mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-04-26 06:04:05 +08:00
Added more inter-method permissions test cases
This commit is contained in:
Dan Brown
parent
5ffc10e688
commit
adabf06dbe
@ -20,11 +20,6 @@ The below are some general rules we follow to standardise the behaviour of permi
|
||||
|
||||
## Cases
|
||||
|
||||
TODO - Role & entity-role interplay
|
||||
TODO - Role & entity-user interplay
|
||||
TODO - Role content relations?
|
||||
TODO - Role system permissions?
|
||||
|
||||
### Content Role Permissions
|
||||
|
||||
These are tests related to item/entity permissions that are set only at a role level.
|
||||
@ -176,6 +171,55 @@ User granted page permission.
|
||||
|
||||
User granted page permission.
|
||||
|
||||
#### test_50_role_override_allow
|
||||
|
||||
- Page permissions have inherit enabled.
|
||||
- Role A has no page role permission.
|
||||
- Role A has entity allow page permission.
|
||||
- User has Role A.
|
||||
|
||||
User granted page permission.
|
||||
|
||||
#### test_51_role_override_deny
|
||||
|
||||
- Page permissions have inherit enabled.
|
||||
- Role A has no page-view-all role permission.
|
||||
- Role A has entity deny page permission.
|
||||
- User has Role A.
|
||||
|
||||
User denied page permission.
|
||||
|
||||
#### test_60_inherited_role_override_allow
|
||||
|
||||
- Page permissions have inherit enabled.
|
||||
- Chapter permissions have inherit enabled.
|
||||
- Role A has no page role permission.
|
||||
- Role A has entity allow chapter permission.
|
||||
- User has Role A.
|
||||
|
||||
User granted page permission.
|
||||
|
||||
#### test_61_inherited_role_override_deny
|
||||
|
||||
- Page permissions have inherit enabled.
|
||||
- Chapter permissions have inherit enabled.
|
||||
- Role A has page role permission.
|
||||
- Role A has entity denied chapter permission.
|
||||
- User has Role A.
|
||||
|
||||
User denied page permission.
|
||||
|
||||
#### test_62_inherited_role_override_deny_on_own
|
||||
|
||||
- Page permissions have inherit enabled.
|
||||
- Chapter permissions have inherit enabled.
|
||||
- Role A has own-page role permission.
|
||||
- Role A has entity denied chapter permission.
|
||||
- User has Role A.
|
||||
- User owns Page.
|
||||
|
||||
User denied page permission.
|
||||
|
||||
---
|
||||
|
||||
### Entity User Permissions
|
||||
@ -266,4 +310,90 @@ User granted page permission.
|
||||
- Role A has entity allow page permission.
|
||||
- User has role A.
|
||||
|
||||
User denied page permission.
|
||||
|
||||
#### test_50_role_override_allow
|
||||
|
||||
- Page permissions have inherit enabled.
|
||||
- Role A has no page role permission.
|
||||
- User has entity allow page permission.
|
||||
- User has Role A.
|
||||
|
||||
User granted page permission.
|
||||
|
||||
#### test_51_role_override_deny
|
||||
|
||||
- Page permissions have inherit enabled.
|
||||
- Role A has all-page role permission.
|
||||
- User has entity deny page permission.
|
||||
- User has Role A.
|
||||
|
||||
User denied page permission.
|
||||
|
||||
#### test_60_inherited_role_override_allow
|
||||
|
||||
- Page permissions have inherit enabled.
|
||||
- Role A has no page role permission.
|
||||
- User has entity allow chapter permission.
|
||||
- User has Role A.
|
||||
|
||||
User granted page permission.
|
||||
|
||||
#### test_61_inherited_role_override_deny
|
||||
|
||||
- Page permissions have inherit enabled.
|
||||
- Role A has view-all page role permission.
|
||||
- User has entity deny chapter permission.
|
||||
- User has Role A.
|
||||
|
||||
User denied page permission.
|
||||
|
||||
#### test_61_inherited_role_override_deny_on_own
|
||||
|
||||
- Page permissions have inherit enabled.
|
||||
- Role A has view-own page role permission.
|
||||
- User has entity deny chapter permission.
|
||||
- User has Role A.
|
||||
- User owns Page.
|
||||
|
||||
User denied page permission.
|
||||
|
||||
#### test_70_all_override_allow
|
||||
|
||||
- Page permissions have inherit enabled.
|
||||
- Role A has no page role permission.
|
||||
- Role A has entity deny page permission.
|
||||
- User has entity allow page permission.
|
||||
- User has Role A.
|
||||
|
||||
User granted page permission.
|
||||
|
||||
#### test_71_all_override_deny
|
||||
|
||||
- Page permissions have inherit enabled.
|
||||
- Role A has page-all role permission.
|
||||
- Role A has entity allow page permission.
|
||||
- User has entity deny page permission.
|
||||
- User has Role A.
|
||||
|
||||
User denied page permission.
|
||||
|
||||
#### test_80_inherited_all_override_allow
|
||||
|
||||
- Page permissions have inherit enabled.
|
||||
- Role A has no page role permission.
|
||||
- Role A has entity deny chapter permission.
|
||||
- User has entity allow chapter permission.
|
||||
- User has Role A.
|
||||
|
||||
User granted page permission.
|
||||
|
||||
#### test_81_inherited_all_override_deny
|
||||
|
||||
- Page permissions have inherit enabled.
|
||||
- Role A has view-all page role permission.
|
||||
- Role A has entity allow chapter permission.
|
||||
- User has entity deny chapter permission.
|
||||
- User has Role A.
|
||||
|
||||
User denied page permission.
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
namespace Tests\Permissions\Scenarios;
|
||||
|
||||
class EntityRolePermissions extends PermissionScenarioTestCase
|
||||
class EntityRolePermissionsTest extends PermissionScenarioTestCase
|
||||
{
|
||||
public function test_01_explicit_allow()
|
||||
{
|
||||
@ -126,4 +126,53 @@ class EntityRolePermissions extends PermissionScenarioTestCase
|
||||
|
||||
$this->assertVisibleToUser($page, $user);
|
||||
}
|
||||
|
||||
public function test_50_role_override_allow()
|
||||
{
|
||||
[$user, $roleA] = $this->users->newUserWithRole();
|
||||
$page = $this->entities->page();
|
||||
$this->permissions->addEntityPermission($page, ['view'], $roleA);
|
||||
|
||||
$this->assertVisibleToUser($page, $user);
|
||||
}
|
||||
|
||||
public function test_51_role_override_deny()
|
||||
{
|
||||
[$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
|
||||
$page = $this->entities->page();
|
||||
$this->permissions->addEntityPermission($page, [], $roleA);
|
||||
|
||||
$this->assertNotVisibleToUser($page, $user);
|
||||
}
|
||||
|
||||
public function test_60_inherited_role_override_allow()
|
||||
{
|
||||
[$user, $roleA] = $this->users->newUserWithRole([], []);
|
||||
$page = $this->entities->pageWithinChapter();
|
||||
$chapter = $page->chapter;
|
||||
$this->permissions->addEntityPermission($chapter, ['view'], $roleA);
|
||||
|
||||
$this->assertVisibleToUser($page, $user);
|
||||
}
|
||||
|
||||
public function test_61_inherited_role_override_deny()
|
||||
{
|
||||
[$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
|
||||
$page = $this->entities->pageWithinChapter();
|
||||
$chapter = $page->chapter;
|
||||
$this->permissions->addEntityPermission($chapter, [], $roleA);
|
||||
|
||||
$this->assertNotVisibleToUser($page, $user);
|
||||
}
|
||||
|
||||
public function test_62_inherited_role_override_deny_on_own()
|
||||
{
|
||||
[$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']);
|
||||
$page = $this->entities->pageWithinChapter();
|
||||
$chapter = $page->chapter;
|
||||
$this->permissions->addEntityPermission($chapter, [], $roleA);
|
||||
$this->permissions->changeEntityOwner($page, $user);
|
||||
|
||||
$this->assertNotVisibleToUser($page, $user);
|
||||
}
|
||||
}
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
namespace Tests\Permissions\Scenarios;
|
||||
|
||||
class EntityUserPermissions extends PermissionScenarioTestCase
|
||||
class EntityUserPermissionsTest extends PermissionScenarioTestCase
|
||||
{
|
||||
public function test_01_explicit_allow()
|
||||
{
|
||||
@ -115,4 +115,95 @@ class EntityUserPermissions extends PermissionScenarioTestCase
|
||||
|
||||
$this->assertNotVisibleToUser($page, $user);
|
||||
}
|
||||
|
||||
public function test_50_role_override_allow()
|
||||
{
|
||||
[$user, $roleA] = $this->users->newUserWithRole();
|
||||
$page = $this->entities->page();
|
||||
$this->permissions->addEntityPermission($page, ['view'], null, $user);
|
||||
|
||||
$this->assertVisibleToUser($page, $user);
|
||||
}
|
||||
|
||||
public function test_51_role_override_deny()
|
||||
{
|
||||
[$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
|
||||
$page = $this->entities->page();
|
||||
$this->permissions->addEntityPermission($page, [], null, $user);
|
||||
|
||||
$this->assertNotVisibleToUser($page, $user);
|
||||
}
|
||||
|
||||
public function test_60_inherited_role_override_allow()
|
||||
{
|
||||
[$user, $roleA] = $this->users->newUserWithRole([], []);
|
||||
$page = $this->entities->pageWithinChapter();
|
||||
$chapter = $page->chapter;
|
||||
$this->permissions->addEntityPermission($chapter, ['view'], null, $user);
|
||||
|
||||
$this->assertVisibleToUser($page, $user);
|
||||
}
|
||||
|
||||
public function test_61_inherited_role_override_deny()
|
||||
{
|
||||
[$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
|
||||
$page = $this->entities->pageWithinChapter();
|
||||
$chapter = $page->chapter;
|
||||
$this->permissions->addEntityPermission($chapter, [], null, $user);
|
||||
|
||||
$this->assertNotVisibleToUser($page, $user);
|
||||
}
|
||||
|
||||
public function test_61_inherited_role_override_deny_on_own()
|
||||
{
|
||||
[$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']);
|
||||
$page = $this->entities->pageWithinChapter();
|
||||
$chapter = $page->chapter;
|
||||
$this->permissions->addEntityPermission($chapter, [], null, $user);
|
||||
$this->permissions->changeEntityOwner($page, $user);
|
||||
|
||||
$this->assertNotVisibleToUser($page, $user);
|
||||
}
|
||||
|
||||
public function test_70_all_override_allow()
|
||||
{
|
||||
[$user, $roleA] = $this->users->newUserWithRole([], []);
|
||||
$page = $this->entities->page();
|
||||
$this->permissions->addEntityPermission($page, [], $roleA, null);
|
||||
$this->permissions->addEntityPermission($page, ['view'], null, $user);
|
||||
|
||||
$this->assertVisibleToUser($page, $user);
|
||||
}
|
||||
|
||||
public function test_71_all_override_deny()
|
||||
{
|
||||
[$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
|
||||
$page = $this->entities->page();
|
||||
$this->permissions->addEntityPermission($page, ['view'], $roleA, null);
|
||||
$this->permissions->addEntityPermission($page, [], null, $user);
|
||||
|
||||
$this->assertNotVisibleToUser($page, $user);
|
||||
}
|
||||
|
||||
public function test_80_inherited_all_override_allow()
|
||||
{
|
||||
[$user, $roleA] = $this->users->newUserWithRole([], []);
|
||||
$page = $this->entities->pageWithinChapter();
|
||||
$chapter = $page->chapter;
|
||||
$this->permissions->addEntityPermission($chapter, [], $roleA, null);
|
||||
$this->permissions->addEntityPermission($chapter, ['view'], null, $user);
|
||||
|
||||
$this->assertVisibleToUser($page, $user);
|
||||
}
|
||||
|
||||
public function test_81_inherited_all_override_deny()
|
||||
{
|
||||
[$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
|
||||
$page = $this->entities->pageWithinChapter();
|
||||
$chapter = $page->chapter;
|
||||
$this->permissions->addEntityPermission($chapter, ['view'], $roleA, null);
|
||||
$this->permissions->addEntityPermission($chapter, [], null, $user);
|
||||
|
||||
$this->assertNotVisibleToUser($page, $user);
|
||||
}
|
||||
}
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
namespace Tests\Permissions\Scenarios;
|
||||
|
||||
class RoleContentPermissions extends PermissionScenarioTestCase
|
||||
class RoleContentPermissionsTest extends PermissionScenarioTestCase
|
||||
{
|
||||
public function test_01_allow()
|
||||
{
|
||||
Loading…
x
Reference in New Issue
Block a user