ulysia/szurubooru
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

More restrictive privilege system

Browse source
This commit is contained in:
Marcin Kurczewski 2014-05-06 13:07:24 +02:00
parent 04481122ce
commit 26f2c46e5b
11 changed files with 236 additions and 174 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/Access.php
View file

@ -25,8 +25,7 @@ class Access
$minAccessRank = TextHelper::resolveConstant($minAccessRankName, 'AccessRank'); $minAccessRank = TextHelper::resolveConstant($minAccessRankName, 'AccessRank');
self::$privileges[$key] = $minAccessRank; self::$privileges[$key] = $minAccessRank;
if (!isset(self::$privileges[$privilegeName]) or if (!isset(self::$privileges[$privilegeName]))
self::$privileges[$privilegeName] > $minAccessRank)
{ {
self::$privileges[$privilegeName] = $minAccessRank; self::$privileges[$privilegeName] = $minAccessRank;
} }

12
tests/AbstractTest.php
View file

@ -38,4 +38,16 @@ class AbstractTest
$comment->setText('test test'); $comment->setText('test test');
return CommentModel::save($comment); return CommentModel::save($comment);
} }
protected function grantAccess($privilege)
{
getConfig()->privileges->$privilege = 'anonymous';
Access::init();
}
protected function revokeAccess($privilege)
{
getConfig()->privileges->$privilege = 'nobody';
Access::init();
}
} }

11
tests/BasicAuthTest.php
View file

@ -3,6 +3,9 @@ class BasicAuthTest extends AbstractTest
{ {
public function testValidPassword() public function testValidPassword()
{ {
getConfig()->registration->staffActivation = false;
getConfig()->registration->needEmailForRegistering = false;
$user = $this->prepareValidUser(); $user = $this->prepareValidUser();
UserModel::save($user); UserModel::save($user);
@ -43,6 +46,9 @@ class BasicAuthTest extends AbstractTest
public function testBanned() public function testBanned()
{ {
getConfig()->registration->staffActivation = false;
getConfig()->registration->needEmailForRegistering = false;
$user = $this->prepareValidUser(); $user = $this->prepareValidUser();
$user->ban(); $user->ban();
UserModel::save($user); UserModel::save($user);
@ -56,6 +62,7 @@ class BasicAuthTest extends AbstractTest
public function testStaffConfirmationEnabled() public function testStaffConfirmationEnabled()
{ {
getConfig()->registration->staffActivation = true; getConfig()->registration->staffActivation = true;
getConfig()->registration->needEmailForRegistering = false;
$user = $this->prepareValidUser(); $user = $this->prepareValidUser();
$user->staffConfirmed = false; $user->staffConfirmed = false;
@ -70,6 +77,7 @@ class BasicAuthTest extends AbstractTest
public function testStaffConfirmationDisabled() public function testStaffConfirmationDisabled()
{ {
getConfig()->registration->staffActivation = false; getConfig()->registration->staffActivation = false;
getConfig()->registration->needEmailForRegistering = false;
$user = $this->prepareValidUser(); $user = $this->prepareValidUser();
$user->staffConfirmed = false; $user->staffConfirmed = false;
@ -83,6 +91,7 @@ class BasicAuthTest extends AbstractTest
public function testMailConfirmationEnabledFail1() public function testMailConfirmationEnabledFail1()
{ {
getConfig()->registration->staffActivation = false;
getConfig()->registration->needEmailForRegistering = true; getConfig()->registration->needEmailForRegistering = true;
$user = $this->prepareValidUser(); $user = $this->prepareValidUser();
@ -97,6 +106,7 @@ class BasicAuthTest extends AbstractTest
public function testMailConfirmationEnabledFail2() public function testMailConfirmationEnabledFail2()
{ {
getConfig()->registration->staffActivation = false;
getConfig()->registration->needEmailForRegistering = true; getConfig()->registration->needEmailForRegistering = true;
$user = $this->prepareValidUser(); $user = $this->prepareValidUser();
@ -112,6 +122,7 @@ class BasicAuthTest extends AbstractTest
public function testMailConfirmationEnabledPass() public function testMailConfirmationEnabledPass()
{ {
getConfig()->registration->staffActivation = false;
getConfig()->registration->needEmailForRegistering = true; getConfig()->registration->needEmailForRegistering = true;
$user = $this->prepareValidUser(); $user = $this->prepareValidUser();

59
tests/JobTests/AddCommentJobTest.php
View file

@ -24,12 +24,22 @@ class AddCommentJobTest extends AbstractTest
}); });
} }
public function testEmailActivation()
{
$this->prepare();
getConfig()->registration->needEmailForCommenting = true;
$this->assert->throws(function()
{
$this->runApi('alohaaaa');
}, 'Need e-mail');
}
public function testAlmostTooShortText() public function testAlmostTooShortText()
{ {
$this->prepare(); $this->prepare();
$this->assert->doesNotThrow(function() $this->assert->doesNotThrow(function()
{ {
return $this->runApi(str_repeat('b', getConfig()->comments->minLength)); $this->runApi(str_repeat('b', getConfig()->comments->minLength));
}); });
} }
@ -38,7 +48,7 @@ class AddCommentJobTest extends AbstractTest
$this->prepare(); $this->prepare();
$this->assert->doesNotThrow(function() $this->assert->doesNotThrow(function()
{ {
return $this->runApi(str_repeat('b', getConfig()->comments->maxLength)); $this->runApi(str_repeat('b', getConfig()->comments->maxLength));
}); });
} }
@ -47,7 +57,7 @@ class AddCommentJobTest extends AbstractTest
$this->prepare(); $this->prepare();
$this->assert->throws(function() $this->assert->throws(function()
{ {
return $this->runApi(str_repeat('b', getConfig()->comments->minLength - 1)); $this->runApi(str_repeat('b', getConfig()->comments->minLength - 1));
}, 'Comment must have at least'); }, 'Comment must have at least');
} }
@ -56,7 +66,7 @@ class AddCommentJobTest extends AbstractTest
$this->prepare(); $this->prepare();
$this->assert->throws(function() $this->assert->throws(function()
{ {
return $this->runApi(str_repeat('b', getConfig()->comments->maxLength + 1)); $this->runApi(str_repeat('b', getConfig()->comments->maxLength + 1));
}, 'Comment must have at most'); }, 'Comment must have at most');
} }
@ -65,35 +75,28 @@ class AddCommentJobTest extends AbstractTest
$this->prepare(); $this->prepare();
Auth::setCurrentUser(null); Auth::setCurrentUser(null);
$this->assert->throws(function() $this->assert->doesNotThrow(function()
{ {
$this->assert->isFalse(Auth::isLoggedIn()); $this->runApi('alohaaaaaaa');
return $this->runApi('alohaaaaaaa'); });
}, 'Insufficient privileges');
} }
public function testAccessDenial() public function testAccessDenial()
{ {
$this->prepare(); $this->prepare();
$this->revokeAccess('addComment');
getConfig()->privileges->addComment = 'nobody';
Access::init();
$this->assert->isFalse(Access::check(new Privilege(Privilege::AddComment)));
$this->assert->throws(function() $this->assert->throws(function()
{ {
return $this->runApi('alohaaaaaaa'); $this->runApi('alohaaaaaaa');
}, 'Insufficient privileges'); }, 'Insufficient privileges');
} }
public function testAnonymous() public function testAnonymous()
{ {
$this->prepare(); $this->prepare();
$this->grantAccess('addComment');
Auth::setCurrentUser(null); Auth::setCurrentUser(null);
getConfig()->privileges->addComment = 'anonymous';
Access::init();
$this->assert->isTrue(Access::check(new Privilege(Privilege::AddComment)));
$text = 'alohaaaaaaa'; $text = 'alohaaaaaaa';
$comment = $this->assert->doesNotThrow(function() use ($text) $comment = $this->assert->doesNotThrow(function() use ($text)
@ -106,29 +109,13 @@ class AddCommentJobTest extends AbstractTest
$this->assert->areEqual(UserModel::getAnonymousName(), $comment->getCommenter()->getName()); $this->assert->areEqual(UserModel::getAnonymousName(), $comment->getCommenter()->getName());
} }
public function testPrivilegeDependancies()
{
$this->prepare();
getConfig()->privileges->{'editComment'} = 'nobody';
getConfig()->privileges->{'editComment.own'} = 'nobody';
getConfig()->privileges->{'editComment.all'} = 'nobody';
Access::init();
$this->assert->isTrue(Access::check(new Privilege(Privilege::AddComment)));
$this->assert->isFalse(Access::check(new Privilege(Privilege::EditComment)));
$this->assert->doesNotThrow(function()
{
return $this->runApi('alohaaaaaaa');
}, 'insufficient privileges');
}
public function testWrongPostId() public function testWrongPostId()
{ {
$this->prepare(); $this->prepare();
$this->grantAccess('addComment');
$this->assert->throws(function() $this->assert->throws(function()
{ {
return Api::run( Api::run(
new AddCommentJob(), new AddCommentJob(),
[ [
AddCommentJob::POST_ID => 100, AddCommentJob::POST_ID => 100,
@ -152,6 +139,8 @@ class AddCommentJobTest extends AbstractTest
protected function prepare() protected function prepare()
{ {
getConfig()->registration->needEmailForCommenting = false;
$this->grantAccess('addComment');
$this->login($this->mockUser()); $this->login($this->mockUser());
} }
} }

44
tests/JobTests/DeleteCommentJobTest.php
View file

@ -4,10 +4,11 @@ class DeleteCommentJobTest extends AbstractTest
public function testOwn() public function testOwn()
{ {
$this->prepare(); $this->prepare();
$this->grantAccess('deleteComment');
$this->assert->doesNotThrow(function() $this->assert->doesNotThrow(function()
{ {
return $this->runApi(); $this->runApi();
}); });
$this->assert->areEqual(0, CommentModel::getCount()); $this->assert->areEqual(0, CommentModel::getCount());
@ -20,8 +21,7 @@ class DeleteCommentJobTest extends AbstractTest
$this->assert->throws(function() $this->assert->throws(function()
{ {
$this->assert->isFalse(Auth::isLoggedIn()); $this->runApi();
return $this->runApi();
}, 'Not logged in'); }, 'Not logged in');
} }
@ -29,52 +29,39 @@ class DeleteCommentJobTest extends AbstractTest
{ {
$this->prepare(); $this->prepare();
getConfig()->privileges->{'deleteComment.own'} = 'nobody';
Access::init();
$this->assert->isFalse(Access::check(new Privilege(Privilege::DeleteComment)));
$this->assert->throws(function() $this->assert->throws(function()
{ {
return $this->runApi(); $this->runApi();
}, 'Insufficient privileges'); }, 'Insufficient privileges');
} }
public function testOtherAccessGrant() public function testOtherAccessGrant()
{ {
$this->prepare(); $this->prepare();
$this->grantAccess('deleteComment.all');
getConfig()->privileges->{'deleteComment.all'} = 'nobody'; $comment = $this->mockComment(Auth::getCurrentUser());
Access::init(); //login as someone else
$this->assert->isTrue(Access::check(new Privilege(Privilege::DeleteComment))); $this->login($this->mockUser());
$this->assert->doesNotThrow(function() $this->assert->doesNotThrow(function() use ($comment)
{ {
return $this->runApi(); $this->runApi($comment);
}); });
} }
public function testOtherAccessDenial() public function testOtherAccessDenial()
{ {
$this->prepare(); $this->prepare();
$this->grantAccess('deleteComment.own');
$comment = $this->mockComment(Auth::getCurrentUser()); $comment = $this->mockComment(Auth::getCurrentUser());
//login as someone else //login as someone else
$this->login($this->mockUser()); $this->login($this->mockUser());
getConfig()->privileges->{'deleteComment.all'} = 'nobody';
Access::init();
$this->assert->isTrue(Access::check(new Privilege(Privilege::DeleteComment)));
$this->assert->isTrue(Access::check(new Privilege(Privilege::DeleteComment, 'own')));
$this->assert->isFalse(Access::check(new Privilege(Privilege::DeleteComment, 'all')));
$this->assert->throws(function() use ($comment) $this->assert->throws(function() use ($comment)
{ {
Api::run( $this->runApi($comment);
new DeleteCommentJob(),
[
DeleteCommentJob::COMMENT_ID => $comment->getId(),
]);
}, 'Insufficient privileges'); }, 'Insufficient privileges');
} }
@ -83,7 +70,7 @@ class DeleteCommentJobTest extends AbstractTest
$this->prepare(); $this->prepare();
$this->assert->throws(function() $this->assert->throws(function()
{ {
return Api::run( Api::run(
new DeleteCommentJob(), new DeleteCommentJob(),
[ [
DeleteCommentJob::COMMENT_ID => 100, DeleteCommentJob::COMMENT_ID => 100,
@ -92,9 +79,10 @@ class DeleteCommentJobTest extends AbstractTest
} }
protected function runApi() protected function runApi($comment = null)
{ {
$comment = $this->mockComment(Auth::getCurrentUser()); if ($comment === null)
$comment = $this->mockComment(Auth::getCurrentUser());
return Api::run( return Api::run(
new DeleteCommentJob(), new DeleteCommentJob(),

65
tests/JobTests/EditCommentJobTest.php
View file

@ -4,6 +4,7 @@ class EditCommentJobTest extends AbstractTest
public function testOwn() public function testOwn()
{ {
$this->prepare(); $this->prepare();
$this->grantAccess('editComment.own');
$text = 'alohaaaaaaa'; $text = 'alohaaaaaaa';
$comment = $this->assert->doesNotThrow(function() use ($text) $comment = $this->assert->doesNotThrow(function() use ($text)
@ -24,48 +25,52 @@ class EditCommentJobTest extends AbstractTest
public function testOwnAlmostTooShortText() public function testOwnAlmostTooShortText()
{ {
$this->prepare(); $this->prepare();
$this->grantAccess('editComment.own');
$this->assert->doesNotThrow(function() $this->assert->doesNotThrow(function()
{ {
return $this->runApi(str_repeat('b', getConfig()->comments->minLength)); $this->runApi(str_repeat('b', getConfig()->comments->minLength));
}); });
} }
public function testOwnAlmostTooLongText() public function testOwnAlmostTooLongText()
{ {
$this->prepare(); $this->prepare();
$this->grantAccess('editComment.own');
$this->assert->doesNotThrow(function() $this->assert->doesNotThrow(function()
{ {
return $this->runApi(str_repeat('b', getConfig()->comments->maxLength)); $this->runApi(str_repeat('b', getConfig()->comments->maxLength));
}); });
} }
public function testOwnTooShortText() public function testOwnTooShortText()
{ {
$this->prepare(); $this->prepare();
$this->grantAccess('editComment.own');
$this->assert->throws(function() $this->assert->throws(function()
{ {
return $this->runApi(str_repeat('b', getConfig()->comments->minLength - 1)); $this->runApi(str_repeat('b', getConfig()->comments->minLength - 1));
}, 'Comment must have at least'); }, 'Comment must have at least');
} }
public function testOwnTooLongText() public function testOwnTooLongText()
{ {
$this->prepare(); $this->prepare();
$this->grantAccess('editComment.own');
$this->assert->throws(function() $this->assert->throws(function()
{ {
return $this->runApi(str_repeat('b', getConfig()->comments->maxLength + 1)); $this->runApi(str_repeat('b', getConfig()->comments->maxLength + 1));
}, 'Comment must have at most'); }, 'Comment must have at most');
} }
public function testNoAuth() public function testNoAuth()
{ {
$this->prepare(); $this->prepare();
$this->grantAccess('editComment');
Auth::setCurrentUser(null); Auth::setCurrentUser(null);
$this->assert->throws(function() $this->assert->throws(function()
{ {
$this->assert->isFalse(Auth::isLoggedIn()); $this->runApi('alohaaaaaaa');
return $this->runApi('alohaaaaaaa');
}, 'Not logged in'); }, 'Not logged in');
} }
@ -73,44 +78,42 @@ class EditCommentJobTest extends AbstractTest
{ {
$this->prepare(); $this->prepare();
getConfig()->privileges->{'editComment.own'} = 'nobody';
Access::init();
$this->assert->isFalse(Access::check(new Privilege(Privilege::EditComment)));
$this->assert->throws(function() $this->assert->throws(function()
{ {
return $this->runApi('alohaaaaaaa'); $this->runApi('alohaaaaaaa');
}, 'Insufficient privileges'); }, 'Insufficient privileges');
} }
public function testOtherAccessGrant() public function testOtherAccessGrant()
{ {
$this->prepare(); $this->prepare();
$this->grantAccess('editComment.all');
getConfig()->privileges->{'editComment.all'} = 'nobody';
Access::init();
$this->assert->isTrue(Access::check(new Privilege(Privilege::EditComment)));
$this->assert->doesNotThrow(function()
{
return $this->runApi('alohaaaaaaa');
});
}
public function testOtherAccessDenial()
{
$this->prepare();
$comment = $this->mockComment(Auth::getCurrentUser()); $comment = $this->mockComment(Auth::getCurrentUser());
//login as someone else //login as someone else
$this->login($this->mockUser()); $this->login($this->mockUser());
getConfig()->privileges->{'editComment.all'} = 'nobody'; $this->assert->doesNotThrow(function() use ($comment)
Access::init(); {
$this->assert->isTrue(Access::check(new Privilege(Privilege::EditComment))); Api::run(
$this->assert->isTrue(Access::check(new Privilege(Privilege::EditComment, 'own'))); new EditCommentJob(),
$this->assert->isFalse(Access::check(new Privilege(Privilege::EditComment, 'all'))); [
EditCommentJob::COMMENT_ID => $comment->getId(),
EditCommentJob::TEXT => 'alohaa',
]);
});
}
public function testOtherAccessDenial()
{
$this->prepare();
$this->grantAccess('editComment.own');
$comment = $this->mockComment(Auth::getCurrentUser());
//login as someone else
$this->login($this->mockUser());
$this->assert->throws(function() use ($comment) $this->assert->throws(function() use ($comment)
{ {
@ -128,7 +131,7 @@ class EditCommentJobTest extends AbstractTest
$this->prepare(); $this->prepare();
$this->assert->throws(function() $this->assert->throws(function()
{ {
return Api::run( Api::run(
new EditCommentJob(), new EditCommentJob(),
[ [
EditCommentJob::COMMENT_ID => 100, EditCommentJob::COMMENT_ID => 100,

13
tests/JobTests/ListCommentsJobTest.php
View file

@ -3,6 +3,8 @@ class ListCommentJobTest extends AbstractTest
{ {
public function testNone() public function testNone()
{ {
$this->grantAccess('listComments');
$this->assert->areEqual(0, CommentModel::getCount()); $this->assert->areEqual(0, CommentModel::getCount());
$ret = $this->runApi(1); $ret = $this->runApi(1);
@ -11,6 +13,9 @@ class ListCommentJobTest extends AbstractTest
public function testSingle() public function testSingle()
{ {
$this->grantAccess('listComments');
$this->grantAccess('listPosts');
$this->assert->areEqual(0, CommentModel::getCount()); $this->assert->areEqual(0, CommentModel::getCount());
$this->mockComment($this->mockUser()); $this->mockComment($this->mockUser());
@ -32,6 +37,9 @@ class ListCommentJobTest extends AbstractTest
public function testPaging() public function testPaging()
{ {
$this->grantAccess('listComments');
$this->grantAccess('listPosts');
getConfig()->comments->commentsPerPage = 2; getConfig()->comments->commentsPerPage = 2;
$this->assert->areEqual(0, CommentModel::getCount()); $this->assert->areEqual(0, CommentModel::getCount());
@ -49,17 +57,12 @@ class ListCommentJobTest extends AbstractTest
public function testAccessDenial() public function testAccessDenial()
{ {
getConfig()->privileges->listComments = 'nobody';
Access::init();
$this->assert->isFalse(Access::check(new Privilege(Privilege::ListComments)));
$this->assert->throws(function() $this->assert->throws(function()
{ {
$this->runApi(1); $this->runApi(1);
}, 'Insufficient privileges'); }, 'Insufficient privileges');
} }
protected function runApi($page) protected function runApi($page)
{ {
return Api::run( return Api::run(

12
tests/JobTests/PreviewCommentJobTest.php
View file

@ -62,20 +62,16 @@ class PreviewCommentJobTest extends AbstractTest
$this->prepare(); $this->prepare();
Auth::setCurrentUser(null); Auth::setCurrentUser(null);
$this->assert->throws(function() $this->assert->doesNotThrow(function()
{ {
$this->assert->isFalse(Auth::isLoggedIn());
return $this->runApi('alohaaaaaaa'); return $this->runApi('alohaaaaaaa');
}, 'Insufficient privileges'); });
} }
public function testAccessDenial() public function testAccessDenial()
{ {
$this->prepare(); $this->prepare();
$this->revokeAccess('addComment');
getConfig()->privileges->addComment = 'nobody';
Access::init();
$this->assert->isFalse(Access::check(new Privilege(Privilege::AddComment)));
$this->assert->throws(function() $this->assert->throws(function()
{ {
@ -98,6 +94,8 @@ class PreviewCommentJobTest extends AbstractTest
protected function prepare() protected function prepare()
{ {
getConfig()->registration->needEmailForCommenting = false;
$this->grantAccess('addComment');
$this->login($this->mockUser()); $this->login($this->mockUser());
} }
} }

124
tests/MiscTests/AccessTest.php Normal file
View file

@ -0,0 +1,124 @@
<?php
class AccessTest extends AbstractTest
{
public function testDefaultPrivilege()
{
//by default, all privileges are set to false
$this->assert->isFalse(Access::check(new Privilege(Privilege::ListPosts)));
}
public function testAccessRanks1()
{
$user = $this->mockUser();
$user->setAccessRank(new AccessRank(AccessRank::Admin));
$this->assert->isFalse(Access::check(new Privilege(Privilege::ListPosts), $user));
$user->setAccessRank(new AccessRank(AccessRank::Moderator));
$this->assert->isFalse(Access::check(new Privilege(Privilege::ListPosts), $user));
$user->setAccessRank(new AccessRank(AccessRank::PowerUser));
$this->assert->isFalse(Access::check(new Privilege(Privilege::ListPosts), $user));
$user->setAccessRank(new AccessRank(AccessRank::Registered));
$this->assert->isFalse(Access::check(new Privilege(Privilege::ListPosts), $user));
$user->setAccessRank(new AccessRank(AccessRank::Nobody));
$this->assert->isTrue(Access::check(new Privilege(Privilege::ListPosts), $user));
}
public function testAccessRanks2()
{
getConfig()->privileges->listPosts = 'power-user';
Access::init();
$user = $this->mockUser();
$user->setAccessRank(new AccessRank(AccessRank::Admin));
$this->assert->isTrue(Access::check(new Privilege(Privilege::ListPosts), $user));
$user->setAccessRank(new AccessRank(AccessRank::Moderator));
$this->assert->isTrue(Access::check(new Privilege(Privilege::ListPosts), $user));
$user->setAccessRank(new AccessRank(AccessRank::PowerUser));
$this->assert->isTrue(Access::check(new Privilege(Privilege::ListPosts), $user));
$user->setAccessRank(new AccessRank(AccessRank::Registered));
$this->assert->isFalse(Access::check(new Privilege(Privilege::ListPosts), $user));
$user->setAccessRank(new AccessRank(AccessRank::Nobody));
$this->assert->isTrue(Access::check(new Privilege(Privilege::ListPosts), $user));
}
public function testSubPrivileges1()
{
getConfig()->privileges->{'listPosts.dummy'} = 'power-user';
Access::init();
$user = $this->mockUser();
$user->setAccessRank(new AccessRank(AccessRank::PowerUser));
$this->assert->isTrue(Access::check(new Privilege(Privilege::ListPosts, 'dummy'), $user));
$this->assert->isTrue(Access::check(new Privilege(Privilege::ListPosts, 'baka'), $user));
$this->assert->isTrue(Access::check(new Privilege(Privilege::ListPosts), $user));
}
public function testSubPrivileges2a()
{
getConfig()->privileges->{'listPosts.dummy'} = 'power-user';
getConfig()->privileges->{'listPosts'} = 'admin';
Access::init();
$this->testSubPrivileges2();
}
public function testSubPrivileges2b()
{
getConfig()->privileges->{'listPosts'} = 'admin';
getConfig()->privileges->{'listPosts.dummy'} = 'power-user';
Access::init();
$this->testSubPrivileges2();
}
protected function testSubPrivileges2()
{
$user = $this->mockUser();
$user->setAccessRank(new AccessRank(AccessRank::PowerUser));
$this->assert->isTrue(Access::check(new Privilege(Privilege::ListPosts, 'dummy'), $user));
$this->assert->isFalse(Access::check(new Privilege(Privilege::ListPosts, 'baka'), $user));
$this->assert->isFalse(Access::check(new Privilege(Privilege::ListPosts), $user));
$user->setAccessRank(new AccessRank(AccessRank::Admin));
$this->assert->isTrue(Access::check(new Privilege(Privilege::ListPosts, 'dummy'), $user));
$this->assert->isTrue(Access::check(new Privilege(Privilege::ListPosts, 'baka'), $user));
$this->assert->isTrue(Access::check(new Privilege(Privilege::ListPosts), $user));
}
public function testSubPrivileges3a()
{
getConfig()->privileges->{'listPosts.dummy'} = 'power-user';
getConfig()->privileges->{'listPosts.baka'} = 'admin';
getConfig()->privileges->{'listPosts'} = 'nobody';
Access::init();
$this->testSubPrivileges3();
}
public function testSubPrivileges3b()
{
getConfig()->privileges->{'listPosts'} = 'nobody';
getConfig()->privileges->{'listPosts.dummy'} = 'power-user';
getConfig()->privileges->{'listPosts.baka'} = 'admin';
Access::init();
$this->testSubPrivileges3();
}
protected function testSubPrivileges3()
{
$user = $this->mockUser();
$user->setAccessRank(new AccessRank(AccessRank::PowerUser));
$this->assert->isTrue(Access::check(new Privilege(Privilege::ListPosts, 'dummy'), $user));
$this->assert->isFalse(Access::check(new Privilege(Privilege::ListPosts, 'baka'), $user));
$this->assert->isFalse(Access::check(new Privilege(Privilege::ListPosts), $user));
$user->setAccessRank(new AccessRank(AccessRank::Admin));
$this->assert->isTrue(Access::check(new Privilege(Privilege::ListPosts, 'dummy'), $user));
$this->assert->isTrue(Access::check(new Privilege(Privilege::ListPosts, 'baka'), $user));
$this->assert->isFalse(Access::check(new Privilege(Privilege::ListPosts), $user));
}
}

65
tests/config.ini
View file

@ -52,9 +52,6 @@ userNameMinLength = 3
userNameMaxLength = 20 userNameMaxLength = 20
userNameRegex = "/^[\w_-]+$/ui" userNameRegex = "/^[\w_-]+$/ui"
needEmailForRegistering = 0
needEmailForCommenting = 0
needEmailForUploading = 0
confirmationEmailEnabled = 1 confirmationEmailEnabled = 1
confirmationEmailSenderName = "{host} mailing system" confirmationEmailSenderName = "{host} mailing system"
confirmationEmailSenderEmail = "noreply@{host}" confirmationEmailSenderEmail = "noreply@{host}"
@ -66,65 +63,3 @@ passwordResetEmailSubject = "{host} - password reset"
passwordResetEmailBody = "Hello,{nl}{nl}You received this e-mail because someone requested a password reset for user with this e-mail address at {host}. If it's you, visit {link} to finish password reset process, otherwise you may ignore and delete this e-mail.{nl}{nl}Kind regards,{nl}{host} mailing system" passwordResetEmailBody = "Hello,{nl}{nl}You received this e-mail because someone requested a password reset for user with this e-mail address at {host}. If it's you, visit {link} to finish password reset process, otherwise you may ignore and delete this e-mail.{nl}{nl}Kind regards,{nl}{host} mailing system"
[privileges] [privileges]
registerAccount=anonymous
;registerAccount=nobody
uploadPost=registered
listPosts=anonymous
listPosts.sketchy=registered
listPosts.unsafe=registered
listPosts.hidden=moderator
viewPost=anonymous
viewPost.sketchy=registered
viewPost.unsafe=registered
viewPost.hidden=moderator
retrievePost=anonymous
favoritePost=registered
editPostSafety.own=registered
editPostSafety.all=moderator
editPostTags=registered
editPostThumb=moderator
editPostSource=moderator
editPostRelations.own=registered
editPostRelations.all=moderator
editPostFile=moderator
massTag.own=registered
massTag.all=power-user
hidePost=moderator
deletePost=moderator
featurePost=moderator
scorePost=registered
flagPost=registered
listUsers=registered
viewUser=registered
viewUserEmail.all=admin
viewUserEmail.own=registered
changeUserPassword.own=registered
changeUserPassword.all=admin
changeUserEmail.own=registered
changeUserEmail.all=admin
changeUserAccessRank=admin
changeUserName=moderator
changeUserSettings.all=nobody
changeUserSettings.own=registered
acceptUserRegistration=moderator
banUser.own=nobody
banUser.all=admin
deleteUser.own=registered
deleteUser.all=nobody
flagUser=registered
listComments=anonymous
addComment=registered
deleteComment.own=registered
deleteComment.all=moderator
editComment.own=registered
editComment.all=admin
listTags=anonymous
mergeTags=moderator
renameTags=moderator
listLogs=moderator
viewLog=moderator

2
tests/run-all.php
View file

@ -66,7 +66,7 @@ function getTestMethods($filter)
$reflectionClass = new ReflectionClass($class); $reflectionClass = new ReflectionClass($class);
foreach ($reflectionClass->getMethods() as $method) foreach ($reflectionClass->getMethods() as $method)
{ {
if (preg_match('/test/i', $method->name)) if (preg_match('/test/i', $method->name) and $method->isPublic())
{ {
$testMethods []= $method; $testMethods []= $method;
} }