## Cases
-TODO - Role & entity-role interplay
-TODO - Role & entity-user interplay
-TODO - Role content relations?
-TODO - Role system permissions?
-
### Content Role Permissions
These are tests related to item/entity permissions that are set only at a role level.
User granted page permission.
+#### test_50_role_override_allow
+
+- Page permissions have inherit enabled.
+- Role A has no page role permission.
+- Role A has entity allow page permission.
+- User has Role A.
+
+User granted page permission.
+
+#### test_51_role_override_deny
+
+- Page permissions have inherit enabled.
+- Role A has no page-view-all role permission.
+- Role A has entity deny page permission.
+- User has Role A.
+
+User denied page permission.
+
+#### test_60_inherited_role_override_allow
+
+- Page permissions have inherit enabled.
+- Chapter permissions have inherit enabled.
+- Role A has no page role permission.
+- Role A has entity allow chapter permission.
+- User has Role A.
+
+User granted page permission.
+
+#### test_61_inherited_role_override_deny
+
+- Page permissions have inherit enabled.
+- Chapter permissions have inherit enabled.
+- Role A has page role permission.
+- Role A has entity denied chapter permission.
+- User has Role A.
+
+User denied page permission.
+
+#### test_62_inherited_role_override_deny_on_own
+
+- Page permissions have inherit enabled.
+- Chapter permissions have inherit enabled.
+- Role A has own-page role permission.
+- Role A has entity denied chapter permission.
+- User has Role A.
+- User owns Page.
+
+User denied page permission.
+
---
### Entity User Permissions
- Role A has entity allow page permission.
- User has role A.
+User denied page permission.
+
+#### test_50_role_override_allow
+
+- Page permissions have inherit enabled.
+- Role A has no page role permission.
+- User has entity allow page permission.
+- User has Role A.
+
+User granted page permission.
+
+#### test_51_role_override_deny
+
+- Page permissions have inherit enabled.
+- Role A has all-page role permission.
+- User has entity deny page permission.
+- User has Role A.
+
+User denied page permission.
+
+#### test_60_inherited_role_override_allow
+
+- Page permissions have inherit enabled.
+- Role A has no page role permission.
+- User has entity allow chapter permission.
+- User has Role A.
+
+User granted page permission.
+
+#### test_61_inherited_role_override_deny
+
+- Page permissions have inherit enabled.
+- Role A has view-all page role permission.
+- User has entity deny chapter permission.
+- User has Role A.
+
+User denied page permission.
+
+#### test_61_inherited_role_override_deny_on_own
+
+- Page permissions have inherit enabled.
+- Role A has view-own page role permission.
+- User has entity deny chapter permission.
+- User has Role A.
+- User owns Page.
+
+User denied page permission.
+
+#### test_70_all_override_allow
+
+- Page permissions have inherit enabled.
+- Role A has no page role permission.
+- Role A has entity deny page permission.
+- User has entity allow page permission.
+- User has Role A.
+
+User granted page permission.
+
+#### test_71_all_override_deny
+
+- Page permissions have inherit enabled.
+- Role A has page-all role permission.
+- Role A has entity allow page permission.
+- User has entity deny page permission.
+- User has Role A.
+
+User denied page permission.
+
+#### test_80_inherited_all_override_allow
+
+- Page permissions have inherit enabled.
+- Role A has no page role permission.
+- Role A has entity deny chapter permission.
+- User has entity allow chapter permission.
+- User has Role A.
+
+User granted page permission.
+
+#### test_81_inherited_all_override_deny
+
+- Page permissions have inherit enabled.
+- Role A has view-all page role permission.
+- Role A has entity allow chapter permission.
+- User has entity deny chapter permission.
+- User has Role A.
+
User denied page permission.
\ No newline at end of file
namespace Tests\Permissions\Scenarios;
-class EntityRolePermissions extends PermissionScenarioTestCase
+class EntityRolePermissionsTest extends PermissionScenarioTestCase
{
public function test_01_explicit_allow()
{
$this->assertVisibleToUser($page, $user);
}
+
+ public function test_50_role_override_allow()
+ {
+ [$user, $roleA] = $this->users->newUserWithRole();
+ $page = $this->entities->page();
+ $this->permissions->addEntityPermission($page, ['view'], $roleA);
+
+ $this->assertVisibleToUser($page, $user);
+ }
+
+ public function test_51_role_override_deny()
+ {
+ [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
+ $page = $this->entities->page();
+ $this->permissions->addEntityPermission($page, [], $roleA);
+
+ $this->assertNotVisibleToUser($page, $user);
+ }
+
+ public function test_60_inherited_role_override_allow()
+ {
+ [$user, $roleA] = $this->users->newUserWithRole([], []);
+ $page = $this->entities->pageWithinChapter();
+ $chapter = $page->chapter;
+ $this->permissions->addEntityPermission($chapter, ['view'], $roleA);
+
+ $this->assertVisibleToUser($page, $user);
+ }
+
+ public function test_61_inherited_role_override_deny()
+ {
+ [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
+ $page = $this->entities->pageWithinChapter();
+ $chapter = $page->chapter;
+ $this->permissions->addEntityPermission($chapter, [], $roleA);
+
+ $this->assertNotVisibleToUser($page, $user);
+ }
+
+ public function test_62_inherited_role_override_deny_on_own()
+ {
+ [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']);
+ $page = $this->entities->pageWithinChapter();
+ $chapter = $page->chapter;
+ $this->permissions->addEntityPermission($chapter, [], $roleA);
+ $this->permissions->changeEntityOwner($page, $user);
+
+ $this->assertNotVisibleToUser($page, $user);
+ }
}
namespace Tests\Permissions\Scenarios;
-class EntityUserPermissions extends PermissionScenarioTestCase
+class EntityUserPermissionsTest extends PermissionScenarioTestCase
{
public function test_01_explicit_allow()
{
$this->assertNotVisibleToUser($page, $user);
}
+
+ public function test_50_role_override_allow()
+ {
+ [$user, $roleA] = $this->users->newUserWithRole();
+ $page = $this->entities->page();
+ $this->permissions->addEntityPermission($page, ['view'], null, $user);
+
+ $this->assertVisibleToUser($page, $user);
+ }
+
+ public function test_51_role_override_deny()
+ {
+ [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
+ $page = $this->entities->page();
+ $this->permissions->addEntityPermission($page, [], null, $user);
+
+ $this->assertNotVisibleToUser($page, $user);
+ }
+
+ public function test_60_inherited_role_override_allow()
+ {
+ [$user, $roleA] = $this->users->newUserWithRole([], []);
+ $page = $this->entities->pageWithinChapter();
+ $chapter = $page->chapter;
+ $this->permissions->addEntityPermission($chapter, ['view'], null, $user);
+
+ $this->assertVisibleToUser($page, $user);
+ }
+
+ public function test_61_inherited_role_override_deny()
+ {
+ [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
+ $page = $this->entities->pageWithinChapter();
+ $chapter = $page->chapter;
+ $this->permissions->addEntityPermission($chapter, [], null, $user);
+
+ $this->assertNotVisibleToUser($page, $user);
+ }
+
+ public function test_61_inherited_role_override_deny_on_own()
+ {
+ [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']);
+ $page = $this->entities->pageWithinChapter();
+ $chapter = $page->chapter;
+ $this->permissions->addEntityPermission($chapter, [], null, $user);
+ $this->permissions->changeEntityOwner($page, $user);
+
+ $this->assertNotVisibleToUser($page, $user);
+ }
+
+ public function test_70_all_override_allow()
+ {
+ [$user, $roleA] = $this->users->newUserWithRole([], []);
+ $page = $this->entities->page();
+ $this->permissions->addEntityPermission($page, [], $roleA, null);
+ $this->permissions->addEntityPermission($page, ['view'], null, $user);
+
+ $this->assertVisibleToUser($page, $user);
+ }
+
+ public function test_71_all_override_deny()
+ {
+ [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
+ $page = $this->entities->page();
+ $this->permissions->addEntityPermission($page, ['view'], $roleA, null);
+ $this->permissions->addEntityPermission($page, [], null, $user);
+
+ $this->assertNotVisibleToUser($page, $user);
+ }
+
+ public function test_80_inherited_all_override_allow()
+ {
+ [$user, $roleA] = $this->users->newUserWithRole([], []);
+ $page = $this->entities->pageWithinChapter();
+ $chapter = $page->chapter;
+ $this->permissions->addEntityPermission($chapter, [], $roleA, null);
+ $this->permissions->addEntityPermission($chapter, ['view'], null, $user);
+
+ $this->assertVisibleToUser($page, $user);
+ }
+
+ public function test_81_inherited_all_override_deny()
+ {
+ [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
+ $page = $this->entities->pageWithinChapter();
+ $chapter = $page->chapter;
+ $this->permissions->addEntityPermission($chapter, ['view'], $roleA, null);
+ $this->permissions->addEntityPermission($chapter, [], null, $user);
+
+ $this->assertNotVisibleToUser($page, $user);
+ }
}
namespace Tests\Permissions\Scenarios;
-class RoleContentPermissions extends PermissionScenarioTestCase
+class RoleContentPermissionsTest extends PermissionScenarioTestCase
{
public function test_01_allow()
{
projects / bookstack / commitdiff