->page();

315 $chapter = $page->chapter;

316

317 $this->permissions->setFallbackPermissions($chapter, ['view']);

318 $this->permissions->addEntityPermission($chapter, [], $roleA);

319

320 $this->assertNotVisibleToUser($page, $user);

321 }

322

323 public function test_90_fallback_overrides_parent_entity_role_deny()

324 {

325 [$user, $roleA] = $this->users->newUserWithRole();

326 $page = $this->entities->page();

327 $chapter = $page->chapter;

328

329 $this->permissions->setFallbackPermissions($chapter, []);

330 $this->permissions->setFallbackPermissions($page, []);

331 $this->permissions->addEntityPermission($chapter, ['view'], $roleA);

332

333 $this->assertNotVisibleToUser($page, $user);

334 }

335

336 public function test_91_fallback_overrides_parent_entity_role_inherit()

337 {

338 [$user, $roleA] = $this->users->newUserWithRole();

339 $page = $this->entities->page();

340 $chapter = $page->chapter;

341 $book = $page->book;

342

343 $this->permissions->setFallbackPermissions($book, []);

344 $this->permissions->setFallbackPermissions($chapter, []);

345 $this->permissions->addEntityPermission($book, ['view'], $roleA);

346

347 $this->assertNotVisibleToUser($page, $user);

348 }

349 }