AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add generic authorization class

Browse Source
This commit is contained in:
Frederic Guillot
2015-11-27 16:24:21 -05:00
parent 19706944dc
commit 91bdf6aaf3
6 changed files with 209 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
tests/units/Core/Security/AccessMapTest.php Normal file
View File

@@ -0,0 +1,22 @@
<?php
require_once __DIR__.'/../../Base.php';
use Kanboard\Core\Security\AccessMap;
class AccessMapTest extends Base
{
public function testGetRoles()
{
$acl = new AccessMap;
$acl->setDefaultRole('role3');
$acl->add('MyController', 'myAction1', array('role1', 'role2'));
$acl->add('MyController', 'myAction2', array('role1'));
$acl->add('MyAdminController', '*', array('role2'));
$this->assertEquals(array('role1', 'role2'), $acl->getRoles('mycontroller', 'MyAction1'));
$this->assertEquals(array('role1'), $acl->getRoles('mycontroller', 'MyAction2'));
$this->assertEquals(array('role2'), $acl->getRoles('Myadmincontroller', 'MyAction'));
$this->assertEquals(array('role3'), $acl->getRoles('AnotherController', 'ActionNotFound'));
}
}

28
tests/units/Core/Security/AuthorizationTest.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
require_once __DIR__.'/../../Base.php';
use Kanboard\Core\Security\Role;
use Kanboard\Core\Security\AccessMap;
use Kanboard\Core\Security\Authorization;
class AuthorizationTest extends Base
{
public function testIsAllowed()
{
$acl = new AccessMap;
$acl->setDefaultRole(Role::APP_USER);
$acl->add('MyController', 'myAction1', array(Role::APP_ADMIN, Role::APP_MANAGER));
$acl->add('MyController', 'myAction2', array(Role::APP_ADMIN));
$acl->add('MyAdminController', '*', array(Role::APP_MANAGER));
$authorization = new Authorization($acl);
$this->assertTrue($authorization->isAllowed('myController', 'myAction1', Role::APP_ADMIN));
$this->assertTrue($authorization->isAllowed('myController', 'myAction1', Role::APP_MANAGER));
$this->assertFalse($authorization->isAllowed('myController', 'myAction1', Role::APP_USER));
$this->assertTrue($authorization->isAllowed('anotherController', 'anotherAction', Role::APP_USER));
$this->assertTrue($authorization->isAllowed('MyAdminController', 'myAction', Role::APP_MANAGER));
$this->assertFalse($authorization->isAllowed('MyAdminController', 'myAction', Role::APP_ADMIN));
$this->assertFalse($authorization->isAllowed('MyAdminController', 'myAction', 'something else'));
}
}