github-mirror/BookStack
github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-04-25 13:44:05 +08:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

Added additional entity_role_permission scenario tests

Browse Source
This commit is contained in:
Dan Brown 2022-12-17 15:26:54 +00:00
parent f844ae0902
commit 491beee93e
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
4 changed files with 160 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
dev/docs/permission-scenario-testing.md
View File

@ -10,28 +10,76 @@ Test cases are written ability abstract, since all abilities should act the same
These are tests related to entity-level role-specific permission overrides. These are tests related to entity-level role-specific permission overrides.
#### entity_role_01 - Explicit allow #### test_01_explicit_allow
- Page permissions have inherit disabled. - Page permissions have inherit disabled.
- Role A has explicit page permission. - Role A has entity allow page permission.
- User has Role A. - User has Role A.
User should have page permission. User should have page permission.
#### entity_role_02 - Explicit deny #### test_02_explicit_deny
- Page permissions have inherit disabled. - Page permissions have inherit disabled.
- Role A has explicit page permission. - Role A has entity deny page permission.
- User has Role A. - User has Role A.
User should not have permission. User denied page permission.
#### entity_role_03 - Same level conflicting #### test_03_same_level_conflicting
- Page permissions have inherit disabled. - Page permissions have inherit disabled.
- Role A has explicit page permission. - Role A has entity allow page permission.
- Role B has explicit blocked page permission. - Role B has entity deny page permission.
- User has both Role A & B. - User has both Role A & B.
User should have page permission. Explicit grant overrides explicit deny at same level. User should have page permission.
Explicit grant overrides entity deny at same level.
#### test_20_inherit_allow
- Page permissions have inherit enabled.
- Chapter permissions has inherit disabled.
- Role A has entity allow chapter permission.
- User has both Role A.
User should have page permission.
#### test_21_inherit_deny
- Page permissions have inherit enabled.
- Chapter permissions has inherit disabled.
- Role A has entity deny chapter permission.
- User has both Role A.
User denied page permission.
#### test_22_same_level_conflict_inherit
- Page permissions have inherit enabled.
- Chapter permissions has inherit disabled.
- Role A has entity deny chapter permission.
- Role B has entity allow chapter permission.
- User has both Role A & B.
User should have page permission.
#### test_30_child_inherit_override_allow
- Page permissions have inherit enabled.
- Chapter permissions has inherit disabled.
- Role A has entity deny chapter permission.
- Role A has entity allow page permission.
- User has Role A.
User should have page permission.
#### test_31_child_inherit_override_deny
- Page permissions have inherit enabled.
- Chapter permissions has inherit disabled.
- Role A has entity allow chapter permission.
- Role A has entity deny page permission.
- User has Role A.
User denied page permission.

4
tests/Helpers/PermissionsProvider.php
View File

@ -90,9 +90,9 @@ class PermissionsProvider
$this->addEntityPermissionEntries($entity, $permissions); $this->addEntityPermissionEntries($entity, $permissions);
} }
public function addEntityPermission(Entity $entity, array $actionList, int $roleId = null, int $userId = null) public function addEntityPermission(Entity $entity, array $actionList, ?Role $role = null, ?User $user = null)
{ {
$permissionData = $this->actionListToEntityPermissionData($actionList, $roleId, $userId); $permissionData = $this->actionListToEntityPermissionData($actionList, $role->id ?? null, $user->id ?? null);
$this->addEntityPermissionEntries($entity, [$permissionData]); $this->addEntityPermissionEntries($entity, [$permissionData]);
} }

4
tests/Helpers/UserRoleProvider.php
View File

@ -59,7 +59,7 @@ class UserRoleProvider
public function newUserWithRole(array $userAttrs = [], array $rolePermissions = []): array public function newUserWithRole(array $userAttrs = [], array $rolePermissions = []): array
{ {
$user = User::factory()->create($userAttrs); $user = User::factory()->create($userAttrs);
$role = $this->attachRole($user, $rolePermissions); $role = $this->attachNewRole($user, $rolePermissions);
return [$user, $role]; return [$user, $role];
} }
@ -68,7 +68,7 @@ class UserRoleProvider
* Attach a new role, with the given role permissions, to the given user * Attach a new role, with the given role permissions, to the given user
* and return that role. * and return that role.
*/ */
public function attachRole(User $user, array $rolePermissions = []): Role public function attachNewRole(User $user, array $rolePermissions = []): Role
{ {
$role = $this->createRole($rolePermissions); $role = $this->createRole($rolePermissions);
$user->attachRole($role); $user->attachRole($role);

111
tests/Permissions/Scenarios/EntityRolePermissions.php
View File

@ -2,7 +2,8 @@
namespace Tests\Permissions\Scenarios; namespace Tests\Permissions\Scenarios;
use BookStack\Entities\Models\Page; use BookStack\Auth\User;
use BookStack\Entities\Models\Entity;
use Tests\TestCase; use Tests\TestCase;
// Cases defined in dev/docs/permission-scenario-testing.md // Cases defined in dev/docs/permission-scenario-testing.md
@ -15,34 +16,118 @@ class EntityRolePermissions extends TestCase
$page = $this->entities->page(); $page = $this->entities->page();
$this->permissions->setEntityPermissions($page, ['view'], [$role], false); $this->permissions->setEntityPermissions($page, ['view'], [$role], false);
$this->actingAs($user); $this->assertVisibleToUser($page, $user);
$this->assertTrue(userCan('page-view', $page));
$this->assertNotNull(Page::visible()->findOrFail($page->id));
} }
public function test_02_explicit_deny() public function test_02_explicit_deny()
{ {
[$user, $role] = $this->users->newUserWithRole(); [$user, $role] = $this->users->newUserWithRole();
$page = $this->entities->page(); $page = $this->entities->page();
$this->permissions->setEntityPermissions($page, ['edit'], [$role], false); $this->permissions->setEntityPermissions($page, [], [$role], false);
$this->actingAs($user); $this->assertNotVisibleToUser($page, $user);
$this->assertFalse(userCan('page-view', $page));
$this->assertNull(Page::visible()->find($page->id));
} }
public function test_03_same_level_conflicting() public function test_03_same_level_conflicting()
{ {
[$user, $roleA] = $this->users->newUserWithRole(); [$user, $roleA] = $this->users->newUserWithRole();
$roleB = $this->users->attachRole($user); $roleB = $this->users->attachNewRole($user);
$page = $this->entities->page(); $page = $this->entities->page();
$this->permissions->disableEntityInheritedPermissions($page); $this->permissions->disableEntityInheritedPermissions($page);
$this->permissions->addEntityPermission($page, ['update'], $roleA->id); $this->permissions->addEntityPermission($page, [], $roleA);
$this->permissions->addEntityPermission($page, ['view'], $roleB->id); $this->permissions->addEntityPermission($page, ['view'], $roleB);
$this->assertVisibleToUser($page, $user);
}
public function test_20_inherit_allow()
{
[$user, $roleA] = $this->users->newUserWithRole();
$page = $this->entities->pageWithinChapter();
$chapter = $page->chapter;
$this->permissions->disableEntityInheritedPermissions($chapter);
$this->permissions->addEntityPermission($chapter, ['view'], $roleA);
$this->assertVisibleToUser($page, $user);
}
public function test_21_inherit_deny()
{
[$user, $roleA] = $this->users->newUserWithRole();
$page = $this->entities->pageWithinChapter();
$chapter = $page->chapter;
$this->permissions->disableEntityInheritedPermissions($chapter);
$this->permissions->addEntityPermission($chapter, [], $roleA);
$this->assertNotVisibleToUser($page, $user);
}
public function test_22_same_level_conflict_inherit()
{
[$user, $roleA] = $this->users->newUserWithRole();
$roleB = $this->users->attachNewRole($user);
$page = $this->entities->pageWithinChapter();
$chapter = $page->chapter;
$this->permissions->disableEntityInheritedPermissions($chapter);
$this->permissions->addEntityPermission($chapter, [], $roleA);
$this->permissions->addEntityPermission($chapter, ['view'], $roleB);
$this->assertVisibleToUser($page, $user);
}
public function test_30_child_inherit_override_allow()
{
[$user, $roleA] = $this->users->newUserWithRole();
$page = $this->entities->pageWithinChapter();
$chapter = $page->chapter;
$this->permissions->disableEntityInheritedPermissions($chapter);
$this->permissions->addEntityPermission($chapter, [], $roleA);
$this->permissions->addEntityPermission($page, ['view'], $roleA);
$this->assertVisibleToUser($page, $user);
}
public function test_31_child_inherit_override_deny()
{
[$user, $roleA] = $this->users->newUserWithRole();
$page = $this->entities->pageWithinChapter();
$chapter = $page->chapter;
$this->permissions->disableEntityInheritedPermissions($chapter);
$this->permissions->addEntityPermission($chapter, ['view'], $roleA);
$this->permissions->addEntityPermission($page, [], $roleA);
$this->assertNotVisibleToUser($page, $user);
}
protected function assertVisibleToUser(Entity $entity, User $user)
{
$this->actingAs($user); $this->actingAs($user);
$this->assertTrue(userCan('page-view', $page)); $funcView = userCan($entity->getMorphClass() . '-view', $entity);
$this->assertNotNull(Page::visible()->find($page->id)); $queryView = $entity->newQuery()->scopes(['visible'])->find($entity->id) !== null;
$id = $entity->getMorphClass() . ':' . $entity->id;
$msg = "Item [{$id}] should be visible but was not found via ";
$msg .= implode(' and ', array_filter([!$funcView ? 'userCan' : '', !$queryView ? 'query' : '']));
static::assertTrue($funcView && $queryView, $msg);
}
protected function assertNotVisibleToUser(Entity $entity, User $user)
{
$this->actingAs($user);
$funcView = userCan($entity->getMorphClass() . '-view', $entity);
$queryView = $entity->newQuery()->scopes(['visible'])->find($entity->id) !== null;
$id = $entity->getMorphClass() . ':' . $entity->id;
$msg = "Item [{$id}] should not be visible but was found via ";
$msg .= implode(' and ', array_filter([$funcView ? 'userCan' : '', $queryView ? 'query' : '']));
static::assertTrue(!$funcView && !$queryView, $msg);
} }
} }