function test_creategroup()
{
$user = User::create( array( 'username' => 'testcaseuser', 'email' => '*****@*****.**', 'password' => 'test') );
$this->assert_true(
$user instanceof User,
'Could not create test user.'
);
$group = UserGroup::create( array( 'name' => 'new test group' ) );
$this->assert_true(
$group instanceof UserGroup,
'Could not create a new group named "new test group".'
);
ACL::create_token( 'test permission', 'A permission for test cases', 'Administration' );
ACL::create_token( 'test deny permission', 'A permission for test cases', 'Administration' );
$this->assert_true(
ACL::token_exists('test permission'),
'The test permission was not created.'
);
$this->assert_true(
ACL::token_exists(' test PeRmission '),
'Permission names are not normalized.'
);
$group->add( 'testcaseuser' );
$group->grant( 'test permission' );
$group->deny( 'test deny permisSion' );
$group->update();
$newgroup = UserGroup::get( 'new test group' );
$this->assert_true(
in_array( $user->id, $newgroup->members ),
'The created user is not a member of the new group.'
);
$this->assert_true(
in_array( ACL::token_id( 'test permission' ), array_keys( $newgroup->permissions ) ),
'The group does not have the new permission.'
);
$this->assert_true(
ACL::group_can( 'new test group', 'test permission' ),
'The group does not have the new permission.'
);
$this->assert_false(
ACL::group_can( 'new test group', 'test deny permission' ),
'The group has a denied permission.'
);
$this->assert_true(
$user->can( 'test permission' ),
'The user does not have a permission his group has been granted.'
);
}
public function test_group_permissions()
{
ACL::create_token( 'acltest', 'A test ACL permission', 'Administration' );
$this->assert_true(
ACL::token_exists( 'acltest' ),
'Could not create acltest permission.'
);
$this->assert_true(
ACL::token_exists( 'acLtEst ' ),
'Permission names are not normalized.'
);
$token_id = ACL::token_id( 'acltest' );
ACL::grant_group( $this->acl_group->id, $token_id, 'full' );
$this->assert_true(
$this->acl_group->can( 'acltest', 'full' ),
'Could not grant acltest permission to acltest-group.'
);
ACL::revoke_group_token( $this->acl_group->id, $token_id );
$this->assert_false(
ACL::group_can( $this->acl_group->id, $token_id, 'full' ),
'Could not revoke acltest permission from acltest-group.'
);
// check alternate means of granting a permission
$this->acl_group->grant( 'acltest', 'full' );
$this->assert_true(
$this->acl_group->can( 'acltest', 'full' ),
'Could not grant acltest permission to acltest-group through UserGroup call.'
);
// full > read/edit
$this->assert_true(
$this->acl_group->can( 'acltest', 'read' ),
"Group with 'full' acltest permission cannot 'read'."
);
$this->assert_true(
$this->acl_group->can( 'acltest', 'edit' ),
"Group with 'full' acltest permission cannot 'edit'."
);
$this->assert_true(
$this->acl_group->can( 'acltest', 'full' ),
"Group with 'full' acltest permission cannot 'full'."
);
$this->assert_exception( 'InvalidArgumentException', "'write' is an invalid token flag." );
$this->acl_group->can( 'acltest', 'write' );
ACL::destroy_token( 'acltest' );
}
public function test_group_permissions()
{
$this->markTestSkipped('Test does not match class code; needs updating');
ACL::create_permission('acltest', 'A test ACL permission');
$this->assertTrue(ACL::token_exists('acltest'), 'Could not create acltest permission.');
$token_id = ACL::token_id('acltest');
ACL::grant_group($this->acl_group->id, $token_id, 'full');
$this->assertTrue($this->acl_group->can('acltest', 'full'), 'Could not grant acltest permission to acltest-group.');
ACL::revoke_group_permission($this->acl_group->id, $token_id);
$this->assert_false(ACL::group_can($this->acl_group->id, $token_id, 'full'), 'Could not revoke acltest permission from acltest-group.');
// check alternate means of granting a permission
$this->acl_group->grant('acltest', 'full');
$this->assertTrue($this->acl_group->can('acltest', 'full'), 'Could not grant acltest permission to acltest-group through UserGroup call.');
// full > read/write
$this->assertTrue($this->acl_group->can('acltest', 'read'), "Group with 'full' acltest permission cannot 'read'.");
$this->assertTrue($this->acl_group->can('acltest', 'write'), "Group with 'full' acltest permission cannot 'write'.");
}
/**
* Return the access bitmask for a specific token for this group.
*
* @param string $token The
* @return
*/
public function get_access( $token )
{
$token = ACL::token_id( $token );
$this->load_permissions_cache();
if ( isset( $this->permissions[$token] ) ) {
return ACL::get_bitmask( $this->permissions[$token] );
}
return false;
}
public function test_revoke()
{
self::setup_acl();
$group = UserGroup::get("new test group");
$this->assert_true(in_array(ACL::token_id('test permission'), array_keys($group->permissions)), 'The group does not have the new permission.');
$group->revoke(ACL::token_id('test permission'));
// @TODO: test by name
$group = UserGroup::get("new test group");
$this->assert_false(in_array(ACL::token_id('test permission'), array_keys($group->permissions)), 'The group still has the revoked permission.');
self::teardown_acl();
}
/**
* Create a new permission token, and save it to the permission tokens table
* @param string $name The name of the permission
* @param string $description The description of the permission
* @param string $group The token group for organizational purposes
* @param bool $crud Indicates if the token is a CRUD or boolean type token (default is boolean)
* @return mixed the ID of the newly created permission, or boolean false
*/
public static function create_token($name, $description, $group, $crud = false)
{
$name = self::normalize_token($name);
$crud = $crud ? 1 : 0;
// first, make sure this isn't a duplicate
if (ACL::token_exists($name)) {
return false;
}
$allow = true;
// Plugins have the opportunity to prevent adding this token
$allow = Plugins::filter('token_create_allow', $allow, $name, $description, $group, $crud);
if (!$allow) {
return false;
}
Plugins::act('token_create_before', $name, $description, $group, $crud);
$result = DB::query('INSERT INTO {tokens} (name, description, token_group, token_type) VALUES (?, ?, ?, ?)', array($name, $description, $group, $crud));
if (!$result) {
// if it didn't work, don't bother trying to log it
return false;
}
self::clear_caches();
// Add the token to the admin group
$token = ACL::token_id($name);
$admin = UserGroup::get('admin');
if ($admin) {
ACL::grant_group($admin->id, $token, 'full');
}
EventLog::log('New permission token created: ' . $name, 'info', 'default', 'habari');
Plugins::act('permission_create_after', $name, $description, $group, $crud);
return $result;
}
/**
* Gets a set of groups based on their access to a certain token
* @param string $token The token to check for
* @param string $access The access level for that token, defaults to 'full'
* @return UserGroups
*/
public static function get_by_token($token, $access = 'full')
{
$token_id = ACL::token_id($token);
$sql = 'SELECT * FROM {groups}
INNER JOIN {group_token_permissions} on ({groups}.id = {group_token_permissions}.group_id)
AND {group_token_permissions}.token_id = :token_id';
$results = DB::get_results($sql, array(':token_id' => $token_id), 'UserGroup');
foreach ($results as $i => $group) {
if (!$group->can($token)) {
unset($groups[$i]);
}
}
$c = __CLASS__;
$return_value = new $c($results);
return $return_value;
}
