2009-12-16 06:43:59 +01:00
|
|
|
<?php
|
2016-06-15 06:03:16 +02:00
|
|
|
|
2016-10-14 03:30:05 +02:00
|
|
|
namespace SilverStripe\Security\Tests;
|
|
|
|
|
2016-06-15 06:03:16 +02:00
|
|
|
use SilverStripe\ORM\DataObject;
|
2016-10-14 03:30:05 +02:00
|
|
|
use SilverStripe\Security\PermissionRole;
|
2016-06-23 01:37:22 +02:00
|
|
|
use SilverStripe\Security\PermissionRoleCode;
|
2016-08-19 00:51:35 +02:00
|
|
|
use SilverStripe\Dev\FunctionalTest;
|
2016-10-14 03:30:05 +02:00
|
|
|
use ReflectionMethod;
|
2016-08-19 00:51:35 +02:00
|
|
|
|
2009-12-16 06:43:59 +01:00
|
|
|
class PermissionRoleTest extends FunctionalTest {
|
2013-03-21 19:48:54 +01:00
|
|
|
protected static $fixture_file = 'PermissionRoleTest.yml';
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testDelete() {
|
2016-10-14 03:30:05 +02:00
|
|
|
$role = $this->objFromFixture(PermissionRole::class, 'role');
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2009-12-16 06:43:59 +01:00
|
|
|
$role->delete();
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2016-10-14 03:30:05 +02:00
|
|
|
$this->assertEquals(0, DataObject::get(PermissionRole::class, "\"ID\"={$role->ID}")->count(),
|
2012-09-26 23:34:00 +02:00
|
|
|
'Role is removed');
|
2016-10-14 03:30:05 +02:00
|
|
|
$this->assertEquals(0, DataObject::get(PermissionRoleCode::class,"\"RoleID\"={$role->ID}")->count(),
|
2012-09-26 23:34:00 +02:00
|
|
|
'Permissions removed along with the role');
|
2009-12-16 06:43:59 +01:00
|
|
|
}
|
2013-08-30 13:59:38 +02:00
|
|
|
|
|
|
|
public function testValidatesPrivilegedPermissions() {
|
|
|
|
$nonAdminCode = new PermissionRoleCode(array('Code' => 'CMS_ACCESS_CMSMain'));
|
|
|
|
$nonAdminValidateMethod = new ReflectionMethod($nonAdminCode, 'validate');
|
|
|
|
$nonAdminValidateMethod->setAccessible(true);
|
|
|
|
|
|
|
|
$adminCode = new PermissionRoleCode(array('Code' => 'ADMIN'));
|
|
|
|
$adminValidateMethod = new ReflectionMethod($adminCode, 'validate');
|
|
|
|
$adminValidateMethod->setAccessible(true);
|
|
|
|
|
|
|
|
$this->logInWithPermission('APPLY_ROLES');
|
|
|
|
$result = $nonAdminValidateMethod->invoke($nonAdminCode);
|
|
|
|
$this->assertTrue(
|
|
|
|
$result->valid(),
|
|
|
|
'Members with only APPLY_ROLES can create non-privileged permission role codes'
|
|
|
|
);
|
|
|
|
|
|
|
|
$this->logInWithPermission('APPLY_ROLES');
|
|
|
|
$result = $adminValidateMethod->invoke($adminCode);
|
|
|
|
$this->assertFalse(
|
|
|
|
$result->valid(),
|
|
|
|
'Members with only APPLY_ROLES can\'t create privileged permission role codes'
|
|
|
|
);
|
|
|
|
|
|
|
|
$this->logInWithPermission('ADMIN');
|
|
|
|
$result = $adminValidateMethod->invoke($adminCode);
|
|
|
|
$this->assertTrue(
|
|
|
|
$result->valid(),
|
|
|
|
'Members with ADMIN can create privileged permission role codes'
|
|
|
|
);
|
|
|
|
}
|
2009-12-16 06:43:59 +01:00
|
|
|
}
|