diff --git a/test/ItopDataTestCase.php b/test/ItopDataTestCase.php index b581c7419..5c6a2c0c8 100644 --- a/test/ItopDataTestCase.php +++ b/test/ItopDataTestCase.php @@ -29,6 +29,7 @@ use ArchivedObjectException; use CMDBSource; use Contact; use DBObject; +use DBObjectSet; use Exception; use Farm; use FunctionalCI; @@ -39,6 +40,7 @@ use Person; use PHPUnit\Framework\TestCase; use Server; use Ticket; +use URP_UserProfile; use VirtualHost; use VirtualMachine; @@ -175,6 +177,30 @@ class ItopDataTestCase extends ItopTestCase return $oPerson; } + /** + * @param string $sLogin + * @param int $iProfileId + * @return \DBObject + * @throws Exception + */ + protected function CreateUser($sLogin, $iProfileId) + { + $oUserProfile = new URP_UserProfile(); + $oUserProfile->Set('profileid', $iProfileId); + $oUserProfile->Set('reason', 'UNIT Tests'); + $oSet = DBObjectSet::FromObject($oUserProfile); + $oUser = self::createObject('UserLocal', array( + 'contactid' => 2, + 'login' => $sLogin, + 'password' => $sLogin, + 'language' => 'EN US', + 'profile_list' => $oSet, + )); + $this->debug("Created {$oUser->GetName()} ({$oUser->GetKey()})\n"); + return $oUser; + } + + /** * Create a Hypervisor in database * @param int $iNum diff --git a/test/core/UserRightsTest.php b/test/core/UserRightsTest.php new file mode 100644 index 000000000..0cf4db292 --- /dev/null +++ b/test/core/UserRightsTest.php @@ -0,0 +1,236 @@ + +// + +/** + * Created by PhpStorm. + * User: Eric + * Date: 25/01/2018 + * Time: 11:12 + */ + +namespace Combodo\iTop\Test\UnitTest\Core; + +use Combodo\iTop\Test\UnitTest\ItopDataTestCase; +use PHPUnit\Framework\TestCase; +use UserRights; + +class UserRightsTest extends ItopDataTestCase +{ + + public static $aClasses = array( + 'FunctionalCI' => array('class' => 'FunctionalCI', 'attcode' => 'name'), + 'URP_UserProfile' => array('class' => 'URP_UserProfile', 'attcode' => 'reason'), + 'UserLocal' => array('class' => 'UserLocal', 'attcode' => 'login'), + 'UserRequest' => array('class' => 'UserRequest', 'attcode' => 'title'), + 'ModuleInstallation' => array('class' => 'ModuleInstallation', 'attcode' => 'name'), + ); + + + public function testIsLoggedIn() + { + $this->assertFalse(UserRights::IsLoggedIn()); + } + + /** + * Test Login validation + * @dataProvider LoginProvider + * @param $sLogin + * @param $bResult + */ + public function testLogin($sLogin, $bResult) + { + $_SESSION = array(); + $this->assertEquals($bResult, UserRights::Login($sLogin)); + $this->assertEquals($bResult, UserRights::IsLoggedIn()); + } + + public function LoginProvider() + { + return array( + array('admin', true), + array('NotALoginForUnitTests', false), + array('', false), + ); + } + + /** + * @param string $sLogin + * @param int $iProfileId initial profile + * @return \DBObject + * @throws \CoreException + * @throws \Exception + */ + protected function AddUser($sLogin, $iProfileId) + { + $oUser = self::CreateUser('test1', $iProfileId); + $oUser->DBUpdate(); + return $oUser; + } + + /** Test IsActionAllowed when not logged => always true + * @dataProvider ActionAllowedNotLoggedProvider + * @param $aClassAction + */ + public function testIsActionAllowedNotLogged($aClassAction) + { + $bRes = (UserRights::IsActionAllowed($aClassAction['class'], $aClassAction['action'])) ? true : false; + $this->assertEquals(true, $bRes); + } + + public function ActionAllowedNotLoggedProvider() + { + $aClassActions = array(); + + foreach(array_keys(self::$aClasses) as $sClass) + { + for ($i = 1; $i < 8; $i++) + { + $aClassAction = array('class' => $sClass, 'action' => $i); + $aClassActions[] = array($aClassAction); + } + } + return $aClassActions; + } + + /** Test IsActionAllowed + * @dataProvider ActionAllowedProvider + * @param $iProfileId + * @param $aClassActionResult + * @throws \CoreException + * @throws \Exception + */ + public function testIsActionAllowed($iProfileId, $aClassActionResult) + { + $this->AddUser('test1', $iProfileId); + $_SESSION = array(); + $this->assertTrue(UserRights::Login('test1')); + $bRes = (UserRights::IsActionAllowed($aClassActionResult['class'], $aClassActionResult['action'])) ? true : false; + $this->assertEquals($aClassActionResult['res'], $bRes); + } + + /* + * FunctionalCI => bizmodel searchable + * UserRequest => bizmodel searchable requestmgmt + * URP_UserProfile => addon/userrights + * UserLocal => addon/authentication + * ModuleInstallation => core view_in_gui + * + */ + public function ActionAllowedProvider() + { + return array( + /* Administrator (7 = UR_ACTION_CREATE) */ + array(1 , array('class' => 'FunctionalCI', 'action' => 7, 'res' => true)), + array(1 , array('class' => 'UserRequest', 'action' => 7, 'res' => true)), + array(1 , array('class' => 'URP_UserProfile', 'action' => 7, 'res' => true)), + array(1 , array('class' => 'UserLocal', 'action' => 7, 'res' => true)), + array(1 , array('class' => 'ModuleInstallation', 'action' => 7, 'res' => true)), + + /* User Portal (7 = UR_ACTION_CREATE) */ + array(2 , array('class' => 'FunctionalCI', 'action' => 7, 'res' => false)), + array(2 , array('class' => 'UserRequest', 'action' => 7, 'res' => true)), + array(2 , array('class' => 'URP_UserProfile', 'action' => 7, 'res' => false)), + array(2 , array('class' => 'UserLocal', 'action' => 7, 'res' => false)), + array(2 , array('class' => 'ModuleInstallation', 'action' => 7, 'res' => false)), + + /* Configuration manager (7 = UR_ACTION_CREATE) */ + array(3 , array('class' => 'FunctionalCI', 'action' => 7, 'res' => true)), + array(3 , array('class' => 'UserRequest', 'action' => 7, 'res' => false)), + array(3 , array('class' => 'URP_UserProfile', 'action' => 7, 'res' => false)), + array(3 , array('class' => 'UserLocal', 'action' => 7, 'res' => false)), + array(3 , array('class' => 'ModuleInstallation', 'action' => 7, 'res' => false)), + + /* Administrator (1 = UR_ACTION_READ) */ + array(1 , array('class' => 'FunctionalCI', 'action' => 1, 'res' => true)), + array(1 , array('class' => 'UserRequest', 'action' => 1, 'res' => true)), + array(1 , array('class' => 'URP_UserProfile', 'action' => 1, 'res' => true)), + array(1 , array('class' => 'UserLocal', 'action' => 1, 'res' => true)), + array(1 , array('class' => 'ModuleInstallation', 'action' => 1, 'res' => true)), + + /* User Portal (1 = UR_ACTION_READ) */ + array(2 , array('class' => 'FunctionalCI', 'action' => 1, 'res' => true)), + array(2 , array('class' => 'UserRequest', 'action' => 1, 'res' => true)), + array(2 , array('class' => 'URP_UserProfile', 'action' => 1, 'res' => false)), + array(2 , array('class' => 'UserLocal', 'action' => 1, 'res' => false)), + array(2 , array('class' => 'ModuleInstallation', 'action' => 1, 'res' => true)), + + /* Configuration manager (1 = UR_ACTION_READ) */ + array(3 , array('class' => 'FunctionalCI', 'action' => 1, 'res' => true)), + array(3 , array('class' => 'UserRequest', 'action' => 1, 'res' => true)), + array(3 , array('class' => 'URP_UserProfile', 'action' => 1, 'res' => false)), + array(3 , array('class' => 'UserLocal', 'action' => 1, 'res' => false)), + array(3 , array('class' => 'ModuleInstallation', 'action' => 1, 'res' => true)), + ); + } + + + /** Test IsActionAllowedOnAttribute + * @dataProvider ActionAllowedOnAttributeProvider + * @param $iProfileId + * @param $aClassActionResult + * @throws \Exception + */ + public function testIsActionAllowedOnAttribute($iProfileId, $aClassActionResult) + { + $this->AddUser('test1', $iProfileId); + $_SESSION = array(); + $this->assertTrue(UserRights::Login('test1')); + $sClass = $aClassActionResult['class']; + $bRes = (UserRights::IsActionAllowedOnAttribute($sClass, self::$aClasses[$sClass]['attcode'], $aClassActionResult['action'])) ? true : false; + $this->assertEquals($aClassActionResult['res'], $bRes); + + } + + /* + * FunctionalCI => bizmodel searchable + * UserRequest => bizmodel searchable requestmgmt + * URP_UserProfile => addon/userrights + * UserLocal => addon/authentication + * ModuleInstallation => core view_in_gui + * + */ + public function ActionAllowedOnAttributeProvider() + { + $aClassActionResult = array( + /* Administrator (2 = UR_ACTION_MODIFY) */ + array(1 , array('class' => 'FunctionalCI', 'action' => 2, 'res' => true)), + array(1 , array('class' => 'UserRequest', 'action' => 2, 'res' => true)), + array(1 , array('class' => 'URP_UserProfile', 'action' => 2, 'res' => true)), + array(1 , array('class' => 'UserLocal', 'action' => 2, 'res' => true)), + array(1 , array('class' => 'ModuleInstallation', 'action' => 2, 'res' => true)), + + /* User Portal (2 = UR_ACTION_MODIFY) */ + array(2 , array('class' => 'FunctionalCI', 'action' => 2, 'res' => false)), + array(2 , array('class' => 'UserRequest', 'action' => 2, 'res' => true)), + array(2 , array('class' => 'URP_UserProfile', 'action' => 2, 'res' => true)), + array(2 , array('class' => 'UserLocal', 'action' => 2, 'res' => true)), + array(2 , array('class' => 'ModuleInstallation', 'action' => 2, 'res' => true)), + + /* Configuration manager (2 = UR_ACTION_MODIFY) */ + array(3 , array('class' => 'FunctionalCI', 'action' => 2, 'res' => true)), + array(3 , array('class' => 'UserRequest', 'action' => 2, 'res' => false)), + array(3 , array('class' => 'URP_UserProfile', 'action' => 2, 'res' => true)), + array(3 , array('class' => 'UserLocal', 'action' => 2, 'res' => true)), + array(3 , array('class' => 'ModuleInstallation', 'action' => 2, 'res' => true)), + ); + + return $aClassActionResult; + } + +}