composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-01 22:48:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°4534 - creation of a new category 'filter' to hide admins to

Browse Source 
non-admins without breaking legacy code.
This commit is contained in:
denis.flaven@combodo.com
2021-11-05 11:29:23 +01:00
parent 456283866c
commit 5bcdcb52b2
3 changed files with 72 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
test/core/UserRightsTest.php
View File

@@ -30,6 +30,7 @@ use Combodo\iTop\Test\UnitTest\ItopDataTestCase;
use CoreCannotSaveObjectException;
use CoreException;
use DBObject;
use DBObjectSearch;
use DBObjectSet;
use DeleteException;
use URP_UserProfile;
@@ -460,4 +461,68 @@ class UserRightsTest extends ItopDataTestCase
$_SESSION = [];
}
/**
*@dataProvider NonAdminCanListOwnProfilesProvider
*/
public function testNonAdminCanListOwnProfiles($bHideAdministrators)
{
$oUser = $this->AddUser('test1', 2); // portal user
$_SESSION = [];
utils::GetConfig()->Set('security.hide_administrators', $bHideAdministrators);
UserRights::Login('test1');
// List the link between the User and the Profiles
$oSearch = new DBObjectSearch('URP_UserProfile');
$oSearch->AddCondition('userid', $oUser->GetKey());
$oSet = new DBObjectSet($oSearch);
$this->assertEquals(1, $oSet->Count());
// Get the Profiles as well
$oSearch = DBObjectSearch::FromOQL('SELECT URP_Profiles JOIN URP_UserProfile ON URP_UserProfile.profileid = URP_Profiles.id WHERE URP_UserProfile.userid='.$oUser->GetKey());
$oSet = new DBObjectSet($oSearch);
$this->assertEquals(1, $oSet->Count());
// logout
$_SESSION = [];
}
public function NonAdminCanListOwnProfilesProvider(): array
{
return [
'with Admins visible'=> [false],
'with Admins hidden' => [true],
];
}
/**
*@dataProvider NonAdminCannotListAdminProfilesProvider
*/
public function testNonAdminCannotListAdminProfiles($bHideAdministrators, $iExpectedCount)
{
utils::GetConfig()->Set('security.hide_administrators', $bHideAdministrators);
$this->AddUser('test1', 2); // portal user
$oUserAdmin = $this->AddUser('admin1', 1);
$_SESSION = [];
UserRights::Login('test1');
$oSearch = new DBObjectSearch('URP_UserProfile');
$oSearch->AddCondition('userid', $oUserAdmin->GetKey());
$oSet = new DBObjectSet($oSearch);
$this->assertEquals($iExpectedCount, $oSet->Count());
// Get the Profiles as well
$oSearch = DBObjectSearch::FromOQL('SELECT URP_Profiles JOIN URP_UserProfile ON URP_UserProfile.profileid = URP_Profiles.id WHERE URP_UserProfile.userid='.$oUserAdmin->GetKey());
$oSet = new DBObjectSet($oSearch);
$this->assertEquals($iExpectedCount, $oSet->Count());
// logout
$_SESSION = [];
}
public function NonAdminCannotListAdminProfilesProvider(): array
{
return [
'with Admins visible'=> [false, 1],
'with Admins hidden' => [true, 0],
];
}
}