mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
223 lines
7.6 KiB
PHP
223 lines
7.6 KiB
PHP
<?php
|
|
|
|
use SilverStripe\ORM\DataObject;
|
|
use SilverStripe\Security\Group;
|
|
use SilverStripe\Security\Member;
|
|
use SilverStripe\Dev\FunctionalTest;
|
|
use SilverStripe\Dev\TestOnly;
|
|
use SilverStripe\Control\Session;
|
|
use SilverStripe\Forms\HiddenField;
|
|
use SilverStripe\Forms\CheckboxSetField;
|
|
use SilverStripe\Forms\FieldList;
|
|
use SilverStripe\Forms\FormAction;
|
|
use SilverStripe\Forms\Form;
|
|
|
|
|
|
|
|
|
|
/**
|
|
* @package framework
|
|
* @subpackage tests
|
|
*/
|
|
class GroupTest extends FunctionalTest {
|
|
|
|
protected static $fixture_file = 'GroupTest.yml';
|
|
|
|
public function testGroupCodeDefaultsToTitle() {
|
|
$g1 = new Group();
|
|
$g1->Title = "My Title";
|
|
$g1->write();
|
|
$this->assertEquals('my-title', $g1->Code, 'Custom title gets converted to code if none exists already');
|
|
|
|
$g2 = new Group();
|
|
$g2->Title = "My Title";
|
|
$g2->Code = "my-code";
|
|
$g2->write();
|
|
$this->assertEquals('my-code', $g2->Code, 'Custom attributes are not overwritten by Title field');
|
|
|
|
$g3 = new Group();
|
|
$g3->Title = _t('SecurityAdmin.NEWGROUP',"New Group");
|
|
$g3->write();
|
|
$this->assertNull($g3->Code, 'Default title doesnt trigger attribute setting');
|
|
}
|
|
|
|
public function testMemberGroupRelationForm() {
|
|
Session::set('loggedInAs', $this->idFromFixture('GroupTest_Member', 'admin'));
|
|
|
|
$adminGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'admingroup');
|
|
$parentGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'parentgroup');
|
|
$childGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'childgroup');
|
|
|
|
// Test single group relation through checkboxsetfield
|
|
/** @skipUpgrade */
|
|
$form = new GroupTest_MemberForm($this, 'Form');
|
|
$member = $this->objFromFixture('GroupTest_Member', 'admin');
|
|
$form->loadDataFrom($member);
|
|
$checkboxSetField = $form->Fields()->fieldByName('Groups');
|
|
$checkboxSetField->setValue(array(
|
|
$adminGroup->ID => $adminGroup->ID, // keep existing relation
|
|
$parentGroup->ID => $parentGroup->ID, // add new relation
|
|
));
|
|
$form->saveInto($member);
|
|
$updatedGroups = $member->Groups();
|
|
|
|
$this->assertEquals(2, count($updatedGroups->column()),
|
|
"Adding a toplevel group works"
|
|
);
|
|
$this->assertContains($adminGroup->ID, $updatedGroups->column('ID'));
|
|
$this->assertContains($parentGroup->ID, $updatedGroups->column('ID'));
|
|
|
|
// Test unsetting relationship
|
|
$form->loadDataFrom($member);
|
|
$checkboxSetField = $form->Fields()->fieldByName('Groups');
|
|
$checkboxSetField->setValue(array(
|
|
$adminGroup->ID => $adminGroup->ID, // keep existing relation
|
|
//$parentGroup->ID => $parentGroup->ID, // remove previously set relation
|
|
));
|
|
$form->saveInto($member);
|
|
$member->flushCache();
|
|
$updatedGroups = $member->Groups();
|
|
$this->assertEquals(1, count($updatedGroups->column()),
|
|
"Removing a previously added toplevel group works"
|
|
);
|
|
$this->assertContains($adminGroup->ID, $updatedGroups->column('ID'));
|
|
|
|
// Test adding child group
|
|
|
|
}
|
|
|
|
public function testUnsavedGroups() {
|
|
$member = $this->objFromFixture('GroupTest_Member', 'admin');
|
|
$group = new Group();
|
|
|
|
// Can save user to unsaved group
|
|
$group->Members()->add($member);
|
|
$this->assertEquals(array($member->ID), array_values($group->Members()->getIDList()));
|
|
|
|
// Persists after writing to DB
|
|
$group->write();
|
|
$group = Group::get()->byID($group->ID);
|
|
$this->assertEquals(array($member->ID), array_values($group->Members()->getIDList()));
|
|
}
|
|
|
|
public function testCollateAncestorIDs() {
|
|
$parentGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'parentgroup');
|
|
$childGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'childgroup');
|
|
$orphanGroup = new Group();
|
|
$orphanGroup->ParentID = 99999;
|
|
$orphanGroup->write();
|
|
|
|
$this->assertEquals(1, count($parentGroup->collateAncestorIDs()),
|
|
'Root node only contains itself'
|
|
);
|
|
$this->assertContains($parentGroup->ID, $parentGroup->collateAncestorIDs());
|
|
|
|
$this->assertEquals(2, count($childGroup->collateAncestorIDs()),
|
|
'Contains parent nodes, with child node first'
|
|
);
|
|
$this->assertContains($parentGroup->ID, $childGroup->collateAncestorIDs());
|
|
$this->assertContains($childGroup->ID, $childGroup->collateAncestorIDs());
|
|
|
|
$this->assertEquals(1, count($orphanGroup->collateAncestorIDs()),
|
|
'Orphaned nodes dont contain invalid parent IDs'
|
|
);
|
|
$this->assertContains($orphanGroup->ID, $orphanGroup->collateAncestorIDs());
|
|
}
|
|
|
|
public function testDelete() {
|
|
$group = $this->objFromFixture('SilverStripe\\Security\\Group', 'parentgroup');
|
|
$groupID = $group->ID;
|
|
$childGroupID = $this->idFromFixture('SilverStripe\\Security\\Group', 'childgroup');
|
|
$group->delete();
|
|
|
|
$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\Group', "\"ID\" = {$groupID}")->Count(),
|
|
'Group is removed');
|
|
$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\Permission', "\"GroupID\" = {$groupID}")->Count(),
|
|
'Permissions removed along with the group');
|
|
$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\Group', "\"ParentID\" = {$groupID}")->Count(),
|
|
'Child groups are removed');
|
|
$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\Group', "\"ParentID\" = {$childGroupID}")->Count(),
|
|
'Grandchild groups are removed');
|
|
}
|
|
|
|
public function testValidatesPrivilegeLevelOfParent() {
|
|
$nonAdminUser = $this->objFromFixture('GroupTest_Member', 'childgroupuser');
|
|
$adminUser = $this->objFromFixture('GroupTest_Member', 'admin');
|
|
$nonAdminGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'childgroup');
|
|
$adminGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'admingroup');
|
|
|
|
$nonAdminValidateMethod = new ReflectionMethod($nonAdminGroup, 'validate');
|
|
$nonAdminValidateMethod->setAccessible(true);
|
|
|
|
// Making admin group parent of a non-admin group, effectively expanding is privileges
|
|
$nonAdminGroup->ParentID = $adminGroup->ID;
|
|
|
|
$this->logInWithPermission('APPLY_ROLES');
|
|
$result = $nonAdminValidateMethod->invoke($nonAdminGroup);
|
|
$this->assertFalse(
|
|
$result->valid(),
|
|
'Members with only APPLY_ROLES can\'t assign parent groups with direct ADMIN permissions'
|
|
);
|
|
|
|
$this->logInWithPermission('ADMIN');
|
|
$result = $nonAdminValidateMethod->invoke($nonAdminGroup);
|
|
$this->assertTrue(
|
|
$result->valid(),
|
|
'Members with ADMIN can assign parent groups with direct ADMIN permissions'
|
|
);
|
|
$nonAdminGroup->write();
|
|
$newlyAdminGroup = $nonAdminGroup;
|
|
|
|
$this->logInWithPermission('ADMIN');
|
|
$inheritedAdminGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'group1');
|
|
$inheritedAdminMethod = new ReflectionMethod($inheritedAdminGroup, 'validate');
|
|
$inheritedAdminMethod->setAccessible(true);
|
|
$inheritedAdminGroup->ParentID = $adminGroup->ID;
|
|
$inheritedAdminGroup->write(); // only works with ADMIN login
|
|
|
|
$this->logInWithPermission('APPLY_ROLES');
|
|
$result = $inheritedAdminMethod->invoke($nonAdminGroup);
|
|
$this->assertFalse(
|
|
$result->valid(),
|
|
'Members with only APPLY_ROLES can\'t assign parent groups with inherited ADMIN permission'
|
|
);
|
|
}
|
|
|
|
}
|
|
|
|
class GroupTest_Member extends Member implements TestOnly {
|
|
|
|
public function getCMSFields() {
|
|
$groups = DataObject::get('SilverStripe\\Security\\Group');
|
|
$groupsMap = ($groups) ? $groups->map() : false;
|
|
$fields = new FieldList(
|
|
new HiddenField('ID', 'ID'),
|
|
new CheckboxSetField(
|
|
'Groups',
|
|
'Groups',
|
|
$groupsMap
|
|
)
|
|
);
|
|
|
|
return $fields;
|
|
}
|
|
|
|
}
|
|
|
|
class GroupTest_MemberForm extends Form {
|
|
|
|
public function __construct($controller, $name) {
|
|
$fields = singleton('GroupTest_Member')->getCMSFields();
|
|
$actions = new FieldList(
|
|
new FormAction('doSave','save')
|
|
);
|
|
|
|
parent::__construct($controller, $name, $fields, $actions);
|
|
}
|
|
|
|
public function doSave($data, $form) {
|
|
// done in testing methods
|
|
}
|
|
|
|
}
|