/**
* @dataProvider adaptRootMaskProvider
*/
public function testAdaptRootMask($object, $ownerType, $aceMask, $expectedMask)
{
if ($ownerType !== null) {
$this->metadataProvider->setMetadata('Oro\\Bundle\\SecurityBundle\\Tests\\Unit\\Acl\\Domain\\Fixtures\\Entity\\TestEntity', new OwnershipMetadata($ownerType, 'owner', 'owner_id'));
}
$resultMask = $this->extension->adaptRootMask($aceMask, $object);
$this->assertEquals($expectedMask, $resultMask, sprintf('Expected "%s" -> "%s"; Actual: "%s"', $this->extension->getMaskPattern($aceMask), $this->extension->getMaskPattern($expectedMask), $this->extension->getMaskPattern($resultMask)));
}
public function testObjIsGrantedUsesClassAcesIfNoApplicableObjectAceWasFound()
{
$obj = new TestEntity(1);
$this->context->setObject($obj);
$masks = $this->getMasks('VIEW', $obj);
$aceMask = $this->getMaskBuilder('VIEW', $obj)->add('VIEW_GLOBAL')->get();
$acl = $this->getAcl(ObjectIdentity::fromDomainObject($obj));
$acl->insertClassAce($this->sid, $aceMask);
$this->assertTrue($this->strategy->isGranted($acl, $masks, array($this->sid)));
$this->metadataProvider->setMetadata(get_class($obj), $this->getOrganizationMetadata());
$this->assertFalse($this->strategy->isGranted($acl, $masks, array($this->sid)));
$this->metadataProvider->setMetadata(get_class($obj), $this->getBusinessUnitMetadata());
$this->metadataProvider->setMetadata(get_class($obj), $this->getUserMetadata());
}
/**
* @dataProvider buildFilterConstraintProvider
*/
public function testGetAclConditionData($userId, $isGranted, $accessLevel, $ownerType, $targetEntityClassName, $targetTableAlias, $expectedConstraint)
{
$this->buildTestTree();
if ($ownerType !== null) {
$this->metadataProvider->setMetadata(self::TEST_ENTITY, new OwnershipMetadata($ownerType, 'owner', 'owner_id'));
}
/** @var OneShotIsGrantedObserver $aclObserver */
$aclObserver = null;
$this->aclVoter->expects($this->any())->method('addOneShotIsGrantedObserver')->will($this->returnCallback(function ($observer) use(&$aclObserver, &$accessLevel) {
$aclObserver = $observer;
/** @var OneShotIsGrantedObserver $aclObserver */
$aclObserver->setAccessLevel($accessLevel);
}));
$user = new User($userId);
$token = $this->getMock('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface');
$token->expects($this->any())->method('getUser')->will($this->returnValue($user));
$this->securityContext->expects($this->any())->method('isGranted')->with($this->equalTo('VIEW'), $this->equalTo('entity:' . $targetEntityClassName))->will($this->returnValue($isGranted));
$this->securityContext->expects($this->any())->method('getToken')->will($this->returnValue($userId ? $token : null));
$result = $this->builder->getAclConditionData($targetEntityClassName);
$this->assertEquals($expectedConstraint, $result);
}
/**
* @dataProvider buildFilterConstraintProvider
*/
public function testGetAclConditionData($userId, $organizationId, $isGranted, $accessLevel, $ownerType, $targetEntityClassName, $expectedConstraint)
{
$this->buildTestTree();
if ($ownerType !== null) {
$this->metadataProvider->setMetadata(self::TEST_ENTITY, new OwnershipMetadata($ownerType, 'owner', 'owner_id', 'organization', 'organization_id'));
}
/** @var OneShotIsGrantedObserver $aclObserver */
$aclObserver = null;
$this->aclVoter->expects($this->any())->method('addOneShotIsGrantedObserver')->will($this->returnCallback(function ($observer) use(&$aclObserver, &$accessLevel) {
$aclObserver = $observer;
/** @var OneShotIsGrantedObserver $aclObserver */
$aclObserver->setAccessLevel($accessLevel);
}));
$user = new User($userId);
$organization = new Organization($organizationId);
$user->addOrganization($organization);
$token = $this->getMockBuilder('Oro\\Bundle\\SecurityBundle\\Authentication\\Token\\UsernamePasswordOrganizationToken')->disableOriginalConstructor()->getMock();
$token->expects($this->any())->method('getUser')->will($this->returnValue($user));
$token->expects($this->any())->method('getOrganizationContext')->will($this->returnValue($organization));
$this->securityContext->expects($this->any())->method('isGranted')->with($this->equalTo('VIEW'), $this->equalTo('entity:' . $targetEntityClassName))->will($this->returnValue($isGranted));
$this->securityContext->expects($this->any())->method('getToken')->will($this->returnValue($userId ? $token : null));
$result = $this->builder->getAclConditionData($targetEntityClassName);
$this->assertEquals($expectedConstraint, $result);
}
public function testIsAssociatedWithUserForUserOwnedObject()
{
$this->buildTestTree();
$this->metadataProvider->setMetadata('Oro\\Bundle\\SecurityBundle\\Tests\\Unit\\Acl\\Domain\\Fixtures\\Entity\\TestEntity', new OwnershipMetadata('USER', 'owner', 'owner_id'));
$obj = new TestEntity(1);
$obj1 = new TestEntity(1, $this->user1);
$obj2 = new TestEntity(1, $this->user2);
$obj3 = new TestEntity(1, $this->user3);
$obj31 = new TestEntity(1, $this->user31);
$obj4 = new TestEntity(1, $this->user4);
$obj411 = new TestEntity(1, $this->user411);
$this->assertFalse($this->decisionMaker->isAssociatedWithUser($this->user1, $obj));
$this->assertTrue($this->decisionMaker->isAssociatedWithUser($this->user1, $obj1));
$this->assertFalse($this->decisionMaker->isAssociatedWithUser($this->user2, $obj));
$this->assertTrue($this->decisionMaker->isAssociatedWithUser($this->user2, $obj2));
$this->assertFalse($this->decisionMaker->isAssociatedWithUser($this->user3, $obj));
$this->assertTrue($this->decisionMaker->isAssociatedWithUser($this->user3, $obj3));
$this->assertFalse($this->decisionMaker->isAssociatedWithUser($this->user3, $obj31));
$this->assertFalse($this->decisionMaker->isAssociatedWithUser($this->user4, $obj));
$this->assertFalse($this->decisionMaker->isAssociatedWithUser($this->user4, $obj3));
$this->assertFalse($this->decisionMaker->isAssociatedWithUser($this->user4, $obj31));
$this->assertTrue($this->decisionMaker->isAssociatedWithUser($this->user4, $obj4));
$this->assertFalse($this->decisionMaker->isAssociatedWithUser($this->user4, $obj411));
}
