mirror of
https://github.com/Combodo/iTop.git
synced 2026-02-13 07:24:13 +01:00
d177ee4a7f
# Conflicts: # tests/manual-visual-tests/Backoffice/RenderAllUiBlocks.php # tests/php-unit-tests/ItopDataTestCase.php # tests/php-unit-tests/ItopTestCase.php # tests/php-unit-tests/integration-tests/dictionaries-test/fr.dictionary.itop.core.KO.wrong_php # tests/php-unit-tests/integration-tests/dictionaries-test/fr.dictionary.itop.core.OK.php # tests/php-unit-tests/integration-tests/iTopModulesPhpVersionChecklistTest.php # tests/php-unit-tests/integration-tests/iTopXmlVersionChecklistTest.php # tests/php-unit-tests/phpunit.xml.dist # tests/php-unit-tests/unitary-tests/application/SCSSCompilationTest.php # tests/php-unit-tests/unitary-tests/application/Session/SessionTest.php # tests/php-unit-tests/unitary-tests/application/ThemeHandlerTest.php # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/css/DO_NOT_CHANGE.css-variables.scss # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/css/DO_NOT_CHANGE.light-grey.scss # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/css/README.md # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/css/_included_file3.scss # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/css/cross_reference1.scss # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/css/cross_reference2.scss # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/css/feature1/_feature1.scss # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/css/included_file1.scss # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/css/included_scss/included_file2.scss # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/css/included_scss/included_file4.scss # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/css/multi_imports.scss # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/css/shortcut.scss # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/css/shortcut2.scss # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/css/simple_import.scss # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/css/simple_import2.scss # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/css/typography.scss # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/css/ui-lightness/DO_NOT_CHANGE.jqueryui.scss # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/css/ui-lightness/images/ui-bg_diagonals-thick_18_b81900_40x40.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/css/ui-lightness/images/ui-bg_diagonals-thick_20_666666_40x40.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/css/ui-lightness/images/ui-icons_1c94c4_256x240.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/css/ui-lightness/images/ui-icons_222222_256x240.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/css/ui-lightness/images/ui-icons_E87C1E_256x240.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/css/ui-lightness/images/ui-icons_F26522_256x240.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/css/ui-lightness/images/ui-icons_ffd27a_256x240.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/css/ui-lightness/images/ui-icons_ffffff_256x240.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/ac-background.gif # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/actions_right.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/bg.gif # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/breadcrumb-separator.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/calendar.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/delete.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/desc.gif # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/error.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/eye-closed-555.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/eye-closed-fff.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/eye-open-555.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/eye-open-fff.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/full-screen.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/green-header.gif # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/green-square.gif # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/indicator.gif # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/info-mini.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/minus.gif # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/ok.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/orange-header.gif # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/plus.gif # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/red-header.gif # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/truncated.png # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/tv-collapsable-last.gif # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/tv-collapsable.gif # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/tv-expandable-last.gif # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/tv-expandable.gif # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/tv-item-last.gif # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/testimages/images/tv-item.gif # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/themes/basque-red/main.css # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/themes/basque-red/main_imagemodified.css # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/themes/basque-red/main_importmodified.css # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/themes/basque-red/main_stylesheet.css # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/themes/basque-red/main_testcompilethemes.css # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/themes/basque-red/main_varchanged.css # tests/php-unit-tests/unitary-tests/application/theme-handler/expected/themes/basque-red/theme-parameters.json # tests/php-unit-tests/unitary-tests/application/theme-handler/getimages/expected-getimages.json # tests/php-unit-tests/unitary-tests/application/theme-handler/getimages/test-getimages.scss # tests/php-unit-tests/unitary-tests/core/ActionEmailTest.php # tests/php-unit-tests/unitary-tests/core/AttributeDefTest.inc.php # tests/php-unit-tests/unitary-tests/core/AttributeURLDefaultPattern.php # tests/php-unit-tests/unitary-tests/core/AttributeURLTest.php # tests/php-unit-tests/unitary-tests/core/BulkChangeTest.inc.php # tests/php-unit-tests/unitary-tests/core/CSVParserTest.php # tests/php-unit-tests/unitary-tests/core/DBObjectTest.php # tests/php-unit-tests/unitary-tests/core/DBSearchAddConditionPointingTo.php # tests/php-unit-tests/unitary-tests/core/ExpressionEvaluateTest.php # tests/php-unit-tests/unitary-tests/core/GetSelectFilterTest.php # tests/php-unit-tests/unitary-tests/core/InlineImageTest.php # tests/php-unit-tests/unitary-tests/core/Log/ExceptionLogTest.php # tests/php-unit-tests/unitary-tests/core/Log/ExceptionLogTest/Exceptions.php # tests/php-unit-tests/unitary-tests/core/Log/LogAPITest.php # tests/php-unit-tests/unitary-tests/core/Log/LogFileNameBuilderTest.php # tests/php-unit-tests/unitary-tests/core/LogAPITest.php # tests/php-unit-tests/unitary-tests/core/LogFileNameBuilderTest.php # tests/php-unit-tests/unitary-tests/core/MetaModelTest.php # tests/php-unit-tests/unitary-tests/core/OQLTest.php # tests/php-unit-tests/unitary-tests/core/UniquenessConstraintTest.php # tests/php-unit-tests/unitary-tests/core/XMLDataLoaderTest.php # tests/php-unit-tests/unitary-tests/core/dictApcuTest.php # tests/php-unit-tests/unitary-tests/core/dictTest.php # tests/php-unit-tests/unitary-tests/core/ormCaseLogTest.php # tests/php-unit-tests/unitary-tests/core/ormPasswordTest.php # tests/php-unit-tests/unitary-tests/core/ormStyleTest.php # tests/php-unit-tests/unitary-tests/setup/MFCompilerTest.php # tests/php-unit-tests/unitary-tests/setup/SubMFCompiler.php # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/1.7_to_1.6.expected.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/1.7_to_1.6.input.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/Convert-samples/1.6_to_1.7_2.expected.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/Convert-samples/1.6_to_1.7_2.input.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/Convert-samples/1.7.input.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/Convert-samples/1.7_to_1.6.expected.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/Convert-samples/1.7_to_1.6.input.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/Convert-samples/1.7_to_1.6_2.expected.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/Convert-samples/1.7_to_1.6_2.input.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/Convert-samples/1.7_to_3.0.expected.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/Convert-samples/1.7_to_3.0.input.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/Convert-samples/3.0_to_1.7.expected.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/Convert-samples/3.0_to_1.7.input.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/Convert-samples/Bug_4569.expected.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/Convert-samples/Bug_4569.input.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/MoveNode-samples/from_deleted_to_deleted.expected.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/MoveNode-samples/from_deleted_to_deleted.input.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/MoveNode-samples/from_deleted_to_in-definition.expected.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/MoveNode-samples/from_deleted_to_in-definition.input.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/MoveNode-samples/from_deleted_to_not-in-definition.expected.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/MoveNode-samples/from_deleted_to_not-in-definition.input.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/MoveNode-samples/from_in-definition_to_deleted.expected.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/MoveNode-samples/from_in-definition_to_deleted.input.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/MoveNode-samples/from_in-definition_to_in-definition.expected.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/MoveNode-samples/from_in-definition_to_in-definition.input.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/MoveNode-samples/from_in-definition_to_not-in-definition.expected.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/MoveNode-samples/from_in-definition_to_not-in-definition.input.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/MoveNode-samples/from_not-in-definition_to_deleted.expected.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/MoveNode-samples/from_not-in-definition_to_deleted.input.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/MoveNode-samples/from_not-in-definition_to_in-definition.expected.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/MoveNode-samples/from_not-in-definition_to_in-definition.input.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/MoveNode-samples/from_not-in-definition_to_not-in-definition.expected.xml # tests/php-unit-tests/unitary-tests/setup/iTopDesignFormat/MoveNode-samples/from_not-in-definition_to_not-in-definition.input.xml # tests/php-unit-tests/unitary-tests/setup/ressources/datamodels/datamodel-branding.xml # tests/php-unit-tests/unitary-tests/sources/application/Helper/WebResourcesHelperTest.php # tests/php-unit-tests/unitary-tests/sources/application/status/StatusIncTest.php # tests/php-unit-tests/unitary-tests/sources/application/status/status.php # tests/php-unit-tests/unitary-tests/synchro/DataSynchroTest.php
531 lines
17 KiB
PHP
531 lines
17 KiB
PHP
<?php
|
|
// Copyright (c) 2010-2021 Combodo SARL
|
|
//
|
|
// This file is part of iTop.
|
|
//
|
|
// iTop is free software; you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// iTop is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with iTop. If not, see <http://www.gnu.org/licenses/>
|
|
//
|
|
|
|
/**
|
|
* Created by PhpStorm.
|
|
* User: Eric
|
|
* Date: 25/01/2018
|
|
* Time: 11:12
|
|
*/
|
|
|
|
namespace Combodo\iTop\Test\UnitTest\Core;
|
|
|
|
use Combodo\iTop\Test\UnitTest\ItopDataTestCase;
|
|
use CoreCannotSaveObjectException;
|
|
use CoreException;
|
|
use DBObject;
|
|
use DBObjectSearch;
|
|
use DBObjectSet;
|
|
use DeleteException;
|
|
use URP_UserProfile;
|
|
use UserRights;
|
|
use utils;
|
|
|
|
/**
|
|
* @group itopRequestMgmt
|
|
* @group userRights
|
|
* @group defaultProfiles
|
|
*
|
|
* @runTestsInSeparateProcesses
|
|
* @preserveGlobalState disabled
|
|
* @backupGlobals disabled
|
|
*/
|
|
class UserRightsTest extends ItopDataTestCase
|
|
{
|
|
public function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
|
|
try {
|
|
utils::GetConfig()->SetModuleSetting('authent-local', 'password_validation.pattern', '');
|
|
self::CreateUser('admin', 1);
|
|
}
|
|
catch (CoreCannotSaveObjectException $e) {
|
|
}
|
|
}
|
|
|
|
public static $aClasses = [
|
|
'FunctionalCI' => ['class' => 'FunctionalCI', 'attcode' => 'name'],
|
|
'URP_UserProfile' => ['class' => 'URP_UserProfile', 'attcode' => 'reason'],
|
|
'UserLocal' => ['class' => 'UserLocal', 'attcode' => 'login'],
|
|
'UserRequest' => ['class' => 'UserRequest', 'attcode' => 'title'],
|
|
'ModuleInstallation' => ['class' => 'ModuleInstallation', 'attcode' => 'name'],
|
|
];
|
|
|
|
|
|
public function testIsLoggedIn()
|
|
{
|
|
$this->assertFalse(UserRights::IsLoggedIn());
|
|
}
|
|
|
|
/**
|
|
* Test Login validation
|
|
*
|
|
* @dataProvider LoginProvider
|
|
*
|
|
* @param $sLogin
|
|
* @param $bResult
|
|
*
|
|
* @throws \DictExceptionUnknownLanguage
|
|
* @throws \OQLException
|
|
*/
|
|
public function testLogin($sLogin, $bResult)
|
|
{
|
|
$_SESSION = [];
|
|
$this->assertEquals($bResult, UserRights::Login($sLogin));
|
|
$this->assertEquals($bResult, UserRights::IsLoggedIn());
|
|
}
|
|
|
|
public function LoginProvider(): array
|
|
{
|
|
return [
|
|
['admin', true],
|
|
['NotALoginForUnitTests', false],
|
|
['', false],
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @param string $sLogin
|
|
* @param int $iProfileId initial profile
|
|
*
|
|
* @return \DBObject
|
|
* @throws \CoreException
|
|
* @throws \Exception
|
|
*/
|
|
protected function AddUser(string $sLogin, int $iProfileId): DBObject
|
|
{
|
|
$oUser = self::CreateUser($sLogin, $iProfileId);
|
|
$oUser->DBUpdate();
|
|
|
|
return $oUser;
|
|
}
|
|
|
|
/** Test IsActionAllowed when not logged => always true
|
|
*
|
|
* @dataProvider ActionAllowedNotLoggedProvider
|
|
*
|
|
* @param $aClassAction
|
|
*
|
|
* @throws \CoreException
|
|
*/
|
|
public function testIsActionAllowedNotLogged($aClassAction)
|
|
{
|
|
$bRes = UserRights::IsActionAllowed($aClassAction['class'], $aClassAction['action']) == UR_ALLOWED_YES;
|
|
$this->assertEquals(true, $bRes);
|
|
}
|
|
|
|
public function ActionAllowedNotLoggedProvider(): array
|
|
{
|
|
$aClassActions = [];
|
|
|
|
foreach (array_keys(self::$aClasses) as $sClass) {
|
|
for ($i = 1; $i < 8; $i++) {
|
|
$aClassAction = ['class' => $sClass, 'action' => $i];
|
|
$aClassActions[] = [$aClassAction];
|
|
}
|
|
}
|
|
|
|
return $aClassActions;
|
|
}
|
|
|
|
/** Test IsActionAllowed
|
|
*
|
|
* @dataProvider ActionAllowedProvider
|
|
*
|
|
* @param int $iProfileId
|
|
* @param array $aClassActionResult
|
|
*
|
|
* @throws \CoreException
|
|
* @throws \DictExceptionUnknownLanguage
|
|
* @throws \OQLException
|
|
*/
|
|
public function testIsActionAllowed(int $iProfileId, array $aClassActionResult)
|
|
{
|
|
$this->AddUser('test1', $iProfileId);
|
|
$_SESSION = array();
|
|
UserRights::Login('test1');
|
|
$bRes = UserRights::IsActionAllowed($aClassActionResult['class'], $aClassActionResult['action']) == UR_ALLOWED_YES;
|
|
$this->assertEquals($aClassActionResult['res'], $bRes);
|
|
}
|
|
|
|
/*
|
|
* FunctionalCI => bizmodel searchable
|
|
* UserRequest => bizmodel searchable requestmgmt
|
|
* URP_UserProfile => addon/userrights
|
|
* UserLocal => addon/authentication
|
|
* ModuleInstallation => core view_in_gui
|
|
*
|
|
* Profiles:
|
|
* 1 - Administrator
|
|
* 2 - User Portal
|
|
* 3 - Configuration manager
|
|
*
|
|
*/
|
|
public function ActionAllowedProvider(): array
|
|
{
|
|
return [
|
|
/* Administrator (7 = UR_ACTION_CREATE) */
|
|
'Administrator FunctionalCI write' => [1, ['class' => 'FunctionalCI', 'action' => 7, 'res' => true]],
|
|
'Administrator UserRequest write' => [1, ['class' => 'UserRequest', 'action' => 7, 'res' => true]],
|
|
'Administrator URP_UserProfile write' => [1, ['class' => 'URP_UserProfile', 'action' => 7, 'res' => true]],
|
|
'Administrator UserLocal write' => [1, ['class' => 'UserLocal', 'action' => 7, 'res' => true]],
|
|
'Administrator ModuleInstallation write' => [1, ['class' => 'ModuleInstallation', 'action' => 7, 'res' => true]],
|
|
|
|
/* User Portal (7 = UR_ACTION_CREATE) */
|
|
'User Portal FunctionalCI write' => [2, ['class' => 'FunctionalCI', 'action' => 7, 'res' => false]],
|
|
'User Portal UserRequest write' => [2, ['class' => 'UserRequest', 'action' => 7, 'res' => true]],
|
|
'User Portal URP_UserProfile write' => [2, ['class' => 'URP_UserProfile', 'action' => 7, 'res' => false]],
|
|
'User Portal UserLocal write' => [2, ['class' => 'UserLocal', 'action' => 7, 'res' => false]],
|
|
'User Portal ModuleInstallation write' => [2, ['class' => 'ModuleInstallation', 'action' => 7, 'res' => false]],
|
|
|
|
/* Configuration manager (7 = UR_ACTION_CREATE) */
|
|
'Configuration manager FunctionalCI write' => [3, ['class' => 'FunctionalCI', 'action' => 7, 'res' => true]],
|
|
'Configuration manager UserRequest write' => [3, ['class' => 'UserRequest', 'action' => 7, 'res' => false]],
|
|
'Configuration manager URP_UserProfile write' => [3, ['class' => 'URP_UserProfile', 'action' => 7, 'res' => false]],
|
|
'Configuration manager UserLocal write' => [3, ['class' => 'UserLocal', 'action' => 7, 'res' => false]],
|
|
'Configuration manager ModuleInstallation write' => [3, ['class' => 'ModuleInstallation', 'action' => 7, 'res' => false]],
|
|
|
|
/* Administrator (1 = UR_ACTION_READ) */
|
|
'Administrator FunctionalCI read' => [1, ['class' => 'FunctionalCI', 'action' => 1, 'res' => true]],
|
|
'Administrator UserRequest read' => [1, ['class' => 'UserRequest', 'action' => 1, 'res' => true]],
|
|
'Administrator URP_UserProfile read' => [1, ['class' => 'URP_UserProfile', 'action' => 1, 'res' => true]],
|
|
'Administrator UserLocal read' => [1, ['class' => 'UserLocal', 'action' => 1, 'res' => true]],
|
|
'Administrator ModuleInstallation read' => [1, ['class' => 'ModuleInstallation', 'action' => 1, 'res' => true]],
|
|
|
|
/* User Portal (1 = UR_ACTION_READ) */
|
|
'User Portal FunctionalCI read' => [2, ['class' => 'FunctionalCI', 'action' => 1, 'res' => true]],
|
|
'User Portal UserRequest read' => [2, ['class' => 'UserRequest', 'action' => 1, 'res' => true]],
|
|
'User Portal URP_UserProfile read' => [2, ['class' => 'URP_UserProfile', 'action' => 1, 'res' => false]],
|
|
'User Portal UserLocal read' => [2, ['class' => 'UserLocal', 'action' => 1, 'res' => false]],
|
|
'User Portal ModuleInstallation read' => [2, ['class' => 'ModuleInstallation', 'action' => 1, 'res' => true]],
|
|
|
|
/* Configuration manager (1 = UR_ACTION_READ) */
|
|
'Configuration manager FunctionalCI read' => [3, ['class' => 'FunctionalCI', 'action' => 1, 'res' => true]],
|
|
'Configuration manager UserRequest read' => [3, ['class' => 'UserRequest', 'action' => 1, 'res' => true]],
|
|
'Configuration manager URP_UserProfile read' => [3, ['class' => 'URP_UserProfile', 'action' => 1, 'res' => false]],
|
|
'Configuration manager UserLocal read' => [3, ['class' => 'UserLocal', 'action' => 1, 'res' => false]],
|
|
'Configuration manager ModuleInstallation read' => [3, ['class' => 'ModuleInstallation', 'action' => 1, 'res' => true]],
|
|
];
|
|
}
|
|
|
|
|
|
/** Test IsActionAllowedOnAttribute
|
|
*
|
|
* @dataProvider ActionAllowedOnAttributeProvider
|
|
*
|
|
* @param int $iProfileId
|
|
* @param array $aClassActionResult
|
|
*
|
|
* @throws \CoreException
|
|
* @throws \DictExceptionUnknownLanguage
|
|
* @throws \OQLException
|
|
*/
|
|
public function testIsActionAllowedOnAttribute(int $iProfileId, array $aClassActionResult)
|
|
{
|
|
$this->AddUser('test1', $iProfileId);
|
|
$_SESSION = [];
|
|
UserRights::Login('test1');
|
|
$sClass = $aClassActionResult['class'];
|
|
$bRes = UserRights::IsActionAllowedOnAttribute($sClass, self::$aClasses[$sClass]['attcode'], $aClassActionResult['action']) == UR_ALLOWED_YES;
|
|
$this->assertEquals($aClassActionResult['res'], $bRes);
|
|
}
|
|
|
|
/*
|
|
* FunctionalCI => bizmodel searchable
|
|
* UserRequest => bizmodel searchable requestmgmt
|
|
* URP_UserProfile => addon/userrights grant_by_profile
|
|
* UserLocal => addon/authentication grant_by_profile
|
|
* ModuleInstallation => core view_in_gui
|
|
*
|
|
*/
|
|
public function ActionAllowedOnAttributeProvider(): array
|
|
{
|
|
return [
|
|
/* Administrator (2 = UR_ACTION_MODIFY) */
|
|
'Administrator FunctionalCI' => [1, ['class' => 'FunctionalCI', 'action' => 2, 'res' => true]],
|
|
'Administrator UserRequest' => [1, ['class' => 'UserRequest', 'action' => 2, 'res' => true]],
|
|
'Administrator URP_UserProfile' => [1, ['class' => 'URP_UserProfile', 'action' => 2, 'res' => true]],
|
|
'Administrator UserLocal' => [1, ['class' => 'UserLocal', 'action' => 2, 'res' => true]],
|
|
'Administrator ModuleInstallation' => [1, ['class' => 'ModuleInstallation', 'action' => 2, 'res' => true]],
|
|
|
|
/* User Portal (2 = UR_ACTION_MODIFY) */
|
|
'User Portal FunctionalCI' => [2, ['class' => 'FunctionalCI', 'action' => 2, 'res' => false]],
|
|
'User Portal UserRequest' => [2, ['class' => 'UserRequest', 'action' => 2, 'res' => true]],
|
|
'User Portal URP_UserProfile' => [2, ['class' => 'URP_UserProfile', 'action' => 2, 'res' => false]],
|
|
'User Portal UserLocal' => [2, ['class' => 'UserLocal', 'action' => 2, 'res' => false]],
|
|
'User Portal ModuleInstallation' => [2, ['class' => 'ModuleInstallation', 'action' => 2, 'res' => true]],
|
|
|
|
/* Configuration manager (2 = UR_ACTION_MODIFY) */
|
|
'Configuration manager FunctionalCI' => [3, ['class' => 'FunctionalCI', 'action' => 2, 'res' => true]],
|
|
'Configuration manager UserRequest' => [3, ['class' => 'UserRequest', 'action' => 2, 'res' => false]],
|
|
'Configuration manager URP_UserProfile' => [3, ['class' => 'URP_UserProfile', 'action' => 2, 'res' => false]],
|
|
'Configuration manager UserLocal' => [3, ['class' => 'UserLocal', 'action' => 2, 'res' => false]],
|
|
'Configuration manager ModuleInstallation' => [3, ['class' => 'ModuleInstallation', 'action' => 2, 'res' => true]],
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @dataProvider ProfileDenyingConsoleProvider
|
|
* @doesNotPerformAssertions
|
|
*
|
|
* @throws \CoreException
|
|
* @throws \DictExceptionUnknownLanguage
|
|
* @throws \OQLException
|
|
*/
|
|
public function testProfileDenyingConsole(int $iProfileId)
|
|
{
|
|
$oUser = $this->AddUser('test1', $iProfileId);
|
|
$_SESSION = [];
|
|
UserRights::Login('test1');
|
|
|
|
try {
|
|
$this->AddProfileToUser($oUser, 2);
|
|
$this->fail('Profile should not be added');
|
|
} catch (CoreCannotSaveObjectException $e) {
|
|
}
|
|
|
|
// logout
|
|
$_SESSION = [];
|
|
}
|
|
|
|
public function ProfileDenyingConsoleProvider(): array
|
|
{
|
|
return [
|
|
'Administrator' => [1],
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @dataProvider ProfileCannotModifySelfProvider
|
|
* @doesNotPerformAssertions
|
|
*
|
|
* @throws \CoreException
|
|
* @throws \DictExceptionUnknownLanguage
|
|
* @throws \OQLException
|
|
*/
|
|
public function testProfileCannotModifySelf(int $iProfileId)
|
|
{
|
|
$oUser = $this->AddUser('test1', $iProfileId);
|
|
$_SESSION = [];
|
|
UserRights::Login('test1');
|
|
|
|
try {
|
|
$this->AddProfileToUser($oUser, 1); // trying to become an admin
|
|
$this->fail('User should not modify self');
|
|
} catch (CoreException $e) {
|
|
}
|
|
|
|
// logout
|
|
$_SESSION = [];
|
|
}
|
|
|
|
public function ProfileCannotModifySelfProvider(): array
|
|
{
|
|
return [
|
|
'Configuration manager' => [3],
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @dataProvider DeletingSelfUserProvider
|
|
* @doesNotPerformAssertions
|
|
*
|
|
* @throws \CoreException
|
|
* @throws \DictExceptionUnknownLanguage
|
|
* @throws \OQLException
|
|
*/
|
|
public function testDeletingSelfUser(int $iProfileId)
|
|
{
|
|
$oUser = $this->AddUser('test1', $iProfileId);
|
|
$_SESSION = [];
|
|
UserRights::Login('test1');
|
|
|
|
try {
|
|
$oUser->DBDelete();
|
|
$this->fail('Current User cannot be deleted');
|
|
} catch (DeleteException $e) {
|
|
}
|
|
|
|
// logout
|
|
$_SESSION = [];
|
|
}
|
|
|
|
public function DeletingSelfUserProvider(): array
|
|
{
|
|
return [
|
|
'Administrator' => [1],
|
|
'Configuration manager' => [3],
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @dataProvider RemovingOwnContactProvider
|
|
* @doesNotPerformAssertions
|
|
*
|
|
* @param int $iProfileId
|
|
*
|
|
* @throws \CoreException
|
|
* @throws \DictExceptionUnknownLanguage
|
|
* @throws \OQLException
|
|
*/
|
|
public function testRemovingOwnContact(int $iProfileId)
|
|
{
|
|
$oUser = $this->AddUser('test1', $iProfileId);
|
|
$_SESSION = [];
|
|
UserRights::Login('test1');
|
|
|
|
$oUser->Set('contactid', 0);
|
|
|
|
try {
|
|
$oUser->DBWrite();
|
|
$this->fail('Current User cannot remove his own contact');
|
|
} catch (CoreCannotSaveObjectException $e) {
|
|
}
|
|
}
|
|
|
|
public function RemovingOwnContactProvider(): array
|
|
{
|
|
return [
|
|
'Administrator' => [1],
|
|
'Configuration manager' => [3],
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @doesNotPerformAssertions
|
|
*
|
|
* @throws \CoreException
|
|
* @throws \DictExceptionUnknownLanguage
|
|
* @throws \OQLException
|
|
*/
|
|
public function testUpgradingToAdmin()
|
|
{
|
|
$oUser = $this->AddUser('test1', 3);
|
|
$_SESSION = [];
|
|
UserRights::Login('test1');
|
|
|
|
try {
|
|
$this->AddProfileToUser($oUser, 1);
|
|
$this->fail('Should not be able to upgrade to Administrator');
|
|
} catch (CoreCannotSaveObjectException $e) {
|
|
} catch (CoreException $e) {
|
|
}
|
|
|
|
// logout
|
|
$_SESSION = [];
|
|
}
|
|
|
|
/**
|
|
* @doesNotPerformAssertions
|
|
*
|
|
* @throws \CoreException
|
|
* @throws \DictExceptionUnknownLanguage
|
|
* @throws \OQLException
|
|
*/
|
|
public function testDenyingUserModification()
|
|
{
|
|
$oUser = $this->AddUser('test1', 1);
|
|
$_SESSION = [];
|
|
UserRights::Login('test1');
|
|
$this->AddProfileToUser($oUser, 3);
|
|
|
|
// Keep only the profile 3 (remove profile 1)
|
|
$oUserProfile = new URP_UserProfile();
|
|
$oUserProfile->Set('profileid', 3);
|
|
$oUserProfile->Set('reason', 'UNIT Tests');
|
|
$oSet = DBObjectSet::FromObject($oUserProfile);
|
|
$oUser->Set('profile_list', $oSet);
|
|
|
|
try {
|
|
$oUser->DBWrite();
|
|
$this->fail('Should not be able to deny User modifications');
|
|
} catch (CoreCannotSaveObjectException $e) {
|
|
}
|
|
|
|
// logout
|
|
$_SESSION = [];
|
|
}
|
|
|
|
/**
|
|
*@dataProvider NonAdminCanListOwnProfilesProvider
|
|
*/
|
|
public function testNonAdminCanListOwnProfiles($bHideAdministrators)
|
|
{
|
|
$oUser = $this->AddUser('test1', 2); // portal user
|
|
$_SESSION = [];
|
|
utils::GetConfig()->Set('security.hide_administrators', $bHideAdministrators);
|
|
UserRights::Login('test1');
|
|
|
|
// List the link between the User and the Profiles
|
|
$oSearch = new DBObjectSearch('URP_UserProfile');
|
|
$oSearch->AddCondition('userid', $oUser->GetKey());
|
|
$oSet = new DBObjectSet($oSearch);
|
|
$this->assertEquals(1, $oSet->Count());
|
|
|
|
// Get the Profiles as well
|
|
$oSearch = DBObjectSearch::FromOQL('SELECT URP_Profiles JOIN URP_UserProfile ON URP_UserProfile.profileid = URP_Profiles.id WHERE URP_UserProfile.userid='.$oUser->GetKey());
|
|
$oSet = new DBObjectSet($oSearch);
|
|
$this->assertEquals(1, $oSet->Count());
|
|
|
|
// logout
|
|
$_SESSION = [];
|
|
}
|
|
|
|
public function NonAdminCanListOwnProfilesProvider(): array
|
|
{
|
|
return [
|
|
'with Admins visible'=> [false],
|
|
'with Admins hidden' => [true],
|
|
];
|
|
}
|
|
/**
|
|
*@dataProvider NonAdminCannotListAdminProfilesProvider
|
|
*/
|
|
public function testNonAdminCannotListAdminProfiles($bHideAdministrators, $iExpectedCount)
|
|
{
|
|
utils::GetConfig()->Set('security.hide_administrators', $bHideAdministrators);
|
|
|
|
$this->AddUser('test1', 2); // portal user
|
|
$oUserAdmin = $this->AddUser('admin1', 1);
|
|
$_SESSION = [];
|
|
UserRights::Login('test1');
|
|
|
|
$oSearch = new DBObjectSearch('URP_UserProfile');
|
|
$oSearch->AddCondition('userid', $oUserAdmin->GetKey());
|
|
$oSet = new DBObjectSet($oSearch);
|
|
$this->assertEquals($iExpectedCount, $oSet->Count());
|
|
// Get the Profiles as well
|
|
$oSearch = DBObjectSearch::FromOQL('SELECT URP_Profiles JOIN URP_UserProfile ON URP_UserProfile.profileid = URP_Profiles.id WHERE URP_UserProfile.userid='.$oUserAdmin->GetKey());
|
|
$oSet = new DBObjectSet($oSearch);
|
|
$this->assertEquals($iExpectedCount, $oSet->Count());
|
|
|
|
// logout
|
|
$_SESSION = [];
|
|
}
|
|
|
|
public function NonAdminCannotListAdminProfilesProvider(): array
|
|
{
|
|
return [
|
|
'with Admins visible'=> [false, 1],
|
|
'with Admins hidden' => [true, 0],
|
|
];
|
|
}
|
|
}
|