From: Dan Brown Date: Tue, 20 Dec 2022 19:10:09 +0000 (+0000) Subject: Added more inter-method permissions test cases X-Git-Url: http://source.bookstackapp.com/bookstack/commitdiff_plain/adabf06dbe7752ba53c90d644902a9dbfdf0870f Added more inter-method permissions test cases --- diff --git a/dev/docs/permission-scenario-testing.md b/dev/docs/permission-scenario-testing.md index f39329ee5..6a6a9d666 100644 --- a/dev/docs/permission-scenario-testing.md +++ b/dev/docs/permission-scenario-testing.md @@ -20,11 +20,6 @@ The below are some general rules we follow to standardise the behaviour of permi ## Cases -TODO - Role & entity-role interplay -TODO - Role & entity-user interplay -TODO - Role content relations? -TODO - Role system permissions? - ### Content Role Permissions These are tests related to item/entity permissions that are set only at a role level. @@ -176,6 +171,55 @@ User granted page permission. User granted page permission. +#### test_50_role_override_allow + +- Page permissions have inherit enabled. +- Role A has no page role permission. +- Role A has entity allow page permission. +- User has Role A. + +User granted page permission. + +#### test_51_role_override_deny + +- Page permissions have inherit enabled. +- Role A has no page-view-all role permission. +- Role A has entity deny page permission. +- User has Role A. + +User denied page permission. + +#### test_60_inherited_role_override_allow + +- Page permissions have inherit enabled. +- Chapter permissions have inherit enabled. +- Role A has no page role permission. +- Role A has entity allow chapter permission. +- User has Role A. + +User granted page permission. + +#### test_61_inherited_role_override_deny + +- Page permissions have inherit enabled. +- Chapter permissions have inherit enabled. +- Role A has page role permission. +- Role A has entity denied chapter permission. +- User has Role A. + +User denied page permission. + +#### test_62_inherited_role_override_deny_on_own + +- Page permissions have inherit enabled. +- Chapter permissions have inherit enabled. +- Role A has own-page role permission. +- Role A has entity denied chapter permission. +- User has Role A. +- User owns Page. + +User denied page permission. + --- ### Entity User Permissions @@ -266,4 +310,90 @@ User granted page permission. - Role A has entity allow page permission. - User has role A. +User denied page permission. + +#### test_50_role_override_allow + +- Page permissions have inherit enabled. +- Role A has no page role permission. +- User has entity allow page permission. +- User has Role A. + +User granted page permission. + +#### test_51_role_override_deny + +- Page permissions have inherit enabled. +- Role A has all-page role permission. +- User has entity deny page permission. +- User has Role A. + +User denied page permission. + +#### test_60_inherited_role_override_allow + +- Page permissions have inherit enabled. +- Role A has no page role permission. +- User has entity allow chapter permission. +- User has Role A. + +User granted page permission. + +#### test_61_inherited_role_override_deny + +- Page permissions have inherit enabled. +- Role A has view-all page role permission. +- User has entity deny chapter permission. +- User has Role A. + +User denied page permission. + +#### test_61_inherited_role_override_deny_on_own + +- Page permissions have inherit enabled. +- Role A has view-own page role permission. +- User has entity deny chapter permission. +- User has Role A. +- User owns Page. + +User denied page permission. + +#### test_70_all_override_allow + +- Page permissions have inherit enabled. +- Role A has no page role permission. +- Role A has entity deny page permission. +- User has entity allow page permission. +- User has Role A. + +User granted page permission. + +#### test_71_all_override_deny + +- Page permissions have inherit enabled. +- Role A has page-all role permission. +- Role A has entity allow page permission. +- User has entity deny page permission. +- User has Role A. + +User denied page permission. + +#### test_80_inherited_all_override_allow + +- Page permissions have inherit enabled. +- Role A has no page role permission. +- Role A has entity deny chapter permission. +- User has entity allow chapter permission. +- User has Role A. + +User granted page permission. + +#### test_81_inherited_all_override_deny + +- Page permissions have inherit enabled. +- Role A has view-all page role permission. +- Role A has entity allow chapter permission. +- User has entity deny chapter permission. +- User has Role A. + User denied page permission. \ No newline at end of file diff --git a/tests/Permissions/Scenarios/EntityRolePermissions.php b/tests/Permissions/Scenarios/EntityRolePermissionsTest.php similarity index 71% rename from tests/Permissions/Scenarios/EntityRolePermissions.php rename to tests/Permissions/Scenarios/EntityRolePermissionsTest.php index 57801abdd..58870ee63 100644 --- a/tests/Permissions/Scenarios/EntityRolePermissions.php +++ b/tests/Permissions/Scenarios/EntityRolePermissionsTest.php @@ -2,7 +2,7 @@ namespace Tests\Permissions\Scenarios; -class EntityRolePermissions extends PermissionScenarioTestCase +class EntityRolePermissionsTest extends PermissionScenarioTestCase { public function test_01_explicit_allow() { @@ -126,4 +126,53 @@ class EntityRolePermissions extends PermissionScenarioTestCase $this->assertVisibleToUser($page, $user); } + + public function test_50_role_override_allow() + { + [$user, $roleA] = $this->users->newUserWithRole(); + $page = $this->entities->page(); + $this->permissions->addEntityPermission($page, ['view'], $roleA); + + $this->assertVisibleToUser($page, $user); + } + + public function test_51_role_override_deny() + { + [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']); + $page = $this->entities->page(); + $this->permissions->addEntityPermission($page, [], $roleA); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_60_inherited_role_override_allow() + { + [$user, $roleA] = $this->users->newUserWithRole([], []); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->addEntityPermission($chapter, ['view'], $roleA); + + $this->assertVisibleToUser($page, $user); + } + + public function test_61_inherited_role_override_deny() + { + [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->addEntityPermission($chapter, [], $roleA); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_62_inherited_role_override_deny_on_own() + { + [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->addEntityPermission($chapter, [], $roleA); + $this->permissions->changeEntityOwner($page, $user); + + $this->assertNotVisibleToUser($page, $user); + } } diff --git a/tests/Permissions/Scenarios/EntityUserPermissions.php b/tests/Permissions/Scenarios/EntityUserPermissionsTest.php similarity index 55% rename from tests/Permissions/Scenarios/EntityUserPermissions.php rename to tests/Permissions/Scenarios/EntityUserPermissionsTest.php index 6bffdde66..4fa805805 100644 --- a/tests/Permissions/Scenarios/EntityUserPermissions.php +++ b/tests/Permissions/Scenarios/EntityUserPermissionsTest.php @@ -2,7 +2,7 @@ namespace Tests\Permissions\Scenarios; -class EntityUserPermissions extends PermissionScenarioTestCase +class EntityUserPermissionsTest extends PermissionScenarioTestCase { public function test_01_explicit_allow() { @@ -115,4 +115,95 @@ class EntityUserPermissions extends PermissionScenarioTestCase $this->assertNotVisibleToUser($page, $user); } + + public function test_50_role_override_allow() + { + [$user, $roleA] = $this->users->newUserWithRole(); + $page = $this->entities->page(); + $this->permissions->addEntityPermission($page, ['view'], null, $user); + + $this->assertVisibleToUser($page, $user); + } + + public function test_51_role_override_deny() + { + [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']); + $page = $this->entities->page(); + $this->permissions->addEntityPermission($page, [], null, $user); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_60_inherited_role_override_allow() + { + [$user, $roleA] = $this->users->newUserWithRole([], []); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->addEntityPermission($chapter, ['view'], null, $user); + + $this->assertVisibleToUser($page, $user); + } + + public function test_61_inherited_role_override_deny() + { + [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->addEntityPermission($chapter, [], null, $user); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_61_inherited_role_override_deny_on_own() + { + [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->addEntityPermission($chapter, [], null, $user); + $this->permissions->changeEntityOwner($page, $user); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_70_all_override_allow() + { + [$user, $roleA] = $this->users->newUserWithRole([], []); + $page = $this->entities->page(); + $this->permissions->addEntityPermission($page, [], $roleA, null); + $this->permissions->addEntityPermission($page, ['view'], null, $user); + + $this->assertVisibleToUser($page, $user); + } + + public function test_71_all_override_deny() + { + [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']); + $page = $this->entities->page(); + $this->permissions->addEntityPermission($page, ['view'], $roleA, null); + $this->permissions->addEntityPermission($page, [], null, $user); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_80_inherited_all_override_allow() + { + [$user, $roleA] = $this->users->newUserWithRole([], []); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->addEntityPermission($chapter, [], $roleA, null); + $this->permissions->addEntityPermission($chapter, ['view'], null, $user); + + $this->assertVisibleToUser($page, $user); + } + + public function test_81_inherited_all_override_deny() + { + [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->addEntityPermission($chapter, ['view'], $roleA, null); + $this->permissions->addEntityPermission($chapter, [], null, $user); + + $this->assertNotVisibleToUser($page, $user); + } } diff --git a/tests/Permissions/Scenarios/RoleContentPermissions.php b/tests/Permissions/Scenarios/RoleContentPermissionsTest.php similarity index 96% rename from tests/Permissions/Scenarios/RoleContentPermissions.php rename to tests/Permissions/Scenarios/RoleContentPermissionsTest.php index 38e9ac9f7..8b8c9031c 100644 --- a/tests/Permissions/Scenarios/RoleContentPermissions.php +++ b/tests/Permissions/Scenarios/RoleContentPermissionsTest.php @@ -2,7 +2,7 @@ namespace Tests\Permissions\Scenarios; -class RoleContentPermissions extends PermissionScenarioTestCase +class RoleContentPermissionsTest extends PermissionScenarioTestCase { public function test_01_allow() {