From 99350c4c8b9dcaa95f99b50bf80d3a7f75217fcd Mon Sep 17 00:00:00 2001 From: jf-cbd Date: Wed, 10 Jun 2026 13:58:04 +0200 Subject: [PATCH] CS fixer --- .../unitary-tests/core/UserRightsTest.php | 288 +++++++++--------- 1 file changed, 149 insertions(+), 139 deletions(-) diff --git a/tests/php-unit-tests/unitary-tests/core/UserRightsTest.php b/tests/php-unit-tests/unitary-tests/core/UserRightsTest.php index d0bde71885..ec47012dba 100644 --- a/tests/php-unit-tests/unitary-tests/core/UserRightsTest.php +++ b/tests/php-unit-tests/unitary-tests/core/UserRightsTest.php @@ -29,7 +29,6 @@ namespace Combodo\iTop\Test\UnitTest\Core; use Combodo\iTop\Test\UnitTest\ItopDataTestCase; use CoreCannotSaveObjectException; -use CoreException; use DBObject; use DBObjectSearch; use DBObjectSet; @@ -47,13 +46,6 @@ use utils; */ class UserRightsTest extends ItopDataTestCase { - public function setUp(): void - { - parent::setUp(); - - utils::GetConfig()->SetModuleSetting('authent-local', 'password_validation.pattern', ''); - } - public static $aClasses = [ 'FunctionalCI' => ['class' => 'FunctionalCI', 'attcode' => 'name'], 'URP_UserProfile' => ['class' => 'URP_UserProfile', 'attcode' => 'reason'], @@ -62,39 +54,11 @@ class UserRightsTest extends ItopDataTestCase 'ModuleInstallation' => ['class' => 'ModuleInstallation', 'attcode' => 'name'], ]; - /** - * @param string $sLoginPrefix - * @param int $iProfileId initial profile - * - * @return \DBObject - * @throws \CoreException - * @throws \Exception - */ - protected function CreateUniqueUserAndLogin(string $sLoginPrefix, int $iProfileId): DBObject + public function setUp(): void { - static $iCount = 0; - $sLogin = $sLoginPrefix.$iCount; - $iCount++; + parent::setUp(); - $oUser = self::CreateUser($sLogin, $iProfileId); - $_SESSION = []; - UserRights::Login($sLogin); - return $oUser; - } - - protected function GivenUserWithProfiles(string $sLogin, array $aProfileIds): DBObject - { - $oProfiles = new \ormLinkSet(\UserLocal::class, 'profile_list', \DBObjectSet::FromScratch(\URP_UserProfile::class)); - foreach ($aProfileIds as $iProfileId) { - $oProfiles->AddItem(MetaModel::NewObject('URP_UserProfile', ['profileid' => $iProfileId, 'reason' => 'UNIT Tests'])); - } - $oUser = MetaModel::NewObject('UserLocal', [ - 'login' => $sLogin, - 'password' => 'Password1!', - 'expiration' => UserLocal::EXPIRE_NEVER, - 'profile_list' => $oProfiles, - ]); - return $oUser; + utils::GetConfig()->SetModuleSetting('authent-local', 'password_validation.pattern', ''); } /** @@ -137,87 +101,29 @@ class UserRightsTest extends ItopDataTestCase $bIsAllowedEditing = (bool)UserRights::IsActionAllowed($sClass, UR_ACTION_MODIFY); - $this->assertSame($bIsAllowedEditing, $bShouldBeAllowedToEdit, + $this->assertSame( + $bIsAllowedEditing, + $bShouldBeAllowedToEdit, "User with profiles ".implode(',', $aProfileIds)." should ".($bShouldBeAllowedToEdit ? "" : "NOT ")."be allowed to edit class $sClass" ); } } - protected function ReadOnlyProvider() : array { - return [ - 'CI' => [ - 'ProfilesId' => [ - 5500, - ], - 'ShouldBeAllowedToSeeClasses' => [ - 'FunctionalCI', - ], - 'ShouldBeAllowedToEditClasses' => [] - ], - 'Tickets' => [ - 'ProfilesId' => [ - 5501, - ], - 'ShouldBeAllowedToSeeClasses' => [ - 'Ticket', - ], - 'ShouldBeAllowedToEditClasses' => [] - ], - 'Catalog' => [ - 'ProfilesId' => [ - 5502, - ], - 'ShouldBeAllowedToSeeClasses' => [ - 'ServiceFamily', - ], - 'ShouldBeAllowedToEditClasses' => [] - ], - 'CI and Tickets' => [ - 'ProfilesId' => [ - 5500, 5501, - ], - 'ShouldBeAllowedToSeeClasses' => [ - 'FunctionalCI', 'Ticket', - ], - 'ShouldBeAllowedToEditClasses' => [] - ], - 'CI and Catalog' => [ - 'ProfilesId' => [ - 5500, 5502, - ], - 'ShouldBeAllowedToSeeClasses' => [ - 'FunctionalCI', 'ServiceFamily', - ], - 'ShouldBeAllowedToEditClasses' => [] - ], - 'Tickets and Catalog' => [ - 'ProfilesId' => [ - 5501, 5502, - ], - 'ShouldBeAllowedToSeeClasses' => [ - 'Ticket', 'ServiceFamily', - ], - 'ShouldBeAllowedToEditClasses' => [] - ], - 'Tickets and Catalog + profile Ccnfiguration Manager' => [ - 'ProfilesId' => [ - 5501, 5502, 3 - ], - 'ShouldBeAllowedToSeeClasses' => [ - 'FunctionalCI', 'Ticket', 'ServiceFamily', - ], - 'ShouldBeAllowedToEditClasses' => ['FunctionalCI'] - ], - 'CI, Tickets and Catalog' => [ - 'ProfilesId' => [ - 5500, 5501, 5502, - ], - 'ShouldBeAllowedToSeeClasses' => [ - 'FunctionalCI', 'Ticket', 'ServiceFamily', - ], - 'ShouldBeAllowedToEditClasses' => [] - ], - ]; + + protected function GivenUserWithProfiles(string $sLogin, array $aProfileIds): DBObject + { + $oProfiles = new \ormLinkSet(\UserLocal::class, 'profile_list', \DBObjectSet::FromScratch(\URP_UserProfile::class)); + foreach ($aProfileIds as $iProfileId) { + $oProfiles->AddItem(MetaModel::NewObject('URP_UserProfile', ['profileid' => $iProfileId, 'reason' => 'UNIT Tests'])); + } + $oUser = MetaModel::NewObject('UserLocal', [ + 'login' => $sLogin, + 'password' => 'Password1!', + 'expiration' => UserLocal::EXPIRE_NEVER, + 'profile_list' => $oProfiles, + ]); + return $oUser; } + public function testIsLoggedIn() { $this->assertFalse(UserRights::IsLoggedIn()); @@ -303,19 +209,26 @@ class UserRightsTest extends ItopDataTestCase $this->assertEquals($aClassActionResult['res'], $bRes); } - /* - * FunctionalCI => bizmodel searchable - * UserRequest => bizmodel searchable requestmgmt - * URP_UserProfile => addon/userrights - * UserLocal => addon/authentication - * ModuleInstallation => core view_in_gui - * - * Profiles: - * 1 - Administrator - * 2 - User Portal - * 3 - Configuration manager + /** + * @param string $sLoginPrefix + * @param int $iProfileId initial profile * + * @return \DBObject + * @throws \CoreException + * @throws \Exception */ + protected function CreateUniqueUserAndLogin(string $sLoginPrefix, int $iProfileId): DBObject + { + static $iCount = 0; + $sLogin = $sLoginPrefix.$iCount; + $iCount++; + + $oUser = self::CreateUser($sLogin, $iProfileId); + $_SESSION = []; + UserRights::Login($sLogin); + return $oUser; + } + public function ActionAllowedProvider(): array { return [ @@ -363,6 +276,20 @@ class UserRightsTest extends ItopDataTestCase ]; } + /* + * FunctionalCI => bizmodel searchable + * UserRequest => bizmodel searchable requestmgmt + * URP_UserProfile => addon/userrights + * UserLocal => addon/authentication + * ModuleInstallation => core view_in_gui + * + * Profiles: + * 1 - Administrator + * 2 - User Portal + * 3 - Configuration manager + * + */ + /** Test IsActionAllowedOnAttribute * * @dataProvider ActionAllowedOnAttributeProvider @@ -382,14 +309,6 @@ class UserRightsTest extends ItopDataTestCase $this->assertEquals($aClassActionResult['res'], $bRes); } - /* - * FunctionalCI => bizmodel searchable - * UserRequest => bizmodel searchable requestmgmt - * URP_UserProfile => addon/userrights grant_by_profile - * UserLocal => addon/authentication grant_by_profile - * ModuleInstallation => core view_in_gui - * - */ public function ActionAllowedOnAttributeProvider(): array { return [ @@ -416,6 +335,15 @@ class UserRightsTest extends ItopDataTestCase ]; } + /* + * FunctionalCI => bizmodel searchable + * UserRequest => bizmodel searchable requestmgmt + * URP_UserProfile => addon/userrights grant_by_profile + * UserLocal => addon/authentication grant_by_profile + * ModuleInstallation => core view_in_gui + * + */ + /** * @dataProvider UserCannotLoseConsoleAccessProvider * @@ -559,6 +487,7 @@ class UserRightsTest extends ItopDataTestCase $oUser->DBInsert(); } + public function PrivilegedUsersMustHaveBackofficeAccessProvider(): array { return [ @@ -568,6 +497,7 @@ class UserRightsTest extends ItopDataTestCase ]; } + public function testNonPrivilegedUsersCanBeDeniedFromBackoffice() { $oUser = $this->GivenUserWithProfiles('test1', [5, 2]); @@ -603,6 +533,7 @@ class UserRightsTest extends ItopDataTestCase 'with Admins hidden' => [true], ]; } + /** * @dataProvider NonAdminCannotListAdminProfilesProvider */ @@ -649,6 +580,12 @@ class UserRightsTest extends ItopDataTestCase ); } + public function FindUserAndAssertItHasBeenFound($sLogin, $iExpectedKey) + { + $oUser = $this->InvokeNonPublicStaticMethod(UserRights::class, "FindUser", [$sLogin]); + static::assertIsDBObject(\User::class, $iExpectedKey, $oUser, 'FindUser should return the User object corresponding to the login'); + } + public function testFindUser_ExistingExternalUser() { $sLogin = 'AnExternalUser'.uniqid(); @@ -684,14 +621,87 @@ class UserRightsTest extends ItopDataTestCase ); } - public function FindUserAndAssertItHasBeenFound($sLogin, $iExpectedKey) - { - $oUser = $this->InvokeNonPublicStaticMethod(UserRights::class, "FindUser", [$sLogin]); - static::assertIsDBObject(\User::class, $iExpectedKey, $oUser, 'FindUser should return the User object corresponding to the login'); - } public function FindUserAndAssertItWasNotFound($sLogin) { $oUser = $this->InvokeNonPublicStaticMethod(UserRights::class, "FindUser", [$sLogin]); static::assertNull($oUser, 'FindUser should return null when the login is unknown'); } + + protected function ReadOnlyProvider(): array + { + return [ + 'CI' => [ + 'ProfilesId' => [ + 5500, + ], + 'ShouldBeAllowedToSeeClasses' => [ + 'FunctionalCI', + ], + 'ShouldBeAllowedToEditClasses' => [], + ], + 'Tickets' => [ + 'ProfilesId' => [ + 5501, + ], + 'ShouldBeAllowedToSeeClasses' => [ + 'Ticket', + ], + 'ShouldBeAllowedToEditClasses' => [], + ], + 'Catalog' => [ + 'ProfilesId' => [ + 5502, + ], + 'ShouldBeAllowedToSeeClasses' => [ + 'ServiceFamily', + ], + 'ShouldBeAllowedToEditClasses' => [], + ], + 'CI and Tickets' => [ + 'ProfilesId' => [ + 5500, 5501, + ], + 'ShouldBeAllowedToSeeClasses' => [ + 'FunctionalCI', 'Ticket', + ], + 'ShouldBeAllowedToEditClasses' => [], + ], + 'CI and Catalog' => [ + 'ProfilesId' => [ + 5500, 5502, + ], + 'ShouldBeAllowedToSeeClasses' => [ + 'FunctionalCI', 'ServiceFamily', + ], + 'ShouldBeAllowedToEditClasses' => [], + ], + 'Tickets and Catalog' => [ + 'ProfilesId' => [ + 5501, 5502, + ], + 'ShouldBeAllowedToSeeClasses' => [ + 'Ticket', 'ServiceFamily', + ], + 'ShouldBeAllowedToEditClasses' => [], + ], + 'Tickets and Catalog + profile Ccnfiguration Manager' => [ + 'ProfilesId' => [ + 5501, 5502, 3, + ], + 'ShouldBeAllowedToSeeClasses' => [ + 'FunctionalCI', 'Ticket', 'ServiceFamily', + ], + 'ShouldBeAllowedToEditClasses' => ['FunctionalCI'], + ], + 'CI, Tickets and Catalog' => [ + 'ProfilesId' => [ + 5500, 5501, 5502, + ], + 'ShouldBeAllowedToSeeClasses' => [ + 'FunctionalCI', 'Ticket', 'ServiceFamily', + ], + 'ShouldBeAllowedToEditClasses' => [], + ], + ]; + } }