silverstripe-framework/tests/security/PermissionTest.php

<?php

class PermissionTest extends SapphireTest {
	static $fixture_file = 'sapphire/tests/security/PermissionTest.yml';
	
	function testGetCodesGrouped() {
		$codes = Permission::get_codes();
		$this->assertArrayNotHasKey('SITETREE_VIEW_ALL', $codes);
	}
	
	function testGetCodesUngrouped() {
		$codes = Permission::get_codes(null, false);
		$this->assertArrayHasKey('SITETREE_VIEW_ALL', $codes);
	}
		
	function testDirectlyAppliedPermissions() {
		$member = $this->objFromFixture('Member', 'author');
		$this->assertTrue(Permission::checkMember($member, "SITETREE_VIEW_ALL"));
	}
	
	function testPermissionAreInheritedFromOneRole() {
		$member = $this->objFromFixture('Member', 'author');
		$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_CMSMain"));
		$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_AssetAdmin"));
		$this->assertFalse(Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin"));
	}
	
	function testPermissionAreInheritedFromMultipleRoles() {
		$member = $this->objFromFixture('Member', 'access');
		$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_CMSMain"));
		$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_AssetAdmin"));
		$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin"));
		$this->assertTrue(Permission::checkMember($member, "EDIT_PERMISSIONS"));
		$this->assertFalse(Permission::checkMember($member, "SITETREE_VIEW_ALL"));
	}
	
	function testRolesAndPermissionsFromParentGroupsAreInherited() {
		$member = $this->objFromFixture('Member', 'globalauthor');
		
		// Check that permissions applied to the group are there
		$this->assertTrue(Permission::checkMember($member, "SITETREE_EDIT_ALL"));
		
		// Check that roles from parent groups are there
		$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_CMSMain"));
		$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_AssetAdmin"));
	
		// Check that permissions from parent groups are there
		$this->assertTrue(Permission::checkMember($member, "SITETREE_VIEW_ALL"));
		
		// Check that a random permission that shouldn't be there isn't
		$this->assertFalse(Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin"));
	}
	/**
	 * Ensure the the get_*_by_permission functions are permission role aware
	 */
	function testGettingMembersByPermission() {
		$accessMember = $this->objFromFixture('Member', 'access');
		$accessAuthor = $this->objFromFixture('Member', 'author');

		$result = Permission::get_members_by_permission(array('CMS_ACCESS_SecurityAdmin'));
		$resultIDs = $result ? $result->column() : array();
		
		$this->assertContains($accessMember->ID, $resultIDs,
			'Member is found via a permission attached to a role');
		$this->assertNotContains($accessAuthor->ID, $resultIDs);
	}
}
API CHANGE: Added PermissionRole and PermissionRoleCode, along with relevant tests for the permission system. (from r85173) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89187 467b73ca-7a2a-4603-9d3b-597d59a354a9 2009-10-16 00:27:56 +02:00			`<?php`

			`class PermissionTest extends SapphireTest {`
			`static $fixture_file = 'sapphire/tests/security/PermissionTest.yml';`

API CHANGE Removed $blankItemText parameter from Permission::get_codes() ENHANCEMENT Allow ungrouped retrieval of Permission::get_codes() through new $grouped switch (from r97819) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102536 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-04-13 01:41:33 +02:00			`function testGetCodesGrouped() {`
			`$codes = Permission::get_codes();`
			`$this->assertArrayNotHasKey('SITETREE_VIEW_ALL', $codes);`
			`}`

			`function testGetCodesUngrouped() {`
			`$codes = Permission::get_codes(null, false);`
			`$this->assertArrayHasKey('SITETREE_VIEW_ALL', $codes);`
			`}`

API CHANGE: Added PermissionRole and PermissionRoleCode, along with relevant tests for the permission system. (from r85173) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89187 467b73ca-7a2a-4603-9d3b-597d59a354a9 2009-10-16 00:27:56 +02:00			`function testDirectlyAppliedPermissions() {`
			`$member = $this->objFromFixture('Member', 'author');`
			`$this->assertTrue(Permission::checkMember($member, "SITETREE_VIEW_ALL"));`
			`}`

			`function testPermissionAreInheritedFromOneRole() {`
			`$member = $this->objFromFixture('Member', 'author');`
			`$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_CMSMain"));`
			`$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_AssetAdmin"));`
			`$this->assertFalse(Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin"));`
			`}`
API CHANGE Removed $blankItemText parameter from Permission::get_codes() ENHANCEMENT Allow ungrouped retrieval of Permission::get_codes() through new $grouped switch (from r97819) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102536 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-04-13 01:41:33 +02:00
API CHANGE: Added PermissionRole and PermissionRoleCode, along with relevant tests for the permission system. (from r85173) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89187 467b73ca-7a2a-4603-9d3b-597d59a354a9 2009-10-16 00:27:56 +02:00			`function testPermissionAreInheritedFromMultipleRoles() {`
			`$member = $this->objFromFixture('Member', 'access');`
			`$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_CMSMain"));`
			`$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_AssetAdmin"));`
			`$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin"));`
			`$this->assertTrue(Permission::checkMember($member, "EDIT_PERMISSIONS"));`
			`$this->assertFalse(Permission::checkMember($member, "SITETREE_VIEW_ALL"));`
			`}`

			`function testRolesAndPermissionsFromParentGroupsAreInherited() {`
			`$member = $this->objFromFixture('Member', 'globalauthor');`

			`// Check that permissions applied to the group are there`
			`$this->assertTrue(Permission::checkMember($member, "SITETREE_EDIT_ALL"));`

			`// Check that roles from parent groups are there`
			`$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_CMSMain"));`
			`$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_AssetAdmin"));`
API CHANGE Removed $blankItemText parameter from Permission::get_codes() ENHANCEMENT Allow ungrouped retrieval of Permission::get_codes() through new $grouped switch (from r97819) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102536 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-04-13 01:41:33 +02:00
API CHANGE: Added PermissionRole and PermissionRoleCode, along with relevant tests for the permission system. (from r85173) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89187 467b73ca-7a2a-4603-9d3b-597d59a354a9 2009-10-16 00:27:56 +02:00			`// Check that permissions from parent groups are there`
			`$this->assertTrue(Permission::checkMember($member, "SITETREE_VIEW_ALL"));`

			`// Check that a random permission that shouldn't be there isn't`
			`$this->assertFalse(Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin"));`
			`}`
MINOR unit test for getting members by permission via roles (from r88276) (from r98084) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102577 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-04-13 04:00:15 +02:00			`/**`
			`* Ensure the the get_*_by_permission functions are permission role aware`
			`*/`
			`function testGettingMembersByPermission() {`
			`$accessMember = $this->objFromFixture('Member', 'access');`
BUGFIX: fixed test that was trying to do a assertContains between a DataObjectSet and a Member object. Changed it to an assertEquals between Member and the First item in the Set. Also added an inverse test to check that Set doesn't contain the wrong Member. (from r98114) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102599 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-04-13 04:14:23 +02:00			`$accessAuthor = $this->objFromFixture('Member', 'author');`

MINOR unit test for getting members by permission via roles (from r88276) (from r98084) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102577 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-04-13 04:00:15 +02:00			`$result = Permission::get_members_by_permission(array('CMS_ACCESS_SecurityAdmin'));`
MINOR: Fixed PermissionTest assertion (from r96642) (from r98142) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102614 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-04-13 04:18:14 +02:00			`$resultIDs = $result ? $result->column() : array();`

			`$this->assertContains($accessMember->ID, $resultIDs,`
			`'Member is found via a permission attached to a role');`
			`$this->assertNotContains($accessAuthor->ID, $resultIDs);`
MINOR unit test for getting members by permission via roles (from r88276) (from r98084) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102577 467b73ca-7a2a-4603-9d3b-597d59a354a9 2010-04-13 04:00:15 +02:00			`}`
API CHANGE: Added PermissionRole and PermissionRoleCode, along with relevant tests for the permission system. (from r85173) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89187 467b73ca-7a2a-4603-9d3b-597d59a354a9 2009-10-16 00:27:56 +02:00			`}`