2008-04-26 08:44:06 +02:00
|
|
|
<?php
|
2008-06-15 15:33:53 +02:00
|
|
|
/**
|
|
|
|
* @package sapphire
|
|
|
|
* @subpackage tests
|
|
|
|
*/
|
2008-08-11 06:59:14 +02:00
|
|
|
class GroupTest extends FunctionalTest {
|
2008-04-26 08:44:06 +02:00
|
|
|
static $fixture_file = 'sapphire/tests/security/GroupTest.yml';
|
2013-08-30 13:58:37 +02:00
|
|
|
|
2008-04-26 08:44:06 +02:00
|
|
|
/**
|
|
|
|
* Test the Group::map() function
|
|
|
|
*/
|
|
|
|
function testGroupMap() {
|
|
|
|
/* Group::map() returns an SQLMap object implementing iterator. You can use foreach to get ID-Title pairs. */
|
|
|
|
|
|
|
|
// We will iterate over the map and build mapOuput to more easily call assertions on the result.
|
|
|
|
$map = Group::map();
|
|
|
|
foreach($map as $k => $v) {
|
|
|
|
$mapOutput[$k] = $v;
|
|
|
|
}
|
|
|
|
|
|
|
|
$group1 = $this->objFromFixture('Group', 'group1');
|
|
|
|
$group2 = $this->objFromFixture('Group', 'group2');
|
2013-08-30 13:58:37 +02:00
|
|
|
|
2008-04-26 08:44:06 +02:00
|
|
|
/* We have added 2 groups to our fixture. They should both appear in $mapOutput. */
|
|
|
|
$this->assertEquals($mapOutput[$group1->ID], $group1->Title);
|
|
|
|
$this->assertEquals($mapOutput[$group2->ID], $group2->Title);
|
|
|
|
}
|
2008-08-11 06:59:14 +02:00
|
|
|
|
|
|
|
function testMemberGroupRelationForm() {
|
2009-04-29 03:20:24 +02:00
|
|
|
Session::set('loggedInAs', $this->idFromFixture('GroupTest_Member', 'admin'));
|
|
|
|
|
2013-08-30 13:58:37 +02:00
|
|
|
$adminGroup = $this->objFromFixture('Group', 'admingroup');
|
|
|
|
$parentGroup = $this->objFromFixture('Group', 'parentgroup');
|
|
|
|
$childGroup = $this->objFromFixture('Group', 'childgroup');
|
|
|
|
|
|
|
|
// Test single group relation through checkboxsetfield
|
|
|
|
$form = new GroupTest_MemberForm($this, 'Form');
|
|
|
|
$member = $this->objFromFixture('GroupTest_Member', 'admin');
|
|
|
|
$form->loadDataFrom($member);
|
|
|
|
$checkboxSetField = $form->Fields()->fieldByName('Groups');
|
|
|
|
$checkboxSetField->setValue(array(
|
|
|
|
$adminGroup->ID => $adminGroup->ID, // keep existing relation
|
|
|
|
$parentGroup->ID => $parentGroup->ID, // add new relation
|
|
|
|
));
|
|
|
|
$form->saveInto($member);
|
|
|
|
$updatedGroups = $member->Groups();
|
2009-04-29 03:20:24 +02:00
|
|
|
|
2008-08-11 06:59:14 +02:00
|
|
|
$controlGroups = new Member_GroupSet(
|
|
|
|
$adminGroup,
|
|
|
|
$parentGroup
|
|
|
|
);
|
|
|
|
$this->assertEquals(
|
|
|
|
$updatedGroups->Map('ID','ID'),
|
|
|
|
$controlGroups->Map('ID','ID'),
|
2013-08-30 13:58:37 +02:00
|
|
|
"Adding a toplevel group works"
|
|
|
|
);
|
|
|
|
|
|
|
|
// Test unsetting relationship
|
|
|
|
$form->loadDataFrom($member);
|
|
|
|
$checkboxSetField = $form->Fields()->fieldByName('Groups');
|
|
|
|
$checkboxSetField->setValue(array(
|
|
|
|
$adminGroup->ID => $adminGroup->ID, // keep existing relation
|
|
|
|
//$parentGroup->ID => $parentGroup->ID, // remove previously set relation
|
|
|
|
));
|
|
|
|
$form->saveInto($member);
|
|
|
|
$member->flushCache();
|
|
|
|
$updatedGroups = $member->Groups();
|
2008-08-11 06:59:14 +02:00
|
|
|
$controlGroups = new Member_GroupSet(
|
|
|
|
$adminGroup
|
|
|
|
);
|
|
|
|
$this->assertEquals(
|
|
|
|
$updatedGroups->Map('ID','ID'),
|
|
|
|
$controlGroups->Map('ID','ID'),
|
2013-08-30 13:58:37 +02:00
|
|
|
"Removing a previously added toplevel group works"
|
|
|
|
);
|
2008-08-11 06:59:14 +02:00
|
|
|
|
2013-08-30 13:58:37 +02:00
|
|
|
// Test adding child group
|
2008-08-11 06:59:14 +02:00
|
|
|
|
2013-08-30 13:58:37 +02:00
|
|
|
}
|
2009-12-10 21:03:50 +01:00
|
|
|
|
|
|
|
function testDelete() {
|
|
|
|
$adminGroup = $this->objFromFixture('Group', 'admingroup');
|
|
|
|
|
|
|
|
$adminGroup->delete();
|
|
|
|
|
2010-03-09 03:29:57 +01:00
|
|
|
$this->assertNull(DataObject::get('Group', "\"ID\"={$adminGroup->ID}"), 'Group is removed');
|
|
|
|
$this->assertNull(DataObject::get('Permission',"\"GroupID\"={$adminGroup->ID}"), 'Permissions removed along with the group');
|
2009-12-10 21:03:50 +01:00
|
|
|
}
|
2013-08-30 13:58:37 +02:00
|
|
|
|
|
|
|
public function testValidatesPrivilegeLevelOfParent() {
|
|
|
|
if(!class_exists('ReflectionMethod')) {
|
|
|
|
$this->markTestSkipped('Test requires PHP 5.3 Reflection API');
|
|
|
|
}
|
|
|
|
|
|
|
|
$nonAdminUser = $this->objFromFixture('GroupTest_Member', 'childgroupuser');
|
|
|
|
$adminUser = $this->objFromFixture('GroupTest_Member', 'admin');
|
|
|
|
$nonAdminGroup = $this->objFromFixture('Group', 'childgroup');
|
|
|
|
$adminGroup = $this->objFromFixture('Group', 'admingroup');
|
|
|
|
|
|
|
|
$nonAdminValidateMethod = new ReflectionMethod($nonAdminGroup, 'validate');
|
|
|
|
$nonAdminValidateMethod->setAccessible(true);
|
|
|
|
|
|
|
|
// Making admin group parent of a non-admin group, effectively expanding is privileges
|
|
|
|
$nonAdminGroup->ParentID = $adminGroup->ID;
|
|
|
|
|
|
|
|
$this->logInWithPermission('APPLY_ROLES');
|
|
|
|
$result = $nonAdminValidateMethod->invoke($nonAdminGroup);
|
|
|
|
$this->assertFalse(
|
|
|
|
$result->valid(),
|
|
|
|
'Members with only APPLY_ROLES can\'t assign parent groups with direct ADMIN permissions'
|
|
|
|
);
|
|
|
|
|
|
|
|
$this->logInWithPermission('ADMIN');
|
|
|
|
$result = $nonAdminValidateMethod->invoke($nonAdminGroup);
|
|
|
|
$this->assertTrue(
|
|
|
|
$result->valid(),
|
|
|
|
'Members with ADMIN can assign parent groups with direct ADMIN permissions'
|
|
|
|
);
|
|
|
|
$nonAdminGroup->write();
|
|
|
|
$newlyAdminGroup = $nonAdminGroup;
|
|
|
|
|
|
|
|
$this->logInWithPermission('ADMIN');
|
|
|
|
$inheritedAdminGroup = $this->objFromFixture('Group', 'group1');
|
|
|
|
$inheritedAdminMethod = new ReflectionMethod($inheritedAdminGroup, 'validate');
|
|
|
|
$inheritedAdminMethod->setAccessible(true);
|
|
|
|
$inheritedAdminGroup->ParentID = $adminGroup->ID;
|
|
|
|
$inheritedAdminGroup->write(); // only works with ADMIN login
|
|
|
|
|
|
|
|
$this->logInWithPermission('APPLY_ROLES');
|
|
|
|
$result = $inheritedAdminMethod->invoke($nonAdminGroup);
|
|
|
|
$this->assertFalse(
|
|
|
|
$result->valid(),
|
|
|
|
'Members with only APPLY_ROLES can\'t assign parent groups with inherited ADMIN permission'
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2008-08-11 06:59:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
class GroupTest_Member extends Member implements TestOnly {
|
2013-08-30 13:58:37 +02:00
|
|
|
|
2008-08-11 06:59:14 +02:00
|
|
|
function getCMSFields() {
|
2013-08-30 13:58:37 +02:00
|
|
|
$groups = DataObject::get('Group');
|
2008-08-11 06:59:14 +02:00
|
|
|
$groupsMap = ($groups) ? $groups->toDropDownMap() : false;
|
|
|
|
$fields = new FieldSet(
|
2013-08-30 13:58:37 +02:00
|
|
|
new HiddenField('ID', 'ID'),
|
|
|
|
new CheckboxSetField(
|
|
|
|
'Groups',
|
|
|
|
'Groups',
|
|
|
|
$groupsMap
|
|
|
|
)
|
|
|
|
);
|
|
|
|
|
|
|
|
return $fields;
|
|
|
|
}
|
|
|
|
|
2008-08-11 06:59:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
class GroupTest_MemberForm extends Form {
|
2013-08-30 13:58:37 +02:00
|
|
|
|
2008-08-11 06:59:14 +02:00
|
|
|
function __construct($controller, $name) {
|
2013-08-30 13:58:37 +02:00
|
|
|
$fields = singleton('GroupTest_Member')->getCMSFields();
|
2008-08-11 06:59:14 +02:00
|
|
|
$actions = new FieldSet(
|
2013-08-30 13:58:37 +02:00
|
|
|
new FormAction('doSave','save')
|
|
|
|
);
|
|
|
|
|
|
|
|
parent::__construct($controller, $name, $fields, $actions);
|
|
|
|
}
|
|
|
|
|
2008-08-11 06:59:14 +02:00
|
|
|
function doSave($data, $form) {
|
2013-08-30 13:58:37 +02:00
|
|
|
// done in testing methods
|
|
|
|
}
|
|
|
|
|
2008-08-11 06:59:14 +02:00
|
|
|
}
|
|
|
|
?>
|