ulysia/szurubooru
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactored privilege system a bit

Browse source 
- Jobs specify main privilege and sub privileges separately
  Rationale: increase maintenance, restrict what can be done runtime
- Renamed ChangeUser* to EditUser* (consistency with EditPost*)
- Simplified enum names and configuration reading
- IJob interface members must be explicitly implemented
  Rationale: reduce chances of forgetting something, or typos in
  inherited method names
- Invalid privileges names in configuration yield exceptions
This commit is contained in:
Marcin Kurczewski 2014-05-17 15:00:30 +02:00
parent 2a7b7e7ac2
commit e59b7e8b7b
69 changed files with 984 additions and 381 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
data/config.ini
View file

@ -120,15 +120,15 @@ listUsers=registered
viewUser=registered viewUser=registered
viewUserEmail.all=admin viewUserEmail.all=admin
viewUserEmail.own=registered viewUserEmail.own=registered
changeUserPassword.own=registered editUserPassword.own=registered
changeUserPassword.all=admin editUserPassword.all=admin
changeUserEmail.own=registered editUserEmail.own=registered
changeUserEmail.all=admin editUserEmail.all=admin
changeUserEmailNoConfirm=admin editUserEmailNoConfirm=admin
changeUserAccessRank=admin editUserAccessRank=admin
changeUserName=moderator editUserName=moderator
changeUserSettings.all=nobody editUserSettings.all=nobody
changeUserSettings.own=registered editUserSettings.own=registered
acceptUserRegistration=moderator acceptUserRegistration=moderator
banUser.own=nobody banUser.own=nobody
banUser.all=admin banUser.all=admin

21
src/Access.php
View file

@ -13,15 +13,11 @@ class Access
$key .= '.'; $key .= '.';
list ($privilegeName, $subPrivilegeName) = explode('.', $key); list ($privilegeName, $subPrivilegeName) = explode('.', $key);
$privilegeName = TextCaseConverter::convert($privilegeName,
TextCaseConverter::CAMEL_CASE,
TextCaseConverter::SPINAL_CASE);
$subPrivilegeName = TextCaseConverter::convert($subPrivilegeName,
TextCaseConverter::CAMEL_CASE,
TextCaseConverter::SPINAL_CASE);
$key = rtrim($privilegeName . '.' . $subPrivilegeName, '.'); $key = rtrim($privilegeName . '.' . $subPrivilegeName, '.');
if (!in_array($privilegeName, Privilege::getAllConstants()))
throw new Exception('Invalid privilege name in config: ' . $privilegeName);
$minAccessRank = TextHelper::resolveConstant($minAccessRankName, 'AccessRank'); $minAccessRank = TextHelper::resolveConstant($minAccessRankName, 'AccessRank');
self::$privileges[$key] = $minAccessRank; self::$privileges[$key] = $minAccessRank;
@ -46,14 +42,9 @@ class Access
$minAccessRank = AccessRank::Nobody; $minAccessRank = AccessRank::Nobody;
$key = TextCaseConverter::convert($privilege->toString(), $key = $privilege->toString();
TextCaseConverter::CAMEL_CASE,
TextCaseConverter::SPINAL_CASE);
$privilege->secondary = null; $privilege->secondary = null;
$key2 = TextCaseConverter::convert($privilege->toString(), $key2 = $privilege->toString();
TextCaseConverter::CAMEL_CASE,
TextCaseConverter::SPINAL_CASE);
if (isset(self::$privileges[$key])) if (isset(self::$privileges[$key]))
$minAccessRank = self::$privileges[$key]; $minAccessRank = self::$privileges[$key];
@ -85,7 +76,7 @@ class Access
public static function assert(Privilege $privilege, $user = null) public static function assert(Privilege $privilege, $user = null)
{ {
if (!self::check($privilege, $user)) if (!self::check($privilege, $user))
self::fail('Insufficient privileges (' . $privilege->toString() . ')'); self::fail('Insufficient privileges (' . $privilege->toDisplayString() . ')');
} }
public static function assertEmailConfirmation($user = null) public static function assertEmailConfirmation($user = null)

16
src/Api/Api.php
View file

@ -51,14 +51,16 @@ final class Api
if ($job->isConfirmedEmailRequired()) if ($job->isConfirmedEmailRequired())
Access::assertEmailConfirmation(); Access::assertEmailConfirmation();
$privileges = $job->getRequiredPrivileges(); $mainPrivilege = $job->getRequiredMainPrivilege();
if ($privileges !== false) $subPrivileges = $job->getRequiredSubPrivileges();
{ if (!is_array($subPrivileges))
if (!is_array($privileges)) $subPrivileges = [$subPrivileges];
$privileges = [$privileges];
foreach ($privileges as $privilege) if ($mainPrivilege !== null)
Access::assert($privilege); {
Access::assert(new Privilege($mainPrivilege));
foreach ($subPrivileges as $subPrivilege)
Access::assert(new Privilege($mainPrivilege, $subPrivilege));
} }
} }

15
src/Api/Jobs/AbstractJob.php
View file

@ -38,21 +38,6 @@ abstract class AbstractJob implements IJob
return $this->subJobs; return $this->subJobs;
} }
public function getRequiredPrivileges()
{
return false;
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
}
public function getContext() public function getContext()
{ {
return $this->context; return $this->context;

9
src/Api/Jobs/CommentJobs/AddCommentJob.php
View file

@ -35,9 +35,14 @@ class AddCommentJob extends AbstractJob
JobArgs::ARG_NEW_TEXT); JobArgs::ARG_NEW_TEXT);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege(Privilege::AddComment); return Privilege::AddComment;
}
public function getRequiredSubPrivileges()
{
return null;
} }
public function isAuthenticationRequired() public function isAuthenticationRequired()

11
src/Api/Jobs/CommentJobs/DeleteCommentJob.php
View file

@ -25,11 +25,14 @@ class DeleteCommentJob extends AbstractJob
return $this->commentRetriever->getRequiredArguments(); return $this->commentRetriever->getRequiredArguments();
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return Privilege::DeleteComment;
Privilege::DeleteComment, }
Access::getIdentity($this->commentRetriever->retrieve()->getCommenter()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->commentRetriever->retrieve()->getCommenter());
} }
public function isAuthenticationRequired() public function isAuthenticationRequired()

11
src/Api/Jobs/CommentJobs/EditCommentJob.php
View file

@ -30,11 +30,14 @@ class EditCommentJob extends AbstractJob
JobArgs::ARG_NEW_TEXT); JobArgs::ARG_NEW_TEXT);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return Privilege::EditComment;
Privilege::EditComment, }
Access::getIdentity($this->commentRetriever->retrieve()->getCommenter()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->commentRetriever->retrieve()->getCommenter());
} }
public function isAuthenticationRequired() public function isAuthenticationRequired()

19
src/Api/Jobs/CommentJobs/ListCommentsJob.php
View file

@ -38,8 +38,23 @@ class ListCommentsJob extends AbstractJob implements IPagedJob
return $this->pager->getRequiredArguments(); return $this->pager->getRequiredArguments();
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege(Privilege::ListComments); return Privilege::ListComments;
}
public function getRequiredSubPrivileges()
{
return null;
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

9
src/Api/Jobs/CommentJobs/PreviewCommentJob.php
View file

@ -41,9 +41,14 @@ class PreviewCommentJob extends AbstractJob
$this->postRetriever->getRequiredArguments())); $this->postRetriever->getRequiredArguments()));
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege(Privilege::AddComment); return Privilege::AddComment;
}
public function getRequiredSubPrivileges()
{
return null;
} }
public function isAuthenticationRequired() public function isAuthenticationRequired()

18
src/Api/Jobs/GetPropertyJob.php
View file

@ -11,8 +11,24 @@ class GetPropertyJob extends AbstractJob
return JobArgs::ARG_QUERY; return JobArgs::ARG_QUERY;
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{
return null;
}
public function getRequiredSubPrivileges()
{
return null;
}
public function isAuthenticationRequired()
{ {
return false; return false;
} }
public function isConfirmedEmailRequired()
{
return false;
}
} }

3
src/Api/Jobs/IJob.php
View file

@ -5,7 +5,8 @@ interface IJob
public function execute(); public function execute();
public function getRequiredArguments(); public function getRequiredArguments();
public function getRequiredPrivileges(); public function getRequiredMainPrivilege();
public function getRequiredSubPrivileges();
public function isAuthenticationRequired(); public function isAuthenticationRequired();
public function isConfirmedEmailRequired(); public function isConfirmedEmailRequired();

19
src/Api/Jobs/LogJobs/GetLogJob.php
View file

@ -58,8 +58,23 @@ class GetLogJob extends AbstractJob implements IPagedJob
JobArgs::Optional(JobArgs::ARG_QUERY)); JobArgs::Optional(JobArgs::ARG_QUERY));
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege(Privilege::ViewLog); return Privilege::ViewLog;
}
public function getRequiredSubPrivileges()
{
return null;
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

19
src/Api/Jobs/LogJobs/ListLogsJob.php
View file

@ -22,8 +22,23 @@ class ListLogsJob extends AbstractJob
return null; return null;
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege(Privilege::ListLogs); return Privilege::ListLogs;
}
public function getRequiredSubPrivileges()
{
return null;
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

14
src/Api/Jobs/PostJobs/AddPostJob.php
View file

@ -66,9 +66,19 @@ class AddPostJob extends AbstractJob
return JobArgs::Optional(JobArgs::ARG_ANONYMOUS); return JobArgs::Optional(JobArgs::ARG_ANONYMOUS);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege(Privilege::AddPost); return Privilege::AddPost;
}
public function getRequiredSubPrivileges()
{
return null;
}
public function isAuthenticationRequired()
{
return false;
} }
public function isConfirmedEmailRequired() public function isConfirmedEmailRequired()

11
src/Api/Jobs/PostJobs/DeletePostJob.php
View file

@ -24,11 +24,14 @@ class DeletePostJob extends AbstractJob
return $this->postRetriever->getRequiredArguments(); return $this->postRetriever->getRequiredArguments();
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return Privilege::DeletePost;
Privilege::DeletePost, }
Access::getIdentity($this->postRetriever->retrieve()->getUploader()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->postRetriever->retrieve()->getUploader());
} }
public function isAuthenticationRequired() public function isAuthenticationRequired()

25
src/Api/Jobs/PostJobs/EditPostContentJob.php
View file

@ -42,12 +42,25 @@ class EditPostContentJob extends AbstractJob
JobArgs::ARG_NEW_POST_CONTENT_URL)); JobArgs::ARG_NEW_POST_CONTENT_URL));
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return $this->getContext() == self::CONTEXT_BATCH_ADD
$this->getContext() == self::CONTEXT_BATCH_ADD ? Privilege::AddPostContent
? Privilege::AddPostContent : Privilege::EditPostContent;
: Privilege::EditPostContent, }
Access::getIdentity($this->postRetriever->retrieve()->getUploader()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->postRetriever->retrieve()->getUploader());
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

21
src/Api/Jobs/PostJobs/EditPostJob.php
View file

@ -46,10 +46,23 @@ class EditPostJob extends AbstractJob
return $this->postRetriever->getRequiredArguments(); return $this->postRetriever->getRequiredArguments();
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return Privilege::EditPost;
Privilege::EditPost, }
Access::getIdentity($this->postRetriever->retrieve()->getUploader()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->postRetriever->retrieve()->getUploader());
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

25
src/Api/Jobs/PostJobs/EditPostRelationsJob.php
View file

@ -51,12 +51,25 @@ class EditPostRelationsJob extends AbstractJob
JobArgs::ARG_NEW_RELATED_POST_IDS); JobArgs::ARG_NEW_RELATED_POST_IDS);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return $this->getContext() == self::CONTEXT_BATCH_ADD
$this->getContext() == self::CONTEXT_BATCH_ADD ? Privilege::AddPostRelations
? Privilege::AddPostRelations : Privilege::EditPostRelations;
: Privilege::EditPostRelations, }
Access::getIdentity($this->postRetriever->retrieve()->getUploader()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->postRetriever->retrieve()->getUploader());
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

25
src/Api/Jobs/PostJobs/EditPostSafetyJob.php
View file

@ -37,12 +37,25 @@ class EditPostSafetyJob extends AbstractJob
JobArgs::ARG_NEW_SAFETY); JobArgs::ARG_NEW_SAFETY);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return $this->getContext() == self::CONTEXT_BATCH_ADD
$this->getContext() == self::CONTEXT_BATCH_ADD ? Privilege::AddPostSafety
? Privilege::AddPostSafety : Privilege::EditPostSafety;
: Privilege::EditPostSafety, }
Access::getIdentity($this->postRetriever->retrieve()->getUploader()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->postRetriever->retrieve()->getUploader());
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

25
src/Api/Jobs/PostJobs/EditPostSourceJob.php
View file

@ -37,12 +37,25 @@ class EditPostSourceJob extends AbstractJob
JobArgs::ARG_NEW_SOURCE); JobArgs::ARG_NEW_SOURCE);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return $this->getContext() == self::CONTEXT_BATCH_ADD
$this->getContext() == self::CONTEXT_BATCH_ADD ? Privilege::AddPostSource
? Privilege::AddPostSource : Privilege::EditPostSource;
: Privilege::EditPostSource, }
Access::getIdentity($this->postRetriever->retrieve()->getUploader()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->postRetriever->retrieve()->getUploader());
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

25
src/Api/Jobs/PostJobs/EditPostTagsJob.php
View file

@ -54,12 +54,25 @@ class EditPostTagsJob extends AbstractJob
JobArgs::ARG_NEW_TAG_NAMES); JobArgs::ARG_NEW_TAG_NAMES);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return $this->getContext() == self::CONTEXT_BATCH_ADD
$this->getContext() == self::CONTEXT_BATCH_ADD ? Privilege::AddPostTags
? Privilege::AddPostTags : Privilege::EditPostTags;
: Privilege::EditPostTags, }
Access::getIdentity($this->postRetriever->retrieve()->getUploader()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->postRetriever->retrieve()->getUploader());
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

25
src/Api/Jobs/PostJobs/EditPostThumbJob.php
View file

@ -32,12 +32,25 @@ class EditPostThumbJob extends AbstractJob
JobArgs::ARG_NEW_THUMB_CONTENT); JobArgs::ARG_NEW_THUMB_CONTENT);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return $this->getContext() == self::CONTEXT_BATCH_ADD
$this->getContext() == self::CONTEXT_BATCH_ADD ? Privilege::AddPostThumb
? Privilege::AddPostThumb : Privilege::EditPostThumb;
: Privilege::EditPostThumb, }
Access::getIdentity($this->postRetriever->retrieve()->getUploader()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->postRetriever->retrieve()->getUploader());
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

16
src/Api/Jobs/PostJobs/FeaturePostJob.php
View file

@ -38,15 +38,23 @@ class FeaturePostJob extends AbstractJob
JobArgs::Optional(JobArgs::ARG_ANONYMOUS)); JobArgs::Optional(JobArgs::ARG_ANONYMOUS));
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return Privilege::FeaturePost;
Privilege::FeaturePost, }
Access::getIdentity($this->postRetriever->retrieve()->getUploader()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->postRetriever->retrieve()->getUploader());
} }
public function isAuthenticationRequired() public function isAuthenticationRequired()
{ {
return true; return true;
} }
public function isConfirmedEmailRequired()
{
return false;
}
} }

21
src/Api/Jobs/PostJobs/FlagPostJob.php
View file

@ -31,10 +31,23 @@ class FlagPostJob extends AbstractJob
return $this->postRetriever->getRequiredArguments(); return $this->postRetriever->getRequiredArguments();
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return Privilege::FlagPost;
Privilege::FlagPost, }
Access::getIdentity($this->postRetriever->retrieve()->getUploader()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->postRetriever->retrieve()->getUploader());
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

21
src/Api/Jobs/PostJobs/GetPostContentJob.php
View file

@ -32,16 +32,31 @@ class GetPostContentJob extends AbstractJob
return $this->postRetriever->getRequiredArguments(); return $this->postRetriever->getRequiredArguments();
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{
return Privilege::ViewPost;
}
public function getRequiredSubPrivileges()
{ {
$post = $this->postRetriever->retrieve(); $post = $this->postRetriever->retrieve();
$privileges = []; $privileges = [];
if ($post->isHidden()) if ($post->isHidden())
$privileges []= new Privilege(Privilege::ViewPost, 'hidden'); $privileges []= 'hidden';
$privileges []= new Privilege(Privilege::ViewPost, $post->getSafety()->toString()); $privileges []= $post->getSafety()->toString();
return $privileges; return $privileges;
} }
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
}
} }

21
src/Api/Jobs/PostJobs/GetPostJob.php
View file

@ -24,16 +24,31 @@ class GetPostJob extends AbstractJob
null); null);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{
return Privilege::ViewPost;
}
public function getRequiredSubPrivileges()
{ {
$post = $this->postRetriever->retrieve(); $post = $this->postRetriever->retrieve();
$privileges = []; $privileges = [];
if ($post->isHidden()) if ($post->isHidden())
$privileges []= new Privilege(Privilege::ViewPost, 'hidden'); $privileges []= 'hidden';
$privileges []= new Privilege(Privilege::ViewPost, $post->getSafety()->toString()); $privileges []= $post->getSafety()->toString();
return $privileges; return $privileges;
} }
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
}
} }

17
src/Api/Jobs/PostJobs/GetPostThumbJob.php
View file

@ -43,7 +43,22 @@ class GetPostThumbJob extends AbstractJob
return $this->postRetriever->getRequiredArguments(); return $this->postRetriever->getRequiredArguments();
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{
return null;
}
public function getRequiredSubPrivileges()
{
return null;
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{ {
return false; return false;
} }

19
src/Api/Jobs/PostJobs/ListPostsJob.php
View file

@ -37,8 +37,23 @@ class ListPostsJob extends AbstractJob implements IPagedJob
JobArgs::Optional(JobArgs::ARG_QUERY)); JobArgs::Optional(JobArgs::ARG_QUERY));
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege(Privilege::ListPosts); return Privilege::ListPosts;
}
public function getRequiredSubPrivileges()
{
return null;
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

16
src/Api/Jobs/PostJobs/ScorePostJob.php
View file

@ -25,15 +25,23 @@ class ScorePostJob extends AbstractJob
JobArgs::ARG_NEW_POST_SCORE); JobArgs::ARG_NEW_POST_SCORE);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return Privilege::ScorePost;
Privilege::ScorePost, }
Access::getIdentity($this->postRetriever->retrieve()->getUploader()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->postRetriever->retrieve()->getUploader());
} }
public function isAuthenticationRequired() public function isAuthenticationRequired()
{ {
return true; return true;
} }
public function isConfirmedEmailRequired()
{
return false;
}
} }

16
src/Api/Jobs/PostJobs/TogglePostFavoriteJob.php
View file

@ -33,15 +33,23 @@ class TogglePostFavoriteJob extends AbstractJob
JobArgs::ARG_NEW_STATE); JobArgs::ARG_NEW_STATE);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return Privilege::FavoritePost;
Privilege::FavoritePost, }
Access::getIdentity($this->postRetriever->retrieve()->getUploader()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->postRetriever->retrieve()->getUploader());
} }
public function isAuthenticationRequired() public function isAuthenticationRequired()
{ {
return true; return true;
} }
public function isConfirmedEmailRequired()
{
return false;
}
} }

21
src/Api/Jobs/PostJobs/TogglePostTagJob.php
View file

@ -66,10 +66,23 @@ class TogglePostTagJob extends AbstractJob
Jobargs::ARG_NEW_STATE)); Jobargs::ARG_NEW_STATE));
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return Privilege::EditPostTags;
Privilege::EditPostTags, }
Access::getIdentity($this->postRetriever->retrieve()->getUploader()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->postRetriever->retrieve()->getUploader());
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

21
src/Api/Jobs/PostJobs/TogglePostVisibilityJob.php
View file

@ -33,10 +33,23 @@ class TogglePostVisibilityJob extends AbstractJob
JobArgs::ARG_NEW_STATE); JobArgs::ARG_NEW_STATE);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return Privilege::HidePost;
Privilege::HidePost, }
Access::getIdentity($this->postRetriever->retrieve()->getUploader()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->postRetriever->retrieve()->getUploader());
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

19
src/Api/Jobs/TagJobs/ListRelatedTagsJob.php
View file

@ -37,8 +37,23 @@ class ListRelatedTagsJob extends AbstractJob implements IPagedJob
JobArgs::Optional(JobArgs::ARG_TAG_NAMES)); JobArgs::Optional(JobArgs::ARG_TAG_NAMES));
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege(Privilege::ListTags); return Privilege::ListTags;
}
public function getRequiredSubPrivileges()
{
return null;
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

19
src/Api/Jobs/TagJobs/ListTagsJob.php
View file

@ -35,8 +35,23 @@ class ListTagsJob extends AbstractJob implements IPagedJob
JobArgs::Optional(JobArgs::ARG_QUERY)); JobArgs::Optional(JobArgs::ARG_QUERY));
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege(Privilege::ListTags); return Privilege::ListTags;
}
public function getRequiredSubPrivileges()
{
return null;
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

19
src/Api/Jobs/TagJobs/MergeTagsJob.php
View file

@ -22,8 +22,23 @@ class MergeTagsJob extends AbstractJob
JobArgs::ARG_TARGET_TAG_NAME); JobArgs::ARG_TARGET_TAG_NAME);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege(Privilege::MergeTags); return Privilege::MergeTags;
}
public function getRequiredSubPrivileges()
{
return null;
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

19
src/Api/Jobs/TagJobs/RenameTagsJob.php
View file

@ -22,8 +22,23 @@ class RenameTagsJob extends AbstractJob
JobArgs::ARG_TARGET_TAG_NAME); JobArgs::ARG_TARGET_TAG_NAME);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege(Privilege::RenameTags); return Privilege::RenameTags;
}
public function getRequiredSubPrivileges()
{
return null;
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

19
src/Api/Jobs/UserJobs/AcceptUserRegistrationJob.php
View file

@ -27,8 +27,23 @@ class AcceptUserRegistrationJob extends AbstractJob
return $this->userRetriever->getRequiredArguments(); return $this->userRetriever->getRequiredArguments();
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege(Privilege::AcceptUserRegistration); return Privilege::AcceptUserRegistration;
}
public function getRequiredSubPrivileges()
{
return null;
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

20
src/Api/Jobs/UserJobs/ActivateUserEmailJob.php
View file

@ -52,6 +52,26 @@ class ActivateUserEmailJob extends AbstractJob
$this->userRetriever->getRequiredArguments()); $this->userRetriever->getRequiredArguments());
} }
public function getRequiredMainPrivilege()
{
return null;
}
public function getRequiredSubPrivileges()
{
return null;
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
}
public static function sendEmail($user) public static function sendEmail($user)
{ {
$regConfig = Core::getConfig()->registration; $regConfig = Core::getConfig()->registration;

19
src/Api/Jobs/UserJobs/AddUserJob.php
View file

@ -65,8 +65,23 @@ class AddUserJob extends AbstractJob
return null; return null;
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege(Privilege::RegisterAccount); return Privilege::RegisterAccount;
}
public function getRequiredSubPrivileges()
{
return null;
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

21
src/Api/Jobs/UserJobs/DeleteUserJob.php
View file

@ -25,10 +25,23 @@ class DeleteUserJob extends AbstractJob
return $this->userRetriever->getRequiredArguments(); return $this->userRetriever->getRequiredArguments();
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return Privilege::DeleteUser;
Privilege::DeleteUser, }
Access::getIdentity($this->userRetriever->retrieve()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->userRetriever->retrieve());
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

21
src/Api/Jobs/UserJobs/EditUserAccessRankJob.php
View file

@ -37,10 +37,23 @@ class EditUserAccessRankJob extends AbstractJob
JobArgs::ARG_NEW_ACCESS_RANK); JobArgs::ARG_NEW_ACCESS_RANK);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return Privilege::EditUserAccessRank;
Privilege::ChangeUserAccessRank, }
Access::getIdentity($this->userRetriever->retrieve()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->userRetriever->retrieve());
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

27
src/Api/Jobs/UserJobs/EditUserEmailJob.php
View file

@ -40,7 +40,7 @@ class EditUserEmailJob extends AbstractJob
public static function observeSave($user) public static function observeSave($user)
{ {
if (Access::check(new Privilege(Privilege::ChangeUserEmailNoConfirm), $user)) if (Access::check(new Privilege(Privilege::EditUserEmailNoConfirm), $user))
{ {
$user->confirmEmail(); $user->confirmEmail();
} }
@ -58,12 +58,25 @@ class EditUserEmailJob extends AbstractJob
JobArgs::ARG_NEW_EMAIL); JobArgs::ARG_NEW_EMAIL);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return $this->getContext() == self::CONTEXT_BATCH_ADD
$this->getContext() == self::CONTEXT_BATCH_ADD ? Privilege::RegisterAccount
? Privilege::RegisterAccount : Privilege::EditUserEmail;
: Privilege::ChangeUserEmail, }
Access::getIdentity($this->userRetriever->retrieve()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->userRetriever->retrieve());
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

17
src/Api/Jobs/UserJobs/EditUserJob.php
View file

@ -66,7 +66,22 @@ class EditUserJob extends AbstractJob
return $this->userRetriever->getRequiredArguments(); return $this->userRetriever->getRequiredArguments();
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{
return null;
}
public function getRequiredSubPrivileges()
{
return null;
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{ {
return false; return false;
} }

25
src/Api/Jobs/UserJobs/EditUserNameJob.php
View file

@ -37,12 +37,25 @@ class EditUserNameJob extends AbstractJob
JobArgs::ARG_NEW_USER_NAME); JobArgs::ARG_NEW_USER_NAME);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return $this->getContext() == self::CONTEXT_BATCH_ADD
$this->getContext() == self::CONTEXT_BATCH_ADD ? Privilege::RegisterAccount
? Privilege::RegisterAccount : Privilege::EditUserName;
: Privilege::ChangeUserName, }
Access::getIdentity($this->userRetriever->retrieve()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->userRetriever->retrieve());
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

25
src/Api/Jobs/UserJobs/EditUserPasswordJob.php
View file

@ -36,12 +36,25 @@ class EditUserPasswordJob extends AbstractJob
JobArgs::ARG_NEW_PASSWORD); JobArgs::ARG_NEW_PASSWORD);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return $this->getContext() == self::CONTEXT_BATCH_ADD
$this->getContext() == self::CONTEXT_BATCH_ADD ? Privilege::RegisterAccount
? Privilege::RegisterAccount : Privilege::EditUserPassword;
: Privilege::ChangeUserPassword, }
Access::getIdentity($this->userRetriever->retrieve()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->userRetriever->retrieve());
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

16
src/Api/Jobs/UserJobs/EditUserSettingsJob.php
View file

@ -34,15 +34,23 @@ class EditUserSettingsJob extends AbstractJob
JobArgs::ARG_NEW_SETTINGS); JobArgs::ARG_NEW_SETTINGS);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return Privilege::EditUserSettings;
Privilege::ChangeUserSettings, }
Access::getIdentity($this->userRetriever->retrieve()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->userRetriever->retrieve());
} }
public function isAuthenticationRequired() public function isAuthenticationRequired()
{ {
return false; return false;
} }
public function isConfirmedEmailRequired()
{
return false;
}
} }

21
src/Api/Jobs/UserJobs/FlagUserJob.php
View file

@ -31,10 +31,23 @@ class FlagUserJob extends AbstractJob
return $this->userRetriever->getRequiredArguments(); return $this->userRetriever->getRequiredArguments();
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return Privilege::FlagUser;
Privilege::FlagUser, }
Access::getIdentity($this->userRetriever->retrieve()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->userRetriever->retrieve());
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

21
src/Api/Jobs/UserJobs/GetUserJob.php
View file

@ -18,10 +18,23 @@ class GetUserJob extends AbstractJob
return $this->userRetriever->getRequiredArguments(); return $this->userRetriever->getRequiredArguments();
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return Privilege::ViewUser;
Privilege::ViewUser, }
Access::getIdentity($this->userRetriever->retrieve()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->userRetriever->retrieve());
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

16
src/Api/Jobs/UserJobs/GetUserSettingsJob.php
View file

@ -19,15 +19,23 @@ class GetUserSettingsJob extends AbstractJob
return $this->userRetriever->getRequiredArguments(); return $this->userRetriever->getRequiredArguments();
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return Privilege::EditUserSettings;
Privilege::ChangeUserSettings, }
Access::getIdentity($this->userRetriever->retrieve()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->userRetriever->retrieve());
} }
public function isAuthenticationRequired() public function isAuthenticationRequired()
{ {
return false; return false;
} }
public function isConfirmedEmailRequired()
{
return false;
}
} }

19
src/Api/Jobs/UserJobs/ListUsersJob.php
View file

@ -35,8 +35,23 @@ class ListUsersJob extends AbstractJob implements IPagedJob
JobArgs::Optional(JobArgs::ARG_QUERY)); JobArgs::Optional(JobArgs::ARG_QUERY));
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege(Privilege::ListUsers); return Privilege::ListUsers;
}
public function getRequiredSubPrivileges()
{
return null;
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

20
src/Api/Jobs/UserJobs/PasswordResetJob.php
View file

@ -56,6 +56,26 @@ class PasswordResetJob extends AbstractJob
JobArgs::ARG_TOKEN); JobArgs::ARG_TOKEN);
} }
public function getRequiredMainPrivilege()
{
return null;
}
public function getRequiredSubPrivileges()
{
return null;
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
}
public static function sendEmail($user) public static function sendEmail($user)
{ {
$regConfig = Core::getConfig()->registration; $regConfig = Core::getConfig()->registration;

21
src/Api/Jobs/UserJobs/ToggleUserBanJob.php
View file

@ -36,10 +36,23 @@ class ToggleUserBanJob extends AbstractJob
JobArgs::ARG_NEW_STATE); JobArgs::ARG_NEW_STATE);
} }
public function getRequiredPrivileges() public function getRequiredMainPrivilege()
{ {
return new Privilege( return Privilege::BanUser;
Privilege::BanUser, }
Access::getIdentity($this->userRetriever->retrieve()));
public function getRequiredSubPrivileges()
{
return Access::getIdentity($this->userRetriever->retrieve());
}
public function isAuthenticationRequired()
{
return false;
}
public function isConfirmedEmailRequired()
{
return false;
} }
} }

2
src/Controllers/UserController.php
View file

@ -332,7 +332,7 @@ class UserController extends AbstractController
elseif ($tab == 'settings') elseif ($tab == 'settings')
{ {
Access::assert(new Privilege( Access::assert(new Privilege(
Privilege::ChangeUserSettings, Privilege::EditUserSettings,
Access::getIdentity($user))); Access::getIdentity($user)));
} }
elseif ($tab == 'edit' and !(new EditUserJob)->canEditAnything(Auth::getCurrentUser())) elseif ($tab == 'edit' and !(new EditUserJob)->canEditAnything(Auth::getCurrentUser()))

2
src/Models/Entities/UserEntity.php
View file

@ -120,7 +120,7 @@ final class UserEntity extends AbstractEntity implements IValidatable, ISerializ
$this->accessRank->validate(); $this->accessRank->validate();
if ($this->accessRank->toInteger() == AccessRank::Nobody) if ($this->accessRank->toInteger() == AccessRank::Nobody)
throw new Exception(sprintf('Cannot set special access rank "%s"', $this->accessRank->toString())); throw new Exception(sprintf('Cannot set special access rank "%s"', $this->accessRank->toDisplayString()));
} }
private function validateEmails() private function validateEmails()

8
src/Models/Enums/PostSafety.php
View file

@ -24,7 +24,13 @@ class PostSafety extends Enum implements IValidatable
public function toString() public function toString()
{ {
return self::_toString($this->safety); switch ($this->safety)
{
case self::Safe: return 'safe';
case self::Sketchy: return 'sketchy';
case self::Unsafe: return 'unsafe';
}
return null;
} }
public static function makeFlags($safetyCodes) public static function makeFlags($safetyCodes)

96
src/Models/Enums/Privilege.php
View file

@ -1,59 +1,59 @@
<?php <?php
class Privilege extends Enum class Privilege extends Enum
{ {
const ListPosts = 1; const ListPosts = 'listPosts';
const ViewPost = 3; const ViewPost = 'viewPost';
const RetrievePost = 4; const RetrievePost = 'retrievePost';
const FavoritePost = 5; const FavoritePost = 'favoritePost';
const HidePost = 9; const HidePost = 'hidePost';
const DeletePost = 10; const DeletePost = 'deletePost';
const FeaturePost = 25; const FeaturePost = 'featurePost';
const ScorePost = 31; const ScorePost = 'scorePost';
const FlagPost = 34; const FlagPost = 'flagPost';
const EditPost = 45; const EditPost = 'editPost';
const EditPostSafety = 6; const EditPostSafety = 'editPostSafety';
const EditPostTags = 7; const EditPostTags = 'editPostTags';
const EditPostThumb = 8; const EditPostThumb = 'editPostThumb';
const EditPostSource = 26; const EditPostSource = 'editPostSource';
const EditPostRelations = 30; const EditPostRelations = 'editPostRelations';
const EditPostContent = 36; const EditPostContent = 'editPostContent';
const AddPost = 2; const AddPost = 'addPost';
const AddPostSafety = 39; const AddPostSafety = 'addPostSafety';
const AddPostTags = 40; const AddPostTags = 'addPostTags';
const AddPostThumb = 41; const AddPostThumb = 'addPostThumb';
const AddPostSource = 42; const AddPostSource = 'addPostSource';
const AddPostRelations = 43; const AddPostRelations = 'addPostRelations';
const AddPostContent = 44; const AddPostContent = 'addPostContent';
const RegisterAccount = 38; const RegisterAccount = 'registerAccount';
const ListUsers = 11; const ListUsers = 'listUsers';
const ViewUser = 12; const ViewUser = 'viewUser';
const ViewUserEmail = 22; const ViewUserEmail = 'viewUserEmail';
const BanUser = 13; const BanUser = 'banUser';
const AcceptUserRegistration = 14; const AcceptUserRegistration = 'acceptUserRegistration';
const ChangeUserPassword = 15; const EditUserPassword = 'editUserPassword';
const ChangeUserAccessRank = 16; const EditUserAccessRank = 'editUserAccessRank';
const ChangeUserEmail = 17; const EditUserEmail = 'editUserEmail';
const ChangeUserEmailNoConfirm = 46; const EditUserEmailNoConfirm = 'editUserEmailNoConfirm';
const ChangeUserName = 18; const EditUserName = 'editUserName';
const ChangeUserSettings = 28; const EditUserSettings = 'editUserSettings';
const DeleteUser = 19; const DeleteUser = 'deleteUser';
const FlagUser = 35; const FlagUser = 'flagUser';
const ListComments = 20; const ListComments = 'listComments';
const AddComment = 23; const AddComment = 'addComment';
const DeleteComment = 24; const DeleteComment = 'deleteComment';
const EditComment = 37; const EditComment = 'editComment';
const ListTags = 21; const ListTags = 'listTags';
const MergeTags = 27; const MergeTags = 'mergeTags';
const RenameTags = 47; const RenameTags = 'renameTags';
const MassTag = 29; const MassTag = 'massTag';
const ListLogs = 32; const ListLogs = 'listLogs';
const ViewLog = 33; const ViewLog = 'viewLog';
public $primary; public $primary;
public $secondary; public $secondary;
@ -66,7 +66,7 @@ class Privilege extends Enum
public function toString() public function toString()
{ {
$string = self::_toString($this->primary); $string = $this->primary;
if ($this->secondary) if ($this->secondary)
$string .= '.' . $this->secondary; $string .= '.' . $this->secondary;
return $string; return $string;

2
src/Views/top-navigation.phtml
View file

@ -117,7 +117,7 @@
?> ?>
<?php if (Access::check(new Privilege( <?php if (Access::check(new Privilege(
Privilege::ChangeUserSettings, Privilege::EditUserSettings,
Access::getIdentity(Auth::getCurrentUser())))): ?> Access::getIdentity(Auth::getCurrentUser())))): ?>
<li class="safety"> <li class="safety">
<ul> <ul>

8
src/Views/user/user-edit.phtml
View file

@ -21,7 +21,7 @@
<?php endif ?> <?php endif ?>
<?php if (Access::check(new Privilege( <?php if (Access::check(new Privilege(
Privilege::ChangeUserName, Privilege::EditUserName,
Access::getIdentity($this->context->transport->user)))): ?> Access::getIdentity($this->context->transport->user)))): ?>
<div class="form-row nickname"> <div class="form-row nickname">
@ -38,7 +38,7 @@
<?php endif ?> <?php endif ?>
<?php if (Access::check(new Privilege( <?php if (Access::check(new Privilege(
Privilege::ChangeUserEmail, Privilege::EditUserEmail,
Access::getIdentity($this->context->transport->user)))): ?> Access::getIdentity($this->context->transport->user)))): ?>
<div class="form-row email"> <div class="form-row email">
@ -55,7 +55,7 @@
<?php endif ?> <?php endif ?>
<?php if (Access::check(new Privilege( <?php if (Access::check(new Privilege(
Privilege::ChangeUserPassword, Privilege::EditUserPassword,
Access::getIdentity($this->context->transport->user)))): ?> Access::getIdentity($this->context->transport->user)))): ?>
<div class="form-row password1"> <div class="form-row password1">
@ -83,7 +83,7 @@
<?php endif ?> <?php endif ?>
<?php if (Access::check(new Privilege( <?php if (Access::check(new Privilege(
Privilege::ChangeUserAccessRank, Privilege::EditUserAccessRank,
Access::getIdentity($this->context->transport->user)))): ?> Access::getIdentity($this->context->transport->user)))): ?>
<div class="form-row access-rank"> <div class="form-row access-rank">

10
src/Views/user/user-view.phtml
View file

@ -70,10 +70,10 @@ $this->assets->addStylesheet('user-view.css');
<?php <?php
$userModificationPrivileges = [ $userModificationPrivileges = [
Privilege::ChangeUserName, Privilege::EditUserName,
Privilege::ChangeUserEmail, Privilege::EditUserEmail,
Privilege::ChangeUserPassword, Privilege::EditUserPassword,
Privilege::ChangeUserAccessRank, Privilege::EditUserAccessRank,
]; ];
$userModificationPrivileges = array_fill_keys($userModificationPrivileges, false); $userModificationPrivileges = array_fill_keys($userModificationPrivileges, false);
foreach (array_keys($userModificationPrivileges) as $privilege) foreach (array_keys($userModificationPrivileges) as $privilege)
@ -224,7 +224,7 @@ $this->assets->addStylesheet('user-view.css');
</li> </li>
<?php if (Access::check(new Privilege( <?php if (Access::check(new Privilege(
Privilege::ChangeUserSettings, Privilege::EditUserSettings,
Access::getIdentity($this->context->transport->user)))): ?> Access::getIdentity($this->context->transport->user)))): ?>
<?php if ($this->context->transport->tab == 'settings'): ?> <?php if ($this->context->transport->tab == 'settings'): ?>

1
tests/Support/Mockers/PostMocker.php
View file

@ -15,7 +15,6 @@ class PostMocker extends AbstractMocker implements IMocker
public function mockSingle() public function mockSingle()
{ {
$post = PostModel::spawn(); $post = PostModel::spawn();
#$post->setUploader($owner);
$post->setType(new PostType(PostType::Image)); $post->setType(new PostType(PostType::Image));
$post->setTags([$this->tagMocker->mockSingle()]); $post->setTags([$this->tagMocker->mockSingle()]);
copy($this->testSupport->getPath('image.jpg'), $post->getFullPath()); copy($this->testSupport->getPath('image.jpg'), $post->getFullPath());

195
tests/Tests/ApiTests/ApiPrivilegeTest.php
View file

@ -11,83 +11,83 @@ class ApiPrivilegeTest extends AbstractFullApiTest
public function testRegularPrivileges() public function testRegularPrivileges()
{ {
$this->testRegularPrivilege(new AcceptUserRegistrationJob(), new Privilege(Privilege::AcceptUserRegistration)); $this->testRegularPrivilege(new AcceptUserRegistrationJob(), Privilege::AcceptUserRegistration);
$this->testRegularPrivilege(new ActivateUserEmailJob(), false); $this->testRegularPrivilege(new ActivateUserEmailJob(), null);
$this->testRegularPrivilege(new AddCommentJob(), new Privilege(Privilege::AddComment)); $this->testRegularPrivilege(new AddCommentJob(), Privilege::AddComment);
$this->testRegularPrivilege(new PreviewCommentJob(), new Privilege(Privilege::AddComment)); $this->testRegularPrivilege(new PreviewCommentJob(), Privilege::AddComment);
$this->testRegularPrivilege(new AddPostJob(), new Privilege(Privilege::AddPost)); $this->testRegularPrivilege(new AddPostJob(), Privilege::AddPost);
$this->testRegularPrivilege(new AddUserJob(), new Privilege(Privilege::RegisterAccount)); $this->testRegularPrivilege(new AddUserJob(), Privilege::RegisterAccount);
$this->testRegularPrivilege(new EditUserJob(), false); $this->testRegularPrivilege(new EditUserJob(), null);
$this->testRegularPrivilege(new GetLogJob(), new Privilege(Privilege::ViewLog)); $this->testRegularPrivilege(new GetLogJob(), Privilege::ViewLog);
$this->testRegularPrivilege(new GetPropertyJob(), false); $this->testRegularPrivilege(new GetPropertyJob(), null);
$this->testRegularPrivilege(new ListCommentsJob(), new Privilege(Privilege::ListComments)); $this->testRegularPrivilege(new ListCommentsJob(), Privilege::ListComments);
$this->testRegularPrivilege(new ListLogsJob(), new Privilege(Privilege::ListLogs)); $this->testRegularPrivilege(new ListLogsJob(), Privilege::ListLogs);
$this->testRegularPrivilege(new ListPostsJob(), new Privilege(Privilege::ListPosts)); $this->testRegularPrivilege(new ListPostsJob(), Privilege::ListPosts);
$this->testRegularPrivilege(new ListRelatedTagsJob(), new Privilege(Privilege::ListTags)); $this->testRegularPrivilege(new ListRelatedTagsJob(), Privilege::ListTags);
$this->testRegularPrivilege(new ListTagsJob(), new Privilege(Privilege::ListTags)); $this->testRegularPrivilege(new ListTagsJob(), Privilege::ListTags);
$this->testRegularPrivilege(new ListUsersJob(), new Privilege(Privilege::ListUsers)); $this->testRegularPrivilege(new ListUsersJob(), Privilege::ListUsers);
$this->testRegularPrivilege(new PasswordResetJob(), false); $this->testRegularPrivilege(new PasswordResetJob(), null);
$this->testRegularPrivilege(new MergeTagsJob(), new Privilege(Privilege::MergeTags)); $this->testRegularPrivilege(new MergeTagsJob(), Privilege::MergeTags);
$this->testRegularPrivilege(new RenameTagsJob(), new Privilege(Privilege::RenameTags)); $this->testRegularPrivilege(new RenameTagsJob(), Privilege::RenameTags);
} }
protected function testRegularPrivilege($job, $expectedPrivilege) protected function testRegularPrivilege($job, $expectedPrivilege)
{ {
$this->testedJobs []= $job; $this->testedJobs []= $job;
$this->assert->areEquivalent($expectedPrivilege, $job->getRequiredPrivileges()); $this->assert->areEqual($expectedPrivilege, $job->getRequiredMainPrivilege());
$this->assert->isNull($job->getRequiredSubPrivileges());
} }
public function testDynamicPostPrivileges() public function testDynamicPostPrivileges()
{ {
$this->login($this->userMocker->mockSingle()); $this->login($this->userMocker->mockSingle());
$this->testDynamicPostPrivilege(new DeletePostJob(), new Privilege(Privilege::DeletePost)); $this->testDynamicPostPrivilege(new DeletePostJob(), Privilege::DeletePost);
$this->testDynamicPostPrivilege(new EditPostJob(), new Privilege(Privilege::EditPost)); $this->testDynamicPostPrivilege(new EditPostJob(), Privilege::EditPost);
$this->testDynamicPostPrivilege(new EditPostContentJob(), new Privilege(Privilege::EditPostContent)); $this->testDynamicPostPrivilege(new EditPostContentJob(), Privilege::EditPostContent);
$this->testDynamicPostPrivilege(new EditPostRelationsJob(), new Privilege(Privilege::EditPostRelations)); $this->testDynamicPostPrivilege(new EditPostRelationsJob(), Privilege::EditPostRelations);
$this->testDynamicPostPrivilege(new EditPostSafetyJob(), new Privilege(Privilege::EditPostSafety)); $this->testDynamicPostPrivilege(new EditPostSafetyJob(), Privilege::EditPostSafety);
$this->testDynamicPostPrivilege(new EditPostSourceJob(), new Privilege(Privilege::EditPostSource)); $this->testDynamicPostPrivilege(new EditPostSourceJob(), Privilege::EditPostSource);
$this->testDynamicPostPrivilege(new EditPostTagsJob(), new Privilege(Privilege::EditPostTags)); $this->testDynamicPostPrivilege(new EditPostTagsJob(), Privilege::EditPostTags);
$this->testDynamicPostPrivilege(new EditPostThumbJob(), new Privilege(Privilege::EditPostThumb)); $this->testDynamicPostPrivilege(new EditPostThumbJob(), Privilege::EditPostThumb);
$ctx = function($job) $ctx = function($job)
{ {
$job->setContext(AbstractJob::CONTEXT_BATCH_ADD); $job->setContext(AbstractJob::CONTEXT_BATCH_ADD);
return $job; return $job;
}; };
$this->testDynamicPostPrivilege($ctx(new EditPostContentJob), new Privilege(Privilege::AddPostContent)); $this->testDynamicPostPrivilege($ctx(new EditPostContentJob), Privilege::AddPostContent);
$this->testDynamicPostPrivilege($ctx(new EditPostRelationsJob), new Privilege(Privilege::AddPostRelations)); $this->testDynamicPostPrivilege($ctx(new EditPostRelationsJob), Privilege::AddPostRelations);
$this->testDynamicPostPrivilege($ctx(new EditPostSafetyJob), new Privilege(Privilege::AddPostSafety)); $this->testDynamicPostPrivilege($ctx(new EditPostSafetyJob), Privilege::AddPostSafety);
$this->testDynamicPostPrivilege($ctx(new EditPostSourceJob), new Privilege(Privilege::AddPostSource)); $this->testDynamicPostPrivilege($ctx(new EditPostSourceJob), Privilege::AddPostSource);
$this->testDynamicPostPrivilege($ctx(new EditPostTagsJob), new Privilege(Privilege::AddPostTags)); $this->testDynamicPostPrivilege($ctx(new EditPostTagsJob), Privilege::AddPostTags);
$this->testDynamicPostPrivilege($ctx(new EditPostThumbJob), new Privilege(Privilege::AddPostThumb)); $this->testDynamicPostPrivilege($ctx(new EditPostThumbJob), Privilege::AddPostThumb);
$this->testDynamicPostPrivilege(new FeaturePostJob(), new Privilege(Privilege::FeaturePost)); $this->testDynamicPostPrivilege(new FeaturePostJob(), Privilege::FeaturePost);
$this->testDynamicPostPrivilege(new FlagPostJob(), new Privilege(Privilege::FlagPost)); $this->testDynamicPostPrivilege(new FlagPostJob(), Privilege::FlagPost);
$this->testDynamicPostPrivilege(new ScorePostJob(), new Privilege(Privilege::ScorePost)); $this->testDynamicPostPrivilege(new ScorePostJob(), Privilege::ScorePost);
$this->testDynamicPostPrivilege(new TogglePostTagJob(), new Privilege(Privilege::EditPostTags)); $this->testDynamicPostPrivilege(new TogglePostTagJob(), Privilege::EditPostTags);
$this->testDynamicPostPrivilege(new TogglePostVisibilityJob(), new Privilege(Privilege::HidePost)); $this->testDynamicPostPrivilege(new TogglePostVisibilityJob(), Privilege::HidePost);
$this->testDynamicPostPrivilege(new TogglePostFavoriteJob(), new Privilege(Privilege::FavoritePost)); $this->testDynamicPostPrivilege(new TogglePostFavoriteJob(), Privilege::FavoritePost);
} }
protected function testDynamicPostPrivilege($job, $expectedPrivilege) protected function testDynamicPostPrivilege($job, $expectedPrivilege)
{ {
$this->testedJobs []= $job; $this->testedJobs []= $job;
$this->assert->areEqual($expectedPrivilege, $job->getRequiredMainPrivilege());
list ($ownPost, $otherPost) = $this->postMocker->mockMultiple(2); list ($ownPost, $otherPost) = $this->postMocker->mockMultiple(2);
$ownPost->setUploader(Auth::getCurrentUser()); $ownPost->setUploader(Auth::getCurrentUser());
$otherPost->setUploader($this->userMocker->mockSingle()); $otherPost->setUploader($this->userMocker->mockSingle());
PostModel::save([$ownPost, $otherPost]); PostModel::save([$ownPost, $otherPost]);
$expectedPrivilege->secondary = 'all';
$job->setArgument(JobArgs::ARG_POST_ID, $otherPost->getId()); $job->setArgument(JobArgs::ARG_POST_ID, $otherPost->getId());
$job->prepare(); $job->prepare();
$this->assert->areEquivalent($expectedPrivilege, $job->getRequiredPrivileges()); $this->assert->areEqual('all', $job->getRequiredSubPrivileges());
$expectedPrivilege->secondary = 'own';
$job->setArgument(JobArgs::ARG_POST_ID, $ownPost->getId()); $job->setArgument(JobArgs::ARG_POST_ID, $ownPost->getId());
$job->prepare(); $job->prepare();
$this->assert->areEquivalent($expectedPrivilege, $job->getRequiredPrivileges()); $this->assert->areEqual('own', $job->getRequiredSubPrivileges());
} }
public function testDynamicPostRetrievalPrivileges() public function testDynamicPostRetrievalPrivileges()
@ -110,9 +110,10 @@ class ApiPrivilegeTest extends AbstractFullApiTest
$job->setArgument(JobArgs::ARG_POST_ID, $post->getId()); $job->setArgument(JobArgs::ARG_POST_ID, $post->getId());
$job->setArgument(JobArgs::ARG_POST_NAME, $post->getName()); $job->setArgument(JobArgs::ARG_POST_NAME, $post->getName());
$job->prepare(); $job->prepare();
$this->assert->areEquivalent([ $this->assert->areEqual(Privilege::ViewPost, $job->getRequiredMainPrivilege());
new Privilege(Privilege::ViewPost, 'hidden'), $sub = $job->getRequiredSubPrivileges();
new Privilege(Privilege::ViewPost, 'safe')], $job->getRequiredPrivileges()); natcasesort($sub);
$this->assert->areEquivalent(['hidden', 'safe'], $sub);
} }
} }
@ -120,7 +121,7 @@ class ApiPrivilegeTest extends AbstractFullApiTest
{ {
$job = new GetPostThumbJob(); $job = new GetPostThumbJob();
$this->testedJobs []= $job; $this->testedJobs []= $job;
$this->assert->areEquivalent(false, $job->getRequiredPrivileges()); $this->assert->isNull($job->getRequiredMainPrivilege());
} }
public function testDynamicUserPrivileges() public function testDynamicUserPrivileges()
@ -128,86 +129,85 @@ class ApiPrivilegeTest extends AbstractFullApiTest
$ownUser = $this->userMocker->mockSingle(); $ownUser = $this->userMocker->mockSingle();
$this->login($ownUser); $this->login($ownUser);
$this->testDynamicUserPrivilege(new DeleteUserJob(), new Privilege(Privilege::DeleteUser)); $this->testDynamicUserPrivilege(new DeleteUserJob(), Privilege::DeleteUser);
$this->testDynamicUserPrivilege(new EditUserAccessRankJob(), new Privilege(Privilege::ChangeUserAccessRank)); $this->testDynamicUserPrivilege(new EditUserAccessRankJob(), Privilege::EditUserAccessRank);
$this->testDynamicUserPrivilege(new EditUserEmailJob(), new Privilege(Privilege::ChangeUserEmail)); $this->testDynamicUserPrivilege(new EditUserEmailJob(), Privilege::EditUserEmail);
$this->testDynamicUserPrivilege(new EditUserNameJob(), new Privilege(Privilege::ChangeUserName)); $this->testDynamicUserPrivilege(new EditUserNameJob(), Privilege::EditUserName);
$this->testDynamicUserPrivilege(new EditUserPasswordJob(), new Privilege(Privilege::ChangeUserPassword)); $this->testDynamicUserPrivilege(new EditUserPasswordJob(), Privilege::EditUserPassword);
$this->testDynamicUserPrivilege(new EditUserSettingsJob(), new Privilege(Privilege::ChangeUserSettings)); $this->testDynamicUserPrivilege(new EditUserSettingsJob(), Privilege::EditUserSettings);
$ctx = function($job) $ctx = function($job)
{ {
$job->setContext(AbstractJob::CONTEXT_BATCH_ADD); $job->setContext(AbstractJob::CONTEXT_BATCH_ADD);
return $job; return $job;
}; };
$this->testDynamicUserPrivilege($ctx(new EditUserAccessRankJob()), new Privilege(Privilege::ChangeUserAccessRank)); $this->testDynamicUserPrivilege($ctx(new EditUserAccessRankJob()), Privilege::EditUserAccessRank);
$this->testDynamicUserPrivilege($ctx(new EditUserEmailJob()), new Privilege(Privilege::RegisterAccount)); $this->testDynamicUserPrivilege($ctx(new EditUserEmailJob()), Privilege::RegisterAccount);
$this->testDynamicUserPrivilege($ctx(new EditUserNameJob()), new Privilege(Privilege::RegisterAccount)); $this->testDynamicUserPrivilege($ctx(new EditUserNameJob()), Privilege::RegisterAccount);
$this->testDynamicUserPrivilege($ctx(new EditUserPasswordJob()), new Privilege(Privilege::RegisterAccount)); $this->testDynamicUserPrivilege($ctx(new EditUserPasswordJob()), Privilege::RegisterAccount);
$this->testDynamicUserPrivilege($ctx(new EditUserSettingsJob()), new Privilege(Privilege::ChangeUserSettings)); $this->testDynamicUserPrivilege($ctx(new EditUserSettingsJob()), Privilege::EditUserSettings);
$this->testDynamicUserPrivilege(new FlagUserJob(), new Privilege(Privilege::FlagUser)); $this->testDynamicUserPrivilege(new FlagUserJob(), Privilege::FlagUser);
$this->testDynamicUserPrivilege(new GetUserJob(), new Privilege(Privilege::ViewUser)); $this->testDynamicUserPrivilege(new GetUserJob(), Privilege::ViewUser);
$this->testDynamicUserPrivilege(new GetUserSettingsJob(), new Privilege(Privilege::ChangeUserSettings)); $this->testDynamicUserPrivilege(new GetUserSettingsJob(), Privilege::EditUserSettings);
$this->testDynamicUserPrivilege(new ToggleUserBanJob(), new Privilege(Privilege::BanUser)); $this->testDynamicUserPrivilege(new ToggleUserBanJob(), Privilege::BanUser);
} }
protected function testDynamicUserPrivilege($job, $expectedPrivilege) protected function testDynamicUserPrivilege($job, $expectedPrivilege)
{ {
$this->testedJobs []= $job;
$this->assert->areEqual($expectedPrivilege, $job->getRequiredMainPrivilege());
$ownUser = Auth::getCurrentUser(); $ownUser = Auth::getCurrentUser();
$otherUser = $this->userMocker->mockSingle(); $otherUser = $this->userMocker->mockSingle();
$otherUser->setName('dummy' . uniqid()); $otherUser->setName('dummy' . uniqid());
UserModel::save($otherUser); UserModel::save($otherUser);
$this->testedJobs []= $job;
$expectedPrivilege->secondary = 'own';
$job->setArgument(JobArgs::ARG_USER_NAME, $ownUser->getName()); $job->setArgument(JobArgs::ARG_USER_NAME, $ownUser->getName());
$job->prepare(); $job->prepare();
$this->assert->areEquivalent($expectedPrivilege, $job->getRequiredPrivileges()); $this->assert->areEqual('own', $job->getRequiredSubPrivileges());
$expectedPrivilege->secondary = 'all';
$job->setArgument(JobArgs::ARG_USER_NAME, $otherUser->getName()); $job->setArgument(JobArgs::ARG_USER_NAME, $otherUser->getName());
$job->prepare(); $job->prepare();
$this->assert->areEquivalent($expectedPrivilege, $job->getRequiredPrivileges()); $this->assert->areEqual('all', $job->getRequiredSubPrivileges());
} }
public function testDynamicCommentPrivileges() public function testDynamicCommentPrivileges()
{ {
$this->login($this->userMocker->mockSingle()); $this->login($this->userMocker->mockSingle());
$this->testDynamicCommentPrivilege(new DeleteCommentJob(), new Privilege(Privilege::DeleteComment)); $this->testDynamicCommentPrivilege(new DeleteCommentJob(), Privilege::DeleteComment);
$this->testDynamicCommentPrivilege(new EditCommentJob(), new Privilege(Privilege::EditComment)); $this->testDynamicCommentPrivilege(new EditCommentJob(), Privilege::EditComment);
} }
protected function testDynamicCommentPrivilege($job, $expectedPrivilege) protected function testDynamicCommentPrivilege($job, $expectedPrivilege)
{ {
$this->testedJobs []= $job;
$this->assert->areEqual($expectedPrivilege, $job->getRequiredMainPrivilege());
list ($ownComment, $otherComment) = $this->commentMocker->mockMultiple(2); list ($ownComment, $otherComment) = $this->commentMocker->mockMultiple(2);
$ownComment->setCommenter(Auth::getCurrentUser()); $ownComment->setCommenter(Auth::getCurrentUser());
$otherComment->setCommenter($this->userMocker->mockSingle()); $otherComment->setCommenter($this->userMocker->mockSingle());
CommentModel::save([$ownComment, $otherComment]); CommentModel::save([$ownComment, $otherComment]);
$this->testedJobs []= $job;
$expectedPrivilege->secondary = 'own';
$job->setArgument(JobArgs::ARG_COMMENT_ID, $ownComment->getId()); $job->setArgument(JobArgs::ARG_COMMENT_ID, $ownComment->getId());
$job->prepare(); $job->prepare();
$this->assert->areEquivalent($expectedPrivilege, $job->getRequiredPrivileges()); $this->assert->areEqual('own', $job->getRequiredSubPrivileges());
$expectedPrivilege->secondary = 'all';
$job->setArgument(JobArgs::ARG_COMMENT_ID, $otherComment->getId()); $job->setArgument(JobArgs::ARG_COMMENT_ID, $otherComment->getId());
$job->prepare(); $job->prepare();
$this->assert->areEquivalent($expectedPrivilege, $job->getRequiredPrivileges()); $this->assert->areEqual('all', $job->getRequiredSubPrivileges());
} }
public function testPrivilegeEnforcing() public function testPrivilegeEnforcing()
{ {
$this->assert->throws(function() $post = $this->postMocker->mockSingle();
Core::getConfig()->registration->needEmailForCommenting = false;
$this->assert->throws(function() use ($post)
{ {
$post = $this->postMocker->mockSingle(); Api::run(
Core::getConfig()->registration->needEmailForCommenting = false;
return Api::run(
new AddCommentJob(), new AddCommentJob(),
[ [
JobArgs::ARG_POST_ID => $post->getId(), JobArgs::ARG_POST_ID => $post->getId(),
@ -215,4 +215,39 @@ class ApiPrivilegeTest extends AbstractFullApiTest
]); ]);
}, 'Insufficient privileges'); }, 'Insufficient privileges');
} }
public function testComplexPrivilegeEnforcing()
{
$post = $this->postMocker->mockSingle();
Core::getConfig()->registration->needEmailForCommenting = false;
$this->grantAccess('editPost.own');
$this->grantAccess('editPostTags.own');
$this->revokeAccess('editPost.all');
$this->revokeAccess('editPostTags.all');
$user = $this->userMocker->mockSingle();
$this->login($user);
$this->assert->throws(function() use ($post)
{
Api::run(
new EditPostTagsJob(),
[
JobArgs::ARG_POST_ID => $post->getId(),
JobArgs::ARG_NEW_TAG_NAMES => ['test1', 'test2'],
]);
}, 'Insufficient privileges');
$post->setUploader($user);
PostModel::save($post);
$this->assert->doesNotThrow(function() use ($post)
{
Api::run(
new EditPostTagsJob(),
[
JobArgs::ARG_POST_ID => $post->getId(),
JobArgs::ARG_NEW_TAG_NAMES => ['test1', 'test2'],
]);
});
}
} }

6
tests/Tests/JobTests/AddUserJobTest.php
View file

@ -147,7 +147,7 @@ class AddUserJobTest extends AbstractTest
Mailer::mockSending(); Mailer::mockSending();
$this->assert->areEqual(0, Mailer::getMailCounter()); $this->assert->areEqual(0, Mailer::getMailCounter());
Core::getConfig()->privileges->changeUserEmailNoConfirm = 'admin'; Core::getConfig()->privileges->editUserEmailNoConfirm = 'admin';
$this->grantAccess('registerAccount'); $this->grantAccess('registerAccount');
$user1 = $this->assert->doesNotThrow(function() $user1 = $this->assert->doesNotThrow(function()
@ -189,7 +189,7 @@ class AddUserJobTest extends AbstractTest
Mailer::mockSending(); Mailer::mockSending();
$this->assert->areEqual(0, Mailer::getMailCounter()); $this->assert->areEqual(0, Mailer::getMailCounter());
Core::getConfig()->privileges->changeUserEmailNoConfirm = 'nobody'; Core::getConfig()->privileges->editUserEmailNoConfirm = 'nobody';
$this->grantAccess('registerAccount'); $this->grantAccess('registerAccount');
$user1 = $this->assert->doesNotThrow(function() $user1 = $this->assert->doesNotThrow(function()
@ -229,7 +229,7 @@ class AddUserJobTest extends AbstractTest
Mailer::mockSending(); Mailer::mockSending();
$this->assert->areEqual(0, Mailer::getMailCounter()); $this->assert->areEqual(0, Mailer::getMailCounter());
Core::getConfig()->privileges->changeUserEmailNoConfirm = 'anonymous'; Core::getConfig()->privileges->editUserEmailNoConfirm = 'anonymous';
$this->grantAccess('registerAccount'); $this->grantAccess('registerAccount');
$user1 = $this->assert->doesNotThrow(function() $user1 = $this->assert->doesNotThrow(function()

6
tests/Tests/JobTests/EditUserAccessRankJobTest.php
View file

@ -3,7 +3,7 @@ class EditUserAccessRankJobTest extends AbstractTest
{ {
public function testEditing() public function testEditing()
{ {
$this->grantAccess('changeUserAccessRank'); $this->grantAccess('editUserAccessRank');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
$this->assert->areEqual(AccessRank::Registered, $user->getAccessRank()->toInteger()); $this->assert->areEqual(AccessRank::Registered, $user->getAccessRank()->toInteger());
@ -23,7 +23,7 @@ class EditUserAccessRankJobTest extends AbstractTest
public function testSettingToNobodyDenial() public function testSettingToNobodyDenial()
{ {
$this->grantAccess('changeUserAccessRank'); $this->grantAccess('editUserAccessRank');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
$this->assert->areEqual(AccessRank::Registered, $user->getAccessRank()->toInteger()); $this->assert->areEqual(AccessRank::Registered, $user->getAccessRank()->toInteger());
@ -41,7 +41,7 @@ class EditUserAccessRankJobTest extends AbstractTest
public function testHigherThanMyselfDenial() public function testHigherThanMyselfDenial()
{ {
Core::getConfig()->privileges->changeUserAccessRank = 'power-user'; Core::getConfig()->privileges->editUserAccessRank = 'power-user';
Access::init(); Access::init();
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();

16
tests/Tests/JobTests/EditUserEmailJobTest.php
View file

@ -7,8 +7,8 @@ class EditUserEmailJobTest extends AbstractTest
Mailer::mockSending(); Mailer::mockSending();
$this->assert->areEqual(0, Mailer::getMailCounter()); $this->assert->areEqual(0, Mailer::getMailCounter());
Core::getConfig()->privileges->changeUserEmailNoConfirm = 'anonymous'; Core::getConfig()->privileges->editUserEmailNoConfirm = 'anonymous';
$this->grantAccess('changeUserEmail'); $this->grantAccess('editUserEmail');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
@ -34,8 +34,8 @@ class EditUserEmailJobTest extends AbstractTest
Mailer::mockSending(); Mailer::mockSending();
$this->assert->areEqual(0, Mailer::getMailCounter()); $this->assert->areEqual(0, Mailer::getMailCounter());
Core::getConfig()->privileges->changeUserEmailNoConfirm = 'admin'; Core::getConfig()->privileges->editUserEmailNoConfirm = 'admin';
$this->grantAccess('changeUserEmail'); $this->grantAccess('editUserEmail');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
@ -60,8 +60,8 @@ class EditUserEmailJobTest extends AbstractTest
Core::getConfig()->registration->needEmailForRegistering = false; Core::getConfig()->registration->needEmailForRegistering = false;
Mailer::mockSending(); Mailer::mockSending();
Core::getConfig()->privileges->changeUserEmailNoConfirm = 'nobody'; Core::getConfig()->privileges->editUserEmailNoConfirm = 'nobody';
$this->grantAccess('changeUserEmail'); $this->grantAccess('editUserEmail');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
@ -82,8 +82,8 @@ class EditUserEmailJobTest extends AbstractTest
Mailer::mockSending(); Mailer::mockSending();
$this->assert->areEqual(0, Mailer::getMailCounter()); $this->assert->areEqual(0, Mailer::getMailCounter());
Core::getConfig()->privileges->changeUserEmailNoConfirm = 'anonymous'; Core::getConfig()->privileges->editUserEmailNoConfirm = 'anonymous';
$this->grantAccess('changeUserEmail'); $this->grantAccess('editUserEmail');
list ($user, $otherUser) list ($user, $otherUser)
= $this->userMocker->mockMultiple(2); = $this->userMocker->mockMultiple(2);

8
tests/Tests/JobTests/EditUserJobTest.php
View file

@ -3,8 +3,8 @@ class EditUserJobTest extends AbstractTest
{ {
public function testSaving() public function testSaving()
{ {
$this->grantAccess('changeUserName.own'); $this->grantAccess('editUserName.own');
$this->grantAccess('changeUserPassword.own'); $this->grantAccess('editUserPassword.own');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
$newName = 'dummy' . uniqid(); $newName = 'dummy' . uniqid();
@ -29,7 +29,7 @@ class EditUserJobTest extends AbstractTest
public function testPartialPrivilegeFail() public function testPartialPrivilegeFail()
{ {
$this->grantAccess('changeUserName.own'); $this->grantAccess('editUserName.own');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
$newName = 'dummy' . uniqid(); $newName = 'dummy' . uniqid();
@ -58,7 +58,7 @@ class EditUserJobTest extends AbstractTest
public function testCanEditSomething() public function testCanEditSomething()
{ {
$this->grantAccess('changeUserName.own'); $this->grantAccess('editUserName.own');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
$user = $this->assert->isTrue((new EditUserJob())->canEditAnything($user)); $user = $this->assert->isTrue((new EditUserJob())->canEditAnything($user));
} }

10
tests/Tests/JobTests/EditUserNameJobTest.php
View file

@ -3,7 +3,7 @@ class EditUserNameJobTest extends AbstractTest
{ {
public function testEditing() public function testEditing()
{ {
$this->grantAccess('changeUserName'); $this->grantAccess('editUserName');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
$newName = uniqid(); $newName = uniqid();
@ -25,7 +25,7 @@ class EditUserNameJobTest extends AbstractTest
public function testTooShortName() public function testTooShortName()
{ {
$this->grantAccess('changeUserName'); $this->grantAccess('editUserName');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
$newName = str_repeat('a', Core::getConfig()->registration->userNameMinLength - 1); $newName = str_repeat('a', Core::getConfig()->registration->userNameMinLength - 1);
@ -43,7 +43,7 @@ class EditUserNameJobTest extends AbstractTest
public function testTooLongName() public function testTooLongName()
{ {
$this->grantAccess('changeUserName'); $this->grantAccess('editUserName');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
$newName = str_repeat('a', Core::getConfig()->registration->userNameMaxLength + 1); $newName = str_repeat('a', Core::getConfig()->registration->userNameMaxLength + 1);
@ -61,7 +61,7 @@ class EditUserNameJobTest extends AbstractTest
public function testInvalidName() public function testInvalidName()
{ {
$this->grantAccess('changeUserName'); $this->grantAccess('editUserName');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
$newName = 'ble/ble'; $newName = 'ble/ble';
@ -79,7 +79,7 @@ class EditUserNameJobTest extends AbstractTest
public function testChangingToExistingDenial() public function testChangingToExistingDenial()
{ {
$this->grantAccess('changeUserName'); $this->grantAccess('editUserName');
list ($user, $otherUser) list ($user, $otherUser)
= $this->userMocker->mockMultiple(2); = $this->userMocker->mockMultiple(2);

4
tests/Tests/JobTests/EditUserPasswordJobTest.php
View file

@ -13,7 +13,7 @@ class EditUserPasswordJobTest extends AbstractTest
public function testTooShortPassword() public function testTooShortPassword()
{ {
$this->grantAccess('changeUserPassword'); $this->grantAccess('editUserPassword');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
$newPassword = str_repeat('a', Core::getConfig()->registration->passMinLength - 1); $newPassword = str_repeat('a', Core::getConfig()->registration->passMinLength - 1);
@ -34,7 +34,7 @@ class EditUserPasswordJobTest extends AbstractTest
private function testValidPassword($newPassword) private function testValidPassword($newPassword)
{ {
$this->grantAccess('changeUserPassword'); $this->grantAccess('editUserPassword');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
$newPasswordHash = UserModel::hashPassword($newPassword, $user->getPasswordSalt()); $newPasswordHash = UserModel::hashPassword($newPassword, $user->getPasswordSalt());

8
tests/Tests/JobTests/EditUserSettingsJobTest.php
View file

@ -3,7 +3,7 @@ class EditUserSettingsJobTest extends AbstractTest
{ {
public function testEditing() public function testEditing()
{ {
$this->grantAccess('changeUserSettings'); $this->grantAccess('editUserSettings');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
$expectedSafety = (new PostSafety(PostSafety::Sketchy))->toFlag(); $expectedSafety = (new PostSafety(PostSafety::Sketchy))->toFlag();
@ -33,7 +33,7 @@ class EditUserSettingsJobTest extends AbstractTest
public function testSettingAdditional() public function testSettingAdditional()
{ {
$this->grantAccess('changeUserSettings'); $this->grantAccess('editUserSettings');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
$user = $this->assert->doesNotThrow(function() use ($user) $user = $this->assert->doesNotThrow(function() use ($user)
@ -61,7 +61,7 @@ class EditUserSettingsJobTest extends AbstractTest
public function testSettingBadValues() public function testSettingBadValues()
{ {
$this->grantAccess('changeUserSettings'); $this->grantAccess('editUserSettings');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
$user = $this->assert->doesNotThrow(function() use ($user) $user = $this->assert->doesNotThrow(function() use ($user)
@ -90,7 +90,7 @@ class EditUserSettingsJobTest extends AbstractTest
public function testSettingTooLongData() public function testSettingTooLongData()
{ {
$this->grantAccess('changeUserSettings'); $this->grantAccess('editUserSettings');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
$this->assert->throws(function() use ($user) $this->assert->throws(function() use ($user)

6
tests/Tests/JobTests/GetUserSettingsJobTest.php
View file

@ -3,7 +3,7 @@ class GetUserSettingsJobTest extends AbstractTest
{ {
public function testRetrieving() public function testRetrieving()
{ {
$this->grantAccess('changeUserSettings'); $this->grantAccess('editUserSettings');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
$settings = $this->assert->doesNotThrow(function() use ($user) $settings = $this->assert->doesNotThrow(function() use ($user)
@ -25,7 +25,7 @@ class GetUserSettingsJobTest extends AbstractTest
public function testSwitchingSafety() public function testSwitchingSafety()
{ {
$this->grantAccess('changeUserSettings'); $this->grantAccess('editUserSettings');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
$user->getSettings()->enableSafety(new PostSafety(PostSafety::Sketchy), true); $user->getSettings()->enableSafety(new PostSafety(PostSafety::Sketchy), true);
@ -53,7 +53,7 @@ class GetUserSettingsJobTest extends AbstractTest
public function testSwitchingSafety2() public function testSwitchingSafety2()
{ {
$this->grantAccess('changeUserSettings'); $this->grantAccess('editUserSettings');
$user = $this->userMocker->mockSingle(); $user = $this->userMocker->mockSingle();
$user->getSettings()->enableSafety(new PostSafety(PostSafety::Sketchy), true); $user->getSettings()->enableSafety(new PostSafety(PostSafety::Sketchy), true);