Refactored privilege system
This commit is contained in:
parent
c70554330c
commit
8e8e983f28
15 changed files with 247 additions and 66 deletions
|
@ -8,11 +8,10 @@ secret = change
|
||||||
minPasswordLength = 5
|
minPasswordLength = 5
|
||||||
|
|
||||||
[security.privileges]
|
[security.privileges]
|
||||||
anonymous = register, viewUser
|
register = anonymous
|
||||||
regularUser = listUsers, viewUser, deleteOwnAccount
|
listUsers = regularUser, powerUser, moderator, administrator
|
||||||
powerUser = listUsers, viewUser, deleteOwnAccount
|
deleteOwnAccount = regularUser, powerUser, moderator, administrator
|
||||||
moderator = listUsers, viewUser, deleteOwnAccount
|
deleteAllAccounts = administrator
|
||||||
administrator = listUsers, viewUser, deleteOwnAccount, deleteUsers
|
|
||||||
|
|
||||||
[users]
|
[users]
|
||||||
minUserNameLength = 1
|
minUserNameLength = 1
|
||||||
|
|
|
@ -2,6 +2,13 @@ var App = App || {};
|
||||||
|
|
||||||
App.Auth = function(jQuery, util, api, appState, promise) {
|
App.Auth = function(jQuery, util, api, appState, promise) {
|
||||||
|
|
||||||
|
var privileges = {
|
||||||
|
register: 'register',
|
||||||
|
listUsers: 'listUsers',
|
||||||
|
deleteOwnAccount: 'deleteOwnAccount',
|
||||||
|
deleteAllAccounts: 'deleteAllAccounts',
|
||||||
|
};
|
||||||
|
|
||||||
function loginFromCredentials(userName, password, remember) {
|
function loginFromCredentials(userName, password, remember) {
|
||||||
return promise.make(function(resolve, reject) {
|
return promise.make(function(resolve, reject) {
|
||||||
promise.wait(api.post('/login', {userName: userName, password: password}))
|
promise.wait(api.post('/login', {userName: userName, password: password}))
|
||||||
|
@ -79,8 +86,14 @@ App.Auth = function(jQuery, util, api, appState, promise) {
|
||||||
appState.set('loggedIn', response.json.user && !!response.json.user.id);
|
appState.set('loggedIn', response.json.user && !!response.json.user.id);
|
||||||
}
|
}
|
||||||
|
|
||||||
function isLoggedIn() {
|
function isLoggedIn(userName) {
|
||||||
return appState.get('loggedIn');
|
if (!appState.get('loggedIn'))
|
||||||
|
return false;
|
||||||
|
if (typeof(userName) != 'undefined') {
|
||||||
|
if (getCurrentUser().name != userName)
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
function getCurrentUser() {
|
function getCurrentUser() {
|
||||||
|
@ -105,11 +118,14 @@ App.Auth = function(jQuery, util, api, appState, promise) {
|
||||||
loginAnonymous: loginAnonymous,
|
loginAnonymous: loginAnonymous,
|
||||||
tryLoginFromCookie: tryLoginFromCookie,
|
tryLoginFromCookie: tryLoginFromCookie,
|
||||||
logout: logout,
|
logout: logout,
|
||||||
|
|
||||||
|
startObservingLoginChanges: startObservingLoginChanges,
|
||||||
isLoggedIn: isLoggedIn,
|
isLoggedIn: isLoggedIn,
|
||||||
getCurrentUser: getCurrentUser,
|
getCurrentUser: getCurrentUser,
|
||||||
getCurrentPrivileges: getCurrentPrivileges,
|
getCurrentPrivileges: getCurrentPrivileges,
|
||||||
hasPrivilege: hasPrivilege,
|
hasPrivilege: hasPrivilege,
|
||||||
startObservingLoginChanges: startObservingLoginChanges,
|
|
||||||
|
privileges: privileges,
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
@ -33,7 +33,7 @@ App.Presenters.TopNavigationPresenter = function(
|
||||||
$el.html(template({
|
$el.html(template({
|
||||||
loggedIn: auth.isLoggedIn(),
|
loggedIn: auth.isLoggedIn(),
|
||||||
user: auth.getCurrentUser(),
|
user: auth.getCurrentUser(),
|
||||||
canListUsers: auth.hasPrivilege('listUsers')
|
canListUsers: auth.hasPrivilege(auth.privileges.listUsers)
|
||||||
}));
|
}));
|
||||||
$el.find('li.' + selectedElement).addClass('active');
|
$el.find('li.' + selectedElement).addClass('active');
|
||||||
};
|
};
|
||||||
|
|
|
@ -5,6 +5,7 @@ App.Presenters.UserListPresenter = function(
|
||||||
jQuery,
|
jQuery,
|
||||||
util,
|
util,
|
||||||
promise,
|
promise,
|
||||||
|
auth,
|
||||||
router,
|
router,
|
||||||
pagedCollectionPresenter,
|
pagedCollectionPresenter,
|
||||||
topNavigationPresenter,
|
topNavigationPresenter,
|
||||||
|
|
|
@ -21,7 +21,7 @@ App.Presenters.UserPresenter = function(
|
||||||
|
|
||||||
function init(args) {
|
function init(args) {
|
||||||
userName = args.userName;
|
userName = args.userName;
|
||||||
topNavigationPresenter.select(auth.isLoggedIn() && auth.getCurrentUser().name == userName ? 'my-account' : 'users');
|
topNavigationPresenter.select(auth.isLoggedIn(userName) ? 'my-account' : 'users');
|
||||||
|
|
||||||
promise.waitAll(
|
promise.waitAll(
|
||||||
util.promiseTemplate('user'),
|
util.promiseTemplate('user'),
|
||||||
|
@ -51,8 +51,8 @@ App.Presenters.UserPresenter = function(
|
||||||
function render() {
|
function render() {
|
||||||
var context = {
|
var context = {
|
||||||
user: user,
|
user: user,
|
||||||
canDeleteAccount: auth.hasPrivilege('deleteAccounts') ||
|
canDeleteAccount: auth.hasPrivilege(auth.privileges.deleteAllAccounts) ||
|
||||||
(auth.hasPrivilege('deleteOwnAccount') && auth.getCurrentUser().name == userName),
|
(auth.isLoggedIn(userName) && auth.hasPrivilege(auth.privileges.deleteOwnAccount)),
|
||||||
};
|
};
|
||||||
$el.html(template(context));
|
$el.html(template(context));
|
||||||
$el.find('.browsing-settings').html(browsingSettingsTemplate(context));
|
$el.find('.browsing-settings').html(browsingSettingsTemplate(context));
|
||||||
|
|
|
@ -4,23 +4,20 @@ namespace Szurubooru\Controllers;
|
||||||
final class AuthController extends AbstractController
|
final class AuthController extends AbstractController
|
||||||
{
|
{
|
||||||
private $authService;
|
private $authService;
|
||||||
private $userService;
|
private $privilegeService;
|
||||||
private $passwordService;
|
|
||||||
private $inputReader;
|
private $inputReader;
|
||||||
private $userViewProxy;
|
private $userViewProxy;
|
||||||
private $tokenViewProxy;
|
private $tokenViewProxy;
|
||||||
|
|
||||||
public function __construct(
|
public function __construct(
|
||||||
\Szurubooru\Services\AuthService $authService,
|
\Szurubooru\Services\AuthService $authService,
|
||||||
\Szurubooru\Services\UserService $userService,
|
\Szurubooru\Services\PrivilegeService $privilegeService,
|
||||||
\Szurubooru\Services\PasswordService $passwordService,
|
|
||||||
\Szurubooru\Helpers\InputReader $inputReader,
|
\Szurubooru\Helpers\InputReader $inputReader,
|
||||||
\Szurubooru\Controllers\ViewProxies\UserViewProxy $userViewProxy,
|
\Szurubooru\Controllers\ViewProxies\UserViewProxy $userViewProxy,
|
||||||
\Szurubooru\Controllers\ViewProxies\TokenViewProxy $tokenViewProxy)
|
\Szurubooru\Controllers\ViewProxies\TokenViewProxy $tokenViewProxy)
|
||||||
{
|
{
|
||||||
$this->authService = $authService;
|
$this->authService = $authService;
|
||||||
$this->userService = $userService;
|
$this->privilegeService = $privilegeService;
|
||||||
$this->passwordService = $passwordService;
|
|
||||||
$this->inputReader = $inputReader;
|
$this->inputReader = $inputReader;
|
||||||
$this->userViewProxy = $userViewProxy;
|
$this->userViewProxy = $userViewProxy;
|
||||||
$this->tokenViewProxy = $tokenViewProxy;
|
$this->tokenViewProxy = $tokenViewProxy;
|
||||||
|
@ -51,7 +48,7 @@ final class AuthController extends AbstractController
|
||||||
[
|
[
|
||||||
'token' => $this->tokenViewProxy->fromEntity($this->authService->getLoginToken()),
|
'token' => $this->tokenViewProxy->fromEntity($this->authService->getLoginToken()),
|
||||||
'user' => $this->userViewProxy->fromEntity($this->authService->getLoggedInUser()),
|
'user' => $this->userViewProxy->fromEntity($this->authService->getLoggedInUser()),
|
||||||
'privileges' => $this->authService->getCurrentPrivileges(),
|
'privileges' => $this->privilegeService->getCurrentPrivileges(),
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,18 +3,18 @@ namespace Szurubooru\Controllers;
|
||||||
|
|
||||||
final class UserController extends AbstractController
|
final class UserController extends AbstractController
|
||||||
{
|
{
|
||||||
private $authService;
|
private $privilegeService;
|
||||||
private $userService;
|
private $userService;
|
||||||
private $inputReader;
|
private $inputReader;
|
||||||
private $userViewProxy;
|
private $userViewProxy;
|
||||||
|
|
||||||
public function __construct(
|
public function __construct(
|
||||||
\Szurubooru\Services\AuthService $authService,
|
\Szurubooru\Services\PrivilegeService $privilegeService,
|
||||||
\Szurubooru\Services\UserService $userService,
|
\Szurubooru\Services\UserService $userService,
|
||||||
\Szurubooru\Helpers\InputReader $inputReader,
|
\Szurubooru\Helpers\InputReader $inputReader,
|
||||||
\Szurubooru\Controllers\ViewProxies\UserViewProxy $userViewProxy)
|
\Szurubooru\Controllers\ViewProxies\UserViewProxy $userViewProxy)
|
||||||
{
|
{
|
||||||
$this->authService = $authService;
|
$this->privilegeService = $privilegeService;
|
||||||
$this->userService = $userService;
|
$this->userService = $userService;
|
||||||
$this->inputReader = $inputReader;
|
$this->inputReader = $inputReader;
|
||||||
$this->userViewProxy = $userViewProxy;
|
$this->userViewProxy = $userViewProxy;
|
||||||
|
@ -31,8 +31,6 @@ final class UserController extends AbstractController
|
||||||
|
|
||||||
public function getByName($name)
|
public function getByName($name)
|
||||||
{
|
{
|
||||||
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_VIEW_USER);
|
|
||||||
|
|
||||||
$user = $this->userService->getByName($name);
|
$user = $this->userService->getByName($name);
|
||||||
if (!$user)
|
if (!$user)
|
||||||
throw new \DomainException('User with name "' . $name . '" was not found.');
|
throw new \DomainException('User with name "' . $name . '" was not found.');
|
||||||
|
@ -41,7 +39,7 @@ final class UserController extends AbstractController
|
||||||
|
|
||||||
public function getFiltered()
|
public function getFiltered()
|
||||||
{
|
{
|
||||||
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_LIST_USERS);
|
$this->privilegeService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_LIST_USERS);
|
||||||
|
|
||||||
$searchFormData = new \Szurubooru\FormData\SearchFormData($this->inputReader);
|
$searchFormData = new \Szurubooru\FormData\SearchFormData($this->inputReader);
|
||||||
$searchResult = $this->userService->getFiltered($searchFormData);
|
$searchResult = $this->userService->getFiltered($searchFormData);
|
||||||
|
@ -54,7 +52,7 @@ final class UserController extends AbstractController
|
||||||
|
|
||||||
public function register()
|
public function register()
|
||||||
{
|
{
|
||||||
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_REGISTER);
|
$this->privilegeService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_REGISTER);
|
||||||
|
|
||||||
$input = new \Szurubooru\FormData\RegistrationFormData($this->inputReader);
|
$input = new \Szurubooru\FormData\RegistrationFormData($this->inputReader);
|
||||||
$user = $this->userService->register($input);
|
$user = $this->userService->register($input);
|
||||||
|
@ -68,10 +66,11 @@ final class UserController extends AbstractController
|
||||||
|
|
||||||
public function delete($name)
|
public function delete($name)
|
||||||
{
|
{
|
||||||
if ($name == $this->authService->getLoggedInUser()->name)
|
$this->privilegeService->assertPrivilege(
|
||||||
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_DELETE_OWN_ACCOUNT);
|
$this->privilegeService->isLoggedIn($name)
|
||||||
else
|
? \Szurubooru\Privilege::PRIVILEGE_DELETE_OWN_ACCOUNT
|
||||||
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_DELETE_ACCOUNTS);
|
: \Szurubooru\Privilege::PRIVILEGE_DELETE_ACCOUNTS);
|
||||||
|
|
||||||
return $this->userService->deleteByName($name);
|
return $this->userService->deleteByName($name);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,6 +3,13 @@ namespace Szurubooru\Controllers\ViewProxies;
|
||||||
|
|
||||||
class UserViewProxy extends AbstractViewProxy
|
class UserViewProxy extends AbstractViewProxy
|
||||||
{
|
{
|
||||||
|
private $privilegeService;
|
||||||
|
|
||||||
|
public function __construct(\Szurubooru\Services\PrivilegeService $privilegeService)
|
||||||
|
{
|
||||||
|
$this->privilegeService = $privilegeService;
|
||||||
|
}
|
||||||
|
|
||||||
public function fromEntity($user)
|
public function fromEntity($user)
|
||||||
{
|
{
|
||||||
$result = new \StdClass;
|
$result = new \StdClass;
|
||||||
|
@ -10,6 +17,15 @@ class UserViewProxy extends AbstractViewProxy
|
||||||
{
|
{
|
||||||
$result->id = $user->id;
|
$result->id = $user->id;
|
||||||
$result->name = $user->name;
|
$result->name = $user->name;
|
||||||
|
$result->accessRank = \Szurubooru\Helpers\EnumHelper::accessRankToString($user->accessRank);
|
||||||
|
$result->registrationTime = $user->registrationTime;
|
||||||
|
$result->lastLoginTime = $user->lastLoginTime;
|
||||||
|
|
||||||
|
if ($this->privilegeService->hasPrivilege(\Szurubooru\Privilege::PRIVILEGE_VIEW_ALL_EMAIL_ADDRESSES) or
|
||||||
|
$this->privilegeService->isLoggedIn($user))
|
||||||
|
{
|
||||||
|
$result->email = $user->email;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
19
src/Helpers/EnumHelper.php
Normal file
19
src/Helpers/EnumHelper.php
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
<?php
|
||||||
|
namespace Szurubooru\Helpers;
|
||||||
|
|
||||||
|
class EnumHelper
|
||||||
|
{
|
||||||
|
public static function accessRankToString($accessRank)
|
||||||
|
{
|
||||||
|
switch ($accessRank)
|
||||||
|
{
|
||||||
|
case \Szurubooru\Entities\User::ACCESS_RANK_ANONYMOUS: return 'anonymous'; break;
|
||||||
|
case \Szurubooru\Entities\User::ACCESS_RANK_REGULAR_USER: return 'regularUser'; break;
|
||||||
|
case \Szurubooru\Entities\User::ACCESS_RANK_POWER_USER: return 'powerUser'; break;
|
||||||
|
case \Szurubooru\Entities\User::ACCESS_RANK_MODERATOR: return 'moderator'; break;
|
||||||
|
case \Szurubooru\Entities\User::ACCESS_RANK_ADMINISTRATOR: return 'administrator'; break;
|
||||||
|
default:
|
||||||
|
throw new \DomainException('Invalid access rank!');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -3,9 +3,8 @@ namespace Szurubooru;
|
||||||
|
|
||||||
class Privilege
|
class Privilege
|
||||||
{
|
{
|
||||||
const PRIVILEGE_LIST_USERS = 'listUsers';
|
|
||||||
const PRIVILEGE_VIEW_USER = 'viewUser';
|
|
||||||
const PRIVILEGE_DELETE_ACCOUNTS = 'deleteAccounts';
|
|
||||||
const PRIVILEGE_DELETE_OWN_ACCOUNT = 'deleteOwnAccount';
|
|
||||||
const PRIVILEGE_REGISTER = 'register';
|
const PRIVILEGE_REGISTER = 'register';
|
||||||
|
const PRIVILEGE_LIST_USERS = 'listUsers';
|
||||||
|
const PRIVILEGE_DELETE_OWN_ACCOUNT = 'deleteOwnAccount';
|
||||||
|
const PRIVILEGE_DELETE_ALL_ACCOUNTS = 'deleteAllAccounts';
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,7 +7,6 @@ class AuthService
|
||||||
private $loginToken = null;
|
private $loginToken = null;
|
||||||
|
|
||||||
private $validator;
|
private $validator;
|
||||||
private $config;
|
|
||||||
private $passwordService;
|
private $passwordService;
|
||||||
private $timeService;
|
private $timeService;
|
||||||
private $userDao;
|
private $userDao;
|
||||||
|
@ -15,7 +14,6 @@ class AuthService
|
||||||
|
|
||||||
public function __construct(
|
public function __construct(
|
||||||
\Szurubooru\Validator $validator,
|
\Szurubooru\Validator $validator,
|
||||||
\Szurubooru\Config $config,
|
|
||||||
\Szurubooru\Services\PasswordService $passwordService,
|
\Szurubooru\Services\PasswordService $passwordService,
|
||||||
\Szurubooru\Services\TimeService $timeService,
|
\Szurubooru\Services\TimeService $timeService,
|
||||||
\Szurubooru\Dao\TokenDao $tokenDao,
|
\Szurubooru\Dao\TokenDao $tokenDao,
|
||||||
|
@ -24,7 +22,6 @@ class AuthService
|
||||||
$this->loggedInUser = $this->getAnonymousUser();
|
$this->loggedInUser = $this->getAnonymousUser();
|
||||||
|
|
||||||
$this->validator = $validator;
|
$this->validator = $validator;
|
||||||
$this->config = $config;
|
|
||||||
$this->passwordService = $passwordService;
|
$this->passwordService = $passwordService;
|
||||||
$this->timeService = $timeService;
|
$this->timeService = $timeService;
|
||||||
$this->tokenDao = $tokenDao;
|
$this->tokenDao = $tokenDao;
|
||||||
|
@ -108,32 +105,6 @@ class AuthService
|
||||||
$this->loginToken = null;
|
$this->loginToken = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getCurrentPrivileges()
|
|
||||||
{
|
|
||||||
switch ($this->getLoggedInUser()->accessRank)
|
|
||||||
{
|
|
||||||
case \Szurubooru\Entities\User::ACCESS_RANK_ANONYMOUS: $keyName = 'anonymous'; break;
|
|
||||||
case \Szurubooru\Entities\User::ACCESS_RANK_REGULAR_USER: $keyName = 'regularUser'; break;
|
|
||||||
case \Szurubooru\Entities\User::ACCESS_RANK_POWER_USER: $keyName = 'powerUser'; break;
|
|
||||||
case \Szurubooru\Entities\User::ACCESS_RANK_MODERATOR: $keyName = 'moderator'; break;
|
|
||||||
case \Szurubooru\Entities\User::ACCESS_RANK_ADMINISTRATOR: $keyName = 'administrator'; break;
|
|
||||||
default:
|
|
||||||
throw new \DomainException('Invalid access rank!');
|
|
||||||
}
|
|
||||||
return array_filter(preg_split('/[;,\s]+/', $this->config->security->privileges[$keyName]));
|
|
||||||
}
|
|
||||||
|
|
||||||
public function hasPrivilege($privilege)
|
|
||||||
{
|
|
||||||
return in_array($privilege, $this->getCurrentPrivileges());
|
|
||||||
}
|
|
||||||
|
|
||||||
public function assertPrivilege($privilege)
|
|
||||||
{
|
|
||||||
if (!$this->hasPrivilege($privilege))
|
|
||||||
throw new \DomainException('Unprivileged operation');
|
|
||||||
}
|
|
||||||
|
|
||||||
private function createAndSaveLoginToken(\Szurubooru\Entities\User $user)
|
private function createAndSaveLoginToken(\Szurubooru\Entities\User $user)
|
||||||
{
|
{
|
||||||
$loginToken = new \Szurubooru\Entities\Token();
|
$loginToken = new \Szurubooru\Entities\Token();
|
||||||
|
|
60
src/Services/PrivilegeService.php
Normal file
60
src/Services/PrivilegeService.php
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
<?php
|
||||||
|
namespace Szurubooru\Services;
|
||||||
|
|
||||||
|
class PrivilegeService
|
||||||
|
{
|
||||||
|
private $authService;
|
||||||
|
private $privilegeMap;
|
||||||
|
|
||||||
|
public function __construct(
|
||||||
|
\Szurubooru\Config $config,
|
||||||
|
\Szurubooru\Services\AuthService $authService)
|
||||||
|
{
|
||||||
|
$this->authService = $authService;
|
||||||
|
|
||||||
|
if (isset($config->security->privileges))
|
||||||
|
{
|
||||||
|
foreach ($config->security->privileges as $privilegeName => $allowedAccessRanks)
|
||||||
|
{
|
||||||
|
$allowedAccessRanks = array_filter(preg_split('/[;,\s]+/', $allowedAccessRanks));
|
||||||
|
foreach ($allowedAccessRanks as $allowedAccessRank)
|
||||||
|
{
|
||||||
|
if (!isset($this->privilegeMap[$allowedAccessRank]))
|
||||||
|
$this->privilegeMap[$allowedAccessRank] = [];
|
||||||
|
$this->privilegeMap[$allowedAccessRank] []= $privilegeName;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getCurrentPrivileges()
|
||||||
|
{
|
||||||
|
$currentAccessRank = $this->authService->getLoggedInUser()->accessRank;
|
||||||
|
$currentAccessRankName = \Szurubooru\Helpers\EnumHelper::accessRankToString($currentAccessRank);
|
||||||
|
if (!isset($this->privilegeMap[$currentAccessRankName]))
|
||||||
|
return [];
|
||||||
|
return $this->privilegeMap[$currentAccessRankName];
|
||||||
|
}
|
||||||
|
|
||||||
|
public function hasPrivilege($privilege)
|
||||||
|
{
|
||||||
|
return in_array($privilege, $this->getCurrentPrivileges());
|
||||||
|
}
|
||||||
|
|
||||||
|
public function assertPrivilege($privilege)
|
||||||
|
{
|
||||||
|
if (!$this->hasPrivilege($privilege))
|
||||||
|
throw new \DomainException('Unprivileged operation');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function isLoggedIn($userIdentifier)
|
||||||
|
{
|
||||||
|
$loggedInUser = $this->authService->getLoggedInUser();
|
||||||
|
if ($userIdentifier instanceof \Szurubooru\Entities\User)
|
||||||
|
return $loggedInUser->name == $userIdentifier->name;
|
||||||
|
elseif (is_string($userIdentifier))
|
||||||
|
return $loggedInUser->name == $userIdentifier;
|
||||||
|
else
|
||||||
|
throw new \InvalidArgumentException('Invalid user identifier.');
|
||||||
|
}
|
||||||
|
}
|
33
tests/PrivilegeTest.php
Normal file
33
tests/PrivilegeTest.php
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
<?php
|
||||||
|
namespace Szurubooru\Tests;
|
||||||
|
|
||||||
|
class PrivilegeTest extends \Szurubooru\Tests\AbstractTestCase
|
||||||
|
{
|
||||||
|
public function testConstNaming()
|
||||||
|
{
|
||||||
|
$refl = new \ReflectionClass(\Szurubooru\Privilege::class);
|
||||||
|
foreach ($refl->getConstants() as $key => $value)
|
||||||
|
{
|
||||||
|
$value = strtoupper('privilege_' . ltrim(preg_replace('/[A-Z]/', '_\0', $value), '_'));
|
||||||
|
$this->assertEquals($key, $value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testConfigSectionNaming()
|
||||||
|
{
|
||||||
|
$refl = new \ReflectionClass(\Szurubooru\Privilege::class);
|
||||||
|
$constants = array_values($refl->getConstants());
|
||||||
|
|
||||||
|
$configPath = __DIR__
|
||||||
|
. DIRECTORY_SEPARATOR . '..'
|
||||||
|
. DIRECTORY_SEPARATOR . 'data'
|
||||||
|
. DIRECTORY_SEPARATOR . 'config.ini';
|
||||||
|
|
||||||
|
$config = new \Szurubooru\Config();
|
||||||
|
$config->loadFromIni($configPath);
|
||||||
|
foreach ($config->security->privileges as $key => $value)
|
||||||
|
{
|
||||||
|
$this->assertTrue(in_array($key, $constants), "$key not in constants");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -4,7 +4,6 @@ namespace Szurubooru\Tests\Services;
|
||||||
class AuthServiceTest extends \Szurubooru\Tests\AbstractTestCase
|
class AuthServiceTest extends \Szurubooru\Tests\AbstractTestCase
|
||||||
{
|
{
|
||||||
private $validatorMock;
|
private $validatorMock;
|
||||||
private $configMock;
|
|
||||||
private $passwordServiceMock;
|
private $passwordServiceMock;
|
||||||
private $timeServiceMock;
|
private $timeServiceMock;
|
||||||
private $tokenDaoMock;
|
private $tokenDaoMock;
|
||||||
|
@ -13,7 +12,6 @@ class AuthServiceTest extends \Szurubooru\Tests\AbstractTestCase
|
||||||
public function setUp()
|
public function setUp()
|
||||||
{
|
{
|
||||||
$this->validatorMock = $this->mock(\Szurubooru\Validator::class);
|
$this->validatorMock = $this->mock(\Szurubooru\Validator::class);
|
||||||
$this->configMock = $this->mockConfig();
|
|
||||||
$this->passwordServiceMock = $this->mock(\Szurubooru\Services\PasswordService::class);
|
$this->passwordServiceMock = $this->mock(\Szurubooru\Services\PasswordService::class);
|
||||||
$this->timeServiceMock = $this->mock(\Szurubooru\Services\TimeService::class);
|
$this->timeServiceMock = $this->mock(\Szurubooru\Services\TimeService::class);
|
||||||
$this->tokenDaoMock = $this->mock(\Szurubooru\Dao\TokenDao::class);
|
$this->tokenDaoMock = $this->mock(\Szurubooru\Dao\TokenDao::class);
|
||||||
|
@ -97,7 +95,6 @@ class AuthServiceTest extends \Szurubooru\Tests\AbstractTestCase
|
||||||
{
|
{
|
||||||
return new \Szurubooru\Services\AuthService(
|
return new \Szurubooru\Services\AuthService(
|
||||||
$this->validatorMock,
|
$this->validatorMock,
|
||||||
$this->configMock,
|
|
||||||
$this->passwordServiceMock,
|
$this->passwordServiceMock,
|
||||||
$this->timeServiceMock,
|
$this->timeServiceMock,
|
||||||
$this->tokenDaoMock,
|
$this->tokenDaoMock,
|
||||||
|
|
74
tests/Services/PrivilegeServiceTest.php
Normal file
74
tests/Services/PrivilegeServiceTest.php
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
<?php
|
||||||
|
namespace Szurubooru\Tests\Services;
|
||||||
|
|
||||||
|
class PrivilegeServiceTest extends \Szurubooru\Tests\AbstractTestCase
|
||||||
|
{
|
||||||
|
private $configMock;
|
||||||
|
private $authServiceMock;
|
||||||
|
|
||||||
|
public function setUp()
|
||||||
|
{
|
||||||
|
$this->configMock = $this->mockConfig();
|
||||||
|
$this->authServiceMock = $this->mock(\Szurubooru\Services\AuthService::class);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testReadingConfig()
|
||||||
|
{
|
||||||
|
$testUser = new \Szurubooru\Entities\User();
|
||||||
|
$testUser->name = 'dummy';
|
||||||
|
$testUser->accessRank = \Szurubooru\Entities\User::ACCESS_RANK_POWER_USER;
|
||||||
|
$this->authServiceMock->method('getLoggedInUser')->willReturn($testUser);
|
||||||
|
|
||||||
|
$privilege = \Szurubooru\Privilege::PRIVILEGE_LIST_USERS;
|
||||||
|
$this->configMock->set('security/privileges/' . $privilege, 'powerUser');
|
||||||
|
|
||||||
|
$privilegeService = $this->getPrivilegeService();
|
||||||
|
$this->assertEquals([$privilege], $privilegeService->getCurrentPrivileges());
|
||||||
|
$this->assertTrue($privilegeService->hasPrivilege($privilege));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testIsLoggedInByString()
|
||||||
|
{
|
||||||
|
$testUser1 = new \Szurubooru\Entities\User();
|
||||||
|
$testUser1->name = 'dummy';
|
||||||
|
$testUser2 = new \Szurubooru\Entities\User();
|
||||||
|
$testUser2->name = 'godzilla';
|
||||||
|
$this->authServiceMock->method('getLoggedInUser')->willReturn($testUser1);
|
||||||
|
|
||||||
|
$privilegeService = $this->getPrivilegeService();
|
||||||
|
$this->assertTrue($privilegeService->isLoggedIn($testUser1->name));
|
||||||
|
$this->assertFalse($privilegeService->isLoggedIn($testUser2->name));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testIsLoggedInByUser()
|
||||||
|
{
|
||||||
|
$testUser1 = new \Szurubooru\Entities\User();
|
||||||
|
$testUser1->name = 'dummy';
|
||||||
|
$testUser2 = new \Szurubooru\Entities\User();
|
||||||
|
$testUser2->name = 'godzilla';
|
||||||
|
$this->authServiceMock->method('getLoggedInUser')->willReturn($testUser1);
|
||||||
|
|
||||||
|
$privilegeService = $this->getPrivilegeService();
|
||||||
|
$this->assertTrue($privilegeService->isLoggedIn($testUser1));
|
||||||
|
$this->assertFalse($privilegeService->isLoggedIn($testUser2));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testIsLoggedInByInvalidObject()
|
||||||
|
{
|
||||||
|
$testUser = new \Szurubooru\Entities\User();
|
||||||
|
$testUser->name = 'dummy';
|
||||||
|
$this->authServiceMock->method('getLoggedInUser')->willReturn($testUser);
|
||||||
|
|
||||||
|
$rubbish = new \StdClass;
|
||||||
|
$privilegeService = $this->getPrivilegeService();
|
||||||
|
$this->setExpectedException(\InvalidArgumentException::class);
|
||||||
|
$this->assertTrue($privilegeService->isLoggedIn($rubbish));
|
||||||
|
}
|
||||||
|
|
||||||
|
private function getPrivilegeService()
|
||||||
|
{
|
||||||
|
return new \Szurubooru\Services\PrivilegeService(
|
||||||
|
$this->configMock,
|
||||||
|
$this->authServiceMock);
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue