function test_creategroup() { $user = User::create( array( 'username' => 'testcaseuser', 'email' => '*****@*****.**', 'password' => 'test') ); $this->assert_true( $user instanceof User, 'Could not create test user.' ); $group = UserGroup::create( array( 'name' => 'new test group' ) ); $this->assert_true( $group instanceof UserGroup, 'Could not create a new group named "new test group".' ); ACL::create_token( 'test permission', 'A permission for test cases', 'Administration' ); ACL::create_token( 'test deny permission', 'A permission for test cases', 'Administration' ); $this->assert_true( ACL::token_exists('test permission'), 'The test permission was not created.' ); $this->assert_true( ACL::token_exists(' test PeRmission '), 'Permission names are not normalized.' ); $group->add( 'testcaseuser' ); $group->grant( 'test permission' ); $group->deny( 'test deny permisSion' ); $group->update(); $newgroup = UserGroup::get( 'new test group' ); $this->assert_true( in_array( $user->id, $newgroup->members ), 'The created user is not a member of the new group.' ); $this->assert_true( in_array( ACL::token_id( 'test permission' ), array_keys( $newgroup->permissions ) ), 'The group does not have the new permission.' ); $this->assert_true( ACL::group_can( 'new test group', 'test permission' ), 'The group does not have the new permission.' ); $this->assert_false( ACL::group_can( 'new test group', 'test deny permission' ), 'The group has a denied permission.' ); $this->assert_true( $user->can( 'test permission' ), 'The user does not have a permission his group has been granted.' ); }
public function test_group_permissions() { ACL::create_token( 'acltest', 'A test ACL permission', 'Administration' ); $this->assert_true( ACL::token_exists( 'acltest' ), 'Could not create acltest permission.' ); $this->assert_true( ACL::token_exists( 'acLtEst ' ), 'Permission names are not normalized.' ); $token_id = ACL::token_id( 'acltest' ); ACL::grant_group( $this->acl_group->id, $token_id, 'full' ); $this->assert_true( $this->acl_group->can( 'acltest', 'full' ), 'Could not grant acltest permission to acltest-group.' ); ACL::revoke_group_token( $this->acl_group->id, $token_id ); $this->assert_false( ACL::group_can( $this->acl_group->id, $token_id, 'full' ), 'Could not revoke acltest permission from acltest-group.' ); // check alternate means of granting a permission $this->acl_group->grant( 'acltest', 'full' ); $this->assert_true( $this->acl_group->can( 'acltest', 'full' ), 'Could not grant acltest permission to acltest-group through UserGroup call.' ); // full > read/edit $this->assert_true( $this->acl_group->can( 'acltest', 'read' ), "Group with 'full' acltest permission cannot 'read'." ); $this->assert_true( $this->acl_group->can( 'acltest', 'edit' ), "Group with 'full' acltest permission cannot 'edit'." ); $this->assert_true( $this->acl_group->can( 'acltest', 'full' ), "Group with 'full' acltest permission cannot 'full'." ); $this->assert_exception( 'InvalidArgumentException', "'write' is an invalid token flag." ); $this->acl_group->can( 'acltest', 'write' ); ACL::destroy_token( 'acltest' ); }
public function test_group_permissions() { $this->markTestSkipped('Test does not match class code; needs updating'); ACL::create_permission('acltest', 'A test ACL permission'); $this->assertTrue(ACL::token_exists('acltest'), 'Could not create acltest permission.'); $token_id = ACL::token_id('acltest'); ACL::grant_group($this->acl_group->id, $token_id, 'full'); $this->assertTrue($this->acl_group->can('acltest', 'full'), 'Could not grant acltest permission to acltest-group.'); ACL::revoke_group_permission($this->acl_group->id, $token_id); $this->assert_false(ACL::group_can($this->acl_group->id, $token_id, 'full'), 'Could not revoke acltest permission from acltest-group.'); // check alternate means of granting a permission $this->acl_group->grant('acltest', 'full'); $this->assertTrue($this->acl_group->can('acltest', 'full'), 'Could not grant acltest permission to acltest-group through UserGroup call.'); // full > read/write $this->assertTrue($this->acl_group->can('acltest', 'read'), "Group with 'full' acltest permission cannot 'read'."); $this->assertTrue($this->acl_group->can('acltest', 'write'), "Group with 'full' acltest permission cannot 'write'."); }
/** * Return the access bitmask for a specific token for this group. * * @param string $token The * @return */ public function get_access( $token ) { $token = ACL::token_id( $token ); $this->load_permissions_cache(); if ( isset( $this->permissions[$token] ) ) { return ACL::get_bitmask( $this->permissions[$token] ); } return false; }
public function test_revoke() { self::setup_acl(); $group = UserGroup::get("new test group"); $this->assert_true(in_array(ACL::token_id('test permission'), array_keys($group->permissions)), 'The group does not have the new permission.'); $group->revoke(ACL::token_id('test permission')); // @TODO: test by name $group = UserGroup::get("new test group"); $this->assert_false(in_array(ACL::token_id('test permission'), array_keys($group->permissions)), 'The group still has the revoked permission.'); self::teardown_acl(); }
/** * Create a new permission token, and save it to the permission tokens table * @param string $name The name of the permission * @param string $description The description of the permission * @param string $group The token group for organizational purposes * @param bool $crud Indicates if the token is a CRUD or boolean type token (default is boolean) * @return mixed the ID of the newly created permission, or boolean false */ public static function create_token($name, $description, $group, $crud = false) { $name = self::normalize_token($name); $crud = $crud ? 1 : 0; // first, make sure this isn't a duplicate if (ACL::token_exists($name)) { return false; } $allow = true; // Plugins have the opportunity to prevent adding this token $allow = Plugins::filter('token_create_allow', $allow, $name, $description, $group, $crud); if (!$allow) { return false; } Plugins::act('token_create_before', $name, $description, $group, $crud); $result = DB::query('INSERT INTO {tokens} (name, description, token_group, token_type) VALUES (?, ?, ?, ?)', array($name, $description, $group, $crud)); if (!$result) { // if it didn't work, don't bother trying to log it return false; } self::clear_caches(); // Add the token to the admin group $token = ACL::token_id($name); $admin = UserGroup::get('admin'); if ($admin) { ACL::grant_group($admin->id, $token, 'full'); } EventLog::log('New permission token created: ' . $name, 'info', 'default', 'habari'); Plugins::act('permission_create_after', $name, $description, $group, $crud); return $result; }
/** * Gets a set of groups based on their access to a certain token * @param string $token The token to check for * @param string $access The access level for that token, defaults to 'full' * @return UserGroups */ public static function get_by_token($token, $access = 'full') { $token_id = ACL::token_id($token); $sql = 'SELECT * FROM {groups} INNER JOIN {group_token_permissions} on ({groups}.id = {group_token_permissions}.group_id) AND {group_token_permissions}.token_id = :token_id'; $results = DB::get_results($sql, array(':token_id' => $token_id), 'UserGroup'); foreach ($results as $i => $group) { if (!$group->can($token)) { unset($groups[$i]); } } $c = __CLASS__; $return_value = new $c($results); return $return_value; }