From 410237d6784d4e8eb36d01c8b1d1f310b8a7e783 Mon Sep 17 00:00:00 2001 From: Marcin Kurczewski Date: Tue, 6 May 2014 19:39:41 +0200 Subject: [PATCH] Better privilege checking for batch operations --- data/config.ini | 12 ++++- src/Access.php | 6 +-- src/AccessException.php | 4 ++ src/Api/AbstractJob.php | 20 +++++++++ src/Api/Api.php | 4 ++ src/Api/ApiJobUnsatisfiedException.php | 8 ++++ src/Api/Jobs/AbstractPostEditJob.php | 11 ----- src/Api/Jobs/AbstractUserEditJob.php | 11 ----- src/Api/Jobs/AddPostJob.php | 13 +++--- src/Api/Jobs/AddUserJob.php | 4 +- src/Api/Jobs/EditPostContentJob.php | 14 ++++-- src/Api/Jobs/EditPostJob.php | 20 ++++++--- src/Api/Jobs/EditPostRelationsJob.php | 13 ++++-- src/Api/Jobs/EditPostSafetyJob.php | 13 ++++-- src/Api/Jobs/EditPostSourceJob.php | 13 ++++-- src/Api/Jobs/EditPostTagsJob.php | 13 ++++-- src/Api/Jobs/EditPostThumbJob.php | 13 ++++-- src/Api/Jobs/EditUserAccessRankJob.php | 9 +++- src/Api/Jobs/EditUserEmailJob.php | 9 +++- src/Api/Jobs/EditUserJob.php | 13 +++--- src/Api/Jobs/EditUserNameJob.php | 9 +++- src/Api/Jobs/EditUserPasswordJob.php | 9 +++- src/Enum.php | 2 +- src/Models/Enums/Privilege.php | 21 ++++++--- src/Views/top-navigation.phtml | 2 +- tests/AbstractTest.php | 5 +++ tests/Api/ApiPrivilegeTest.php | 18 +++++++- tests/JobTests/AddPostJobTest.php | 55 +++++++++++++++++++++++ tests/JobTests/EditPostContentJobTest.php | 5 --- tests/JobTests/EditPostJobTest.php | 50 +++++++++++++++++++++ 30 files changed, 314 insertions(+), 85 deletions(-) create mode 100644 src/AccessException.php create mode 100644 src/Api/ApiJobUnsatisfiedException.php delete mode 100644 src/Api/Jobs/AbstractPostEditJob.php delete mode 100644 src/Api/Jobs/AbstractUserEditJob.php create mode 100644 tests/JobTests/AddPostJobTest.php create mode 100644 tests/JobTests/EditPostJobTest.php diff --git a/data/config.ini b/data/config.ini index 962b38dd..43ed3fbf 100644 --- a/data/config.ini +++ b/data/config.ini @@ -73,7 +73,6 @@ passwordResetEmailBody = "Hello,{nl}{nl}You received this e-mail because someone registerAccount=anonymous ;registerAccount=nobody -uploadPost=registered listPosts=anonymous listPosts.sketchy=registered listPosts.unsafe=registered @@ -84,6 +83,16 @@ viewPost.unsafe=registered viewPost.hidden=moderator retrievePost=anonymous favoritePost=registered + +addPost=registered +addPostSafety=registered +addPostTags=registered +addPostThumb=power-user +addPostSource=registered +addPostRelations=power-user +addPostContent=registered + +editPost=registered editPostSafety.own=registered editPostSafety.all=moderator editPostTags=registered @@ -92,6 +101,7 @@ editPostSource=moderator editPostRelations.own=registered editPostRelations.all=moderator editPostContent=moderator + massTag.own=registered massTag.all=power-user hidePost=moderator diff --git a/src/Access.php b/src/Access.php index 35043dca..90e0e6ca 100644 --- a/src/Access.php +++ b/src/Access.php @@ -86,7 +86,7 @@ class Access public static function assert(Privilege $privilege, $user = null) { if (!self::check($privilege, $user)) - self::fail(); + self::fail('Insufficient privileges (' . $privilege->toString() . ')'); } public static function assertEmailConfirmation($user = null) @@ -95,9 +95,9 @@ class Access self::fail('Need e-mail address confirmation to continue'); } - public static function fail($message = 'Insufficient privileges') + public static function fail($message) { - throw new SimpleException($message); + throw new AccessException($message); } public static function getIdentity($user) diff --git a/src/AccessException.php b/src/AccessException.php new file mode 100644 index 00000000..f53a3afe --- /dev/null +++ b/src/AccessException.php @@ -0,0 +1,4 @@ +context; + } + + public function setContext($context) + { + $this->context = $context; + } + public function getArgument($key) { if (!$this->hasArgument($key)) diff --git a/src/Api/Api.php b/src/Api/Api.php index efa837f2..f89cbeba 100644 --- a/src/Api/Api.php +++ b/src/Api/Api.php @@ -8,6 +8,10 @@ final class Api return \Chibi\Database::transaction(function() use ($job, $jobArgs) { $job->setArguments($jobArgs); + + if (!$job->isSatisfied()) + throw new ApiJobUnsatisfiedException($job); + $job->prepare(); self::checkPrivileges($job); diff --git a/src/Api/ApiJobUnsatisfiedException.php b/src/Api/ApiJobUnsatisfiedException.php new file mode 100644 index 00000000..43c799ec --- /dev/null +++ b/src/Api/ApiJobUnsatisfiedException.php @@ -0,0 +1,8 @@ +skipSaving = true; - return $this; - } -} diff --git a/src/Api/Jobs/AbstractUserEditJob.php b/src/Api/Jobs/AbstractUserEditJob.php deleted file mode 100644 index c72f4639..00000000 --- a/src/Api/Jobs/AbstractUserEditJob.php +++ /dev/null @@ -1,11 +0,0 @@ -skipSaving = true; - return $this; - } -} diff --git a/src/Api/Jobs/AddPostJob.php b/src/Api/Jobs/AddPostJob.php index f9dfb29f..bc372cee 100644 --- a/src/Api/Jobs/AddPostJob.php +++ b/src/Api/Jobs/AddPostJob.php @@ -6,7 +6,6 @@ class AddPostJob extends AbstractJob public function execute() { $post = PostModel::spawn(); - Logger::bufferChanges(); //basic stuff $anonymous = $this->getArgument(self::ANONYMOUS); @@ -20,14 +19,16 @@ class AddPostJob extends AbstractJob //warning: it uses internally the same privileges as post editing $arguments = $this->getArguments(); $arguments[EditPostJob::POST_ENTITY] = $post; - Api::run((new EditPostJob)->skipSaving(), $arguments); + + Logger::bufferChanges(); + $job = new EditPostJob(); + $job->setContext(AbstractJob::CONTEXT_BATCH_ADD); + Api::run($job, $arguments); + Logger::setBuffer([]); //save to db PostModel::save($post); - //clean edit log - Logger::setBuffer([]); - //log Logger::log('{user} added {post} (tags: {tags}, safety: {safety}, source: {source})', [ 'user' => ($anonymous and !getConfig()->misc->logAnonymousUploads) @@ -46,7 +47,7 @@ class AddPostJob extends AbstractJob public function requiresPrivilege() { - return new Privilege(Privilege::UploadPost); + return new Privilege(Privilege::AddPost); } public function requiresConfirmedEmail() diff --git a/src/Api/Jobs/AddUserJob.php b/src/Api/Jobs/AddUserJob.php index 802c1ab6..e30fdad4 100644 --- a/src/Api/Jobs/AddUserJob.php +++ b/src/Api/Jobs/AddUserJob.php @@ -20,7 +20,9 @@ class AddUserJob extends AbstractJob Logger::bufferChanges(); Access::disablePrivilegeChecking(); - Api::run((new EditUserJob)->skipSaving(), $arguments); + $job = new EditUserJob(); + $job->setContext(self::CONTEXT_BATCH_ADD); + Api::run($job, $arguments); Access::enablePrivilegeChecking(); Logger::setBuffer([]); diff --git a/src/Api/Jobs/EditPostContentJob.php b/src/Api/Jobs/EditPostContentJob.php index 72c5caef..9aafe44f 100644 --- a/src/Api/Jobs/EditPostContentJob.php +++ b/src/Api/Jobs/EditPostContentJob.php @@ -1,9 +1,15 @@ hasArgument(self::POST_CONTENT) + or $this->hasArgument(self::POST_CONTENT_URL); + } + public function execute() { $post = $this->post; @@ -19,7 +25,7 @@ class EditPostContentJob extends AbstractPostEditJob $post->setContentFromPath($file->filePath, $file->fileName); } - if (!$this->skipSaving) + if ($this->getContext() == self::CONTEXT_NORMAL) PostModel::save($post); Logger::log('{user} changed contents of {post}', [ @@ -32,7 +38,9 @@ class EditPostContentJob extends AbstractPostEditJob public function requiresPrivilege() { return new Privilege( - Privilege::EditPostContent, + $this->getContext() == self::CONTEXT_BATCH_ADD + ? Privilege::AddPostContent + : Privilege::EditPostContent, Access::getIdentity($this->post->getUploader())); } } diff --git a/src/Api/Jobs/EditPostJob.php b/src/Api/Jobs/EditPostJob.php index a832e48b..aafff537 100644 --- a/src/Api/Jobs/EditPostJob.php +++ b/src/Api/Jobs/EditPostJob.php @@ -1,5 +1,5 @@ skipSaving) - $subJob->skipSaving(); + $subJob->setContext($this->getContext() == self::CONTEXT_BATCH_ADD + ? self::CONTEXT_BATCH_ADD + : self::CONTEXT_BATCH_EDIT); $args = $this->getArguments(); $args[self::POST_ENTITY] = $post; @@ -28,15 +29,24 @@ class EditPostJob extends AbstractPostEditJob { Api::run($subJob, $args); } - catch (ApiMissingArgumentException $e) + catch (ApiJobUnsatisfiedException $e) { } } - if (!$this->skipSaving) + if ($this->getContext() == AbstractJob::CONTEXT_NORMAL) PostModel::save($post); Logger::flush(); return $post; } + + public function requiresPrivilege() + { + return new Privilege( + $this->getContext() == self::CONTEXT_BATCH_ADD + ? Privilege::AddPost + : Privilege::EditPost, + Access::getIdentity($this->post->getUploader())); + } } diff --git a/src/Api/Jobs/EditPostRelationsJob.php b/src/Api/Jobs/EditPostRelationsJob.php index 7a1c3a5e..722acb92 100644 --- a/src/Api/Jobs/EditPostRelationsJob.php +++ b/src/Api/Jobs/EditPostRelationsJob.php @@ -1,8 +1,13 @@ hasArgument(self::RELATED_POST_IDS); + } + public function execute() { $post = $this->post; @@ -12,7 +17,7 @@ class EditPostRelationsJob extends AbstractPostEditJob $post->setRelationsFromText($relations); $newRelatedIds = array_map(function($post) { return $post->getId(); }, $post->getRelations()); - if (!$this->skipSaving) + if ($this->getContext() == self::CONTEXT_NORMAL) PostModel::save($post); foreach (array_diff($oldRelatedIds, $newRelatedIds) as $post2id) @@ -37,7 +42,9 @@ class EditPostRelationsJob extends AbstractPostEditJob public function requiresPrivilege() { return new Privilege( - Privilege::EditPostRelations, + $this->getContext() == self::CONTEXT_BATCH_ADD + ? Privilege::AddPostRelations + : Privilege::EditPostRelations, Access::getIdentity($this->post->getUploader())); } } diff --git a/src/Api/Jobs/EditPostSafetyJob.php b/src/Api/Jobs/EditPostSafetyJob.php index 2322e212..5ef3a44c 100644 --- a/src/Api/Jobs/EditPostSafetyJob.php +++ b/src/Api/Jobs/EditPostSafetyJob.php @@ -1,8 +1,13 @@ hasArgument(self::SAFETY); + } + public function execute() { $post = $this->post; @@ -11,7 +16,7 @@ class EditPostSafetyJob extends AbstractPostEditJob $oldSafety = $post->getSafety(); $post->setSafety($newSafety); - if (!$this->skipSaving) + if ($this->getContext() == self::CONTEXT_NORMAL) PostModel::save($post); if ($oldSafety != $newSafety) @@ -28,7 +33,9 @@ class EditPostSafetyJob extends AbstractPostEditJob public function requiresPrivilege() { return new Privilege( - Privilege::EditPostSafety, + $this->getContext() == self::CONTEXT_BATCH_ADD + ? Privilege::AddPostSafety + : Privilege::EditPostSafety, Access::getIdentity($this->post->getUploader())); } } diff --git a/src/Api/Jobs/EditPostSourceJob.php b/src/Api/Jobs/EditPostSourceJob.php index 864453bf..a91bee85 100644 --- a/src/Api/Jobs/EditPostSourceJob.php +++ b/src/Api/Jobs/EditPostSourceJob.php @@ -1,8 +1,13 @@ hasArgument(self::SOURCE); + } + public function execute() { $post = $this->post; @@ -11,7 +16,7 @@ class EditPostSourceJob extends AbstractPostEditJob $oldSource = $post->source; $post->setSource($newSource); - if (!$this->skipSaving) + if ($this->getContext() == self::CONTEXT_NORMAL) PostModel::save($post); if ($oldSource != $newSource) @@ -28,7 +33,9 @@ class EditPostSourceJob extends AbstractPostEditJob public function requiresPrivilege() { return new Privilege( - Privilege::EditPostSource, + $this->getContext() == self::CONTEXT_BATCH_ADD + ? Privilege::AddPostSource + : Privilege::EditPostSource, Access::getIdentity($this->post->getUploader())); } } diff --git a/src/Api/Jobs/EditPostTagsJob.php b/src/Api/Jobs/EditPostTagsJob.php index cdf0dd7e..2cfbe4a5 100644 --- a/src/Api/Jobs/EditPostTagsJob.php +++ b/src/Api/Jobs/EditPostTagsJob.php @@ -1,6 +1,11 @@ hasArgument(self::TAG_NAMES); + } + public function execute() { $post = $this->post; @@ -10,7 +15,7 @@ class EditPostTagsJob extends AbstractPostEditJob $post->setTagsFromText($tags); $newTags = array_map(function($tag) { return $tag->getName(); }, $post->getTags()); - if (!$this->skipSaving) + if ($this->getContext() == self::CONTEXT_NORMAL) { PostModel::save($post); TagModel::removeUnused(); @@ -38,7 +43,9 @@ class EditPostTagsJob extends AbstractPostEditJob public function requiresPrivilege() { return new Privilege( - Privilege::EditPostTags, + $this->getContext() == self::CONTEXT_BATCH_ADD + ? Privilege::AddPostTags + : Privilege::EditPostTags, Access::getIdentity($this->post->getUploader())); } } diff --git a/src/Api/Jobs/EditPostThumbJob.php b/src/Api/Jobs/EditPostThumbJob.php index e314bd96..1649e435 100644 --- a/src/Api/Jobs/EditPostThumbJob.php +++ b/src/Api/Jobs/EditPostThumbJob.php @@ -1,8 +1,13 @@ hasArgument(self::THUMB_CONTENT); + } + public function execute() { $post = $this->post; @@ -10,7 +15,7 @@ class EditPostThumbJob extends AbstractPostEditJob $post->setCustomThumbnailFromPath($file->filePath); - if (!$this->skipSaving) + if ($this->getContext() == self::CONTEXT_NORMAL) PostModel::save($post); Logger::log('{user} changed thumb of {post}', [ @@ -23,7 +28,9 @@ class EditPostThumbJob extends AbstractPostEditJob public function requiresPrivilege() { return new Privilege( - Privilege::EditPostThumb, + $this->getContext() == self::CONTEXT_BATCH_ADD + ? Privilege::AddPostThumb + : Privilege::EditPostThumb, Access::getIdentity($this->post->getUploader())); } } diff --git a/src/Api/Jobs/EditUserAccessRankJob.php b/src/Api/Jobs/EditUserAccessRankJob.php index 4f84769c..09d646c0 100644 --- a/src/Api/Jobs/EditUserAccessRankJob.php +++ b/src/Api/Jobs/EditUserAccessRankJob.php @@ -1,8 +1,13 @@ hasArgument(self::NEW_ACCESS_RANK); + } + public function execute() { $user = $this->user; @@ -14,7 +19,7 @@ class EditUserAccessRankJob extends AbstractUserEditJob $user->setAccessRank($newAccessRank); - if (!$this->skipSaving) + if ($this->getContext() == self::CONTEXT_NORMAL) UserModel::save($user); Logger::log('{user} changed {subject}\'s access rank to {rank}', [ diff --git a/src/Api/Jobs/EditUserEmailJob.php b/src/Api/Jobs/EditUserEmailJob.php index a76ed275..7841fa86 100644 --- a/src/Api/Jobs/EditUserEmailJob.php +++ b/src/Api/Jobs/EditUserEmailJob.php @@ -1,8 +1,13 @@ hasArgument(self::NEW_EMAIL); + } + public function execute() { if (getConfig()->registration->needEmailForRegistering) @@ -29,7 +34,7 @@ class EditUserEmailJob extends AbstractUserEditJob $user->confirmEmail(); } - if (!$this->skipSaving) + if ($this->getContext() == self::CONTEXT_NORMAL) UserModel::save($user); Logger::log('{user} changed {subject}\'s e-mail to {mail}', [ diff --git a/src/Api/Jobs/EditUserJob.php b/src/Api/Jobs/EditUserJob.php index 501c9fa1..3e43dc7e 100644 --- a/src/Api/Jobs/EditUserJob.php +++ b/src/Api/Jobs/EditUserJob.php @@ -1,5 +1,5 @@ subJobs as $subJob) { - if ($this->skipSaving) - $subJob->skipSaving(); + $subJob->setContext($this->getContext() == self::CONTEXT_BATCH_ADD + ? self::CONTEXT_BATCH_ADD + : self::CONTEXT_BATCH_EDIT); $args = $this->getArguments(); $args[self::USER_ENTITY] = $user; @@ -49,12 +50,12 @@ class EditUserJob extends AbstractUserEditJob { Api::run($subJob, $args); } - catch (ApiMissingArgumentException $e) + catch (ApiJobUnsatisfiedException $e) { } } - if (!$this->skipSaving) + if ($this->getContext() == self::CONTEXT_NORMAL) UserModel::save($user); Logger::flush(); diff --git a/src/Api/Jobs/EditUserNameJob.php b/src/Api/Jobs/EditUserNameJob.php index d65caff8..c92d4440 100644 --- a/src/Api/Jobs/EditUserNameJob.php +++ b/src/Api/Jobs/EditUserNameJob.php @@ -1,8 +1,13 @@ hasArgument(self::NEW_USER_NAME); + } + public function execute() { $user = $this->user; @@ -15,7 +20,7 @@ class EditUserNameJob extends AbstractUserEditJob $user->setName($newName); UserModel::validateUserName($user); - if (!$this->skipSaving) + if ($this->getContext() == self::CONTEXT_NORMAL) UserModel::save($user); Logger::log('{user} renamed {old} to {new}', [ diff --git a/src/Api/Jobs/EditUserPasswordJob.php b/src/Api/Jobs/EditUserPasswordJob.php index ad0604f1..39c62bc5 100644 --- a/src/Api/Jobs/EditUserPasswordJob.php +++ b/src/Api/Jobs/EditUserPasswordJob.php @@ -1,8 +1,13 @@ hasArgument(self::NEW_PASSWORD); + } + public function execute() { $user = $this->user; @@ -15,7 +20,7 @@ class EditUserPasswordJob extends AbstractUserEditJob $user->passHash = $newPasswordHash; - if (!$this->skipSaving) + if ($this->getContext() == self::CONTEXT_NORMAL) UserModel::save($user); Logger::log('{user} changed {subject}\'s password', [ diff --git a/src/Enum.php b/src/Enum.php index 3188f4d7..5feb460a 100644 --- a/src/Enum.php +++ b/src/Enum.php @@ -13,7 +13,7 @@ abstract class Enum public function toDisplayString() { return TextCaseConverter::convert($this->toString(), - TextCaseConverter::SNAKE_CASE, + TextCaseConverter::CAMEL_CASE, TextCaseConverter::BLANK_CASE); } diff --git a/src/Models/Enums/Privilege.php b/src/Models/Enums/Privilege.php index f8840c88..04afb60f 100644 --- a/src/Models/Enums/Privilege.php +++ b/src/Models/Enums/Privilege.php @@ -2,21 +2,30 @@ class Privilege extends Enum { const ListPosts = 1; - const UploadPost = 2; const ViewPost = 3; const RetrievePost = 4; const FavoritePost = 5; + const HidePost = 9; + const DeletePost = 10; + const FeaturePost = 25; + const ScorePost = 31; + const FlagPost = 34; + + const EditPost = 45; const EditPostSafety = 6; const EditPostTags = 7; const EditPostThumb = 8; const EditPostSource = 26; const EditPostRelations = 30; const EditPostContent = 36; - const HidePost = 9; - const DeletePost = 10; - const FeaturePost = 25; - const ScorePost = 31; - const FlagPost = 34; + + const AddPost = 2; + const AddPostSafety = 39; + const AddPostTags = 40; + const AddPostThumb = 41; + const AddPostSource = 42; + const AddPostRelations = 43; + const AddPostContent = 44; const RegisterAccount = 38; const ListUsers = 11; diff --git a/src/Views/top-navigation.phtml b/src/Views/top-navigation.phtml index f469312d..09f45d23 100644 --- a/src/Views/top-navigation.phtml +++ b/src/Views/top-navigation.phtml @@ -26,7 +26,7 @@ $activeController == 'post' and $activeAction != 'upload'); } - if (Access::check(new Privilege(Privilege::UploadPost))) + if (Access::check(new Privilege(Privilege::AddPost))) { $registerNavItem( 'Upload', diff --git a/tests/AbstractTest.php b/tests/AbstractTest.php index 93d8d3c7..88843990 100644 --- a/tests/AbstractTest.php +++ b/tests/AbstractTest.php @@ -59,4 +59,9 @@ class AbstractTest getConfig()->privileges->$privilege = 'nobody'; Access::init(); } + + protected function getPath($name) + { + return getConfig()->rootDir . DS . 'tests' . DS . 'TestFiles' . DS . $name; + } } diff --git a/tests/Api/ApiPrivilegeTest.php b/tests/Api/ApiPrivilegeTest.php index 9bd60e04..04756274 100644 --- a/tests/Api/ApiPrivilegeTest.php +++ b/tests/Api/ApiPrivilegeTest.php @@ -15,9 +15,8 @@ class ApiPrivilegeTest extends AbstractFullApiTest $this->testRegularPrivilege(new ActivateUserEmailJob(), false); $this->testRegularPrivilege(new AddCommentJob(), new Privilege(Privilege::AddComment)); $this->testRegularPrivilege(new PreviewCommentJob(), new Privilege(Privilege::AddComment)); - $this->testRegularPrivilege(new AddPostJob(), new Privilege(Privilege::UploadPost)); + $this->testRegularPrivilege(new AddPostJob(), new Privilege(Privilege::AddPost)); $this->testRegularPrivilege(new AddUserJob(), new Privilege(Privilege::RegisterAccount)); - $this->testRegularPrivilege(new EditPostJob(), false); $this->testRegularPrivilege(new EditUserJob(), false); $this->testRegularPrivilege(new GetLogJob(), new Privilege(Privilege::ViewLog)); $this->testRegularPrivilege(new ListCommentsJob(), new Privilege(Privilege::ListComments)); @@ -42,12 +41,27 @@ class ApiPrivilegeTest extends AbstractFullApiTest $this->login($this->mockUser()); $this->testDynamicPostPrivilege(new DeletePostJob(), new Privilege(Privilege::DeletePost)); + $this->testDynamicPostPrivilege(new EditPostJob(), new Privilege(Privilege::EditPost)); $this->testDynamicPostPrivilege(new EditPostContentJob(), new Privilege(Privilege::EditPostContent)); $this->testDynamicPostPrivilege(new EditPostRelationsJob(), new Privilege(Privilege::EditPostRelations)); $this->testDynamicPostPrivilege(new EditPostSafetyJob(), new Privilege(Privilege::EditPostSafety)); $this->testDynamicPostPrivilege(new EditPostSourceJob(), new Privilege(Privilege::EditPostSource)); $this->testDynamicPostPrivilege(new EditPostTagsJob(), new Privilege(Privilege::EditPostTags)); $this->testDynamicPostPrivilege(new EditPostThumbJob(), new Privilege(Privilege::EditPostThumb)); + + $ctx = function($job) + { + $job->setContext(AbstractJob::CONTEXT_BATCH_ADD); + return $job; + }; + $this->testDynamicPostPrivilege($ctx(new EditPostJob), new Privilege(Privilege::AddPost)); + $this->testDynamicPostPrivilege($ctx(new EditPostContentJob), new Privilege(Privilege::AddPostContent)); + $this->testDynamicPostPrivilege($ctx(new EditPostRelationsJob), new Privilege(Privilege::AddPostRelations)); + $this->testDynamicPostPrivilege($ctx(new EditPostSafetyJob), new Privilege(Privilege::AddPostSafety)); + $this->testDynamicPostPrivilege($ctx(new EditPostSourceJob), new Privilege(Privilege::AddPostSource)); + $this->testDynamicPostPrivilege($ctx(new EditPostTagsJob), new Privilege(Privilege::AddPostTags)); + $this->testDynamicPostPrivilege($ctx(new EditPostThumbJob), new Privilege(Privilege::AddPostThumb)); + $this->testDynamicPostPrivilege(new FeaturePostJob(), new Privilege(Privilege::FeaturePost)); $this->testDynamicPostPrivilege(new FlagPostJob(), new Privilege(Privilege::FlagPost)); $this->testDynamicPostPrivilege(new ScorePostJob(), new Privilege(Privilege::ScorePost)); diff --git a/tests/JobTests/AddPostJobTest.php b/tests/JobTests/AddPostJobTest.php new file mode 100644 index 00000000..ac5ab7e5 --- /dev/null +++ b/tests/JobTests/AddPostJobTest.php @@ -0,0 +1,55 @@ +prepare(); + + $this->grantAccess('addPost'); + $this->grantAccess('addPostSafety'); + $this->grantAccess('addPostTags'); + $this->grantAccess('addPostSource'); + $this->grantAccess('addPostContent'); + + $args = + [ + AddPostJob::ANONYMOUS => false, + EditPostSafetyJob::SAFETY => PostSafety::Safe, + EditPostSourceJob::SOURCE => '', + EditPostContentJob::POST_CONTENT => new ApiFileInput($this->getPath('image.jpg'), 'test.jpg'), + ]; + + $this->assert->doesNotThrow(function() use ($args) + { + Api::run(new AddPostJob(), $args); + }); + } + + public function testPrivilegeFail() + { + $this->prepare(); + + $this->grantAccess('addPost'); + $this->grantAccess('addPostSafety'); + $this->grantAccess('addPostTags'); + $this->grantAccess('addPostContent'); + + $args = + [ + AddPostJob::ANONYMOUS => false, + EditPostSafetyJob::SAFETY => PostSafety::Safe, + EditPostSourceJob::SOURCE => '', + EditPostContentJob::POST_CONTENT => new ApiFileInput($this->getPath('image.jpg'), 'test.jpg'), + ]; + + $this->assert->throws(function() use ($args) + { + Api::run(new AddPostJob(), $args); + }, 'Insufficient privilege'); + } + + protected function prepare() + { + getConfig()->registration->needEmailForUploading = false; + } +} diff --git a/tests/JobTests/EditPostContentJobTest.php b/tests/JobTests/EditPostContentJobTest.php index 77a22470..5a588805 100644 --- a/tests/JobTests/EditPostContentJobTest.php +++ b/tests/JobTests/EditPostContentJobTest.php @@ -162,9 +162,4 @@ class EditPostContentJobTest extends AbstractTest return $post; } - - protected function getPath($name) - { - return getConfig()->rootDir . DS . 'tests' . DS . 'TestFiles' . DS . $name; - } } diff --git a/tests/JobTests/EditPostJobTest.php b/tests/JobTests/EditPostJobTest.php new file mode 100644 index 00000000..aff22337 --- /dev/null +++ b/tests/JobTests/EditPostJobTest.php @@ -0,0 +1,50 @@ +grantAccess('editPost'); + $this->grantAccess('editPostSafety'); + $this->grantAccess('editPostTags'); + $this->grantAccess('editPostSource'); + $this->grantAccess('editPostContent'); + + $post = $this->mockPost(Auth::getCurrentUser()); + + $args = + [ + EditPostJob::POST_ID => $post->getId(), + EditPostSafetyJob::SAFETY => PostSafety::Safe, + EditPostSourceJob::SOURCE => '', + EditPostContentJob::POST_CONTENT => new ApiFileInput($this->getPath('image.jpg'), 'test.jpg'), + ]; + + $this->assert->doesNotThrow(function() use ($args) + { + Api::run(new EditPostJob(), $args); + }); + } + + public function testPrivilegeFail() + { + $this->grantAccess('editPost'); + $this->grantAccess('editPostSafety'); + $this->grantAccess('editPostTags'); + $this->grantAccess('editPostContent'); + + $post = $this->mockPost(Auth::getCurrentUser()); + + $args = + [ + EditPostJob::POST_ID => $post->getId(), + EditPostSafetyJob::SAFETY => PostSafety::Safe, + EditPostSourceJob::SOURCE => '', + EditPostContentJob::POST_CONTENT => new ApiFileInput($this->getPath('image.jpg'), 'test.jpg'), + ]; + + $this->assert->throws(function() use ($args) + { + Api::run(new EditPostJob(), $args); + }, 'Insufficient privilege'); + } +}