mirror of
https://github.com/Combodo/iTop.git
synced 2026-07-15 11:16:39 +02:00
CS fixer
This commit is contained in:
@@ -29,7 +29,6 @@ namespace Combodo\iTop\Test\UnitTest\Core;
|
||||
|
||||
use Combodo\iTop\Test\UnitTest\ItopDataTestCase;
|
||||
use CoreCannotSaveObjectException;
|
||||
use CoreException;
|
||||
use DBObject;
|
||||
use DBObjectSearch;
|
||||
use DBObjectSet;
|
||||
@@ -47,13 +46,6 @@ use utils;
|
||||
*/
|
||||
class UserRightsTest extends ItopDataTestCase
|
||||
{
|
||||
public function setUp(): void
|
||||
{
|
||||
parent::setUp();
|
||||
|
||||
utils::GetConfig()->SetModuleSetting('authent-local', 'password_validation.pattern', '');
|
||||
}
|
||||
|
||||
public static $aClasses = [
|
||||
'FunctionalCI' => ['class' => 'FunctionalCI', 'attcode' => 'name'],
|
||||
'URP_UserProfile' => ['class' => 'URP_UserProfile', 'attcode' => 'reason'],
|
||||
@@ -62,39 +54,11 @@ class UserRightsTest extends ItopDataTestCase
|
||||
'ModuleInstallation' => ['class' => 'ModuleInstallation', 'attcode' => 'name'],
|
||||
];
|
||||
|
||||
/**
|
||||
* @param string $sLoginPrefix
|
||||
* @param int $iProfileId initial profile
|
||||
*
|
||||
* @return \DBObject
|
||||
* @throws \CoreException
|
||||
* @throws \Exception
|
||||
*/
|
||||
protected function CreateUniqueUserAndLogin(string $sLoginPrefix, int $iProfileId): DBObject
|
||||
public function setUp(): void
|
||||
{
|
||||
static $iCount = 0;
|
||||
$sLogin = $sLoginPrefix.$iCount;
|
||||
$iCount++;
|
||||
parent::setUp();
|
||||
|
||||
$oUser = self::CreateUser($sLogin, $iProfileId);
|
||||
$_SESSION = [];
|
||||
UserRights::Login($sLogin);
|
||||
return $oUser;
|
||||
}
|
||||
|
||||
protected function GivenUserWithProfiles(string $sLogin, array $aProfileIds): DBObject
|
||||
{
|
||||
$oProfiles = new \ormLinkSet(\UserLocal::class, 'profile_list', \DBObjectSet::FromScratch(\URP_UserProfile::class));
|
||||
foreach ($aProfileIds as $iProfileId) {
|
||||
$oProfiles->AddItem(MetaModel::NewObject('URP_UserProfile', ['profileid' => $iProfileId, 'reason' => 'UNIT Tests']));
|
||||
}
|
||||
$oUser = MetaModel::NewObject('UserLocal', [
|
||||
'login' => $sLogin,
|
||||
'password' => 'Password1!',
|
||||
'expiration' => UserLocal::EXPIRE_NEVER,
|
||||
'profile_list' => $oProfiles,
|
||||
]);
|
||||
return $oUser;
|
||||
utils::GetConfig()->SetModuleSetting('authent-local', 'password_validation.pattern', '');
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -137,87 +101,29 @@ class UserRightsTest extends ItopDataTestCase
|
||||
|
||||
$bIsAllowedEditing = (bool)UserRights::IsActionAllowed($sClass, UR_ACTION_MODIFY);
|
||||
|
||||
$this->assertSame($bIsAllowedEditing, $bShouldBeAllowedToEdit,
|
||||
$this->assertSame(
|
||||
$bIsAllowedEditing,
|
||||
$bShouldBeAllowedToEdit,
|
||||
"User with profiles ".implode(',', $aProfileIds)." should ".($bShouldBeAllowedToEdit ? "" : "NOT ")."be allowed to edit class $sClass"
|
||||
);
|
||||
}
|
||||
}
|
||||
protected function ReadOnlyProvider() : array {
|
||||
return [
|
||||
'CI' => [
|
||||
'ProfilesId' => [
|
||||
5500,
|
||||
],
|
||||
'ShouldBeAllowedToSeeClasses' => [
|
||||
'FunctionalCI',
|
||||
],
|
||||
'ShouldBeAllowedToEditClasses' => []
|
||||
],
|
||||
'Tickets' => [
|
||||
'ProfilesId' => [
|
||||
5501,
|
||||
],
|
||||
'ShouldBeAllowedToSeeClasses' => [
|
||||
'Ticket',
|
||||
],
|
||||
'ShouldBeAllowedToEditClasses' => []
|
||||
],
|
||||
'Catalog' => [
|
||||
'ProfilesId' => [
|
||||
5502,
|
||||
],
|
||||
'ShouldBeAllowedToSeeClasses' => [
|
||||
'ServiceFamily',
|
||||
],
|
||||
'ShouldBeAllowedToEditClasses' => []
|
||||
],
|
||||
'CI and Tickets' => [
|
||||
'ProfilesId' => [
|
||||
5500, 5501,
|
||||
],
|
||||
'ShouldBeAllowedToSeeClasses' => [
|
||||
'FunctionalCI', 'Ticket',
|
||||
],
|
||||
'ShouldBeAllowedToEditClasses' => []
|
||||
],
|
||||
'CI and Catalog' => [
|
||||
'ProfilesId' => [
|
||||
5500, 5502,
|
||||
],
|
||||
'ShouldBeAllowedToSeeClasses' => [
|
||||
'FunctionalCI', 'ServiceFamily',
|
||||
],
|
||||
'ShouldBeAllowedToEditClasses' => []
|
||||
],
|
||||
'Tickets and Catalog' => [
|
||||
'ProfilesId' => [
|
||||
5501, 5502,
|
||||
],
|
||||
'ShouldBeAllowedToSeeClasses' => [
|
||||
'Ticket', 'ServiceFamily',
|
||||
],
|
||||
'ShouldBeAllowedToEditClasses' => []
|
||||
],
|
||||
'Tickets and Catalog + profile Ccnfiguration Manager' => [
|
||||
'ProfilesId' => [
|
||||
5501, 5502, 3
|
||||
],
|
||||
'ShouldBeAllowedToSeeClasses' => [
|
||||
'FunctionalCI', 'Ticket', 'ServiceFamily',
|
||||
],
|
||||
'ShouldBeAllowedToEditClasses' => ['FunctionalCI']
|
||||
],
|
||||
'CI, Tickets and Catalog' => [
|
||||
'ProfilesId' => [
|
||||
5500, 5501, 5502,
|
||||
],
|
||||
'ShouldBeAllowedToSeeClasses' => [
|
||||
'FunctionalCI', 'Ticket', 'ServiceFamily',
|
||||
],
|
||||
'ShouldBeAllowedToEditClasses' => []
|
||||
],
|
||||
];
|
||||
|
||||
protected function GivenUserWithProfiles(string $sLogin, array $aProfileIds): DBObject
|
||||
{
|
||||
$oProfiles = new \ormLinkSet(\UserLocal::class, 'profile_list', \DBObjectSet::FromScratch(\URP_UserProfile::class));
|
||||
foreach ($aProfileIds as $iProfileId) {
|
||||
$oProfiles->AddItem(MetaModel::NewObject('URP_UserProfile', ['profileid' => $iProfileId, 'reason' => 'UNIT Tests']));
|
||||
}
|
||||
$oUser = MetaModel::NewObject('UserLocal', [
|
||||
'login' => $sLogin,
|
||||
'password' => 'Password1!',
|
||||
'expiration' => UserLocal::EXPIRE_NEVER,
|
||||
'profile_list' => $oProfiles,
|
||||
]);
|
||||
return $oUser;
|
||||
}
|
||||
|
||||
public function testIsLoggedIn()
|
||||
{
|
||||
$this->assertFalse(UserRights::IsLoggedIn());
|
||||
@@ -303,19 +209,26 @@ class UserRightsTest extends ItopDataTestCase
|
||||
$this->assertEquals($aClassActionResult['res'], $bRes);
|
||||
}
|
||||
|
||||
/*
|
||||
* FunctionalCI => bizmodel searchable
|
||||
* UserRequest => bizmodel searchable requestmgmt
|
||||
* URP_UserProfile => addon/userrights
|
||||
* UserLocal => addon/authentication
|
||||
* ModuleInstallation => core view_in_gui
|
||||
*
|
||||
* Profiles:
|
||||
* 1 - Administrator
|
||||
* 2 - User Portal
|
||||
* 3 - Configuration manager
|
||||
/**
|
||||
* @param string $sLoginPrefix
|
||||
* @param int $iProfileId initial profile
|
||||
*
|
||||
* @return \DBObject
|
||||
* @throws \CoreException
|
||||
* @throws \Exception
|
||||
*/
|
||||
protected function CreateUniqueUserAndLogin(string $sLoginPrefix, int $iProfileId): DBObject
|
||||
{
|
||||
static $iCount = 0;
|
||||
$sLogin = $sLoginPrefix.$iCount;
|
||||
$iCount++;
|
||||
|
||||
$oUser = self::CreateUser($sLogin, $iProfileId);
|
||||
$_SESSION = [];
|
||||
UserRights::Login($sLogin);
|
||||
return $oUser;
|
||||
}
|
||||
|
||||
public function ActionAllowedProvider(): array
|
||||
{
|
||||
return [
|
||||
@@ -363,6 +276,20 @@ class UserRightsTest extends ItopDataTestCase
|
||||
];
|
||||
}
|
||||
|
||||
/*
|
||||
* FunctionalCI => bizmodel searchable
|
||||
* UserRequest => bizmodel searchable requestmgmt
|
||||
* URP_UserProfile => addon/userrights
|
||||
* UserLocal => addon/authentication
|
||||
* ModuleInstallation => core view_in_gui
|
||||
*
|
||||
* Profiles:
|
||||
* 1 - Administrator
|
||||
* 2 - User Portal
|
||||
* 3 - Configuration manager
|
||||
*
|
||||
*/
|
||||
|
||||
/** Test IsActionAllowedOnAttribute
|
||||
*
|
||||
* @dataProvider ActionAllowedOnAttributeProvider
|
||||
@@ -382,14 +309,6 @@ class UserRightsTest extends ItopDataTestCase
|
||||
$this->assertEquals($aClassActionResult['res'], $bRes);
|
||||
}
|
||||
|
||||
/*
|
||||
* FunctionalCI => bizmodel searchable
|
||||
* UserRequest => bizmodel searchable requestmgmt
|
||||
* URP_UserProfile => addon/userrights grant_by_profile
|
||||
* UserLocal => addon/authentication grant_by_profile
|
||||
* ModuleInstallation => core view_in_gui
|
||||
*
|
||||
*/
|
||||
public function ActionAllowedOnAttributeProvider(): array
|
||||
{
|
||||
return [
|
||||
@@ -416,6 +335,15 @@ class UserRightsTest extends ItopDataTestCase
|
||||
];
|
||||
}
|
||||
|
||||
/*
|
||||
* FunctionalCI => bizmodel searchable
|
||||
* UserRequest => bizmodel searchable requestmgmt
|
||||
* URP_UserProfile => addon/userrights grant_by_profile
|
||||
* UserLocal => addon/authentication grant_by_profile
|
||||
* ModuleInstallation => core view_in_gui
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* @dataProvider UserCannotLoseConsoleAccessProvider
|
||||
*
|
||||
@@ -559,6 +487,7 @@ class UserRightsTest extends ItopDataTestCase
|
||||
$oUser->DBInsert();
|
||||
|
||||
}
|
||||
|
||||
public function PrivilegedUsersMustHaveBackofficeAccessProvider(): array
|
||||
{
|
||||
return [
|
||||
@@ -568,6 +497,7 @@ class UserRightsTest extends ItopDataTestCase
|
||||
|
||||
];
|
||||
}
|
||||
|
||||
public function testNonPrivilegedUsersCanBeDeniedFromBackoffice()
|
||||
{
|
||||
$oUser = $this->GivenUserWithProfiles('test1', [5, 2]);
|
||||
@@ -603,6 +533,7 @@ class UserRightsTest extends ItopDataTestCase
|
||||
'with Admins hidden' => [true],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider NonAdminCannotListAdminProfilesProvider
|
||||
*/
|
||||
@@ -649,6 +580,12 @@ class UserRightsTest extends ItopDataTestCase
|
||||
);
|
||||
}
|
||||
|
||||
public function FindUserAndAssertItHasBeenFound($sLogin, $iExpectedKey)
|
||||
{
|
||||
$oUser = $this->InvokeNonPublicStaticMethod(UserRights::class, "FindUser", [$sLogin]);
|
||||
static::assertIsDBObject(\User::class, $iExpectedKey, $oUser, 'FindUser should return the User object corresponding to the login');
|
||||
}
|
||||
|
||||
public function testFindUser_ExistingExternalUser()
|
||||
{
|
||||
$sLogin = 'AnExternalUser'.uniqid();
|
||||
@@ -684,14 +621,87 @@ class UserRightsTest extends ItopDataTestCase
|
||||
);
|
||||
}
|
||||
|
||||
public function FindUserAndAssertItHasBeenFound($sLogin, $iExpectedKey)
|
||||
{
|
||||
$oUser = $this->InvokeNonPublicStaticMethod(UserRights::class, "FindUser", [$sLogin]);
|
||||
static::assertIsDBObject(\User::class, $iExpectedKey, $oUser, 'FindUser should return the User object corresponding to the login');
|
||||
}
|
||||
public function FindUserAndAssertItWasNotFound($sLogin)
|
||||
{
|
||||
$oUser = $this->InvokeNonPublicStaticMethod(UserRights::class, "FindUser", [$sLogin]);
|
||||
static::assertNull($oUser, 'FindUser should return null when the login is unknown');
|
||||
}
|
||||
|
||||
protected function ReadOnlyProvider(): array
|
||||
{
|
||||
return [
|
||||
'CI' => [
|
||||
'ProfilesId' => [
|
||||
5500,
|
||||
],
|
||||
'ShouldBeAllowedToSeeClasses' => [
|
||||
'FunctionalCI',
|
||||
],
|
||||
'ShouldBeAllowedToEditClasses' => [],
|
||||
],
|
||||
'Tickets' => [
|
||||
'ProfilesId' => [
|
||||
5501,
|
||||
],
|
||||
'ShouldBeAllowedToSeeClasses' => [
|
||||
'Ticket',
|
||||
],
|
||||
'ShouldBeAllowedToEditClasses' => [],
|
||||
],
|
||||
'Catalog' => [
|
||||
'ProfilesId' => [
|
||||
5502,
|
||||
],
|
||||
'ShouldBeAllowedToSeeClasses' => [
|
||||
'ServiceFamily',
|
||||
],
|
||||
'ShouldBeAllowedToEditClasses' => [],
|
||||
],
|
||||
'CI and Tickets' => [
|
||||
'ProfilesId' => [
|
||||
5500, 5501,
|
||||
],
|
||||
'ShouldBeAllowedToSeeClasses' => [
|
||||
'FunctionalCI', 'Ticket',
|
||||
],
|
||||
'ShouldBeAllowedToEditClasses' => [],
|
||||
],
|
||||
'CI and Catalog' => [
|
||||
'ProfilesId' => [
|
||||
5500, 5502,
|
||||
],
|
||||
'ShouldBeAllowedToSeeClasses' => [
|
||||
'FunctionalCI', 'ServiceFamily',
|
||||
],
|
||||
'ShouldBeAllowedToEditClasses' => [],
|
||||
],
|
||||
'Tickets and Catalog' => [
|
||||
'ProfilesId' => [
|
||||
5501, 5502,
|
||||
],
|
||||
'ShouldBeAllowedToSeeClasses' => [
|
||||
'Ticket', 'ServiceFamily',
|
||||
],
|
||||
'ShouldBeAllowedToEditClasses' => [],
|
||||
],
|
||||
'Tickets and Catalog + profile Ccnfiguration Manager' => [
|
||||
'ProfilesId' => [
|
||||
5501, 5502, 3,
|
||||
],
|
||||
'ShouldBeAllowedToSeeClasses' => [
|
||||
'FunctionalCI', 'Ticket', 'ServiceFamily',
|
||||
],
|
||||
'ShouldBeAllowedToEditClasses' => ['FunctionalCI'],
|
||||
],
|
||||
'CI, Tickets and Catalog' => [
|
||||
'ProfilesId' => [
|
||||
5500, 5501, 5502,
|
||||
],
|
||||
'ShouldBeAllowedToSeeClasses' => [
|
||||
'FunctionalCI', 'Ticket', 'ServiceFamily',
|
||||
],
|
||||
'ShouldBeAllowedToEditClasses' => [],
|
||||
],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user