public function testRoleInAcl() { $groupXml = '<?xml version="1.0" encoding="UTF-8"?> <GroupList xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="GroupList-1.0.0.xsd"> <Group> <Name>Everyone</Name> <Description>Built-in group to include all users</Description> </Group> </GroupList>'; $br = TestUtils::mockByteReader($this, $groupXml); $this->assertEquals("text/xml", $br->GetMimeType()); $this->assertEquals($groupXml, $br->ToString()); $site = $this->getMockBuilder("MgSite")->getMock(); $site->method("EnumerateGroups")->will($this->returnValue($br)); $roleMethodMap = array(array("Author", new FakeStringCollection(array("Authors"))), array("Anonymous", new FakeStringCollection(array("Users")))); $site->method("EnumerateRoles")->will($this->returnValueMap($roleMethodMap)); $conf1 = array("AllowUsers" => array("Administrator"), "AllowGroups" => array("Foo"), "AllowRoles" => array("Users")); $this->assertFalse(MgUtils::ValidateAcl("Author", $site, $conf1)); $conf2 = array("AllowUsers" => array("Administrator"), "AllowGroups" => array("Foo"), "AllowRoles" => array("Users")); $this->assertTrue(MgUtils::ValidateAcl("Anonymous", $site, $conf2)); }
public function testWhitelistAclGlobalInheritance() { $everyoneGroupXml = '<?xml version="1.0" encoding="UTF-8"?> <GroupList xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="GroupList-1.0.0.xsd"> <Group> <Name>Everyone</Name> <Description>Built-in group to include all users</Description> </Group> </GroupList>'; $everyoneGroupBr = TestUtils::mockByteReader($this, $everyoneGroupXml); $this->assertEquals("text/xml", $everyoneGroupBr->GetMimeType()); $this->assertEquals($everyoneGroupXml, $everyoneGroupBr->ToString()); $site = $this->getMockBuilder("MgSite")->getMock(); $site->method("EnumerateGroups")->will($this->returnValue($everyoneGroupBr)); $roleMethodMap = array(array("Author", new FakeStringCollection(array("Author"))), array("Anonymous", new FakeStringCollection(array("Users"))), array("Administrator", new FakeStringCollection(array("Administrator")))); $site->method("EnumerateRoles")->will($this->returnValueMap($roleMethodMap)); //Everything not parcels is subject to the global rules //Any parcel action in the list with any representation is allowed if the calling user is part of any of the users/groups/roles specified $conf = array("Globals" => array("Actions" => array("SELECTFEATURES" => array("AllowRoles" => array("Author", "Administrator")))), "Library://Samples/Sheboygan/Data/Parcels.FeatureSource" => array("Actions" => array("SELECTFEATURES" => array("AllowUsers" => array("Author"), "AllowGroups" => array("Foo"), "AllowRoles" => array("Users"))), "Representations" => array("xml" => array("AllowUsers" => array("Administrator"), "AllowGroups" => array("Foo"), "AllowRoles" => array("Authors")), "json" => array("AllowUsers" => array("Author"), "AllowGroups" => array("Foo"), "AllowRoles" => array("Users"))))); $mimeType = "text/xml"; $resp = "json"; $wl = new MgWhitelist($conf); //Anonymous can't use SELECTFEATURES globally $action = "SELECTFEATURES"; $userName = "******"; $bExpect = true; $bForbidden = false; $wl->VerifyGlobalWhitelist($mimeType, function ($msg, $mt) use(&$bForbidden) { $bForbidden = true; }, $action, $resp, $site, $userName); $this->assertEquals($bExpect, $bForbidden, "Expected (" . ($bExpect ? "true" : "false") . ") on ({$action}, {$resp}) for {$userName}. Got: " . ($bForbidden ? "true" : "false")); //Author can use GETRESSELECTFEATURESOURCE globally $action = "SELECTFEATURES"; $userName = "******"; $bExpect = false; $bForbidden = false; $wl->VerifyGlobalWhitelist($mimeType, function ($msg, $mt) use(&$bForbidden) { $bForbidden = true; }, $action, $resp, $site, $userName); $this->assertEquals($bExpect, $bForbidden, "Expected (" . ($bExpect ? "true" : "false") . ") on ({$action}, {$resp}) for {$userName}. Got: " . ($bForbidden ? "true" : "false")); //Administrator can use SELECTFEATURES globally $action = "SELECTFEATURES"; $userName = "******"; $bExpect = false; $bForbidden = false; $wl->VerifyGlobalWhitelist($mimeType, function ($msg, $mt) use(&$bForbidden) { $bForbidden = true; }, $action, $resp, $site, $userName); $this->assertEquals($bExpect, $bForbidden, "Expected (" . ($bExpect ? "true" : "false") . ") on ({$action}, {$resp}) for {$userName}. Got: " . ($bForbidden ? "true" : "false")); //Test on trees. As the configuration has no entry for this, it should default to global configuration $resIdStr = "Library://Samples/Sheboygan/Data/Trees.FeatureSource"; //Anonymous can't use SELECTFEATURES on trees $action = "SELECTFEATURES"; $userName = "******"; $bExpect = true; $bForbidden = false; $wl->VerifyWhitelist($resIdStr, $mimeType, function ($msg, $mt) use(&$bForbidden) { $bForbidden = true; }, $action, $resp, $site, $userName); $this->assertEquals($bExpect, $bForbidden, "Expected (" . ($bExpect ? "true" : "false") . ") on ({$action}, {$resp}) for {$userName}. Got: " . ($bForbidden ? "true" : "false")); //Author can use SELECTFEATURES on trees $action = "SELECTFEATURES"; $userName = "******"; $bExpect = false; $bForbidden = false; $wl->VerifyWhitelist($resIdStr, $mimeType, function ($msg, $mt) use(&$bForbidden) { $bForbidden = true; }, $action, $resp, $site, $userName); $this->assertEquals($bExpect, $bForbidden, "Expected (" . ($bExpect ? "true" : "false") . ") on ({$action}, {$resp}) for {$userName}. Got: " . ($bForbidden ? "true" : "false")); //Administrator can use SELECTFEATURES on trees $action = "SELECTFEATURES"; $userName = "******"; $bExpect = false; $bForbidden = false; $wl->VerifyWhitelist($resIdStr, $mimeType, function ($msg, $mt) use(&$bForbidden) { $bForbidden = true; }, $action, $resp, $site, $userName); $this->assertEquals($bExpect, $bForbidden, "Expected (" . ($bExpect ? "true" : "false") . ") on ({$action}, {$resp}) for {$userName}. Got: " . ($bForbidden ? "true" : "false")); //Test on parcels $resIdStr = "Library://Samples/Sheboygan/Data/Parcels.FeatureSource"; //Anonymous can use SELECTFEATURES on trees $action = "SELECTFEATURES"; $userName = "******"; $bExpect = false; $bForbidden = false; $wl->VerifyWhitelist($resIdStr, $mimeType, function ($msg, $mt) use(&$bForbidden) { $bForbidden = true; }, $action, $resp, $site, $userName); $this->assertEquals($bExpect, $bForbidden, "Expected (" . ($bExpect ? "true" : "false") . ") on ({$action}, {$resp}) for {$userName}. Got: " . ($bForbidden ? "true" : "false")); //Author can use SELECTFEATURES on trees $action = "SELECTFEATURES"; $userName = "******"; $bExpect = false; $bForbidden = false; $wl->VerifyWhitelist($resIdStr, $mimeType, function ($msg, $mt) use(&$bForbidden) { $bForbidden = true; }, $action, $resp, $site, $userName); $this->assertEquals($bExpect, $bForbidden, "Expected (" . ($bExpect ? "true" : "false") . ") on ({$action}, {$resp}) for {$userName}. Got: " . ($bForbidden ? "true" : "false")); //Administrator can't use SELECTFEATURES on trees $action = "SELECTFEATURES"; $userName = "******"; $bExpect = true; $bForbidden = false; $wl->VerifyWhitelist($resIdStr, $mimeType, function ($msg, $mt) use(&$bForbidden) { $bForbidden = true; }, $action, $resp, $site, $userName); $this->assertEquals($bExpect, $bForbidden, "Expected (" . ($bExpect ? "true" : "false") . ") on ({$action}, {$resp}) for {$userName}. Got: " . ($bForbidden ? "true" : "false")); }