/** * @expectedException \Doctrine\ORM\ORMInvalidArgumentException */ public function testShowMergeIsRequiredBetweenDifferentPersistenceCtxt() { print __METHOD__ . "\n"; // User $u = TestUtil::createSampleUser("Test", "Testing", "/c=test"); $regFLSupportRT = TestUtil::createSampleRoleType(RoleTypeName::REG_FIRST_LINE_SUPPORT); $this->em->persist($u); $this->em->persist($regFLSupportRT); $this->em->flush(); // If we create a new $this->em as below, we would need to merge detatched $u // and $regFLSupportRT entities back into this persistence context // before we can call a persist again (a persist on these entities // called either by a CASCADE or direct call)! $this->em = $this->createEntityManager(); // simply requires bootstrap_doctrine.php //$u = $this->em->merge($u); //$regFLSupportRT = $this->em->merge($regFLSupportRT); // Create new NGI $n = TestUtil::createSampleNGI("MYNGI"); $this->em->persist($n); $roleNgi = TestUtil::createSampleRole($u, $regFLSupportRT, $n, RoleStatus::GRANTED); $this->em->persist($roleNgi); // the flush below is what causes the expected exception $this->em->flush(); }
<?php /* * Include this file in your tests in order to persist a set of known fixuture data * for subsequent use in testing. * * The Fixture data consists of NGI, Sites, Services, User and Roles etc. * If you update this fixture data, make sure you update the tests that * include this file as the tests assume a known fixture data structure. * * See the corresponding fixtureDataERD.svg file for an ERD of this fixture data * * @author David Meredith */ $roleType1 = TestUtil::createSampleRoleType("NAME"); $roleType2 = TestUtil::createSampleRoleType("NAME2"); $this->em->persist($roleType1); $this->em->persist($roleType2); // Create a user $userWithRoles = TestUtil::createSampleUser("Test", "Testing", "/c=test"); $this->em->persist($userWithRoles); $userId = $userWithRoles->getId(); // Create an NGI, site and services $ngi = TestUtil::createSampleNGI("MYNGI"); $site1 = TestUtil::createSampleSite('site1'); $site2 = TestUtil::createSampleSite('site2'); $service1 = TestUtil::createSampleService('site1_service1'); $service2 = TestUtil::createSampleService('site1_service2'); $endpoint1 = TestUtil::createSampleEndpointLocation(); $downtime1 = TestUtil::createSampleDowntime(); $downtime2 = TestUtil::createSampleDowntime();
/** * Persist some seed data - roletypes, user, Project, NGI, sites and SEs and * assert that the user has the expected number of roles that grant specific * actions over the owned objects. For example, assert that the user has 'n' * number of roles that allow a particular site to be edited, or 'n' number * of roles that allow an NGI certification status change. */ public function testAuthorizeAction1() { print __METHOD__ . "\n"; // Create roletypes $siteAdminRT = TestUtil::createSampleRoleType(RoleTypeName::SITE_ADMIN); $ngiManRT = TestUtil::createSampleRoleType(RoleTypeName::NGI_OPS_MAN); $rodRT = TestUtil::createSampleRoleType(RoleTypeName::REG_STAFF_ROD); $codRT = TestUtil::createSampleRoleType(RoleTypeName::COD_ADMIN); $this->em->persist($siteAdminRT); // edit site1 (but not cert status) $this->em->persist($ngiManRT); // edit owned site1/site2 and cert status $this->em->persist($rodRT); // edit owned sites 1and2 (but not cert status) $this->em->persist($codRT); // edit all sites cert status only // Create a user $u = TestUtil::createSampleUser("Test", "Testing", "/c=test"); $this->em->persist($u); // Create a linked object graph // NGI->Site1->SE // |->Site2 $ngi = TestUtil::createSampleNGI("MYNGI"); $this->em->persist($ngi); $site1 = TestUtil::createSampleSite("SITENAME"); //$site1->setNgiDoJoin($ngi); $ngi->addSiteDoJoin($site1); $this->em->persist($site1); $se1 = TestUtil::createSampleService('somelabel'); $site1->addServiceDoJoin($se1); $this->em->persist($se1); $site2_userHasNoDirectRole = TestUtil::createSampleSite("SITENAME_2"); $ngi->addSiteDoJoin($site2_userHasNoDirectRole); //$site2_userHasNoDirectRole->setNgiDoJoin($ngi); $this->em->persist($site2_userHasNoDirectRole); // Create ngiManagerRole, ngiUserRole, siteAdminRole and link user and owned entities $ngiManagerRole = TestUtil::createSampleRole($u, $ngiManRT, $ngi, RoleStatus::GRANTED); $this->em->persist($ngiManagerRole); $rodUserRole = TestUtil::createSampleRole($u, $rodRT, $ngi, RoleStatus::GRANTED); $this->em->persist($rodUserRole); $siteAdminRole = TestUtil::createSampleRole($u, $siteAdminRT, $site1, RoleStatus::GRANTED); $this->em->persist($siteAdminRole); $this->em->flush(); // ********MUST******** start a new connection to test transactional // isolation of RoleService methods. $em = $this->createEntityManager(); $siteService = new org\gocdb\services\Site(); $siteService->setEntityManager($em); // Assert user can edit site using 3 enabling roles $enablingRoles = $siteService->authorizeAction(\Action::EDIT_OBJECT, $site1, $u); $this->assertEquals(3, count($enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::SITE_ADMIN, $enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::NGI_OPS_MAN, $enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::REG_STAFF_ROD, $enablingRoles)); // Assert user can only edit cert status through his NGI_OPS_MAN role $enablingRoles = $siteService->authorizeAction(\Action::SITE_EDIT_CERT_STATUS, $site1, $u); $this->assertEquals(1, count($enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::NGI_OPS_MAN, $enablingRoles)); // Add a new project and link ngi and give user COD_ADMIN Project role (use $this->em to isolate) // Project->NGI->Site1->SE // |->Site2 $proj = new Project('EGI project'); $proj->addNgi($ngi); //$ngi->addProject($proj); // not strictly needed $this->em->persist($proj); $codRole = TestUtil::createSampleRole($u, $codRT, $proj, RoleStatus::GRANTED); $this->em->persist($codRole); $this->em->flush(); // Assert user now has 2 roles that enable SITE_EDIT_CERT_STATUS change action $enablingRoles = $siteService->authorizeAction(\Action::SITE_EDIT_CERT_STATUS, $site1, $u); $this->assertEquals(2, count($enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::NGI_OPS_MAN, $enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::COD_ADMIN, $enablingRoles)); // Assert user can edit SE using SITE_ADMIN, NGI_OPS_MAN, REG_STAFF_ROD roles (but not COD role) $seService = new org\gocdb\services\ServiceService(); $seService->setEntityManager($em); $enablingRoles = $seService->authorizeAction(\Action::EDIT_OBJECT, $se1, $u); $this->assertEquals(3, count($enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::SITE_ADMIN, $enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::NGI_OPS_MAN, $enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::REG_STAFF_ROD, $enablingRoles)); // Assert User can only edit Site2 through his 2 indirect ngi roles // (user don't have any direct site level roles on this site and COD don't give edit perm) $enablingRoles = $siteService->authorizeAction(\Action::EDIT_OBJECT, $site2_userHasNoDirectRole, $u); $this->assertEquals(2, count($enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::NGI_OPS_MAN, $enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::REG_STAFF_ROD, $enablingRoles)); // Delete the user's Project COD role $this->em->remove($codRole); $this->em->flush(); // Assert user can only SITE_EDIT_CERT_STATUS through 1 role for both sites $enablingRoles = $siteService->authorizeAction(\Action::SITE_EDIT_CERT_STATUS, $site2_userHasNoDirectRole, $u); $this->assertEquals(1, count($enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::NGI_OPS_MAN, $enablingRoles)); $enablingRoles = $siteService->authorizeAction(\Action::SITE_EDIT_CERT_STATUS, $site1, $u); $this->assertEquals(1, count($enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::NGI_OPS_MAN, $enablingRoles)); // Delete the user's NGI manager role $this->em->remove($ngiManagerRole); $this->em->flush(); // Assert user can't edit site2 cert status $enablingRoles = $siteService->authorizeAction(\Action::SITE_EDIT_CERT_STATUS, $site2_userHasNoDirectRole, $u); $this->assertEquals(0, count($enablingRoles)); // Assert user can still edit site via his ROD role $enablingRoles = $siteService->authorizeAction(\Action::EDIT_OBJECT, $site2_userHasNoDirectRole, $u); $this->assertEquals(1, count($enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::REG_STAFF_ROD, $enablingRoles)); // Delete the user's NGI ROD role $this->em->remove($rodUserRole); $this->em->flush(); // User can't edit site2 $enablingRoles = $siteService->authorizeAction(\Action::EDIT_OBJECT, $site2_userHasNoDirectRole, $u); $this->assertEquals(0, count($enablingRoles)); // Assert user can still edit SITE1 through his direct site level role (this role has not been deleted) $enablingRoles = $siteService->authorizeAction(\Action::EDIT_OBJECT, $site1, $u); $this->assertEquals(1, count($enablingRoles)); $this->assertTrue(in_array(\RoleTypeName::SITE_ADMIN, $enablingRoles)); // Delete user's remaining Site role $this->em->remove($siteAdminRole); $this->em->flush(); // User can't edit site1 $enablingRoles = $siteService->authorizeAction(\Action::EDIT_OBJECT, $site1, $u); $this->assertEquals(0, count($enablingRoles)); }
public function testGetUserRoles() { print __METHOD__ . "\n"; // Create two roletypes $ngiRoleType = TestUtil::createSampleRoleType("RT1_NAME"); $siteRoleType = TestUtil::createSampleRoleType("RT2_NAME"); $this->em->persist($ngiRoleType); $this->em->persist($siteRoleType); // Create a user $u = TestUtil::createSampleUser("Test", "Testing", "/c=test"); $this->em->persist($u); // Create an NGI $ngi = TestUtil::createSampleNGI("MYNGI"); $this->em->persist($ngi); // Create a Role and link to the User, ngiRoleType and ngi $roleNgi = TestUtil::createSampleRole($u, $ngiRoleType, $ngi, RoleStatus::GRANTED); $this->em->persist($roleNgi); // Create a site $site1 = TestUtil::createSampleSite("SITENAME"); $this->em->persist($site1); // Create another role and link to the User, siteRoleType and site $roleSite = TestUtil::createSampleRole($u, $siteRoleType, $site1, RoleStatus::GRANTED); $this->em->persist($roleSite); // Create a second and third sites and add to the NGI, but DO NOT add direct // roles over those sites for the user. The user will still have role // over the sites because they have a role over the NGI ! $site2 = TestUtil::createSampleSite("SITENAME2"); $site3 = TestUtil::createSampleSite("SITENAME3"); $this->em->persist($site2); $this->em->persist($site3); $ngi->addSiteDoJoin($site2); $ngi->addSiteDoJoin($site3); $this->em->flush(); // ********MUST******** start a new connection to test transactional // isolation of RoleService methods. $em = $this->createEntityManager(); $roleService = new org\gocdb\services\Role(); $roleService->setEntityManager($em); // assert that user has expected roles $roles = $roleService->getUserRoles($u, RoleStatus::GRANTED); $this->assertEquals(2, sizeof($roles)); $this->assertTrue(count($roleService->getUserRoleNamesOverEntity($ngi, $u)) == 1); $this->assertTrue(count($roleService->getUserRoleNamesOverEntity($site1, $u)) == 1); $this->assertTrue(count($roleService->getUserRoleNamesOverEntity($site2, $u)) == 0); $this->assertTrue(count($roleService->getUserRoleNamesOverEntity($site3, $u)) == 0); // assert that the user has an expected site count with roles over those sites $mySites = $roleService->getReachableSitesFromOwnedObjectRoles($u); $this->assertEquals(3, sizeof($mySites)); // assert user don't have these pending/revoked roles $roles = $roleService->getUserRoles($u, RoleStatus::PENDING); $this->assertEmpty($roles); }
/** * Ensure no duplicate role types are inserted * @expectedException \Doctrine\DBAL\DBALException */ public function testDuplicateRoleTypes() { print __METHOD__ . "\n"; // Should throw an expected exception because the role type Name value // must be unique $rt1 = TestUtil::createSampleRoleType("RoleName"); $rt2 = TestUtil::createSampleRoleType("RoleName"); $this->em->persist($rt1); $this->em->persist($rt2); $this->em->flush(); }