Core  3.2
PHP API documentation
 All Data Structures Namespaces Files Functions Variables Pages
PU_test_dcp_access.php
Go to the documentation of this file.
1 <?php
2 /*
3  * @author Anakeen
4  * @package Dcp\Pu
5 */
6 
7 namespace Dcp\Pu;
8 
9 require_once 'PU_testcase_dcp_application.php';
10 
11 class TestAccess extends TestCaseDcpApplication
12 {
13  public static function appConfig()
14  {
15  return array(
16  "appRoot" => join(DIRECTORY_SEPARATOR, array(
17  DEFAULT_PUBDIR,
18  "DCPTEST",
19  "app"
20  )) ,
21  "appName" => "TST_ACCESS",
22  "import" => array(
23  "PU_data_dcp_access.ods"
24  ) ,
25  );
26  }
27  /**
28  * Test ACCESS on application/action
29  * @param array $data test specification
30  * @return void
31  * @dataProvider dataTestAccessApplication
32  */
33  public function testAccessApplication($data)
34  {
35  $myAction = self::getAction();
36 
37  $appConfig = self::appConfig();
38  $this->assertTrue(is_object(self::$app) , sprintf("Application '%s' is not an object.", $appConfig['appName']));
39 
40  if (isset($data['import'])) {
41  $this->importDocument($data['import']);
42  }
43  if (isset($data['import:data'])) {
44  $this->importCsvData($data['import:data']);
45  }
46 
47  foreach ($data['tests'] as $testIdx => & $test) {
48  if (isset($test['import'])) {
49  $this->importDocument($test['import']);
50  }
51  if (isset($test['import:data'])) {
52  $this->importCsvData($test['import:data']);
53  }
54 
55  $this->assertTrue(isset($test['has:permission']) && is_array($test['has:permission']) , sprintf("test#%s> Invalid data supplied by provider.", $testIdx));
56 
57  foreach ($test['has:permission'] as $checkIdx => $check) {
58  $user = new_doc(self::$dbaccess, $check['user']);
59  $this->assertTrue($user->isAlive() , sprintf("test#%s/check#%s> Could not get user with id '%s'.", $testIdx, $checkIdx, $check['user']));
60  $wuser = new \Account(self::$dbaccess, $user->getRawValue('us_whatid'));
61  $this->assertTrue(is_numeric($wuser->id) , sprintf("test#%s/check#%s> Invalid user what id '%s' for user '%s'.", $testIdx, $checkIdx, $wuser->id, $check['user']));
62 
63  $this->sudo($wuser->login);
64  // check Action::hasPermission
65  $perm = $myAction->hasPermission($check['acl'], $check['app']);
66  $err = sprintf("test#%s/check#%s> Unexpected permission %s (should be %s) for user %s on acl %s from app %s", $testIdx, $checkIdx, $perm ? 'true' : 'false', $check['permission'] ? 'true' : 'false', $check['user'], $check['acl'], $check['app']);
67  if ($perm != $check['permission']) {
68  // these requests can be really slow, only execute them if needed
69  $err.= "\n\t" . $this->prettySqlRelation(sprintf("Groups test#%s/check#%s", $testIdx, $checkIdx) , "SELECT l.login AS user, r.login AS group FROM users AS l, groups AS g, users AS r WHERE g.iduser = l.id AND g.idgroup = r.id");
70  $err.= "\n\t" . $this->prettySqlRelation(sprintf("Permission test#%s/check#%s", $testIdx, $checkIdx) , "SELECT u.login AS user, a.name AS app, c.name AS acl, p.id_acl AS permission, p.computed AS computed FROM users AS u, permission AS p, application AS a, acl AS c WHERE u.id = p.id_user AND p.id_application = a.id AND abs(p.id_acl) = c.id AND a.name = 'TST_ACCESS'");
71  }
72  $this->assertTrue($perm == $check['permission'], $err);
73  // check Action::canExecute
74  $perm = $myAction->canExecute($check['action'], $check['app']);
75  if ($check['permission']) {
76  $this->assertTrue('' === $perm, sprintf("test#%s/check#%s> Unexpected canExecute %s (should be '') for user %s on action %s from app %s", $testIdx, $checkIdx, var_export($perm, true) , $check['user'], $check['action'], $check['app']));
77  } else {
78  $regexp = sprintf('/no privilege (.+) for (\d+) %s/', $check['action']);
79  $this->assertRegExp($regexp, $perm, sprintf("test#%s/check#%s> Unexpected canExecute %s (should match %s) for user %s on action %s from app %s", $testIdx, $checkIdx, var_export($perm, true) , $regexp, $check['user'], $check['action'], $check['app']));
80  }
81 
82  $this->exitSudo();
83  }
84  }
85  unset($test);
86  }
87 
88  public function prettySqlRelation($title, $sql)
89  {
90  $res = pg_query(self::$odb->dbid, $sql);
91  if ($res === false) {
92  return false;
93  }
94  $res = pg_fetch_all($res);
95  if (!is_array($res)) {
96  return false;
97  }
98 
99  $out = array();
100  $colsWidth = array();
101  /* Compute columns width */
102  foreach ($res as $tuple) {
103  foreach ($tuple as $k => $v) {
104  if (!array_key_exists($k, $colsWidth)) {
105  $colsWidth[$k] = strlen($k);
106  }
107  $colsWidth[$k] = max($colsWidth[$k], strlen($v));
108  }
109  }
110  /* Generate table */
111  foreach ($res as $i => $tuple) {
112  $line = array();
113  foreach ($tuple as $k => $v) {
114  $line[] = sprintf("%" . ($colsWidth[$k] + 2) . "s", $v);
115  }
116  if ($i == 0) {
117  /* Generate table header */
118  $header = array();
119  foreach ($tuple as $k => $v) {
120  $header[] = sprintf("%" . ($colsWidth[$k] + 2) . "s", $k);
121  }
122  $header = join(" | ", $header);
123  /* Generate title */
124  if (strlen($title) > 0) {
125  $title = sprintf("%" . (int)(strlen($header) / 2 + strlen($title) / 2) . "s", $title);
126  $out[] = $title;
127  $out[] = str_repeat("-", strlen($header));
128  }
129  $out[] = $header;
130  $out[] = str_repeat("-", strlen($header));
131  }
132  /* Add table line */
133  $out[] = join(" | ", $line);
134  }
135 
136  return join("\n", $out) . "\n";
137  }
138 
139  public function dataTestAccessApplication()
140  {
141  return array(
142  array(
143  array(
144  "tests" => array(
145  /* 0 */
146  array(
147  /*
148  * Compute and check all permissions
149  */
150  "has:permission" => array(
151  // Homer
152  array(
153  "user" => "TST_U_HOMER_SIMPSON",
154  "app" => "TST_ACCESS",
155  "acl" => "TST_ACCESS_ACL_1",
156  "action" => "TST_ACCESS_ACTION_1",
157  "permission" => true
158  ) ,
159  array(
160  "user" => "TST_U_HOMER_SIMPSON",
161  "app" => "TST_ACCESS",
162  "acl" => "TST_ACCESS_ACL_2",
163  "action" => "TST_ACCESS_ACTION_2",
164  "permission" => false
165  ) ,
166  array(
167  "user" => "TST_U_HOMER_SIMPSON",
168  "app" => "TST_ACCESS",
169  "acl" => \Action::ACCESS_FREE,
170  "action" => "TST_ACCESS_ACTION_FREE",
171  "permission" => true
172  ) ,
173  // Marge
174  array(
175  "user" => "TST_U_MARGE_SIMPSON",
176  "app" => "TST_ACCESS",
177  "acl" => "TST_ACCESS_ACL_1",
178  "action" => "TST_ACCESS_ACTION_1",
179  "permission" => true
180  ) ,
181  array(
182  "user" => "TST_U_MARGE_SIMPSON",
183  "app" => "TST_ACCESS",
184  "acl" => "TST_ACCESS_ACL_2",
185  "action" => "TST_ACCESS_ACTION_2",
186  "permission" => true
187  ) ,
188  array(
189  "user" => "TST_U_MARGE_SIMPSON",
190  "app" => "TST_ACCESS",
191  "acl" => \Action::ACCESS_FREE,
192  "action" => "TST_ACCESS_ACTION_FREE",
193  "permission" => true
194  ) ,
195  // Bart
196  array(
197  "user" => "TST_U_BART_SIMPSON",
198  "app" => "TST_ACCESS",
199  "acl" => "TST_ACCESS_ACL_1",
200  "action" => "TST_ACCESS_ACTION_1",
201  "permission" => false
202  ) ,
203  array(
204  "user" => "TST_U_BART_SIMPSON",
205  "app" => "TST_ACCESS",
206  "acl" => "TST_ACCESS_ACL_2",
207  "action" => "TST_ACCESS_ACTION_2",
208  "permission" => false
209  ) ,
210  array(
211  "user" => "TST_U_BART_SIMPSON",
212  "app" => "TST_ACCESS",
213  "acl" => \Action::ACCESS_FREE,
214  "action" => "TST_ACCESS_ACTION_FREE",
215  "permission" => true
216  ) ,
217  // Lisa
218  array(
219  "user" => "TST_U_LISA_SIMPSON",
220  "app" => "TST_ACCESS",
221  "acl" => "TST_ACCESS_ACL_1",
222  "action" => "TST_ACCESS_ACTION_1",
223  "permission" => false
224  ) ,
225  array(
226  "user" => "TST_U_LISA_SIMPSON",
227  "app" => "TST_ACCESS",
228  "acl" => "TST_ACCESS_ACL_2",
229  "action" => "TST_ACCESS_ACTION_2",
230  "permission" => true
231  ) ,
232  array(
233  "user" => "TST_U_LISA_SIMPSON",
234  "app" => "TST_ACCESS",
235  "acl" => \Action::ACCESS_FREE,
236  "action" => "TST_ACCESS_ACTION_FREE",
237  "permission" => true
238  ) ,
239  // Maggie
240  array(
241  "user" => "TST_U_MAGGIE_SIMPSON",
242  "app" => "TST_ACCESS",
243  "acl" => "TST_ACCESS_ACL_1",
244  "action" => "TST_ACCESS_ACTION_1",
245  "permission" => false
246  ) ,
247  array(
248  "user" => "TST_U_MAGGIE_SIMPSON",
249  "app" => "TST_ACCESS",
250  "acl" => "TST_ACCESS_ACL_2",
251  "action" => "TST_ACCESS_ACTION_2",
252  "permission" => true
253  ) ,
254  array(
255  "user" => "TST_U_MAGGIE_SIMPSON",
256  "app" => "TST_ACCESS",
257  "acl" => \Action::ACCESS_FREE,
258  "action" => "TST_ACCESS_ACTION_FREE",
259  "permission" => true
260  )
261  )
262  ) ,
263  /* 1 */
264  array(
265  "import:data" => "ACCESS;TST_G_G2;TST_ACCESS;TST_ACCESS_ACL_1",
266  "has:permission" => array(
267  array(
268  "user" => "TST_U_MAGGIE_SIMPSON",
269  "app" => "TST_ACCESS",
270  "acl" => "TST_ACCESS_ACL_1",
271  "action" => "TST_ACCESS_ACTION_1",
272  "permission" => true
273  ) ,
274  array(
275  "user" => "TST_U_MAGGIE_SIMPSON",
276  "app" => "TST_ACCESS",
277  "acl" => \Action::ACCESS_FREE,
278  "action" => "TST_ACCESS_ACTION_FREE",
279  "permission" => true
280  )
281  )
282  ) ,
283  /* 2 */
284  array(
285  "import:data" => "ACCESS;TST_G_G21;TST_ACCESS;-TST_ACCESS_ACL_1",
286  "has:permission" => array(
287  array(
288  "user" => "TST_U_MAGGIE_SIMPSON",
289  "app" => "TST_ACCESS",
290  "acl" => "TST_ACCESS_ACL_1",
291  "action" => "TST_ACCESS_ACTION_1",
292  "permission" => false
293  ) ,
294  array(
295  "user" => "TST_U_MAGGIE_SIMPSON",
296  "app" => "TST_ACCESS",
297  "acl" => \Action::ACCESS_FREE,
298  "action" => "TST_ACCESS_ACTION_FREE",
299  "permission" => true
300  )
301  )
302  )
303  ) // tests
304 
305  )
306  )
307  );
308  }
309 }
310 ?>
Dcp\Pu\TestCaseDcp\sudo
static sudo($login)
Definition: PU_testcase_dcp.php:165
Action\ACCESS_FREE
const ACCESS_FREE
Definition: Class.Action.php:29
Dcp\Pu\TestCaseDcp\importDocument
static importDocument($file)
Definition: PU_testcase_dcp.php:198
DEFAULT_PUBDIR
const DEFAULT_PUBDIR
Definition: Lib.Prefix.php:28
$out
$out
Definition: Api/freedom_import.php:37
$app
$app
Definition: change_action.php:35
Dcp\Pu\TestAccess\prettySqlRelation
prettySqlRelation($title, $sql)
Definition: PU_test_dcp_access.php:88
$title
$title
Definition: DynacaseConsistency/info.php:2
$dbaccess
$dbaccess
Definition: checkVault.php:17
$err
if($file) if($subject==""&&$file) if($subject=="") $err
Definition: fdl_sendmail.php:78
$test
$test
Definition: checkVault.php:30
$data
$data
Definition: fdl_sendmail.php:40
← centre documentaire © anakeen