This commit is contained in:
jf-cbd
2026-06-10 13:58:04 +02:00
parent 55660bf461
commit 99350c4c8b

View File

@@ -29,7 +29,6 @@ namespace Combodo\iTop\Test\UnitTest\Core;
use Combodo\iTop\Test\UnitTest\ItopDataTestCase;
use CoreCannotSaveObjectException;
use CoreException;
use DBObject;
use DBObjectSearch;
use DBObjectSet;
@@ -47,13 +46,6 @@ use utils;
*/
class UserRightsTest extends ItopDataTestCase
{
public function setUp(): void
{
parent::setUp();
utils::GetConfig()->SetModuleSetting('authent-local', 'password_validation.pattern', '');
}
public static $aClasses = [
'FunctionalCI' => ['class' => 'FunctionalCI', 'attcode' => 'name'],
'URP_UserProfile' => ['class' => 'URP_UserProfile', 'attcode' => 'reason'],
@@ -62,39 +54,11 @@ class UserRightsTest extends ItopDataTestCase
'ModuleInstallation' => ['class' => 'ModuleInstallation', 'attcode' => 'name'],
];
/**
* @param string $sLoginPrefix
* @param int $iProfileId initial profile
*
* @return \DBObject
* @throws \CoreException
* @throws \Exception
*/
protected function CreateUniqueUserAndLogin(string $sLoginPrefix, int $iProfileId): DBObject
public function setUp(): void
{
static $iCount = 0;
$sLogin = $sLoginPrefix.$iCount;
$iCount++;
parent::setUp();
$oUser = self::CreateUser($sLogin, $iProfileId);
$_SESSION = [];
UserRights::Login($sLogin);
return $oUser;
}
protected function GivenUserWithProfiles(string $sLogin, array $aProfileIds): DBObject
{
$oProfiles = new \ormLinkSet(\UserLocal::class, 'profile_list', \DBObjectSet::FromScratch(\URP_UserProfile::class));
foreach ($aProfileIds as $iProfileId) {
$oProfiles->AddItem(MetaModel::NewObject('URP_UserProfile', ['profileid' => $iProfileId, 'reason' => 'UNIT Tests']));
}
$oUser = MetaModel::NewObject('UserLocal', [
'login' => $sLogin,
'password' => 'Password1!',
'expiration' => UserLocal::EXPIRE_NEVER,
'profile_list' => $oProfiles,
]);
return $oUser;
utils::GetConfig()->SetModuleSetting('authent-local', 'password_validation.pattern', '');
}
/**
@@ -137,87 +101,29 @@ class UserRightsTest extends ItopDataTestCase
$bIsAllowedEditing = (bool)UserRights::IsActionAllowed($sClass, UR_ACTION_MODIFY);
$this->assertSame($bIsAllowedEditing, $bShouldBeAllowedToEdit,
$this->assertSame(
$bIsAllowedEditing,
$bShouldBeAllowedToEdit,
"User with profiles ".implode(',', $aProfileIds)." should ".($bShouldBeAllowedToEdit ? "" : "NOT ")."be allowed to edit class $sClass"
);
}
}
protected function ReadOnlyProvider() : array {
return [
'CI' => [
'ProfilesId' => [
5500,
],
'ShouldBeAllowedToSeeClasses' => [
'FunctionalCI',
],
'ShouldBeAllowedToEditClasses' => []
],
'Tickets' => [
'ProfilesId' => [
5501,
],
'ShouldBeAllowedToSeeClasses' => [
'Ticket',
],
'ShouldBeAllowedToEditClasses' => []
],
'Catalog' => [
'ProfilesId' => [
5502,
],
'ShouldBeAllowedToSeeClasses' => [
'ServiceFamily',
],
'ShouldBeAllowedToEditClasses' => []
],
'CI and Tickets' => [
'ProfilesId' => [
5500, 5501,
],
'ShouldBeAllowedToSeeClasses' => [
'FunctionalCI', 'Ticket',
],
'ShouldBeAllowedToEditClasses' => []
],
'CI and Catalog' => [
'ProfilesId' => [
5500, 5502,
],
'ShouldBeAllowedToSeeClasses' => [
'FunctionalCI', 'ServiceFamily',
],
'ShouldBeAllowedToEditClasses' => []
],
'Tickets and Catalog' => [
'ProfilesId' => [
5501, 5502,
],
'ShouldBeAllowedToSeeClasses' => [
'Ticket', 'ServiceFamily',
],
'ShouldBeAllowedToEditClasses' => []
],
'Tickets and Catalog + profile Ccnfiguration Manager' => [
'ProfilesId' => [
5501, 5502, 3
],
'ShouldBeAllowedToSeeClasses' => [
'FunctionalCI', 'Ticket', 'ServiceFamily',
],
'ShouldBeAllowedToEditClasses' => ['FunctionalCI']
],
'CI, Tickets and Catalog' => [
'ProfilesId' => [
5500, 5501, 5502,
],
'ShouldBeAllowedToSeeClasses' => [
'FunctionalCI', 'Ticket', 'ServiceFamily',
],
'ShouldBeAllowedToEditClasses' => []
],
];
protected function GivenUserWithProfiles(string $sLogin, array $aProfileIds): DBObject
{
$oProfiles = new \ormLinkSet(\UserLocal::class, 'profile_list', \DBObjectSet::FromScratch(\URP_UserProfile::class));
foreach ($aProfileIds as $iProfileId) {
$oProfiles->AddItem(MetaModel::NewObject('URP_UserProfile', ['profileid' => $iProfileId, 'reason' => 'UNIT Tests']));
}
$oUser = MetaModel::NewObject('UserLocal', [
'login' => $sLogin,
'password' => 'Password1!',
'expiration' => UserLocal::EXPIRE_NEVER,
'profile_list' => $oProfiles,
]);
return $oUser;
}
public function testIsLoggedIn()
{
$this->assertFalse(UserRights::IsLoggedIn());
@@ -303,19 +209,26 @@ class UserRightsTest extends ItopDataTestCase
$this->assertEquals($aClassActionResult['res'], $bRes);
}
/*
* FunctionalCI => bizmodel searchable
* UserRequest => bizmodel searchable requestmgmt
* URP_UserProfile => addon/userrights
* UserLocal => addon/authentication
* ModuleInstallation => core view_in_gui
*
* Profiles:
* 1 - Administrator
* 2 - User Portal
* 3 - Configuration manager
/**
* @param string $sLoginPrefix
* @param int $iProfileId initial profile
*
* @return \DBObject
* @throws \CoreException
* @throws \Exception
*/
protected function CreateUniqueUserAndLogin(string $sLoginPrefix, int $iProfileId): DBObject
{
static $iCount = 0;
$sLogin = $sLoginPrefix.$iCount;
$iCount++;
$oUser = self::CreateUser($sLogin, $iProfileId);
$_SESSION = [];
UserRights::Login($sLogin);
return $oUser;
}
public function ActionAllowedProvider(): array
{
return [
@@ -363,6 +276,20 @@ class UserRightsTest extends ItopDataTestCase
];
}
/*
* FunctionalCI => bizmodel searchable
* UserRequest => bizmodel searchable requestmgmt
* URP_UserProfile => addon/userrights
* UserLocal => addon/authentication
* ModuleInstallation => core view_in_gui
*
* Profiles:
* 1 - Administrator
* 2 - User Portal
* 3 - Configuration manager
*
*/
/** Test IsActionAllowedOnAttribute
*
* @dataProvider ActionAllowedOnAttributeProvider
@@ -382,14 +309,6 @@ class UserRightsTest extends ItopDataTestCase
$this->assertEquals($aClassActionResult['res'], $bRes);
}
/*
* FunctionalCI => bizmodel searchable
* UserRequest => bizmodel searchable requestmgmt
* URP_UserProfile => addon/userrights grant_by_profile
* UserLocal => addon/authentication grant_by_profile
* ModuleInstallation => core view_in_gui
*
*/
public function ActionAllowedOnAttributeProvider(): array
{
return [
@@ -416,6 +335,15 @@ class UserRightsTest extends ItopDataTestCase
];
}
/*
* FunctionalCI => bizmodel searchable
* UserRequest => bizmodel searchable requestmgmt
* URP_UserProfile => addon/userrights grant_by_profile
* UserLocal => addon/authentication grant_by_profile
* ModuleInstallation => core view_in_gui
*
*/
/**
* @dataProvider UserCannotLoseConsoleAccessProvider
*
@@ -559,6 +487,7 @@ class UserRightsTest extends ItopDataTestCase
$oUser->DBInsert();
}
public function PrivilegedUsersMustHaveBackofficeAccessProvider(): array
{
return [
@@ -568,6 +497,7 @@ class UserRightsTest extends ItopDataTestCase
];
}
public function testNonPrivilegedUsersCanBeDeniedFromBackoffice()
{
$oUser = $this->GivenUserWithProfiles('test1', [5, 2]);
@@ -603,6 +533,7 @@ class UserRightsTest extends ItopDataTestCase
'with Admins hidden' => [true],
];
}
/**
* @dataProvider NonAdminCannotListAdminProfilesProvider
*/
@@ -649,6 +580,12 @@ class UserRightsTest extends ItopDataTestCase
);
}
public function FindUserAndAssertItHasBeenFound($sLogin, $iExpectedKey)
{
$oUser = $this->InvokeNonPublicStaticMethod(UserRights::class, "FindUser", [$sLogin]);
static::assertIsDBObject(\User::class, $iExpectedKey, $oUser, 'FindUser should return the User object corresponding to the login');
}
public function testFindUser_ExistingExternalUser()
{
$sLogin = 'AnExternalUser'.uniqid();
@@ -684,14 +621,87 @@ class UserRightsTest extends ItopDataTestCase
);
}
public function FindUserAndAssertItHasBeenFound($sLogin, $iExpectedKey)
{
$oUser = $this->InvokeNonPublicStaticMethod(UserRights::class, "FindUser", [$sLogin]);
static::assertIsDBObject(\User::class, $iExpectedKey, $oUser, 'FindUser should return the User object corresponding to the login');
}
public function FindUserAndAssertItWasNotFound($sLogin)
{
$oUser = $this->InvokeNonPublicStaticMethod(UserRights::class, "FindUser", [$sLogin]);
static::assertNull($oUser, 'FindUser should return null when the login is unknown');
}
protected function ReadOnlyProvider(): array
{
return [
'CI' => [
'ProfilesId' => [
5500,
],
'ShouldBeAllowedToSeeClasses' => [
'FunctionalCI',
],
'ShouldBeAllowedToEditClasses' => [],
],
'Tickets' => [
'ProfilesId' => [
5501,
],
'ShouldBeAllowedToSeeClasses' => [
'Ticket',
],
'ShouldBeAllowedToEditClasses' => [],
],
'Catalog' => [
'ProfilesId' => [
5502,
],
'ShouldBeAllowedToSeeClasses' => [
'ServiceFamily',
],
'ShouldBeAllowedToEditClasses' => [],
],
'CI and Tickets' => [
'ProfilesId' => [
5500, 5501,
],
'ShouldBeAllowedToSeeClasses' => [
'FunctionalCI', 'Ticket',
],
'ShouldBeAllowedToEditClasses' => [],
],
'CI and Catalog' => [
'ProfilesId' => [
5500, 5502,
],
'ShouldBeAllowedToSeeClasses' => [
'FunctionalCI', 'ServiceFamily',
],
'ShouldBeAllowedToEditClasses' => [],
],
'Tickets and Catalog' => [
'ProfilesId' => [
5501, 5502,
],
'ShouldBeAllowedToSeeClasses' => [
'Ticket', 'ServiceFamily',
],
'ShouldBeAllowedToEditClasses' => [],
],
'Tickets and Catalog + profile Ccnfiguration Manager' => [
'ProfilesId' => [
5501, 5502, 3,
],
'ShouldBeAllowedToSeeClasses' => [
'FunctionalCI', 'Ticket', 'ServiceFamily',
],
'ShouldBeAllowedToEditClasses' => ['FunctionalCI'],
],
'CI, Tickets and Catalog' => [
'ProfilesId' => [
5500, 5501, 5502,
],
'ShouldBeAllowedToSeeClasses' => [
'FunctionalCI', 'Ticket', 'ServiceFamily',
],
'ShouldBeAllowedToEditClasses' => [],
],
];
}
}