cakephp2-php8/cake/tests/cases/libs/controller/components/acl.test.php

419 lines
15 KiB
PHP
Raw Normal View History

<?php
/* SVN FILE: $Id$ */
/**
* Short description for file.
*
* Long description for file
*
* PHP versions 4 and 5
*
* CakePHP(tm) Tests <https://trac.cakephp.org/wiki/Developement/TestSuite>
* Copyright 2005-2008, Cake Software Foundation, Inc.
* 1785 E. Sahara Avenue, Suite 490-204
* Las Vegas, Nevada 89104
*
* Licensed under The Open Group Test Suite License
* Redistributions of files must retain the above copyright notice.
*
* @filesource
* @copyright Copyright 2005-2008, Cake Software Foundation, Inc.
* @link https://trac.cakephp.org/wiki/Developement/TestSuite CakePHP(tm) Tests
* @package cake.tests
* @subpackage cake.tests.cases.libs.controller.components
* @since CakePHP(tm) v 1.2.0.5435
* @version $Revision$
* @modifiedby $LastChangedBy$
* @lastmodified $Date$
* @license http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License
*/
if (!defined('CAKEPHP_UNIT_TEST_EXECUTION')) {
define('CAKEPHP_UNIT_TEST_EXECUTION', 1);
}
App::import(array('controller'.DS.'components'.DS.'acl', 'model'.DS.'db_acl'));
class AclNodeTwoTestBase extends AclNode {
var $useDbConfig = 'test_suite';
var $cacheSources = false;
}
class AroTwoTest extends AclNodeTwoTestBase {
var $name = 'AroTwoTest';
var $useTable = 'aro_twos';
var $hasAndBelongsToMany = array('AcoTwoTest' => array('with' => 'PermissionTwoTest'));
}
class AcoTwoTest extends AclNodeTwoTestBase {
var $name = 'AcoTwoTest';
var $useTable = 'aco_twos';
var $hasAndBelongsToMany = array('AroTwoTest' => array('with' => 'PermissionTwoTest'));
}
class PermissionTwoTest extends CakeTestModel {
var $name = 'PermissionTwoTest';
var $useTable = 'aros_aco_twos';
var $cacheQueries = false;
var $belongsTo = array('AroTwoTest' => array('foreignKey' => 'aro_id'), 'AcoTwoTest' => array('foreignKey' => 'aco_id'));
var $actsAs = null;
}
class DB_ACL_TWO_TEST extends DB_ACL {
function __construct() {
$this->Aro =& new AroTwoTest();
$this->Aro->Permission =& new PermissionTwoTest();
$this->Aco =& new AcoTwoTest();
$this->Aro->Permission =& new PermissionTwoTest();
}
}
class INI_ACL_TEST extends INI_ACL {
}
/**
* Short description for class.
*
* @package cake.tests
* @subpackage cake.tests.cases.libs.controller.components
*/
class AclComponentTest extends CakeTestCase {
var $fixtures = array('core.aro_two', 'core.aco_two', 'core.aros_aco_two');
function startTest() {
$this->Acl =& new AclComponent();
}
function before($method) {
Configure::write('Acl.classname', 'DB_ACL_TWO_TEST');
Configure::write('Acl.database', 'test_suite');
parent::before($method);
}
function testAclCreate() {
$this->Acl->Aro->create(array('alias' => 'Chotchkey'));
$this->assertTrue($this->Acl->Aro->save());
$parent = $this->Acl->Aro->id;
$this->Acl->Aro->create(array('parent_id' => $parent, 'alias' => 'Joanna'));
$this->assertTrue($this->Acl->Aro->save());
$this->Acl->Aro->create(array('parent_id' => $parent, 'alias' => 'Stapler'));
$this->assertTrue($this->Acl->Aro->save());
$root = $this->Acl->Aco->node('ROOT');
$parent = $root[0]['AcoTwoTest']['id'];
$this->Acl->Aco->create(array('parent_id' => $parent, 'alias' => 'Drinks'));
$this->assertTrue($this->Acl->Aco->save());
$this->Acl->Aco->create(array('parent_id' => $parent, 'alias' => 'PiecesOfFlair'));
$this->assertTrue($this->Acl->Aco->save());
}
function testDbAclAllow() {
$this->assertFalse($this->Acl->check('Micheal', 'tpsReports', 'read'));
$this->assertTrue($this->Acl->allow('Micheal', 'tpsReports', array('read', 'delete', 'update')));
$this->assertTrue($this->Acl->check('Micheal', 'tpsReports', 'update'));
$this->assertTrue($this->Acl->check('Micheal', 'tpsReports', 'read'));
$this->assertTrue($this->Acl->check('Micheal', 'tpsReports', 'delete'));
$this->assertFalse($this->Acl->check('root/users/Samir', 'ROOT/tpsReports/view'));
$this->assertTrue($this->Acl->allow('root/users/Samir', 'ROOT/tpsReports/view', '*'));
$this->assertTrue($this->Acl->check('Samir', 'view', 'read'));
$this->assertTrue($this->Acl->check('root/users/Samir', 'ROOT/tpsReports/view', 'update'));
$this->expectError('DB_ACL::allow() - Invalid node');
$this->assertFalse($this->Acl->allow('Lumbergh', 'ROOT/tpsReports/DoesNotExist', 'create'));
$this->expectError('DB_ACL::allow() - Invalid node');
$this->assertFalse($this->Acl->allow('Homer', 'tpsReports', 'create'));
}
function testDbAclCheck() {
$this->assertTrue($this->Acl->check('Samir', 'print', 'read'));
$this->assertTrue($this->Acl->check('Lumbergh', 'current', 'read'));
$this->assertFalse($this->Acl->check('Milton', 'smash', 'read'));
$this->assertFalse($this->Acl->check('Milton', 'current', 'update'));
$this->expectError("DB_ACL::check() - Failed ARO/ACO node lookup in permissions check. Node references:\nAro: WRONG\nAco: tpsReports");
$this->assertFalse($this->Acl->check('WRONG', 'tpsReports', 'read'));
$this->expectError("ACO permissions key foobar does not exist in DB_ACL::check()");
$this->assertFalse($this->Acl->check('Lumbergh', 'smash', 'foobar'));
//The next assertion should generate an error but only returns false.
//$this->expectError("DB_ACL::check() - Failed ARO/ACO node lookup in permissions check. Node references:\nAro: users\nAco: NonExistant");
$this->assertFalse($this->Acl->check('users', 'NonExistant', 'read'));
$this->assertFalse($this->Acl->check(null, 'printers', 'create'));
$this->assertFalse($this->Acl->check('managers', null, 'read'));
$this->assertTrue($this->Acl->check('Bobs', 'ROOT/tpsReports/view/current', 'read'));
$this->assertFalse($this->Acl->check('Samir', 'ROOT/tpsReports/update', 'read'));
$this->assertFalse($this->Acl->check('root/users/Milton', 'smash', 'delete'));
}
/**
* testDbAclCascadingDeny function
*
* Setup the acl permissions such that Bobs inherits from admin.
* deny Admin delete access to a specific resource, check the permisssions are inherited.
*
* @access public
* @return void
*/
function testDbAclCascadingDeny() {
$this->Acl->inherit('Bobs', 'ROOT', '*');
$this->assertTrue($this->Acl->check('admin', 'tpsReports', 'delete'));
$this->assertTrue($this->Acl->check('Bobs', 'tpsReports', 'delete'));
$this->Acl->deny('admin', 'tpsReports', 'delete');
$this->assertFalse($this->Acl->check('admin', 'tpsReports', 'delete'));
$this->assertFalse($this->Acl->check('Bobs', 'tpsReports', 'delete'));
}
function testDbAclDeny() {
$this->assertTrue($this->Acl->check('Micheal', 'smash', 'delete'));
$this->Acl->deny('Micheal', 'smash', 'delete');
$this->assertFalse($this->Acl->check('Micheal', 'smash', 'delete'));
$this->assertTrue($this->Acl->check('Micheal', 'smash', 'read'));
$this->assertTrue($this->Acl->check('Micheal', 'smash', 'create'));
$this->assertTrue($this->Acl->check('Micheal', 'smash', 'update'));
$this->assertFalse($this->Acl->check('Micheal', 'smash', '*'));
$this->assertTrue($this->Acl->check('Samir', 'refill', '*'));
$this->Acl->deny('Samir', 'refill', '*');
$this->assertFalse($this->Acl->check('Samir', 'refill', 'create'));
$this->assertFalse($this->Acl->check('Samir', 'refill', 'update'));
$this->assertFalse($this->Acl->check('Samir', 'refill', 'read'));
$this->assertFalse($this->Acl->check('Samir', 'refill', 'delete'));
$result = $this->Acl->Aro->Permission->find('all', array('conditions' => array('AroTwoTest.alias' => 'Samir')));
$expected = '-1';
$this->assertEqual($result[0]['PermissionTwoTest']['_delete'], $expected);
$this->expectError('DB_ACL::allow() - Invalid node');
$this->assertFalse($this->Acl->deny('Lumbergh', 'ROOT/tpsReports/DoesNotExist', 'create'));
}
function testAclNodeLookup() {
$result = $this->Acl->Aro->node('root/users/Samir');
$expected = array(
array('AroTwoTest' => array('id' => '7', 'parent_id' => '4', 'model' => 'User', 'foreign_key' => 3, 'alias' => 'Samir')),
array('AroTwoTest' => array('id' => '4', 'parent_id' => '1', 'model' => 'Group', 'foreign_key' => 3, 'alias' => 'users')),
array('AroTwoTest' => array('id' => '1', 'parent_id' => null, 'model' => null, 'foreign_key' => null, 'alias' => 'root'))
);
$this->assertEqual($result, $expected);
$result = $this->Acl->Aco->node('ROOT/tpsReports/view/current');
$expected = array(
array('AcoTwoTest' => array('id' => '4', 'parent_id' => '3', 'model' => null, 'foreign_key' => null, 'alias' => 'current')),
array('AcoTwoTest' => array('id' => '3', 'parent_id' => '2', 'model' => null, 'foreign_key' => null, 'alias' => 'view')),
array('AcoTwoTest' => array('id' => '2', 'parent_id' => '1', 'model' => null, 'foreign_key' => null, 'alias' => 'tpsReports')),
array('AcoTwoTest' => array('id' => '1', 'parent_id' => null, 'model' => null, 'foreign_key' => null, 'alias' => 'ROOT')),
);
$this->assertEqual($result, $expected);
}
function testDbInherit() {
//parent doesn't have access inherit should still deny
$this->assertFalse($this->Acl->check('Milton', 'smash', 'delete'));
$this->Acl->inherit('Milton', 'smash', 'delete');
$this->assertFalse($this->Acl->check('Milton', 'smash', 'delete'));
//inherit parent
$this->assertFalse($this->Acl->check('Milton', 'smash', 'read'));
$this->Acl->inherit('Milton', 'smash', 'read');
$this->assertTrue($this->Acl->check('Milton', 'smash', 'read'));
}
function testDbGrant() {
$this->assertFalse($this->Acl->check('Samir', 'tpsReports', 'create'));
$this->Acl->grant('Samir', 'tpsReports', 'create');
$this->assertTrue($this->Acl->check('Samir', 'tpsReports', 'create'));
$this->assertFalse($this->Acl->check('Micheal', 'view', 'read'));
$this->Acl->grant('Micheal', 'view', array('read', 'create', 'update'));
$this->assertTrue($this->Acl->check('Micheal', 'view', 'read'));
$this->assertTrue($this->Acl->check('Micheal', 'view', 'create'));
$this->assertTrue($this->Acl->check('Micheal', 'view', 'update'));
$this->assertFalse($this->Acl->check('Micheal', 'view', 'delete'));
$this->expectError('DB_ACL::allow() - Invalid node');
$this->assertFalse($this->Acl->grant('Peter', 'ROOT/tpsReports/DoesNotExist', 'create'));
}
function testDbRevoke() {
$this->assertTrue($this->Acl->check('Bobs', 'tpsReports', 'read'));
$this->Acl->revoke('Bobs', 'tpsReports', 'read');
$this->assertFalse($this->Acl->check('Bobs', 'tpsReports', 'read'));
$this->assertTrue($this->Acl->check('users', 'printers', 'read'));
$this->Acl->revoke('users', 'printers', 'read');
$this->assertFalse($this->Acl->check('users', 'printers', 'read'));
$this->assertFalse($this->Acl->check('Samir', 'printers', 'read'));
$this->assertFalse($this->Acl->check('Peter', 'printers', 'read'));
$this->expectError('DB_ACL::allow() - Invalid node');
$this->assertFalse($this->Acl->deny('Bobs', 'ROOT/printers/DoesNotExist', 'create'));
}
function testStartup() {
$controller = new Controller();
$this->assertTrue($this->Acl->startup($controller));
}
/* The following tests and AclComponent methods are not fully implemented yet
function testDbSetAro() {
//This method is not implemented in either INI_ACL or DB_ACL
//$result = $this->Acl->setAro('Samir');
//$this->assertEqual($result, $expected);
}
function testDbSetAco() {
//This method is not implemented in either INI_ACL or DB_ACL
//$result = $this->Acl->getAco('printers');
//$this->assertEqual($result, $expected);
}
function testDbGetAro() {
//This method is not implemented in either INI_ACL or DB_ACL
//$result = $this->Acl->getAro('Samir');
//$this->assertEqual($result, $expected);
}
function testDbGetAco() {
//This method is not implemented in either INI_ACL or DB_ACL
//$result = $this->Acl->getAco('tpsReports');
//$this->assertEqual($result, $expected);
}
*/
function testIniReadConfigFile() {
Configure::write('Acl.classname', 'INI_ACL_TEST');
unset($this->Acl);
$this->Acl = new AclComponent();
$iniFile = TEST_CAKE_CORE_INCLUDE_PATH . 'tests' . DS . 'test_app' . DS . 'configs'. DS . 'acl.ini.php';
$result = $this->Acl->_Instance->readConfigFile($iniFile);
$expected = array(
'admin' => array(
'groups' => 'administrators',
'allow' => '',
'deny' => 'ads',
),
'paul' => array(
'groups' => 'users',
'allow' =>'',
'deny' => '',
),
'jenny' => array(
'groups' => 'users',
'allow' => 'ads',
'deny' => 'images, files',
),
'nobody' => array(
'groups' => 'anonymous',
'allow' => '',
'deny' => '',
),
'administrators' => array(
'deny' => '',
'allow' => 'posts, comments, images, files, stats, ads',
),
'users' => array(
'allow' => 'posts, comments, images, files',
'deny' => 'stats, ads',
),
'anonymous' => array(
'allow' => '',
'deny' => 'posts, comments, images, files, stats, ads',
),
);
$this->assertEqual($result, $expected);
}
function testIniCheck() {
Configure::write('Acl.classname', 'INI_ACL_TEST');
unset($this->Acl);
$iniFile = TEST_CAKE_CORE_INCLUDE_PATH . 'tests' . DS . 'test_app' . DS . 'configs'. DS . 'acl.ini.php';
$this->Acl = new AclComponent();
$this->Acl->_Instance->config= $this->Acl->_Instance->readConfigFile($iniFile);
$this->assertFalse($this->Acl->check('admin', 'ads'));
$this->assertTrue($this->Acl->check('admin', 'posts'));
$this->assertTrue($this->Acl->check('jenny', 'posts'));
$this->assertTrue($this->Acl->check('jenny', 'ads'));
$this->assertTrue($this->Acl->check('paul', 'posts'));
$this->assertFalse($this->Acl->check('paul', 'ads'));
$this->assertFalse($this->Acl->check('nobody', 'comments'));
}
function tearDown() {
unset($this->Acl);
}
/**
* debug function - to help editing/creating test cases for the ACL component
*
* To check the overal ACL status at any time call $this->__debug();
* Generates a list of the current aro and aco structures and a grid dump of the permissions that are defined
* Only designed to work with the db based ACL
*
* @param bool $treesToo
* @access private
* @return void
*/
function __debug ($printTreesToo = false) {
$this->Acl->Aro->displayField = 'alias';
$this->Acl->Aco->displayField = 'alias';
$aros = $this->Acl->Aro->find('list', array('order' => 'lft'));
$acos = $this->Acl->Aco->find('list', array('order' => 'lft'));
$rights = array('*', 'create', 'read', 'update', 'delete');
$permissions['Aros v Acos >'] = $acos;
foreach ($aros as $aro) {
$row = array();
foreach ($acos as $aco) {
$perms = '';
foreach ($rights as $right) {
if ($this->Acl->check($aro, $aco, $right)) {
if ($right == '*') {
$perms .= '****';
break;
}
$perms .= $right[0];
} elseif ($right != '*') {
$perms .= ' ';
}
}
$row[] = $perms;
}
$permissions[$aro] = $row;
}
foreach ($permissions as $key => $values) {
array_unshift($values, $key);
$values = array_map(array(&$this, '__pad'), $values);
$permissions[$key] = implode (' ', $values);
}
$permisssions = array_map(array(&$this, '__pad'), $permissions);
array_unshift($permissions, 'Current Permissions :');
if ($printTreesToo) {
debug (array('aros' => $this->Acl->Aro->generateTreeList(), 'acos' => $this->Acl->Aco->generateTreeList()));
}
debug (implode("\r\n", $permissions));
}
/**
* pad function
* Used by debug to format strings used in the data dump
*
* @param string $string
* @param int $len
* @access private
* @return void
*/
function __pad($string = '', $len = 14) {
return str_pad($string, $len);
}
}
?>