/** * @expectedException \Doctrine\ORM\ORMInvalidArgumentException */ public function testShowMergeIsRequiredBetweenDifferentPersistenceCtxt() { print __METHOD__ . "\n"; // User $u = TestUtil::createSampleUser("Test", "Testing", "/c=test"); $regFLSupportRT = TestUtil::createSampleRoleType(RoleTypeName::REG_FIRST_LINE_SUPPORT); $this->em->persist($u); $this->em->persist($regFLSupportRT); $this->em->flush(); // If we create a new $this->em as below, we would need to merge detatched $u // and $regFLSupportRT entities back into this persistence context // before we can call a persist again (a persist on these entities // called either by a CASCADE or direct call)! $this->em = $this->createEntityManager(); // simply requires bootstrap_doctrine.php //$u = $this->em->merge($u); //$regFLSupportRT = $this->em->merge($regFLSupportRT); // Create new NGI $n = TestUtil::createSampleNGI("MYNGI"); $this->em->persist($n); $roleNgi = TestUtil::createSampleRole($u, $regFLSupportRT, $n, RoleStatus::GRANTED); $this->em->persist($roleNgi); // the flush below is what causes the expected exception $this->em->flush(); }
$this->em->persist($service2); $this->em->persist($certStatusLog1); $this->em->persist($certStatusLog2); $this->em->persist($endpoint1); $this->em->persist($downtime1); $this->em->persist($downtime2); // Create some roles and link to the user, role type and ngi // roles on ngi $ngiRole1 = TestUtil::createSampleRole($userWithRoles, $roleType1, $ngi, RoleStatus::GRANTED); $ngiRole2 = TestUtil::createSampleRole($userWithRoles, $roleType2, $ngi, RoleStatus::GRANTED); // roles on site1 $site1Role1 = TestUtil::createSampleRole($userWithRoles, $roleType1, $site1, RoleStatus::GRANTED); $site1Role2 = TestUtil::createSampleRole($userWithRoles, $roleType2, $site1, RoleStatus::GRANTED); // roles on site2 $site2Role1 = TestUtil::createSampleRole($userWithRoles, $roleType1, $site2, RoleStatus::GRANTED); $site2Role2 = TestUtil::createSampleRole($userWithRoles, $roleType2, $site2, RoleStatus::GRANTED); $this->em->persist($ngiRole1); $this->em->persist($ngiRole2); $this->em->persist($site1Role1); $this->em->persist($site1Role2); $this->em->persist($site2Role1); $this->em->persist($site2Role2); $this->em->flush(); // Assert fixture data is setup correctly in the DB. $testConn = $this->getConnection(); $result = $testConn->createQueryTable('results_table', "SELECT * FROM Users"); $this->assertTrue($result->getRowCount() == 1); $result = $testConn->createQueryTable('results_table', "SELECT * FROM Roles"); $this->assertTrue($result->getRowCount() == 6); $result = $testConn->createQueryTable('results_table', "SELECT * FROM NGIs"); $this->assertTrue($result->getRowCount() == 1);
/** * Persist some seed data - roletypes, user, Project, NGI, sites and SEs and * assert that the user has the expected number of roles that grant specific * actions over the owned objects. For example, assert that the user has 'n' * number of roles that allow a particular site to be edited, or 'n' number * of roles that allow an NGI certification status change. */ public function testAuthorizeAction1() { print __METHOD__ . "\n"; // Create roletypes $siteAdminRT = TestUtil::createSampleRoleType(RoleTypeName::SITE_ADMIN); $ngiManRT = TestUtil::createSampleRoleType(RoleTypeName::NGI_OPS_MAN); $rodRT = TestUtil::createSampleRoleType(RoleTypeName::REG_STAFF_ROD); $codRT = TestUtil::createSampleRoleType(RoleTypeName::COD_ADMIN); $this->em->persist($siteAdminRT); // edit site1 (but not cert status) $this->em->persist($ngiManRT); // edit owned site1/site2 and cert status $this->em->persist($rodRT); // edit owned sites 1and2 (but not cert status) $this->em->persist($codRT); // edit all sites cert status only // Create a user $u = TestUtil::createSampleUser("Test", "Testing", "/c=test"); $this->em->persist($u); // Create a linked object graph // NGI->Site1->SE // |->Site2 $ngi = TestUtil::createSampleNGI("MYNGI"); $this->em->persist($ngi); $site1 = TestUtil::createSampleSite("SITENAME"); //$site1->setNgiDoJoin($ngi); $ngi->addSiteDoJoin($site1); $this->em->persist($site1); $se1 = TestUtil::createSampleService('somelabel'); $site1->addServiceDoJoin($se1); $this->em->persist($se1); $site2_userHasNoDirectRole = TestUtil::createSampleSite("SITENAME_2"); $ngi->addSiteDoJoin($site2_userHasNoDirectRole); //$site2_userHasNoDirectRole->setNgiDoJoin($ngi); $this->em->persist($site2_userHasNoDirectRole); // Create ngiManagerRole, ngiUserRole, siteAdminRole and link user and owned entities $ngiManagerRole = TestUtil::createSampleRole($u, $ngiManRT, $ngi, RoleStatus::GRANTED); $this->em->persist($ngiManagerRole); $rodUserRole = TestUtil::createSampleRole($u, $rodRT, $ngi, RoleStatus::GRANTED); $this->em->persist($rodUserRole); $siteAdminRole = TestUtil::createSampleRole($u, $siteAdminRT, $site1, RoleStatus::GRANTED); $this->em->persist($siteAdminRole); $this->em->flush(); // ********MUST******** start a new connection to test transactional // isolation of RoleService methods. $em = $this->createEntityManager(); $siteService = new org\gocdb\services\Site(); $siteService->setEntityManager($em); // Assert user can edit site using 3 enabling roles $enablingRoles = $siteService->authorizeAction(\Action::EDIT_OBJECT, $site1, $u); $this->assertEquals(3, count($enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::SITE_ADMIN, $enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::NGI_OPS_MAN, $enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::REG_STAFF_ROD, $enablingRoles)); // Assert user can only edit cert status through his NGI_OPS_MAN role $enablingRoles = $siteService->authorizeAction(\Action::SITE_EDIT_CERT_STATUS, $site1, $u); $this->assertEquals(1, count($enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::NGI_OPS_MAN, $enablingRoles)); // Add a new project and link ngi and give user COD_ADMIN Project role (use $this->em to isolate) // Project->NGI->Site1->SE // |->Site2 $proj = new Project('EGI project'); $proj->addNgi($ngi); //$ngi->addProject($proj); // not strictly needed $this->em->persist($proj); $codRole = TestUtil::createSampleRole($u, $codRT, $proj, RoleStatus::GRANTED); $this->em->persist($codRole); $this->em->flush(); // Assert user now has 2 roles that enable SITE_EDIT_CERT_STATUS change action $enablingRoles = $siteService->authorizeAction(\Action::SITE_EDIT_CERT_STATUS, $site1, $u); $this->assertEquals(2, count($enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::NGI_OPS_MAN, $enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::COD_ADMIN, $enablingRoles)); // Assert user can edit SE using SITE_ADMIN, NGI_OPS_MAN, REG_STAFF_ROD roles (but not COD role) $seService = new org\gocdb\services\ServiceService(); $seService->setEntityManager($em); $enablingRoles = $seService->authorizeAction(\Action::EDIT_OBJECT, $se1, $u); $this->assertEquals(3, count($enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::SITE_ADMIN, $enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::NGI_OPS_MAN, $enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::REG_STAFF_ROD, $enablingRoles)); // Assert User can only edit Site2 through his 2 indirect ngi roles // (user don't have any direct site level roles on this site and COD don't give edit perm) $enablingRoles = $siteService->authorizeAction(\Action::EDIT_OBJECT, $site2_userHasNoDirectRole, $u); $this->assertEquals(2, count($enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::NGI_OPS_MAN, $enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::REG_STAFF_ROD, $enablingRoles)); // Delete the user's Project COD role $this->em->remove($codRole); $this->em->flush(); // Assert user can only SITE_EDIT_CERT_STATUS through 1 role for both sites $enablingRoles = $siteService->authorizeAction(\Action::SITE_EDIT_CERT_STATUS, $site2_userHasNoDirectRole, $u); $this->assertEquals(1, count($enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::NGI_OPS_MAN, $enablingRoles)); $enablingRoles = $siteService->authorizeAction(\Action::SITE_EDIT_CERT_STATUS, $site1, $u); $this->assertEquals(1, count($enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::NGI_OPS_MAN, $enablingRoles)); // Delete the user's NGI manager role $this->em->remove($ngiManagerRole); $this->em->flush(); // Assert user can't edit site2 cert status $enablingRoles = $siteService->authorizeAction(\Action::SITE_EDIT_CERT_STATUS, $site2_userHasNoDirectRole, $u); $this->assertEquals(0, count($enablingRoles)); // Assert user can still edit site via his ROD role $enablingRoles = $siteService->authorizeAction(\Action::EDIT_OBJECT, $site2_userHasNoDirectRole, $u); $this->assertEquals(1, count($enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::REG_STAFF_ROD, $enablingRoles)); // Delete the user's NGI ROD role $this->em->remove($rodUserRole); $this->em->flush(); // User can't edit site2 $enablingRoles = $siteService->authorizeAction(\Action::EDIT_OBJECT, $site2_userHasNoDirectRole, $u); $this->assertEquals(0, count($enablingRoles)); // Assert user can still edit SITE1 through his direct site level role (this role has not been deleted) $enablingRoles = $siteService->authorizeAction(\Action::EDIT_OBJECT, $site1, $u); $this->assertEquals(1, count($enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::SITE_ADMIN, $enablingRoles)); // Delete user's remaining Site role $this->em->remove($siteAdminRole); $this->em->flush(); // User can't edit site1 $enablingRoles = $siteService->authorizeAction(\Action::EDIT_OBJECT, $site1, $u); $this->assertEquals(0, count($enablingRoles)); }
public function testGetUserRoles() { print __METHOD__ . "\n"; // Create two roletypes $ngiRoleType = TestUtil::createSampleRoleType("RT1_NAME"); $siteRoleType = TestUtil::createSampleRoleType("RT2_NAME"); $this->em->persist($ngiRoleType); $this->em->persist($siteRoleType); // Create a user $u = TestUtil::createSampleUser("Test", "Testing", "/c=test"); $this->em->persist($u); // Create an NGI $ngi = TestUtil::createSampleNGI("MYNGI"); $this->em->persist($ngi); // Create a Role and link to the User, ngiRoleType and ngi $roleNgi = TestUtil::createSampleRole($u, $ngiRoleType, $ngi, RoleStatus::GRANTED); $this->em->persist($roleNgi); // Create a site $site1 = TestUtil::createSampleSite("SITENAME"); $this->em->persist($site1); // Create another role and link to the User, siteRoleType and site $roleSite = TestUtil::createSampleRole($u, $siteRoleType, $site1, RoleStatus::GRANTED); $this->em->persist($roleSite); // Create a second and third sites and add to the NGI, but DO NOT add direct // roles over those sites for the user. The user will still have role // over the sites because they have a role over the NGI ! $site2 = TestUtil::createSampleSite("SITENAME2"); $site3 = TestUtil::createSampleSite("SITENAME3"); $this->em->persist($site2); $this->em->persist($site3); $ngi->addSiteDoJoin($site2); $ngi->addSiteDoJoin($site3); $this->em->flush(); // ********MUST******** start a new connection to test transactional // isolation of RoleService methods. $em = $this->createEntityManager(); $roleService = new org\gocdb\services\Role(); $roleService->setEntityManager($em); // assert that user has expected roles $roles = $roleService->getUserRoles($u, RoleStatus::GRANTED); $this->assertEquals(2, sizeof($roles)); $this->assertTrue(count($roleService->getUserRoleNamesOverEntity($ngi, $u)) == 1); $this->assertTrue(count($roleService->getUserRoleNamesOverEntity($site1, $u)) == 1); $this->assertTrue(count($roleService->getUserRoleNamesOverEntity($site2, $u)) == 0); $this->assertTrue(count($roleService->getUserRoleNamesOverEntity($site3, $u)) == 0); // assert that the user has an expected site count with roles over those sites $mySites = $roleService->getReachableSitesFromOwnedObjectRoles($u); $this->assertEquals(3, sizeof($mySites)); // assert user don't have these pending/revoked roles $roles = $roleService->getUserRoles($u, RoleStatus::PENDING); $this->assertEmpty($roles); }
/** * Test Role's discriminator column * Add a role type, user, NGI and a role linking * them all together. Assert that $newRole->getOwnedEntity() * returns an instance of NGI. * @expectedException \Doctrine\DBAL\DBALException */ public function testRoleTypeIntegrityConstraint() { print __METHOD__ . "\n"; // Create a roletype $rt = TestUtil::createSampleRoleType("NAME"); $this->em->persist($rt); // Create a user $u = TestUtil::createSampleUser("Test", "Testing", "/c=test"); $this->em->persist($u); // Create an NGI $n = TestUtil::createSampleNGI("MYNGI"); $this->em->persist($n); // Create a role and link to the user, role type and ngi $r = TestUtil::createSampleRole($u, $rt, $n, RoleStatus::GRANTED); $this->em->persist($r); $this->em->flush(); // try to delete the role type before deleting // the dependant role $this->em->remove($rt); $this->em->flush(); }