Esempio n. 1
0
    public function testRoleInAcl()
    {
        $groupXml = '<?xml version="1.0" encoding="UTF-8"?>
<GroupList xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="GroupList-1.0.0.xsd">
    <Group>
        <Name>Everyone</Name>
        <Description>Built-in group to include all users</Description>
    </Group>
</GroupList>';
        $br = TestUtils::mockByteReader($this, $groupXml);
        $this->assertEquals("text/xml", $br->GetMimeType());
        $this->assertEquals($groupXml, $br->ToString());
        $site = $this->getMockBuilder("MgSite")->getMock();
        $site->method("EnumerateGroups")->will($this->returnValue($br));
        $roleMethodMap = array(array("Author", new FakeStringCollection(array("Authors"))), array("Anonymous", new FakeStringCollection(array("Users"))));
        $site->method("EnumerateRoles")->will($this->returnValueMap($roleMethodMap));
        $conf1 = array("AllowUsers" => array("Administrator"), "AllowGroups" => array("Foo"), "AllowRoles" => array("Users"));
        $this->assertFalse(MgUtils::ValidateAcl("Author", $site, $conf1));
        $conf2 = array("AllowUsers" => array("Administrator"), "AllowGroups" => array("Foo"), "AllowRoles" => array("Users"));
        $this->assertTrue(MgUtils::ValidateAcl("Anonymous", $site, $conf2));
    }
Esempio n. 2
0
    public function testWhitelistAclGlobalInheritance()
    {
        $everyoneGroupXml = '<?xml version="1.0" encoding="UTF-8"?>
<GroupList xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="GroupList-1.0.0.xsd">
    <Group>
        <Name>Everyone</Name>
        <Description>Built-in group to include all users</Description>
    </Group>
</GroupList>';
        $everyoneGroupBr = TestUtils::mockByteReader($this, $everyoneGroupXml);
        $this->assertEquals("text/xml", $everyoneGroupBr->GetMimeType());
        $this->assertEquals($everyoneGroupXml, $everyoneGroupBr->ToString());
        $site = $this->getMockBuilder("MgSite")->getMock();
        $site->method("EnumerateGroups")->will($this->returnValue($everyoneGroupBr));
        $roleMethodMap = array(array("Author", new FakeStringCollection(array("Author"))), array("Anonymous", new FakeStringCollection(array("Users"))), array("Administrator", new FakeStringCollection(array("Administrator"))));
        $site->method("EnumerateRoles")->will($this->returnValueMap($roleMethodMap));
        //Everything not parcels is subject to the global rules
        //Any parcel action in the list with any representation is allowed if the calling user is part of any of the users/groups/roles specified
        $conf = array("Globals" => array("Actions" => array("SELECTFEATURES" => array("AllowRoles" => array("Author", "Administrator")))), "Library://Samples/Sheboygan/Data/Parcels.FeatureSource" => array("Actions" => array("SELECTFEATURES" => array("AllowUsers" => array("Author"), "AllowGroups" => array("Foo"), "AllowRoles" => array("Users"))), "Representations" => array("xml" => array("AllowUsers" => array("Administrator"), "AllowGroups" => array("Foo"), "AllowRoles" => array("Authors")), "json" => array("AllowUsers" => array("Author"), "AllowGroups" => array("Foo"), "AllowRoles" => array("Users")))));
        $mimeType = "text/xml";
        $resp = "json";
        $wl = new MgWhitelist($conf);
        //Anonymous can't use SELECTFEATURES globally
        $action = "SELECTFEATURES";
        $userName = "******";
        $bExpect = true;
        $bForbidden = false;
        $wl->VerifyGlobalWhitelist($mimeType, function ($msg, $mt) use(&$bForbidden) {
            $bForbidden = true;
        }, $action, $resp, $site, $userName);
        $this->assertEquals($bExpect, $bForbidden, "Expected (" . ($bExpect ? "true" : "false") . ") on ({$action}, {$resp}) for {$userName}. Got: " . ($bForbidden ? "true" : "false"));
        //Author can use GETRESSELECTFEATURESOURCE globally
        $action = "SELECTFEATURES";
        $userName = "******";
        $bExpect = false;
        $bForbidden = false;
        $wl->VerifyGlobalWhitelist($mimeType, function ($msg, $mt) use(&$bForbidden) {
            $bForbidden = true;
        }, $action, $resp, $site, $userName);
        $this->assertEquals($bExpect, $bForbidden, "Expected (" . ($bExpect ? "true" : "false") . ") on ({$action}, {$resp}) for {$userName}. Got: " . ($bForbidden ? "true" : "false"));
        //Administrator can use SELECTFEATURES globally
        $action = "SELECTFEATURES";
        $userName = "******";
        $bExpect = false;
        $bForbidden = false;
        $wl->VerifyGlobalWhitelist($mimeType, function ($msg, $mt) use(&$bForbidden) {
            $bForbidden = true;
        }, $action, $resp, $site, $userName);
        $this->assertEquals($bExpect, $bForbidden, "Expected (" . ($bExpect ? "true" : "false") . ") on ({$action}, {$resp}) for {$userName}. Got: " . ($bForbidden ? "true" : "false"));
        //Test on trees. As the configuration has no entry for this, it should default to global configuration
        $resIdStr = "Library://Samples/Sheboygan/Data/Trees.FeatureSource";
        //Anonymous can't use SELECTFEATURES on trees
        $action = "SELECTFEATURES";
        $userName = "******";
        $bExpect = true;
        $bForbidden = false;
        $wl->VerifyWhitelist($resIdStr, $mimeType, function ($msg, $mt) use(&$bForbidden) {
            $bForbidden = true;
        }, $action, $resp, $site, $userName);
        $this->assertEquals($bExpect, $bForbidden, "Expected (" . ($bExpect ? "true" : "false") . ") on ({$action}, {$resp}) for {$userName}. Got: " . ($bForbidden ? "true" : "false"));
        //Author can use SELECTFEATURES on trees
        $action = "SELECTFEATURES";
        $userName = "******";
        $bExpect = false;
        $bForbidden = false;
        $wl->VerifyWhitelist($resIdStr, $mimeType, function ($msg, $mt) use(&$bForbidden) {
            $bForbidden = true;
        }, $action, $resp, $site, $userName);
        $this->assertEquals($bExpect, $bForbidden, "Expected (" . ($bExpect ? "true" : "false") . ") on ({$action}, {$resp}) for {$userName}. Got: " . ($bForbidden ? "true" : "false"));
        //Administrator can use SELECTFEATURES on trees
        $action = "SELECTFEATURES";
        $userName = "******";
        $bExpect = false;
        $bForbidden = false;
        $wl->VerifyWhitelist($resIdStr, $mimeType, function ($msg, $mt) use(&$bForbidden) {
            $bForbidden = true;
        }, $action, $resp, $site, $userName);
        $this->assertEquals($bExpect, $bForbidden, "Expected (" . ($bExpect ? "true" : "false") . ") on ({$action}, {$resp}) for {$userName}. Got: " . ($bForbidden ? "true" : "false"));
        //Test on parcels
        $resIdStr = "Library://Samples/Sheboygan/Data/Parcels.FeatureSource";
        //Anonymous can use SELECTFEATURES on trees
        $action = "SELECTFEATURES";
        $userName = "******";
        $bExpect = false;
        $bForbidden = false;
        $wl->VerifyWhitelist($resIdStr, $mimeType, function ($msg, $mt) use(&$bForbidden) {
            $bForbidden = true;
        }, $action, $resp, $site, $userName);
        $this->assertEquals($bExpect, $bForbidden, "Expected (" . ($bExpect ? "true" : "false") . ") on ({$action}, {$resp}) for {$userName}. Got: " . ($bForbidden ? "true" : "false"));
        //Author can use SELECTFEATURES on trees
        $action = "SELECTFEATURES";
        $userName = "******";
        $bExpect = false;
        $bForbidden = false;
        $wl->VerifyWhitelist($resIdStr, $mimeType, function ($msg, $mt) use(&$bForbidden) {
            $bForbidden = true;
        }, $action, $resp, $site, $userName);
        $this->assertEquals($bExpect, $bForbidden, "Expected (" . ($bExpect ? "true" : "false") . ") on ({$action}, {$resp}) for {$userName}. Got: " . ($bForbidden ? "true" : "false"));
        //Administrator can't use SELECTFEATURES on trees
        $action = "SELECTFEATURES";
        $userName = "******";
        $bExpect = true;
        $bForbidden = false;
        $wl->VerifyWhitelist($resIdStr, $mimeType, function ($msg, $mt) use(&$bForbidden) {
            $bForbidden = true;
        }, $action, $resp, $site, $userName);
        $this->assertEquals($bExpect, $bForbidden, "Expected (" . ($bExpect ? "true" : "false") . ") on ({$action}, {$resp}) for {$userName}. Got: " . ($bForbidden ? "true" : "false"));
    }