207 lines
7.8 KiB
PHP
207 lines
7.8 KiB
PHP
<?php
|
|
|
|
/**
|
|
* This file is part of the PropelBundle package.
|
|
* For the full copyright and license information, please view the LICENSE
|
|
* file that was distributed with this source code.
|
|
*
|
|
* @license MIT License
|
|
*/
|
|
|
|
namespace Propel\PropelBundle\Tests\Security\Acl\Domain;
|
|
|
|
use Propel\Runtime\Collection\ObjectCollection;
|
|
|
|
use Propel\PropelBundle\Model\Acl\Entry;
|
|
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
|
|
use Propel\PropelBundle\Security\Acl\Domain\Acl;
|
|
use Propel\PropelBundle\Tests\AclTestCase;
|
|
|
|
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
|
|
|
|
/**
|
|
* @author Toni Uebernickel <tuebernickel@gmail.com>
|
|
*/
|
|
class AclTest extends AclTestCase
|
|
{
|
|
public function testConstructorInvalidCollection()
|
|
{
|
|
$collection = new ObjectCollection();
|
|
$collection->setModel('Propel\PropelBundle\Model\Acl\AclClass');
|
|
|
|
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\Exception');
|
|
new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
|
|
}
|
|
|
|
public function testConstructorEmptyCollection()
|
|
{
|
|
$collection = new ObjectCollection();
|
|
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
|
|
|
|
$aclObj = $this->getAclObjectIdentity();
|
|
$acl = new Acl($collection, $aclObj, new PermissionGrantingStrategy());
|
|
|
|
$this->assertEmpty($acl->getClassAces());
|
|
$this->assertEmpty($acl->getObjectAces());
|
|
$this->assertEmpty($acl->getFields());
|
|
$this->assertNull($acl->getParentAcl());
|
|
$this->assertSame($aclObj, $acl->getObjectIdentity());
|
|
$this->assertTrue($acl->isEntriesInheriting());
|
|
}
|
|
|
|
/**
|
|
* @depends testConstructorEmptyCollection
|
|
*/
|
|
public function testConstructorWithAces()
|
|
{
|
|
$collection = new ObjectCollection();
|
|
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
|
|
|
|
$obj = $this->createModelObjectIdentity(1);
|
|
|
|
// object based ACE
|
|
$entry = $this->createEntry();
|
|
$entry
|
|
->setObjectIdentity($obj)
|
|
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
|
|
->setAclClass($this->getAclClass())
|
|
;
|
|
$collection->append($entry);
|
|
|
|
// object field based ACE
|
|
$entry = $this->createEntry();
|
|
$entry
|
|
->setObjectIdentity($obj)
|
|
->setFieldName('name')
|
|
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
|
|
->setAclClass($this->getAclClass())
|
|
;
|
|
$collection->append($entry);
|
|
|
|
// class based ACE
|
|
$entry = $this->createEntry();
|
|
$entry
|
|
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
|
|
->setAclClass($this->getAclClass())
|
|
;
|
|
$collection->append($entry);
|
|
|
|
// class field based ACE
|
|
$entry = $this->createEntry();
|
|
$entry
|
|
->setFieldName('name')
|
|
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
|
|
->setAclClass($this->getAclClass())
|
|
;
|
|
$collection->append($entry);
|
|
|
|
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
|
|
$this->assertNotEmpty($acl->getClassAces());
|
|
$this->assertNotEmpty($acl->getObjectAces());
|
|
$this->assertEquals(array('name'), $acl->getFields());
|
|
$this->assertNotEmpty($acl->getClassFieldAces('name'));
|
|
$this->assertNotEmpty($acl->getObjectFieldAces('name'));
|
|
|
|
$classAces = $acl->getClassAces();
|
|
$objectAces = $acl->getObjectAces();
|
|
$classFieldAces = $acl->getClassFieldAces('name');
|
|
$objectFieldAces = $acl->getObjectFieldAces('name');
|
|
|
|
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $classAces[0]);
|
|
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $objectAces[0]);
|
|
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $classFieldAces[0]);
|
|
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $objectFieldAces[0]);
|
|
|
|
$this->assertSame($acl, $classAces[0]->getAcl());
|
|
$this->assertSame($acl, $objectAces[0]->getAcl());
|
|
$this->assertSame($acl, $classFieldAces[0]->getAcl());
|
|
$this->assertSame($acl, $objectFieldAces[0]->getAcl());
|
|
|
|
$this->assertEquals('name', $classFieldAces[0]->getField());
|
|
$this->assertEquals('name', $objectFieldAces[0]->getField());
|
|
}
|
|
|
|
public function testIsSidLoadedNoneLoaded()
|
|
{
|
|
$collection = new ObjectCollection();
|
|
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
|
|
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
|
|
|
|
$this->assertFalse($acl->isSidLoaded($this->getRoleSecurityIdentity()));
|
|
}
|
|
|
|
public function testIsSidLoadedInvalid()
|
|
{
|
|
$collection = new ObjectCollection();
|
|
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
|
|
|
|
$aclObj = $this->getAclObjectIdentity();
|
|
$acl = new Acl($collection, $aclObj, new PermissionGrantingStrategy());
|
|
|
|
$this->setExpectedException('InvalidArgumentException');
|
|
$acl->isSidLoaded('foo');
|
|
}
|
|
|
|
public function testIsGrantedNoAces()
|
|
{
|
|
$collection = new ObjectCollection();
|
|
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
|
|
|
|
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
|
|
|
|
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException');
|
|
$acl->isGranted(array(64), array($this->getRoleSecurityIdentity()));
|
|
}
|
|
|
|
public function testIsGrantedNoMatchingSecurityIdentity()
|
|
{
|
|
$collection = new ObjectCollection();
|
|
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
|
|
|
|
$entry = $this->createEntry();
|
|
$entry
|
|
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN')))
|
|
->setAclClass($this->getAclClass())
|
|
;
|
|
$collection->append($entry);
|
|
|
|
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
|
|
|
|
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException');
|
|
$acl->isGranted(array(64), array($this->getRoleSecurityIdentity('ROLE_USER')));
|
|
}
|
|
|
|
public function testIsFieldGrantedNoAces()
|
|
{
|
|
$collection = new ObjectCollection();
|
|
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
|
|
|
|
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
|
|
|
|
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException');
|
|
$acl->isFieldGranted('name', array(64), array($this->getRoleSecurityIdentity()));
|
|
}
|
|
|
|
public function testSerializeUnserialize()
|
|
{
|
|
$collection = new ObjectCollection();
|
|
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
|
|
|
|
$entry = $this->createEntry();
|
|
$entry
|
|
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN')))
|
|
->setAclClass($this->getAclClass())
|
|
;
|
|
$collection->append($entry);
|
|
|
|
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
|
|
$serialized = serialize($acl);
|
|
$unserialized = unserialize($serialized);
|
|
|
|
$this->assertNotEmpty($serialized);
|
|
$this->assertNotEmpty($unserialized);
|
|
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $unserialized);
|
|
$this->assertEquals($serialized, serialize($unserialized));
|
|
}
|
|
}
|