Added more inter-method permissions test cases

diff --git a/dev/docs/permission-scenario-testing.md b/dev/docs/permission-scenario-testing.md
index f39329ee53f453edb12f0ed4df69097174426a5b..6a6a9d6661e6a7b2cedab3217010ff3d68807480 100644 (file)
--- a/dev/docs/permission-scenario-testing.md
+++ b/dev/docs/permission-scenario-testing.md
@@ -20,11 +20,6 @@ The below are some general rules we follow to standardise the behaviour of permi
 
 ## Cases
 
 
 ## Cases
 

-TODO - Role & entity-role interplay
-TODO - Role & entity-user interplay
-TODO - Role content relations?
-TODO - Role system permissions?
-

 ### Content Role Permissions
 
 These are tests related to item/entity permissions that are set only at a role level.
 ### Content Role Permissions
 
 These are tests related to item/entity permissions that are set only at a role level.


@@ -176,6 +171,55 @@ User granted page permission.
 
 User granted page permission.
 
 
 User granted page permission.
 

+#### test_50_role_override_allow
+
+- Page permissions have inherit enabled.
+- Role A has no page role permission.
+- Role A has entity allow page permission.
+- User has Role A.
+
+User granted page permission.
+
+#### test_51_role_override_deny
+
+- Page permissions have inherit enabled.
+- Role A has no page-view-all role permission.
+- Role A has entity deny page permission.
+- User has Role A.
+
+User denied page permission.
+
+#### test_60_inherited_role_override_allow
+
+- Page permissions have inherit enabled.
+- Chapter permissions have inherit enabled.
+- Role A has no page role permission.
+- Role A has entity allow chapter permission.
+- User has Role A.
+
+User granted page permission.
+
+#### test_61_inherited_role_override_deny
+
+- Page permissions have inherit enabled.
+- Chapter permissions have inherit enabled.
+- Role A has page role permission.
+- Role A has entity denied chapter permission.
+- User has Role A.
+
+User denied page permission.
+
+#### test_62_inherited_role_override_deny_on_own
+
+- Page permissions have inherit enabled.
+- Chapter permissions have inherit enabled.
+- Role A has own-page role permission.
+- Role A has entity denied chapter permission.
+- User has Role A.
+- User owns Page.
+
+User denied page permission.
+

 ---
 
 ### Entity User Permissions
 ---
 
 ### Entity User Permissions


@@ -266,4 +310,90 @@ User granted page permission.
 - Role A has entity allow page permission.
 - User has role A.
 
 - Role A has entity allow page permission.
 - User has role A.
 

+User denied page permission.
+
+#### test_50_role_override_allow
+
+- Page permissions have inherit enabled.
+- Role A has no page role permission.
+- User has entity allow page permission.
+- User has Role A.
+
+User granted page permission.
+
+#### test_51_role_override_deny
+
+- Page permissions have inherit enabled.
+- Role A has all-page role permission.
+- User has entity deny page permission.
+- User has Role A.
+
+User denied page permission.
+
+#### test_60_inherited_role_override_allow
+
+- Page permissions have inherit enabled.
+- Role A has no page role permission.
+- User has entity allow chapter permission.
+- User has Role A.
+
+User granted page permission.
+
+#### test_61_inherited_role_override_deny
+
+- Page permissions have inherit enabled.
+- Role A has view-all page role permission.
+- User has entity deny chapter permission.
+- User has Role A.
+
+User denied page permission.
+
+#### test_61_inherited_role_override_deny_on_own
+
+- Page permissions have inherit enabled.
+- Role A has view-own page role permission.
+- User has entity deny chapter permission.
+- User has Role A.
+- User owns Page.
+
+User denied page permission.
+
+#### test_70_all_override_allow
+
+- Page permissions have inherit enabled.
+- Role A has no page role permission.
+- Role A has entity deny page permission.
+- User has entity allow page permission.
+- User has Role A.
+
+User granted page permission.
+
+#### test_71_all_override_deny
+
+- Page permissions have inherit enabled.
+- Role A has page-all role permission.
+- Role A has entity allow page permission.
+- User has entity deny page permission.
+- User has Role A.
+
+User denied page permission.
+
+#### test_80_inherited_all_override_allow
+
+- Page permissions have inherit enabled.
+- Role A has no page role permission.
+- Role A has entity deny chapter permission.
+- User has entity allow chapter permission.
+- User has Role A.
+
+User granted page permission.
+
+#### test_81_inherited_all_override_deny
+
+- Page permissions have inherit enabled.
+- Role A has view-all page role permission.
+- Role A has entity allow chapter permission.
+- User has entity deny chapter permission.
+- User has Role A.
+

 User denied page permission.
\ No newline at end of file
 User denied page permission.
\ No newline at end of file

diff --git a/tests/Permissions/Scenarios/EntityRolePermissions.php b/tests/Permissions/Scenarios/EntityRolePermissionsTest.php
similarity index 71%
rename from tests/Permissions/Scenarios/EntityRolePermissions.php
rename to tests/Permissions/Scenarios/EntityRolePermissionsTest.php
index 57801abdd7b31a54d3555afa349a70437beedab7..58870ee63e0b9315610917eb54ce83e70d404b6d 100644 (file)
--- a/tests/Permissions/Scenarios/EntityRolePermissions.php
+++ b/tests/Permissions/Scenarios/EntityRolePermissionsTest.php
@@ -2,7 +2,7 @@
 
 namespace Tests\Permissions\Scenarios;
 
 
 namespace Tests\Permissions\Scenarios;
 

-class EntityRolePermissions extends PermissionScenarioTestCase
+class EntityRolePermissionsTest extends PermissionScenarioTestCase

 {
     public function test_01_explicit_allow()
     {
 {
     public function test_01_explicit_allow()
     {


@@ -126,4 +126,53 @@ class EntityRolePermissions extends PermissionScenarioTestCase
 
         $this->assertVisibleToUser($page, $user);
     }
 
         $this->assertVisibleToUser($page, $user);
     }

+
+    public function test_50_role_override_allow()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole();
+        $page = $this->entities->page();
+        $this->permissions->addEntityPermission($page, ['view'], $roleA);
+
+        $this->assertVisibleToUser($page, $user);
+    }
+
+    public function test_51_role_override_deny()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
+        $page = $this->entities->page();
+        $this->permissions->addEntityPermission($page, [], $roleA);
+
+        $this->assertNotVisibleToUser($page, $user);
+    }
+
+    public function test_60_inherited_role_override_allow()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole([], []);
+        $page = $this->entities->pageWithinChapter();
+        $chapter = $page->chapter;
+        $this->permissions->addEntityPermission($chapter, ['view'], $roleA);
+
+        $this->assertVisibleToUser($page, $user);
+    }
+
+    public function test_61_inherited_role_override_deny()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
+        $page = $this->entities->pageWithinChapter();
+        $chapter = $page->chapter;
+        $this->permissions->addEntityPermission($chapter, [], $roleA);
+
+        $this->assertNotVisibleToUser($page, $user);
+    }
+
+    public function test_62_inherited_role_override_deny_on_own()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']);
+        $page = $this->entities->pageWithinChapter();
+        $chapter = $page->chapter;
+        $this->permissions->addEntityPermission($chapter, [], $roleA);
+        $this->permissions->changeEntityOwner($page, $user);
+
+        $this->assertNotVisibleToUser($page, $user);
+    }

 }
 }

diff --git a/tests/Permissions/Scenarios/EntityUserPermissions.php b/tests/Permissions/Scenarios/EntityUserPermissionsTest.php
similarity index 55%
rename from tests/Permissions/Scenarios/EntityUserPermissions.php
rename to tests/Permissions/Scenarios/EntityUserPermissionsTest.php
index 6bffdde66f7df563bda083ba234f308c9c188061..4fa80580533d65399197a90370f3ff43214bdd82 100644 (file)
--- a/tests/Permissions/Scenarios/EntityUserPermissions.php
+++ b/tests/Permissions/Scenarios/EntityUserPermissionsTest.php
@@ -2,7 +2,7 @@
 
 namespace Tests\Permissions\Scenarios;
 
 
 namespace Tests\Permissions\Scenarios;
 

-class EntityUserPermissions extends PermissionScenarioTestCase
+class EntityUserPermissionsTest extends PermissionScenarioTestCase

 {
     public function test_01_explicit_allow()
     {
 {
     public function test_01_explicit_allow()
     {


@@ -115,4 +115,95 @@ class EntityUserPermissions extends PermissionScenarioTestCase
 
         $this->assertNotVisibleToUser($page, $user);
     }
 
         $this->assertNotVisibleToUser($page, $user);
     }

+
+    public function test_50_role_override_allow()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole();
+        $page = $this->entities->page();
+        $this->permissions->addEntityPermission($page, ['view'], null, $user);
+
+        $this->assertVisibleToUser($page, $user);
+    }
+
+    public function test_51_role_override_deny()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
+        $page = $this->entities->page();
+        $this->permissions->addEntityPermission($page, [], null, $user);
+
+        $this->assertNotVisibleToUser($page, $user);
+    }
+
+    public function test_60_inherited_role_override_allow()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole([], []);
+        $page = $this->entities->pageWithinChapter();
+        $chapter = $page->chapter;
+        $this->permissions->addEntityPermission($chapter, ['view'], null, $user);
+
+        $this->assertVisibleToUser($page, $user);
+    }
+
+    public function test_61_inherited_role_override_deny()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
+        $page = $this->entities->pageWithinChapter();
+        $chapter = $page->chapter;
+        $this->permissions->addEntityPermission($chapter, [], null, $user);
+
+        $this->assertNotVisibleToUser($page, $user);
+    }
+
+    public function test_61_inherited_role_override_deny_on_own()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']);
+        $page = $this->entities->pageWithinChapter();
+        $chapter = $page->chapter;
+        $this->permissions->addEntityPermission($chapter, [], null, $user);
+        $this->permissions->changeEntityOwner($page, $user);
+
+        $this->assertNotVisibleToUser($page, $user);
+    }
+
+    public function test_70_all_override_allow()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole([], []);
+        $page = $this->entities->page();
+        $this->permissions->addEntityPermission($page, [], $roleA, null);
+        $this->permissions->addEntityPermission($page, ['view'], null, $user);
+
+        $this->assertVisibleToUser($page, $user);
+    }
+
+    public function test_71_all_override_deny()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
+        $page = $this->entities->page();
+        $this->permissions->addEntityPermission($page, ['view'], $roleA, null);
+        $this->permissions->addEntityPermission($page, [], null, $user);
+
+        $this->assertNotVisibleToUser($page, $user);
+    }
+
+    public function test_80_inherited_all_override_allow()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole([], []);
+        $page = $this->entities->pageWithinChapter();
+        $chapter = $page->chapter;
+        $this->permissions->addEntityPermission($chapter, [], $roleA, null);
+        $this->permissions->addEntityPermission($chapter, ['view'], null, $user);
+
+        $this->assertVisibleToUser($page, $user);
+    }
+
+    public function test_81_inherited_all_override_deny()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
+        $page = $this->entities->pageWithinChapter();
+        $chapter = $page->chapter;
+        $this->permissions->addEntityPermission($chapter, ['view'], $roleA, null);
+        $this->permissions->addEntityPermission($chapter, [], null, $user);
+
+        $this->assertNotVisibleToUser($page, $user);
+    }

 }
 }

diff --git a/tests/Permissions/Scenarios/RoleContentPermissions.php b/tests/Permissions/Scenarios/RoleContentPermissionsTest.php
similarity index 96%
rename from tests/Permissions/Scenarios/RoleContentPermissions.php
rename to tests/Permissions/Scenarios/RoleContentPermissionsTest.php
index 38e9ac9f7029e5545ae5ab3403973537b3480f8c..8b8c9031c63d5293a6dce788ece70aa53096c318 100644 (file)
--- a/tests/Permissions/Scenarios/RoleContentPermissions.php
+++ b/tests/Permissions/Scenarios/RoleContentPermissionsTest.php
@@ -2,7 +2,7 @@
 
 namespace Tests\Permissions\Scenarios;
 
 
 namespace Tests\Permissions\Scenarios;
 

-class RoleContentPermissions extends PermissionScenarioTestCase
+class RoleContentPermissionsTest extends PermissionScenarioTestCase

 {
     public function test_01_allow()
     {
 {
     public function test_01_allow()
     {