2014-05-06 18:15:35 +02:00
|
|
|
<?php
|
|
|
|
class ApiPrivilegeTest extends AbstractFullApiTest
|
|
|
|
{
|
|
|
|
public function testPrivilegeTesting()
|
|
|
|
{
|
|
|
|
$priv1 = new Privilege(Privilege::ViewPost, 'own');
|
|
|
|
$priv2 = new Privilege(Privilege::ViewPost, 'own');
|
|
|
|
$this->assert->areNotEqual($priv1, $priv2);
|
|
|
|
$this->assert->areEquivalent($priv1, $priv2);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testRegularPrivileges()
|
|
|
|
{
|
2014-05-17 15:00:30 +02:00
|
|
|
$this->testRegularPrivilege(new AcceptUserRegistrationJob(), Privilege::AcceptUserRegistration);
|
|
|
|
$this->testRegularPrivilege(new ActivateUserEmailJob(), null);
|
|
|
|
$this->testRegularPrivilege(new AddCommentJob(), Privilege::AddComment);
|
|
|
|
$this->testRegularPrivilege(new PreviewCommentJob(), Privilege::AddComment);
|
|
|
|
$this->testRegularPrivilege(new AddPostJob(), Privilege::AddPost);
|
|
|
|
$this->testRegularPrivilege(new AddUserJob(), Privilege::RegisterAccount);
|
|
|
|
$this->testRegularPrivilege(new EditUserJob(), null);
|
|
|
|
$this->testRegularPrivilege(new GetLogJob(), Privilege::ViewLog);
|
|
|
|
$this->testRegularPrivilege(new GetPropertyJob(), null);
|
|
|
|
$this->testRegularPrivilege(new ListCommentsJob(), Privilege::ListComments);
|
|
|
|
$this->testRegularPrivilege(new ListLogsJob(), Privilege::ListLogs);
|
|
|
|
$this->testRegularPrivilege(new ListPostsJob(), Privilege::ListPosts);
|
|
|
|
$this->testRegularPrivilege(new ListRelatedTagsJob(), Privilege::ListTags);
|
|
|
|
$this->testRegularPrivilege(new ListTagsJob(), Privilege::ListTags);
|
|
|
|
$this->testRegularPrivilege(new ListUsersJob(), Privilege::ListUsers);
|
|
|
|
$this->testRegularPrivilege(new PasswordResetJob(), null);
|
|
|
|
$this->testRegularPrivilege(new MergeTagsJob(), Privilege::MergeTags);
|
|
|
|
$this->testRegularPrivilege(new RenameTagsJob(), Privilege::RenameTags);
|
2014-05-06 18:15:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
protected function testRegularPrivilege($job, $expectedPrivilege)
|
|
|
|
{
|
|
|
|
$this->testedJobs []= $job;
|
2014-05-17 15:00:30 +02:00
|
|
|
$this->assert->areEqual($expectedPrivilege, $job->getRequiredMainPrivilege());
|
|
|
|
$this->assert->isNull($job->getRequiredSubPrivileges());
|
2014-05-06 18:15:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function testDynamicPostPrivileges()
|
|
|
|
{
|
2014-05-13 21:08:07 +02:00
|
|
|
$this->login($this->userMocker->mockSingle());
|
2014-05-06 18:15:35 +02:00
|
|
|
|
2014-05-17 15:00:30 +02:00
|
|
|
$this->testDynamicPostPrivilege(new DeletePostJob(), Privilege::DeletePost);
|
|
|
|
$this->testDynamicPostPrivilege(new EditPostJob(), Privilege::EditPost);
|
|
|
|
$this->testDynamicPostPrivilege(new EditPostContentJob(), Privilege::EditPostContent);
|
|
|
|
$this->testDynamicPostPrivilege(new EditPostRelationsJob(), Privilege::EditPostRelations);
|
|
|
|
$this->testDynamicPostPrivilege(new EditPostSafetyJob(), Privilege::EditPostSafety);
|
|
|
|
$this->testDynamicPostPrivilege(new EditPostSourceJob(), Privilege::EditPostSource);
|
|
|
|
$this->testDynamicPostPrivilege(new EditPostTagsJob(), Privilege::EditPostTags);
|
|
|
|
$this->testDynamicPostPrivilege(new EditPostThumbJob(), Privilege::EditPostThumb);
|
2014-05-06 19:39:41 +02:00
|
|
|
|
|
|
|
$ctx = function($job)
|
|
|
|
{
|
|
|
|
$job->setContext(AbstractJob::CONTEXT_BATCH_ADD);
|
|
|
|
return $job;
|
|
|
|
};
|
2014-05-17 15:00:30 +02:00
|
|
|
$this->testDynamicPostPrivilege($ctx(new EditPostContentJob), Privilege::AddPostContent);
|
|
|
|
$this->testDynamicPostPrivilege($ctx(new EditPostRelationsJob), Privilege::AddPostRelations);
|
|
|
|
$this->testDynamicPostPrivilege($ctx(new EditPostSafetyJob), Privilege::AddPostSafety);
|
|
|
|
$this->testDynamicPostPrivilege($ctx(new EditPostSourceJob), Privilege::AddPostSource);
|
|
|
|
$this->testDynamicPostPrivilege($ctx(new EditPostTagsJob), Privilege::AddPostTags);
|
|
|
|
$this->testDynamicPostPrivilege($ctx(new EditPostThumbJob), Privilege::AddPostThumb);
|
|
|
|
|
|
|
|
$this->testDynamicPostPrivilege(new FeaturePostJob(), Privilege::FeaturePost);
|
|
|
|
$this->testDynamicPostPrivilege(new FlagPostJob(), Privilege::FlagPost);
|
|
|
|
$this->testDynamicPostPrivilege(new ScorePostJob(), Privilege::ScorePost);
|
|
|
|
$this->testDynamicPostPrivilege(new TogglePostTagJob(), Privilege::EditPostTags);
|
|
|
|
$this->testDynamicPostPrivilege(new TogglePostVisibilityJob(), Privilege::HidePost);
|
|
|
|
$this->testDynamicPostPrivilege(new TogglePostFavoriteJob(), Privilege::FavoritePost);
|
2014-05-06 18:15:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
protected function testDynamicPostPrivilege($job, $expectedPrivilege)
|
|
|
|
{
|
|
|
|
$this->testedJobs []= $job;
|
2014-05-17 15:00:30 +02:00
|
|
|
$this->assert->areEqual($expectedPrivilege, $job->getRequiredMainPrivilege());
|
2014-05-06 18:15:35 +02:00
|
|
|
|
2014-05-13 21:08:07 +02:00
|
|
|
list ($ownPost, $otherPost) = $this->postMocker->mockMultiple(2);
|
|
|
|
$ownPost->setUploader(Auth::getCurrentUser());
|
|
|
|
$otherPost->setUploader($this->userMocker->mockSingle());
|
|
|
|
PostModel::save([$ownPost, $otherPost]);
|
2014-05-06 18:15:35 +02:00
|
|
|
|
2014-05-12 00:13:18 +02:00
|
|
|
$job->setArgument(JobArgs::ARG_POST_ID, $otherPost->getId());
|
2014-05-06 18:15:35 +02:00
|
|
|
$job->prepare();
|
2014-05-17 15:00:30 +02:00
|
|
|
$this->assert->areEqual('all', $job->getRequiredSubPrivileges());
|
2014-05-06 18:15:35 +02:00
|
|
|
|
2014-05-12 00:13:18 +02:00
|
|
|
$job->setArgument(JobArgs::ARG_POST_ID, $ownPost->getId());
|
2014-05-06 18:15:35 +02:00
|
|
|
$job->prepare();
|
2014-05-17 15:00:30 +02:00
|
|
|
$this->assert->areEqual('own', $job->getRequiredSubPrivileges());
|
2014-05-06 18:15:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function testDynamicPostRetrievalPrivileges()
|
|
|
|
{
|
|
|
|
$jobs =
|
|
|
|
[
|
|
|
|
new GetPostJob(),
|
|
|
|
new GetPostContentJob(),
|
|
|
|
];
|
|
|
|
|
2014-05-13 21:08:07 +02:00
|
|
|
$post = $this->postMocker->mockSingle();
|
2014-05-06 18:15:35 +02:00
|
|
|
|
|
|
|
foreach ($jobs as $job)
|
|
|
|
{
|
|
|
|
$this->testedJobs []= $job;
|
|
|
|
|
|
|
|
$post->setHidden(true);
|
|
|
|
PostModel::save($post);
|
|
|
|
|
2014-05-12 00:13:18 +02:00
|
|
|
$job->setArgument(JobArgs::ARG_POST_ID, $post->getId());
|
|
|
|
$job->setArgument(JobArgs::ARG_POST_NAME, $post->getName());
|
2014-05-06 18:15:35 +02:00
|
|
|
$job->prepare();
|
2014-05-17 15:00:30 +02:00
|
|
|
$this->assert->areEqual(Privilege::ViewPost, $job->getRequiredMainPrivilege());
|
|
|
|
$sub = $job->getRequiredSubPrivileges();
|
|
|
|
natcasesort($sub);
|
|
|
|
$this->assert->areEquivalent(['hidden', 'safe'], $sub);
|
2014-05-06 18:15:35 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public function testDynamicPostThumbPrivileges()
|
|
|
|
{
|
|
|
|
$job = new GetPostThumbJob();
|
|
|
|
$this->testedJobs []= $job;
|
2014-05-17 15:00:30 +02:00
|
|
|
$this->assert->isNull($job->getRequiredMainPrivilege());
|
2014-05-06 18:15:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function testDynamicUserPrivileges()
|
|
|
|
{
|
2014-05-13 21:08:07 +02:00
|
|
|
$ownUser = $this->userMocker->mockSingle();
|
2014-05-06 18:15:35 +02:00
|
|
|
$this->login($ownUser);
|
|
|
|
|
2014-05-17 15:00:30 +02:00
|
|
|
$this->testDynamicUserPrivilege(new DeleteUserJob(), Privilege::DeleteUser);
|
|
|
|
$this->testDynamicUserPrivilege(new EditUserAccessRankJob(), Privilege::EditUserAccessRank);
|
|
|
|
$this->testDynamicUserPrivilege(new EditUserEmailJob(), Privilege::EditUserEmail);
|
|
|
|
$this->testDynamicUserPrivilege(new EditUserNameJob(), Privilege::EditUserName);
|
|
|
|
$this->testDynamicUserPrivilege(new EditUserPasswordJob(), Privilege::EditUserPassword);
|
|
|
|
$this->testDynamicUserPrivilege(new EditUserSettingsJob(), Privilege::EditUserSettings);
|
2014-05-17 13:07:54 +02:00
|
|
|
|
|
|
|
$ctx = function($job)
|
|
|
|
{
|
|
|
|
$job->setContext(AbstractJob::CONTEXT_BATCH_ADD);
|
|
|
|
return $job;
|
|
|
|
};
|
2014-05-17 15:00:30 +02:00
|
|
|
$this->testDynamicUserPrivilege($ctx(new EditUserAccessRankJob()), Privilege::EditUserAccessRank);
|
|
|
|
$this->testDynamicUserPrivilege($ctx(new EditUserEmailJob()), Privilege::RegisterAccount);
|
|
|
|
$this->testDynamicUserPrivilege($ctx(new EditUserNameJob()), Privilege::RegisterAccount);
|
|
|
|
$this->testDynamicUserPrivilege($ctx(new EditUserPasswordJob()), Privilege::RegisterAccount);
|
|
|
|
$this->testDynamicUserPrivilege($ctx(new EditUserSettingsJob()), Privilege::EditUserSettings);
|
|
|
|
|
|
|
|
$this->testDynamicUserPrivilege(new FlagUserJob(), Privilege::FlagUser);
|
|
|
|
$this->testDynamicUserPrivilege(new GetUserJob(), Privilege::ViewUser);
|
|
|
|
$this->testDynamicUserPrivilege(new GetUserSettingsJob(), Privilege::EditUserSettings);
|
|
|
|
$this->testDynamicUserPrivilege(new ToggleUserBanJob(), Privilege::BanUser);
|
2014-05-06 18:15:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
protected function testDynamicUserPrivilege($job, $expectedPrivilege)
|
|
|
|
{
|
2014-05-17 15:00:30 +02:00
|
|
|
$this->testedJobs []= $job;
|
|
|
|
$this->assert->areEqual($expectedPrivilege, $job->getRequiredMainPrivilege());
|
|
|
|
|
2014-05-06 18:15:35 +02:00
|
|
|
$ownUser = Auth::getCurrentUser();
|
|
|
|
|
2014-05-13 21:08:07 +02:00
|
|
|
$otherUser = $this->userMocker->mockSingle();
|
2014-05-07 00:34:02 +02:00
|
|
|
$otherUser->setName('dummy' . uniqid());
|
2014-05-06 18:15:35 +02:00
|
|
|
UserModel::save($otherUser);
|
|
|
|
|
2014-05-12 00:13:18 +02:00
|
|
|
$job->setArgument(JobArgs::ARG_USER_NAME, $ownUser->getName());
|
2014-05-06 18:15:35 +02:00
|
|
|
$job->prepare();
|
2014-05-17 15:00:30 +02:00
|
|
|
$this->assert->areEqual('own', $job->getRequiredSubPrivileges());
|
2014-05-06 18:15:35 +02:00
|
|
|
|
2014-05-12 00:13:18 +02:00
|
|
|
$job->setArgument(JobArgs::ARG_USER_NAME, $otherUser->getName());
|
2014-05-06 18:15:35 +02:00
|
|
|
$job->prepare();
|
2014-05-17 15:00:30 +02:00
|
|
|
$this->assert->areEqual('all', $job->getRequiredSubPrivileges());
|
2014-05-06 18:15:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function testDynamicCommentPrivileges()
|
|
|
|
{
|
2014-05-13 21:08:07 +02:00
|
|
|
$this->login($this->userMocker->mockSingle());
|
2014-05-06 18:15:35 +02:00
|
|
|
|
2014-05-17 15:00:30 +02:00
|
|
|
$this->testDynamicCommentPrivilege(new DeleteCommentJob(), Privilege::DeleteComment);
|
|
|
|
$this->testDynamicCommentPrivilege(new EditCommentJob(), Privilege::EditComment);
|
2014-05-06 18:15:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
protected function testDynamicCommentPrivilege($job, $expectedPrivilege)
|
|
|
|
{
|
2014-05-17 15:00:30 +02:00
|
|
|
$this->testedJobs []= $job;
|
|
|
|
$this->assert->areEqual($expectedPrivilege, $job->getRequiredMainPrivilege());
|
|
|
|
|
2014-05-13 21:08:07 +02:00
|
|
|
list ($ownComment, $otherComment) = $this->commentMocker->mockMultiple(2);
|
|
|
|
$ownComment->setCommenter(Auth::getCurrentUser());
|
|
|
|
$otherComment->setCommenter($this->userMocker->mockSingle());
|
|
|
|
CommentModel::save([$ownComment, $otherComment]);
|
2014-05-06 18:15:35 +02:00
|
|
|
|
2014-05-12 00:13:18 +02:00
|
|
|
$job->setArgument(JobArgs::ARG_COMMENT_ID, $ownComment->getId());
|
2014-05-06 18:15:35 +02:00
|
|
|
$job->prepare();
|
2014-05-17 15:00:30 +02:00
|
|
|
$this->assert->areEqual('own', $job->getRequiredSubPrivileges());
|
2014-05-06 18:15:35 +02:00
|
|
|
|
2014-05-12 00:13:18 +02:00
|
|
|
$job->setArgument(JobArgs::ARG_COMMENT_ID, $otherComment->getId());
|
2014-05-06 18:15:35 +02:00
|
|
|
$job->prepare();
|
2014-05-17 15:00:30 +02:00
|
|
|
$this->assert->areEqual('all', $job->getRequiredSubPrivileges());
|
2014-05-06 18:15:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function testPrivilegeEnforcing()
|
|
|
|
{
|
2014-05-17 15:00:30 +02:00
|
|
|
$post = $this->postMocker->mockSingle();
|
|
|
|
Core::getConfig()->registration->needEmailForCommenting = false;
|
|
|
|
|
|
|
|
$this->assert->throws(function() use ($post)
|
2014-05-06 18:15:35 +02:00
|
|
|
{
|
2014-05-17 15:00:30 +02:00
|
|
|
Api::run(
|
2014-05-06 18:15:35 +02:00
|
|
|
new AddCommentJob(),
|
|
|
|
[
|
2014-05-12 00:13:18 +02:00
|
|
|
JobArgs::ARG_POST_ID => $post->getId(),
|
|
|
|
JobArgs::ARG_NEW_TEXT => 'alohaaa',
|
2014-05-06 18:15:35 +02:00
|
|
|
]);
|
|
|
|
}, 'Insufficient privileges');
|
|
|
|
}
|
2014-05-17 15:00:30 +02:00
|
|
|
|
|
|
|
public function testComplexPrivilegeEnforcing()
|
|
|
|
{
|
|
|
|
$post = $this->postMocker->mockSingle();
|
|
|
|
Core::getConfig()->registration->needEmailForCommenting = false;
|
|
|
|
$this->grantAccess('editPost.own');
|
|
|
|
$this->grantAccess('editPostTags.own');
|
|
|
|
$this->revokeAccess('editPost.all');
|
|
|
|
$this->revokeAccess('editPostTags.all');
|
|
|
|
$user = $this->userMocker->mockSingle();
|
|
|
|
$this->login($user);
|
|
|
|
|
|
|
|
$this->assert->throws(function() use ($post)
|
|
|
|
{
|
|
|
|
Api::run(
|
|
|
|
new EditPostTagsJob(),
|
|
|
|
[
|
|
|
|
JobArgs::ARG_POST_ID => $post->getId(),
|
|
|
|
JobArgs::ARG_NEW_TAG_NAMES => ['test1', 'test2'],
|
|
|
|
]);
|
|
|
|
}, 'Insufficient privileges');
|
|
|
|
|
|
|
|
$post->setUploader($user);
|
|
|
|
PostModel::save($post);
|
|
|
|
|
|
|
|
$this->assert->doesNotThrow(function() use ($post)
|
|
|
|
{
|
|
|
|
Api::run(
|
|
|
|
new EditPostTagsJob(),
|
|
|
|
[
|
|
|
|
JobArgs::ARG_POST_ID => $post->getId(),
|
|
|
|
JobArgs::ARG_NEW_TAG_NAMES => ['test1', 'test2'],
|
|
|
|
]);
|
|
|
|
});
|
|
|
|
}
|
2014-05-06 18:15:35 +02:00
|
|
|
}
|