deblan/propel-bundle
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Ported all acl-related remaining tests

Browse source
This commit is contained in:
Kévin Gomez 2013-12-14 12:12:35 +00:00
parent 80fcec69f5
commit 4c26f81a9b
11 changed files with 1568 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Security/Acl/Domain/Acl.php
View file

@ -26,7 +26,7 @@ use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
*/
class Acl implements AclInterface
{
protected $model = 'Propel\PropelBundle\Model\Acl\Entry';
protected $model = '\Propel\PropelBundle\Model\Acl\Entry';
protected $classAces = array();
protected $classFieldAces = array();
@ -59,8 +59,8 @@ class Acl implements AclInterface
*/
public function __construct(ObjectCollection $entries, ObjectIdentityInterface $objectIdentity, PermissionGrantingStrategyInterface $permissionGrantingStrategy, array $loadedSecurityIdentities = array(), AclInterface $parentAcl = null, $inherited = true)
{
if ($entries->getModel() !== $this->model) {
throw new AclException(sprintf('The given collection does not contain models of class "%s" but of class "%s".', $this->model, $entries->getModel()));
if ($entries->getFullyQualifiedModel() !== $this->model) {
throw new AclException(sprintf('The given collection does not contain models of class "%s" but of class "%s".', $this->model, $entries->getFullyQualifiedModel()));
}
foreach ($entries as $eachEntry) {

2
Security/Acl/MutableAclProvider.php
View file

@ -190,7 +190,7 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf
);
}
foreach ($modelEntries as &$eachEntry) {
foreach ($modelEntries as $eachEntry) {
if (!in_array($eachEntry->getId(), $keepEntries)) {
$eachEntry->delete($this->connection);
}

60
Tests/Fixtures/Acl/ArrayCache.php Normal file
View file

@ -0,0 +1,60 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Fixtures\Acl;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\AclCacheInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
class ArrayCache implements AclCacheInterface
{
public $content = array();
public function evictFromCacheById($primaryKey)
{
if (isset($this->content[$primaryKey])) {
unset($this->content[$primaryKey]);
}
}
public function evictFromCacheByIdentity(ObjectIdentityInterface $oid)
{
// Propel ACL does not make use of those.
}
public function getFromCacheById($primaryKey)
{
if (isset($this->content[$primaryKey])) {
return $this->content[$primaryKey];
}
return null;
}
public function getFromCacheByIdentity(ObjectIdentityInterface $oid)
{
// Propel ACL does not make use of those.
}
public function putInCache(AclInterface $acl)
{
if (null === $acl->getId()) {
throw new \InvalidArgumentException('The given ACL does not have an ID.');
}
$this->content[$acl->getId()] = $acl;
}
public function clearCache()
{
$this->content = array();
}
}

261
Tests/Security/Acl/AclProviderTest.php Normal file
View file

@ -0,0 +1,261 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl;
use Propel\Runtime\Map\TableMap;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Model\Acl\EntryQuery;
use Propel\PropelBundle\Model\Acl\Map\EntryTableMap;
use Propel\PropelBundle\Security\Acl\AclProvider;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
use Propel\PropelBundle\Tests\AclTestCase;
use Propel\PropelBundle\Tests\Fixtures\Acl\ArrayCache as AclCache;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AclProviderTest extends AclTestCase
{
public function testFindAclNoneGiven()
{
$provider = $this->getAclProvider();
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\AclNotFoundException', 'There is no ACL available for this object identity. Please create one using the MutableAclProvider.');
$provider->findAcl($this->getAclObjectIdentity());
}
public function testFindAclNoneGivenFilterSecurityIdentity()
{
$provider = $this->getAclProvider();
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\AclNotFoundException', 'There is at least no ACL for this object identity and the given security identities. Try retrieving the ACL without security identity filter and add ACEs for the security identities.');
$provider->findAcl($this->getAclObjectIdentity(), array($this->getRoleSecurityIdentity()));
}
public function testFindAclWithEntries()
{
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
$this->assertNotEmpty($acl);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $acl);
$this->assertEmpty($acl->getFields());
$this->assertEmpty($acl->getClassAces());
$this->assertNotEmpty($acl->getObjectAces());
$this->assertCount(1, $acl->getObjectAces());
$this->assertNull($acl->getParentAcl());
$this->assertTrue($acl->isEntriesInheriting());
$this->assertFalse($acl->isSidLoaded($this->getRoleSecurityIdentity('ROLE_ADMIN')));
$this->assertTrue($acl->isSidLoaded($this->getRoleSecurityIdentity('ROLE_USER')));
$this->assertTrue($acl->isGranted(array(1, 2, 4, 8, 16, 32, 64), array($this->getRoleSecurityIdentity('ROLE_USER'))));
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException');
$acl->isGranted(array(128), array($this->getRoleSecurityIdentity('ROLE_USER')));
}
/**
* @depends testFindAclWithEntries
*/
public function testFindAclWithParent()
{
$parent = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($parent->getAclClass())
->setMask(128)
;
$parent->addEntry($entry)->save($this->con);
$obj = $this->createModelObjectIdentity(2);
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parent);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(2), array($this->getRoleSecurityIdentity('ROLE_USER')));
$parent = $acl->getParentAcl();
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $acl);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $parent);
$aces = $acl->getObjectAces();
$parentAces = $parent->getObjectAces();
$this->assertEquals(64, $aces[0]->getMask());
$this->assertEquals(128, $parentAces[0]->getMask());
}
/**
* @depends testFindAclWithEntries
*/
public function testFindAcls()
{
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
;
$obj->addEntry($entry)->save($this->con);
$aclObj = $this->getAclObjectIdentity(1);
$acls = $this->getAclProvider()->findAcls(array($aclObj), array($this->getRoleSecurityIdentity('ROLE_USER')));
$acl = $this->getAclProvider()->findAcl($aclObj, array($this->getRoleSecurityIdentity('ROLE_USER')));
$this->assertNotEmpty($acls);
$this->assertCount(1, $acls);
$this->assertTrue($acls->contains($aclObj));
$this->assertEquals($acl, $acls[$aclObj]);
}
public function testFindChildrenParentNotExists()
{
$this->assertEmpty($this->getAclProvider()->findChildren(new ObjectIdentity(5, 'Book')));
}
/**
* @depends testFindAclWithEntries
*/
public function testFindChildrenWithoutChildren()
{
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
$childrenAcl = $this->getAclProvider()->findChildren($this->getAclObjectIdentity(1));
$this->assertEmpty($childrenAcl);
}
public function testFindChildrenDirectOnly()
{
list($parentObj, $obj, $childObj) = $this->createObjectIdentities();
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parentObj)->save($this->con);
$childObj->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con);
$children = $this->getAclProvider()->findChildren($this->getAclObjectIdentity(1), true);
$this->assertNotEmpty($children);
$this->assertCount(1, $children);
$this->assertEquals(2, $children[0]->getIdentifier());
}
public function testFindChildrenWithGrandChildren()
{
list($parentObj, $obj, $childObj) = $this->createObjectIdentities();
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parentObj)->save($this->con);
$childObj->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con);
$children = $this->getAclProvider()->findChildren($this->getAclObjectIdentity(1));
$this->assertNotEmpty($children);
$this->assertCount(2, $children);
$this->assertEquals(2, $children[0]->getIdentifier());
$this->assertEquals(3, $children[1]->getIdentifier());
}
protected function createObjectIdentities()
{
$parentObj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($parentObj->getAclClass())
->setMask(64)
;
$parentObj->addEntry($entry)->save($this->con);
$obj = $this->createModelObjectIdentity(2);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
$childObj = $this->createModelObjectIdentity(3);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($childObj->getAclClass())
->setMask(64)
;
$childObj->addEntry($entry)->save($this->con);
return array($parentObj, $obj, $childObj);
}
/**
* @depends testFindAclWithEntries
*/
public function testFindAclReadsFromCache()
{
$this->cache = new AclCache();
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
// Read and put into cache
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
$this->cache->content[1] = $acl;
// Change database
EntryQuery::create()->update(array(EntryTableMap::translateFieldName(EntryTableMap::MASK, TableMap::TYPE_COLNAME, TableMap::TYPE_PHPNAME) => 128), $this->con);
$this->assertEquals(0, EntryQuery::create()->filterByMask(64)->count($this->con));
// Verify cache has been read
$cachedAcl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
$cachedObjectAces = $cachedAcl->getObjectAces();
$this->assertSame($acl, $cachedAcl);
$this->assertEquals(64, $cachedObjectAces[0]->getMask());
}
protected function getAclProvider()
{
return new AclProvider(new PermissionGrantingStrategy(), $this->con, $this->cache);
}
}

85
Tests/Security/Acl/AuditableAclProviderTest.php Normal file
View file

@ -0,0 +1,85 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl;
use Propel\PropelBundle\Model\Acl\EntryQuery;
use Propel\PropelBundle\Security\Acl\AuditableAclProvider;
use Propel\PropelBundle\Tests\AclTestCase;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AuditableAclProviderTest extends AclTestCase
{
public function testCreateAcl()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$this->assertNotEmpty($acl);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\AuditableAcl', $acl);
$this->assertEquals(1, $acl->getId());
}
/**
* @depends testCreateAcl
*/
public function testUpdatePersistsAuditing()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
// default values
$this->assertFalse($entries[0]->getAuditSuccess());
$this->assertTrue($entries[0]->getAuditFailure());
$acl->updateObjectAuditing(0, true, true);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
$this->assertTrue($entries[0]->getAuditSuccess());
$this->assertTrue($entries[0]->getAuditFailure());
$acl->updateObjectAuditing(0, false, true);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
$this->assertFalse($entries[0]->getAuditSuccess());
$this->assertTrue($entries[0]->getAuditFailure());
$acl->updateObjectAuditing(0, true, false);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
$this->assertTrue($entries[0]->getAuditSuccess());
$this->assertFalse($entries[0]->getAuditFailure());
$acl->updateObjectAuditing(0, false, false);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
$this->assertFalse($entries[0]->getAuditSuccess());
$this->assertFalse($entries[0]->getAuditFailure());
}
protected function getAclProvider()
{
return new AuditableAclProvider(new PermissionGrantingStrategy(), $this->con);
}
}

206
Tests/Security/Acl/Domain/AclTest.php Normal file
View file

@ -0,0 +1,206 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl\Domain;
use Propel\Runtime\Collection\ObjectCollection;
use Propel\PropelBundle\Model\Acl\Entry;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\Acl;
use Propel\PropelBundle\Tests\AclTestCase;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AclTest extends AclTestCase
{
public function testConstructorInvalidCollection()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\AclClass');
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\Exception');
new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
}
public function testConstructorEmptyCollection()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$aclObj = $this->getAclObjectIdentity();
$acl = new Acl($collection, $aclObj, new PermissionGrantingStrategy());
$this->assertEmpty($acl->getClassAces());
$this->assertEmpty($acl->getObjectAces());
$this->assertEmpty($acl->getFields());
$this->assertNull($acl->getParentAcl());
$this->assertSame($aclObj, $acl->getObjectIdentity());
$this->assertTrue($acl->isEntriesInheriting());
}
/**
* @depends testConstructorEmptyCollection
*/
public function testConstructorWithAces()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$obj = $this->createModelObjectIdentity(1);
// object based ACE
$entry = $this->createEntry();
$entry
->setObjectIdentity($obj)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
// object field based ACE
$entry = $this->createEntry();
$entry
->setObjectIdentity($obj)
->setFieldName('name')
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
// class based ACE
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
// class field based ACE
$entry = $this->createEntry();
$entry
->setFieldName('name')
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->assertNotEmpty($acl->getClassAces());
$this->assertNotEmpty($acl->getObjectAces());
$this->assertEquals(array('name'), $acl->getFields());
$this->assertNotEmpty($acl->getClassFieldAces('name'));
$this->assertNotEmpty($acl->getObjectFieldAces('name'));
$classAces = $acl->getClassAces();
$objectAces = $acl->getObjectAces();
$classFieldAces = $acl->getClassFieldAces('name');
$objectFieldAces = $acl->getObjectFieldAces('name');
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $classAces[0]);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $objectAces[0]);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $classFieldAces[0]);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $objectFieldAces[0]);
$this->assertSame($acl, $classAces[0]->getAcl());
$this->assertSame($acl, $objectAces[0]->getAcl());
$this->assertSame($acl, $classFieldAces[0]->getAcl());
$this->assertSame($acl, $objectFieldAces[0]->getAcl());
$this->assertEquals('name', $classFieldAces[0]->getField());
$this->assertEquals('name', $objectFieldAces[0]->getField());
}
public function testIsSidLoadedNoneLoaded()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->assertFalse($acl->isSidLoaded($this->getRoleSecurityIdentity()));
}
public function testIsSidLoadedInvalid()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$aclObj = $this->getAclObjectIdentity();
$acl = new Acl($collection, $aclObj, new PermissionGrantingStrategy());
$this->setExpectedException('InvalidArgumentException');
$acl->isSidLoaded('foo');
}
public function testIsGrantedNoAces()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException');
$acl->isGranted(array(64), array($this->getRoleSecurityIdentity()));
}
public function testIsGrantedNoMatchingSecurityIdentity()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN')))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException');
$acl->isGranted(array(64), array($this->getRoleSecurityIdentity('ROLE_USER')));
}
public function testIsFieldGrantedNoAces()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException');
$acl->isFieldGranted('name', array(64), array($this->getRoleSecurityIdentity()));
}
public function testSerializeUnserialize()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN')))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$serialized = serialize($acl);
$unserialized = unserialize($serialized);
$this->assertNotEmpty($serialized);
$this->assertNotEmpty($unserialized);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $unserialized);
$this->assertEquals($serialized, serialize($unserialized));
}
}

212
Tests/Security/Acl/Domain/AuditableAclTest.php Normal file
View file

@ -0,0 +1,212 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl\Domain;
use Propel\Runtime\Collection\ObjectCollection;
use Propel\PropelBundle\Model\Acl\Entry;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\AuditableAcl;
use Propel\PropelBundle\Tests\AclTestCase;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AuditableAclTest extends AclTestCase
{
public function testUpdateAuditingInvalidIndex()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->setExpectedException('OutOfBoundsException');
$acl->updateObjectAuditing(0, false, false);
}
public function testUpdateAuditingInvalidField()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setObjectIdentity($obj)
->setFieldName('name')
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->setExpectedException('InvalidArgumentException');
$acl->updateObjectFieldAuditing(0, 'foo', false, false);
}
public function testUpdateAuditingInvalidFlag()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setObjectIdentity($obj)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->setExpectedException('InvalidArgumentException');
$acl->updateObjectAuditing(0, 'foo', 'bar');
}
public function testUpdateObjectAuditing()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setObjectIdentity($obj)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$aces = $acl->getObjectAces();
$this->assertCount(1, $aces);
$acl->updateObjectAuditing(0, true, true);
$aces = $acl->getObjectAces();
$this->assertTrue($aces[0]->isAuditSuccess());
$this->assertTrue($aces[0]->isAuditFailure());
$acl->updateObjectAuditing(0, false, true);
$aces = $acl->getObjectAces();
$this->assertFalse($aces[0]->isAuditSuccess());
$this->assertTrue($aces[0]->isAuditFailure());
$acl->updateObjectAuditing(0, true, false);
$aces = $acl->getObjectAces();
$this->assertTrue($aces[0]->isAuditSuccess());
$this->assertFalse($aces[0]->isAuditFailure());
$acl->updateObjectAuditing(0, false, false);
$aces = $acl->getObjectAces();
$this->assertFalse($aces[0]->isAuditSuccess());
$this->assertFalse($aces[0]->isAuditFailure());
}
/**
* @depends testUpdateObjectAuditing
*/
public function testUpdateObjectFieldAuditing()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setFieldName('name')
->setObjectIdentity($obj)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$aces = $acl->getObjectFieldAces('name');
$this->assertCount(1, $aces);
$acl->updateObjectFieldAuditing(0, 'name', true, true);
$aces = $acl->getObjectFieldAces('name');
$this->assertTrue($aces[0]->isAuditSuccess());
$this->assertTrue($aces[0]->isAuditFailure());
$acl->updateObjectFieldAuditing(0, 'name', false, false);
$aces = $acl->getObjectFieldAces('name');
$this->assertFalse($aces[0]->isAuditSuccess());
$this->assertFalse($aces[0]->isAuditFailure());
}
/**
* @depends testUpdateObjectAuditing
*/
public function testUpdateClassAuditing()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$aces = $acl->getClassAces();
$this->assertCount(1, $aces);
$acl->updateClassAuditing(0, true, true);
$aces = $acl->getClassAces('name');
$this->assertTrue($aces[0]->isAuditSuccess());
$this->assertTrue($aces[0]->isAuditFailure());
$acl->updateClassAuditing(0, false, false);
$aces = $acl->getClassAces();
$this->assertFalse($aces[0]->isAuditSuccess());
$this->assertFalse($aces[0]->isAuditFailure());
}
/**
* @depends testUpdateObjectAuditing
*/
public function testUpdateClassFieldAuditing()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$entry = $this->createEntry();
$entry
->setFieldName('name')
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$aces = $acl->getClassFieldAces('name');
$this->assertCount(1, $aces);
$acl->updateClassFieldAuditing(0, 'name', true, true);
$aces = $acl->getClassFieldAces('name');
$this->assertTrue($aces[0]->isAuditSuccess());
$this->assertTrue($aces[0]->isAuditFailure());
$acl->updateClassFieldAuditing(0, 'name', false, false);
$aces = $acl->getClassFieldAces('name');
$this->assertFalse($aces[0]->isAuditSuccess());
$this->assertFalse($aces[0]->isAuditFailure());
}
}

70
Tests/Security/Acl/Domain/EntryTest.php Normal file
View file

@ -0,0 +1,70 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl\Domain;
use Propel\Runtime\Collection\ObjectCollection;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\Acl;
use Propel\PropelBundle\Security\Acl\Domain\Entry;
use Propel\PropelBundle\Tests\AclTestCase;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class EntryTest extends AclTestCase
{
public function testConstruct()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$model = $this->createEntry();
$model->setAuditFailure(true);
$model->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()));
$entry = new Entry($model, $acl);
$this->assertEquals($model->getMask(), $entry->getMask());
$this->assertEquals($model->getGranting(), $entry->isGranting());
$this->assertEquals($model->getGrantingStrategy(), $entry->getStrategy());
$this->assertEquals($model->getAuditFailure(), $entry->isAuditFailure());
$this->assertEquals($model->getAuditSuccess(), $entry->isAuditSuccess());
$this->assertEquals($this->getRoleSecurityIdentity(), $entry->getSecurityIdentity());
return $entry;
}
/**
* @depends testConstruct
*/
public function testSerializeUnserialize(Entry $entry)
{
$serialized = serialize($entry);
$unserialized = unserialize($serialized);
$this->assertNotEmpty($serialized);
$this->assertNotEmpty($unserialized);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $unserialized);
$this->assertEquals($entry->getMask(), $unserialized->getMask());
$this->assertEquals($entry->isGranting(), $unserialized->isGranting());
$this->assertEquals($entry->getStrategy(), $unserialized->getStrategy());
$this->assertEquals($entry->isAuditFailure(), $unserialized->isAuditFailure());
$this->assertEquals($entry->isAuditSuccess(), $unserialized->isAuditSuccess());
$this->assertEquals($entry->getSecurityIdentity(), $unserialized->getSecurityIdentity());
$this->assertEquals($serialized, serialize($unserialized));
}
}

73
Tests/Security/Acl/Domain/FieldEntryTest.php Normal file
View file

@ -0,0 +1,73 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl\Domain;
use Propel\Runtime\Collection\ObjectCollection;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\Acl;
use Propel\PropelBundle\Security\Acl\Domain\FieldEntry;
use Propel\PropelBundle\Tests\AclTestCase;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class FieldEntryTest extends AclTestCase
{
public function testConstruct()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$model = $this->createEntry();
$model->setFieldName('name');
$model->setAuditFailure(true);
$model->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()));
$entry = new FieldEntry($model, $acl);
$this->assertEquals($model->getMask(), $entry->getMask());
$this->assertEquals($model->getGranting(), $entry->isGranting());
$this->assertEquals($model->getGrantingStrategy(), $entry->getStrategy());
$this->assertEquals($model->getAuditFailure(), $entry->isAuditFailure());
$this->assertEquals($model->getAuditSuccess(), $entry->isAuditSuccess());
$this->assertEquals($model->getFieldName(), $entry->getField());
$this->assertEquals($this->getRoleSecurityIdentity(), $entry->getSecurityIdentity());
return $entry;
}
/**
* @depends testConstruct
*/
public function testSerializeUnserialize(FieldEntry $entry)
{
$serialized = serialize($entry);
$unserialized = unserialize($serialized);
$this->assertNotEmpty($serialized);
$this->assertNotEmpty($unserialized);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $unserialized);
$this->assertEquals($entry->getMask(), $unserialized->getMask());
$this->assertEquals($entry->isGranting(), $unserialized->isGranting());
$this->assertEquals($entry->getStrategy(), $unserialized->getStrategy());
$this->assertEquals($entry->isAuditFailure(), $unserialized->isAuditFailure());
$this->assertEquals($entry->isAuditSuccess(), $unserialized->isAuditSuccess());
$this->assertEquals($entry->getSecurityIdentity(), $unserialized->getSecurityIdentity());
$this->assertEquals($entry->getField(), $unserialized->getField());
$this->assertEquals($serialized, serialize($unserialized));
}
}

276
Tests/Security/Acl/Domain/MutableAclTest.php Normal file
View file

@ -0,0 +1,276 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl\Domain;
use Propel\Runtime\Collection\ObjectCollection;
use Propel\PropelBundle\Model\Acl\Entry;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\MutableAcl;
use Propel\PropelBundle\Tests\AclTestCase;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class MutableAclTest extends AclTestCase
{
public function testConstructorInvalidCollection()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\AclClass');
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\Exception');
new MutableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy(), array(), null, false, $this->con);
}
public function testConstructorEmptyCollection()
{
$acl = $this->createEmptyAcl(1, array(), null, false);
$this->assertEquals(1, $acl->getId());
$this->assertEmpty($acl->getClassAces());
$this->assertEmpty($acl->getObjectAces());
$this->assertEmpty($acl->getFields());
$this->assertNull($acl->getParentAcl());
$this->assertFalse($acl->isEntriesInheriting());
}
/**
* @depends testConstructorEmptyCollection
*/
public function testSetUnsetParentAcl()
{
$parentAcl = $this->createEmptyAcl(1);
$acl = $this->createEmptyAcl(2);
$acl->setParentAcl($parentAcl);
$acl->setEntriesInheriting(true);
$this->assertSame($parentAcl, $acl->getParentAcl());
$this->assertTrue($acl->isEntriesInheriting());
$this->assertEquals(1, $acl->getParentAcl()->getId());
$acl->setParentAcl(null);
$this->assertNull($acl->getParentAcl());
}
public function testInsertAceInvalidMask()
{
$acl = $this->createEmptyAcl();
$this->setExpectedException('InvalidArgumentException', 'The given mask is not valid. Please provide an integer.');
$acl->insertClassAce($this->getRoleSecurityIdentity(), 'foo');
}
public function testInsertAceOutofBounds()
{
$acl = $this->createEmptyAcl();
$this->setExpectedException('OutOfBoundsException', 'The index must be in the interval [0, 0].');
$acl->insertClassAce($this->getRoleSecurityIdentity(), 64, 1);
}
public function insertAceProvider()
{
return array(
array('ClassAce'),
array('ClassFieldAce', 'name'),
array('ObjectAce'),
array('ObjectFieldAce', 'name'),
);
}
/**
* @dataProvider insertAceProvider
*/
public function testInsertFirstAce($type, $field = null)
{
$acl = $this->createEmptyAcl();
if (null !== $field) {
$acl->{'insert'.$type}($field, $this->getRoleSecurityIdentity(), 64);
$aces = $acl->{'get'.$type.'s'}($field);
} else {
$acl->{'insert'.$type}($this->getRoleSecurityIdentity(), 64);
$aces = $acl->{'get'.$type.'s'}();
}
$this->assertNotEmpty($aces);
$this->assertCount(1, $aces);
$this->assertEquals($this->getRoleSecurityIdentity(), $aces[0]->getSecurityIdentity());
$this->assertEquals(64, $aces[0]->getMask());
$this->assertTrue($aces[0]->isGranting());
$this->assertNull($aces[0]->getId());
$this->assertEquals('all', $aces[0]->getStrategy());
if (null !== $field) {
$this->assertEquals($field, $aces[0]->getField());
}
}
public function testUpdateAceInvalidIndex()
{
$acl = $this->createEmptyAcl();
$this->setExpectedException('OutOfBoundsException');
$acl->updateClassAce(0, 64);
}
/**
* @depends testInsertFirstAce
*/
public function testUpdateFieldAceInvalidField()
{
$acl = $this->createEmptyAcl();
$acl->insertClassAce($this->getRoleSecurityIdentity(), 64);
$this->setExpectedException('InvalidArgumentException', 'The given field "name" does not exist.');
$acl->updateClassFieldAce(0, 'name', 128);
}
/**
* @depends testInsertFirstAce
*/
public function testInsertUpdateDelete()
{
$secIdentity = $this->getRoleSecurityIdentity();
$acl = $this->createEmptyAcl();
// insert
$acl->insertClassAce($secIdentity, 64);
$acl->insertClassFieldAce('name', $secIdentity, 32);
$acl->insertObjectAce($secIdentity, 128);
$acl->insertObjectFieldAce('name', $secIdentity, 16, 0, false);
$classAces = $acl->getClassAces();
$classFieldAces = $acl->getClassFieldAces('name');
$objectAces = $acl->getObjectAces();
$objectFieldAces = $acl->getObjectFieldAces('name');
$this->assertCount(1, $classAces);
$this->assertCount(1, $classFieldAces);
$this->assertCount(1, $objectAces);
$this->assertCount(1, $objectFieldAces);
$this->assertEquals(array('name'), $acl->getFields());
$this->assertEquals(64, $classAces[0]->getMask());
$this->assertEquals(32, $classFieldAces[0]->getMask());
$this->assertEquals(128, $objectAces[0]->getMask());
$this->assertEquals(16, $objectFieldAces[0]->getMask());
$this->assertEquals('all', $classAces[0]->getStrategy());
$this->assertEquals('all', $classFieldAces[0]->getStrategy());
$this->assertEquals('all', $objectAces[0]->getStrategy());
$this->assertEquals('any', $objectFieldAces[0]->getStrategy());
$this->assertFalse($objectFieldAces[0]->isGranting());
// update
$acl->updateClassAce(0, 256);
$acl->updateClassFieldAce(0, 'name', 128, 'any');
$acl->updateObjectAce(0, 64, 'equal');
$acl->updateObjectFieldAce(0, 'name', 32, 'all');
$this->assertCount(1, $classAces);
$this->assertCount(1, $classFieldAces);
$this->assertCount(1, $objectAces);
$this->assertCount(1, $objectFieldAces);
$classAces = $acl->getClassAces();
$classFieldAces = $acl->getClassFieldAces('name');
$objectAces = $acl->getObjectAces();
$objectFieldAces = $acl->getObjectFieldAces('name');
$this->assertEquals(256, $classAces[0]->getMask());
$this->assertEquals(128, $classFieldAces[0]->getMask());
$this->assertEquals(64, $objectAces[0]->getMask());
$this->assertEquals(32, $objectFieldAces[0]->getMask());
$this->assertEquals('all', $classAces[0]->getStrategy());
$this->assertEquals('any', $classFieldAces[0]->getStrategy());
$this->assertEquals('equal', $objectAces[0]->getStrategy());
$this->assertEquals('all', $objectFieldAces[0]->getStrategy());
// delete
$acl->deleteClassAce(0);
$acl->deleteClassFieldAce(0, 'name');
$acl->deleteObjectAce(0);
$acl->deleteObjectFieldAce(0, 'name');
$classAces = $acl->getClassAces();
$classFieldAces = $acl->getClassFieldAces('name');
$objectAces = $acl->getObjectAces();
$objectFieldAces = $acl->getObjectFieldAces('name');
$this->assertCount(0, $classAces);
$this->assertCount(0, $classFieldAces);
$this->assertCount(0, $objectAces);
$this->assertCount(0, $objectFieldAces);
}
/**
* @depends testInsertUpdateDelete
*/
public function testUpdatePersistedAceKeepsId()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$entry = $this->createEntry();
$entry
->setId(42)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN')))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new MutableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$acl->updateClassAce(0, 128);
$aces = $acl->getClassAces();
$this->assertEquals(42, $aces[0]->getId());
$this->assertEquals(128, $aces[0]->getMask());
}
public function testSerializeUnserialize()
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN')))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new MutableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$serialized = serialize($acl);
$unserialized = unserialize($serialized);
$this->assertNotEmpty($serialized);
$this->assertNotEmpty($unserialized);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\MutableAcl', $unserialized);
$this->assertEquals($serialized, serialize($unserialized));
}
protected function createEmptyAcl($identifier = 1, array $securityIdentities = array(), AclInterface $parentAcl = null, $inherited = null)
{
$collection = new ObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
return new MutableAcl($collection, $this->getAclObjectIdentity($identifier), new PermissionGrantingStrategy(), $securityIdentities, $parentAcl, $inherited, $this->con);
}
}

321
Tests/Security/Acl/MutableAclProviderTest.php Normal file
View file

@ -0,0 +1,321 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl;
use Propel\Runtime\ActiveQuery\Criteria;
use Propel\PropelBundle\Model\Acl\EntryQuery;
use Propel\PropelBundle\Model\Acl\ObjectIdentityQuery;
use Propel\PropelBundle\Tests\AclTestCase;
use Propel\PropelBundle\Tests\Fixtures\Acl\ArrayCache as AclCache;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class MutableAclProviderTest extends AclTestCase
{
public function testCreateAcl()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$this->assertNotEmpty($acl);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\MutableAcl', $acl);
$this->assertEquals(1, $acl->getId());
$this->assertEmpty($acl->getClassAces());
$this->assertEmpty($acl->getObjectAces());
$this->assertEmpty($acl->getFields());
}
/**
* @depends testCreateAcl
*/
public function testUpdateAclCreatesInsertedAces()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$acl->insertClassFieldAce('name', $this->getRoleSecurityIdentity('ROLE_ADMIN'), 128);
$this->assertCount(1, $acl->getObjectAces());
$this->assertEquals(array('name'), $acl->getFields());
$this->assertCount(1, $acl->getClassFieldAces('name'));
$this->assertEquals(0, EntryQuery::create()->count($this->con));
$this->assertTrue($this->getAclProvider()->updateAcl($acl));
$this->assertEquals(2, EntryQuery::create()->count($this->con));
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1));
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\MutableAcl', $acl);
$objAces = $acl->getObjectAces();
$this->assertCount(1, $objAces);
$entry = $objAces[0];
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $entry);
$this->assertEquals(64, $entry->getMask());
$this->assertEquals($this->getRoleSecurityIdentity(), $entry->getSecurityIdentity());
$classFieldAces = $acl->getClassFieldAces('name');
$this->assertCount(1, $classFieldAces);
$entry = $classFieldAces[0];
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $entry);
$this->assertEquals('name', $entry->getField());
$this->assertEquals(128, $entry->getMask());
$this->assertEquals($this->getRoleSecurityIdentity('ROLE_ADMIN'), $entry->getSecurityIdentity());
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testCreateAclAlreadyExists()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($acl);
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\AclAlreadyExistsException');
$this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testCreateAclWithParent()
{
$parentAcl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$parentAcl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($parentAcl);
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(2));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 128);
$acl->setParentAcl($parentAcl);
$this->getAclProvider()->updateAcl($acl);
$entries = ObjectIdentityQuery::create()->orderById(Criteria::ASC)->find($this->con);
$this->assertCount(2, $entries);
$this->assertNull($entries[0]->getParentObjectIdentityId());
$this->assertEquals($entries[0]->getId(), $entries[1]->getParentObjectIdentityId());
}
public function testUpdateAclInvalidAcl()
{
$acl = $this->getMock('Symfony\Component\Security\Acl\Model\MutableAclInterface');
$this->setExpectedException('InvalidArgumentException');
$this->getAclProvider()->updateAcl($acl);
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testUpdateAclRemovesDeletedEntries()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectFieldAce('name', $this->getRoleSecurityIdentity(), 4);
$acl->insertObjectFieldAce('slug', $this->getRoleSecurityIdentity(), 1);
$this->getAclProvider()->updateAcl($acl);
$this->assertEquals(2, EntryQuery::create()->count($this->con));
$acl->deleteObjectFieldAce(0, 'slug');
$this->getAclProvider()->updateAcl($acl);
$this->assertEquals(1, EntryQuery::create()->count($this->con));
$entry = EntryQuery::create()->findOne($this->con);
$this->assertEquals('name', $entry->getFieldName());
$this->assertEquals(4, $entry->getMask());
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testUpdateAclCreatesMultipleAces()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectFieldAce('name', $this->getRoleSecurityIdentity(), 16, 0, true, 'all');
$acl->insertObjectFieldAce('name', $this->getRoleSecurityIdentity(), 4);
$acl->insertObjectFieldAce('slug', $this->getRoleSecurityIdentity(), 1);
$this->assertCount(2, $acl->getObjectFieldAces('name'));
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->orderByMask(Criteria::ASC)->find($this->con);
$this->assertCount(3, $entries);
$slugAce = $entries[0];
$this->assertEquals('slug', $slugAce->getFieldName());
$this->assertEquals(1, $slugAce->getMask());
$nameRead = $entries[1];
$this->assertEquals('name', $nameRead->getFieldName());
$this->assertEquals(0, $nameRead->getAceOrder());
$this->assertEquals(4, $nameRead->getMask());
$this->assertEquals('all', $nameRead->getGrantingStrategy());
$nameUndelete = $entries[2];
$this->assertEquals('name', $nameUndelete->getFieldName());
$this->assertEquals(1, $nameUndelete->getAceOrder());
$this->assertEquals(16, $nameUndelete->getMask());
$this->assertEquals('all', $nameUndelete->getGrantingStrategy());
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testUpdateAclReadsExistingAce()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($acl);
$entry = EntryQuery::create()->findOne($this->con);
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1));
$acl->updateObjectAce(0, 128);
$this->getAclProvider()->updateAcl($acl);
$updatedEntry = clone $entry;
$updatedEntry->reload(false, $this->con);
$this->assertEquals($entry->getId(), $updatedEntry->getId());
$this->assertEquals(128, $updatedEntry->getMask());
}
public function testDeleteAclNotExisting()
{
$this->assertTrue($this->getAclProvider()->deleteAcl($this->getAclObjectIdentity()));
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testDeleteAcl()
{
$aclObj = $this->getAclObjectIdentity(1);
$acl = $this->getAclProvider()->createAcl($aclObj);
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$acl->insertClassFieldAce('name', $this->getRoleSecurityIdentity('ROLE_ADMIN'), 128);
$this->assertTrue($this->getAclProvider()->deleteAcl($aclObj));
$this->assertEquals(0, ObjectIdentityQuery::create()->count($this->con));
$this->assertEquals(0, EntryQuery::create()->count($this->con));
}
/**
* @depends testCreateAclWithParent
*/
public function testDeleteAclRemovesChildAcl()
{
$parentAcl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$parentAcl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($parentAcl);
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(2));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 128);
$acl->setParentAcl($parentAcl);
$this->getAclProvider()->updateAcl($acl);
$this->getAclProvider()->deleteAcl($this->getAclObjectIdentity(1));
$this->assertEquals(0, ObjectIdentityQuery::create()->count($this->con));
}
/**
* @depends testDeleteAcl
*/
public function testDeleteAclRemovesClassEntriesIfLastObject()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertClassAce($this->getRoleSecurityIdentity(), 128);
$this->getAclProvider()->updateAcl($acl);
$this->getAclProvider()->deleteAcl($this->getAclObjectIdentity(1));
$this->assertEquals(0, EntryQuery::create()->count($this->con));
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testUpdateAclWritesCacheOfNewAcl()
{
$this->cache = new AclCache();
$this->assertEmpty($this->cache->content);
$acl = $this->getAcl();
$this->assertNotEmpty($this->cache->content);
$this->assertSame($acl, $this->cache->content[$acl->getId()]);
}
/**
* @depends testUpdateAclWritesCacheOfNewAcl
*/
public function testUpdateAclUpdatesCacheOfAcl()
{
$this->cache = new AclCache();
$acl = $this->getAcl(1);
$acl->updateObjectAce(0, 128);
$this->getAclProvider()->updateAcl($acl);
$objectAces = $this->cache->content[$acl->getId()]->getObjectAces();
$this->assertEquals(128, $objectAces[0]->getMask());
}
/**
* @depends testUpdateAclWritesCacheOfNewAcl
*/
public function testDeleteAclEvictsFromCache()
{
$this->cache = new AclCache();
$this->getAcl();
$this->getAclProvider()->deleteAcl($this->getAclObjectIdentity(1));
$this->assertEmpty($this->cache->content);
}
/**
* @depends testCreateAclWithParent
* @depends testDeleteAclEvictsFromCache
*/
public function testDeleteAclEvictsChildrenFromCache()
{
$this->cache = new AclCache();
$parentAcl = $this->getAcl(1);
$childAcl = $this->getAcl(2);
$grandChildAcl = $this->getAcl(3);
$grandChildAcl->setParentAcl($childAcl);
$childAcl->setParentAcl($parentAcl);
$this->getAclProvider()->updateAcl($grandChildAcl);
$this->getAclProvider()->updateAcl($childAcl);
$this->assertCount(3, $this->cache->content);
$this->getAclProvider()->deleteAcl($this->getAclObjectIdentity(1));
$this->assertEmpty($this->cache->content);
}
protected function getAcl($identifier = 1)
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity($identifier));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($acl);
return $acl;
}
}