deblan/propel-bundle
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
propel-bundle/Tests/Security/Acl/AclProviderTest.php
Drew Brown ea6a359272 Symfony 4.0 updates (#483) 
* Upd: Add Symfony 4 Compatibility

#SymfonyConHackday2017

* Upd: Configure visibility of services for SF4

* Updated composer to allow Symfony 4.0

* Updated composer to allow Symfony 4.0

* PropelBundle for Symfony 4

* Upd: Travis configuration

* Upd: PHP 5 not supported anymore by PHPUnit

* Upd: Removing old SF version + PHPUnit correction

* * Removed param that was removed in symfony/yaml afb873f
* Updated format of object dumping as deprecated tags using colon symfony/yaml 38d3087

* * Added commands to console.xml as symfony no longer auto registers bundle commands
* Updated two services to public

* * Removed deprecated getMock calls for new createMock calls.

* * Add stub for additional abstract method

* * Updated schema locator test
* reverted unnecessary changes to abstract command and schemal locator
* Added fixtures for schema testing.

* * Updated schema locator test
* reverted unnecessary changes to abstract command and schemal locator
* Added fixtures for schema testing.

* * Removed unnecessary default for services
* Updated readme to reflect symfony version support
2018-02-10 01:25:14 +01:00

262 lines
10 KiB
PHP
Raw Permalink Blame History

<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\Bundle\PropelBundle\Tests\Security\Acl;
use Propel\Runtime\Map\TableMap;
use Propel\Bundle\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\Bundle\PropelBundle\Model\Acl\EntryQuery;
use Propel\Bundle\PropelBundle\Model\Acl\Map\EntryTableMap;
use Propel\Bundle\PropelBundle\Security\Acl\AclProvider;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
use Propel\Bundle\PropelBundle\Tests\AclTestCase;
use Propel\Bundle\PropelBundle\Tests\Fixtures\Acl\ArrayCache as AclCache;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AclProviderTest extends AclTestCase
{
public function testFindAclNoneGiven()
{
$provider = $this->getAclProvider();
$this->expectException('Symfony\Component\Security\Acl\Exception\AclNotFoundException', 'There is no ACL available for this object identity. Please create one using the MutableAclProvider.');
$provider->findAcl($this->getAclObjectIdentity());
}
public function testFindAclNoneGivenFilterSecurityIdentity()
{
$provider = $this->getAclProvider();
$this->expectException('Symfony\Component\Security\Acl\Exception\AclNotFoundException', 'There is at least no ACL for this object identity and the given security identities. Try retrieving the ACL without security identity filter and add ACEs for the security identities.');
$provider->findAcl($this->getAclObjectIdentity(), array($this->getRoleSecurityIdentity()));
}
public function testFindAclWithEntries()
{
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
$this->assertNotEmpty($acl);
$this->assertInstanceOf('Propel\Bundle\PropelBundle\Security\Acl\Domain\Acl', $acl);
$this->assertEmpty($acl->getFields());
$this->assertEmpty($acl->getClassAces());
$this->assertNotEmpty($acl->getObjectAces());
$this->assertCount(1, $acl->getObjectAces());
$this->assertNull($acl->getParentAcl());
$this->assertTrue($acl->isEntriesInheriting());
$this->assertFalse($acl->isSidLoaded($this->getRoleSecurityIdentity('ROLE_ADMIN')));
$this->assertTrue($acl->isSidLoaded($this->getRoleSecurityIdentity('ROLE_USER')));
$this->assertTrue($acl->isGranted(array(1, 2, 4, 8, 16, 32, 64), array($this->getRoleSecurityIdentity('ROLE_USER'))));
$this->expectException('Symfony\Component\Security\Acl\Exception\NoAceFoundException');
$acl->isGranted(array(128), array($this->getRoleSecurityIdentity('ROLE_USER')));
}
/**
* @depends testFindAclWithEntries
*/
public function testFindAclWithParent()
{
$parent = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($parent->getAclClass())
->setMask(128)
;
$parent->addEntry($entry)->save($this->con);
$obj = $this->createModelObjectIdentity(2);
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parent);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(2), array($this->getRoleSecurityIdentity('ROLE_USER')));
$parent = $acl->getParentAcl();
$this->assertInstanceOf('Propel\Bundle\PropelBundle\Security\Acl\Domain\Acl', $acl);
$this->assertInstanceOf('Propel\Bundle\PropelBundle\Security\Acl\Domain\Acl', $parent);
$aces = $acl->getObjectAces();
$parentAces = $parent->getObjectAces();
$this->assertEquals(64, $aces[0]->getMask());
$this->assertEquals(128, $parentAces[0]->getMask());
}
/**
* @depends testFindAclWithEntries
*/
public function testFindAcls()
{
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
;
$obj->addEntry($entry)->save($this->con);
$aclObj = $this->getAclObjectIdentity(1);
$acls = $this->getAclProvider()->findAcls(array($aclObj), array($this->getRoleSecurityIdentity('ROLE_USER')));
$acl = $this->getAclProvider()->findAcl($aclObj, array($this->getRoleSecurityIdentity('ROLE_USER')));
$this->assertNotEmpty($acls);
$this->assertCount(1, $acls);
$this->assertTrue($acls->contains($aclObj));
$this->assertEquals($acl, $acls[$aclObj]);
}
public function testFindChildrenParentNotExists()
{
$this->assertEmpty($this->getAclProvider()->findChildren(new ObjectIdentity(5, 'Book')));
}
/**
* @depends testFindAclWithEntries
*/
public function testFindChildrenWithoutChildren()
{
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
$childrenAcl = $this->getAclProvider()->findChildren($this->getAclObjectIdentity(1));
$this->assertEmpty($childrenAcl);
}
public function testFindChildrenDirectOnly()
{
list($parentObj, $obj, $childObj) = $this->createObjectIdentities();
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parentObj)->save($this->con);
$childObj->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con);
$children = $this->getAclProvider()->findChildren($this->getAclObjectIdentity(1), true);
$this->assertNotEmpty($children);
$this->assertCount(1, $children);
$this->assertEquals(2, $children[0]->getIdentifier());
}
public function testFindChildrenWithGrandChildren()
{
list($parentObj, $obj, $childObj) = $this->createObjectIdentities();
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parentObj)->save($this->con);
$childObj->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con);
$children = $this->getAclProvider()->findChildren($this->getAclObjectIdentity(1));
$this->assertNotEmpty($children);
$this->assertCount(2, $children);
$this->assertEquals(2, $children[0]->getIdentifier());
$this->assertEquals(3, $children[1]->getIdentifier());
}
protected function createObjectIdentities()
{
$parentObj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($parentObj->getAclClass())
->setMask(64)
;
$parentObj->addEntry($entry)->save($this->con);
$obj = $this->createModelObjectIdentity(2);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
$childObj = $this->createModelObjectIdentity(3);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($childObj->getAclClass())
->setMask(64)
;
$childObj->addEntry($entry)->save($this->con);
return array($parentObj, $obj, $childObj);
}
/**
* @depends testFindAclWithEntries
*/
public function testFindAclReadsFromCache()
{
$this->cache = new AclCache();
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
// Read and put into cache
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
$this->cache->content[1] = $acl;
// Change database
EntryQuery::create()->update(array(EntryTableMap::translateFieldName(EntryTableMap::COL_MASK, TableMap::TYPE_COLNAME, TableMap::TYPE_PHPNAME) => 128), $this->con);
$this->assertEquals(0, EntryQuery::create()->filterByMask(64)->count($this->con));
// Verify cache has been read
$cachedAcl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
$cachedObjectAces = $cachedAcl->getObjectAces();
$this->assertSame($acl, $cachedAcl);
$this->assertEquals(64, $cachedObjectAces[0]->getMask());
}
protected function getAclProvider()
{
return new AclProvider(new PermissionGrantingStrategy(), $this->con, $this->cache);
}
}
Reference in a new issue View git blame Copy permalink