protected function setUp()
{
if (!class_exists('Doctrine\\DBAL\\DriverManager')) {
$this->markTestSkipped('The Doctrine2 DBAL is required for this test');
}
$this->ownerTree = new OwnerTree();
$this->metadataProvider = new OwnershipMetadataProviderStub($this);
$objectIdAccessor = new ObjectIdAccessor();
/** @var \PHPUnit_Framework_MockObject_MockObject|OwnerTreeProvider $treeProviderMock */
$treeProviderMock = $this->getMockBuilder('Oro\\Bundle\\SecurityBundle\\Owner\\OwnerTreeProvider')->disableOriginalConstructor()->getMock();
$treeProviderMock->expects($this->any())->method('getTree')->will($this->returnValue($this->ownerTree));
$configProvider = $this->getMockBuilder('Oro\\Bundle\\EntityConfigBundle\\Provider\\ConfigProvider')->disableOriginalConstructor()->getMock();
$configProvider->expects($this->any())->method('hasConfig')->willReturn(false);
$this->container = $this->getMock('Symfony\\Component\\DependencyInjection\\ContainerInterface');
$this->container->expects($this->any())->method('get')->will($this->returnValueMap([['oro_security.ownership_tree_provider.chain', ContainerInterface::EXCEPTION_ON_INVALID_REFERENCE, $treeProviderMock], ['oro_security.owner.metadata_provider.chain', ContainerInterface::EXCEPTION_ON_INVALID_REFERENCE, $this->metadataProvider], ['oro_security.acl.object_id_accessor', ContainerInterface::EXCEPTION_ON_INVALID_REFERENCE, $objectIdAccessor], ['oro_security.owner.entity_owner_accessor', ContainerInterface::EXCEPTION_ON_INVALID_REFERENCE, new EntityOwnerAccessor($this->metadataProvider)], ['oro_entity_config.provider.security', ContainerInterface::EXCEPTION_ON_INVALID_REFERENCE, $configProvider]]));
$decisionMaker = new EntityOwnershipDecisionMaker($treeProviderMock, $objectIdAccessor, new EntityOwnerAccessor($this->metadataProvider), $this->metadataProvider);
$decisionMaker->setContainer($this->container);
$this->strategy = new PermissionGrantingStrategy($decisionMaker, $this->metadataProvider);
$this->selector = TestHelper::get($this)->createAclExtensionSelector($this->metadataProvider, $this->ownerTree, $decisionMaker);
$this->context = new PermissionGrantingStrategyContext($this->selector);
$contextLink = $this->getMockBuilder('Oro\\Bundle\\EntityConfigBundle\\DependencyInjection\\Utils\\ServiceLink')->disableOriginalConstructor()->getMock();
$contextLink->expects($this->any())->method('getService')->will($this->returnValue($this->context));
$this->strategy->setContext($contextLink);
$user = new User(1);
$user->setUsername('TestUser');
$this->sid = new UserSecurityIdentity('TestUser', get_class($user));
$this->rsid = new RoleSecurityIdentity('TestRole');
$token = $this->getMock('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface');
$token->expects($this->any())->method('getUser')->will($this->returnValue($user));
$this->context->setSecurityToken($token);
$this->context->setObject(new TestEntity('testId'));
$this->map = new PermissionMap($this->selector);
}
/**
* @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
* @expectedExceptionMessage You don't have access to organization 'Inactive Org'
*/
public function testBadOrganizationAuthenticate()
{
$organization = new Organization(2);
$organization->setEnabled(false);
$organization->setName('Inactive Org');
$user = new User(1);
$user->addOrganization($organization);
$token = new OrganizationRememberMeToken($user, 'provider', 'testKey', $organization);
$this->userChecker->expects($this->once())->method('checkPreAuth');
$this->provider->authenticate($token);
}
public function testBadOrganizationAuthenticate()
{
$user = new User(1);
$organization = new Organization(2);
$organization->setEnabled(false);
$role = new Role('test');
$user->setOrganizations(new ArrayCollection([$organization]));
$user->setRoles(new ArrayCollection([$role]));
$token = new OrganizationRememberMeToken($user, 'provider', 'testKey', $organization);
$this->userChecker->expects($this->once())->method('checkPreAuth');
$this->setExpectedException('Symfony\\Component\\Security\\Core\\Exception\\BadCredentialsException');
$this->provider->authenticate($token);
}
/**
* @dataProvider buildFilterConstraintProvider
*/
public function testGetAclConditionData($userId, $organizationId, $isGranted, $accessLevel, $ownerType, $targetEntityClassName, $expectedConstraint)
{
$this->buildTestTree();
if ($ownerType !== null) {
$this->metadataProvider->setMetadata(self::TEST_ENTITY, new OwnershipMetadata($ownerType, 'owner', 'owner_id', 'organization', 'organization_id'));
}
/** @var OneShotIsGrantedObserver $aclObserver */
$aclObserver = null;
$this->aclVoter->expects($this->any())->method('addOneShotIsGrantedObserver')->will($this->returnCallback(function ($observer) use(&$aclObserver, &$accessLevel) {
$aclObserver = $observer;
/** @var OneShotIsGrantedObserver $aclObserver */
$aclObserver->setAccessLevel($accessLevel);
}));
$user = new User($userId);
$organization = new Organization($organizationId);
$user->addOrganization($organization);
$token = $this->getMockBuilder('Oro\\Bundle\\SecurityBundle\\Authentication\\Token\\UsernamePasswordOrganizationToken')->disableOriginalConstructor()->getMock();
$token->expects($this->any())->method('getUser')->will($this->returnValue($user));
$token->expects($this->any())->method('getOrganizationContext')->will($this->returnValue($organization));
$this->securityContext->expects($this->any())->method('isGranted')->with($this->equalTo('VIEW'), $this->equalTo('entity:' . $targetEntityClassName))->will($this->returnValue($isGranted));
$this->securityContext->expects($this->any())->method('getToken')->will($this->returnValue($userId ? $token : null));
$result = $this->builder->getAclConditionData($targetEntityClassName);
$this->assertEquals($expectedConstraint, $result);
}
public function testGetSharedWithName()
{
$object = $this->getMockBuilder('Symfony\\Component\\Security\\Acl\\Model\\DomainObjectInterface')->disableOriginalConstructor()->getMock();
$object->expects($this->any())->method('getObjectIdentifier')->will($this->returnValue(1));
$user = new User(1);
$user->setUsername('TestUser');
$sid = new UserSecurityIdentity('TestUser', get_class($user));
$ace = $this->getMockBuilder('Symfony\\Component\\Security\\Acl\\Domain\\Entry')->disableOriginalConstructor()->getMock();
$ace->expects($this->any())->method('getSecurityIdentity')->will($this->returnValue($sid));
$aces = [$ace];
$acl = $this->getMockBuilder('Symfony\\Component\\Security\\Acl\\Domain\\Acl')->disableOriginalConstructor()->getMock();
$acl->expects($this->any())->method('getObjectAces')->will($this->returnValue($aces));
$this->aclCache->expects($this->once())->method('getFromCacheByIdentity')->will($this->returnValue($acl));
$repository = $this->getMockBuilder('Doctrine\\Common\\Persistence\\ObjectRepository')->disableOriginalConstructor()->getMock();
$repository->expects($this->any())->method('findOneBy')->will($this->returnValue($user));
$this->manager->expects($this->any())->method('getRepository')->will($this->returnValue($repository));
$this->nameFormatter->expects($this->any())->method('format')->will($this->returnValue($user->getUsername()));
$this->assertEquals($user->getUsername(), $this->twigExtension->getSharedWithName($object));
}
