Unit tests

tests/unit/framework/rbac/ManagerTestBase.php

@@ -0,0 +1,248 @@
+<?php
+
+namespace yiiunit\framework\rbac;
+
+use yii\rbac\Assignment;
+use yii\rbac\Item;
+use yiiunit\TestCase;
+
+abstract class ManagerTestBase extends TestCase
+{
+	/** @var \yii\rbac\PhpManager|\yii\rbac\DbManager */
+	protected $auth;
+
+	public function testCreateItem()
+	{
+		$type = Item::TYPE_TASK;
+		$name = 'editUser';
+		$description = 'edit a user';
+		$bizRule = 'checkUserIdentity()';
+		$data = array(1, 2, 3);
+		$item = $this->auth->createItem($name, $type, $description, $bizRule, $data);
+		$this->assertTrue($item instanceof Item);
+		$this->assertEquals($item->type, $type);
+		$this->assertEquals($item->name, $name);
+		$this->assertEquals($item->description, $description);
+		$this->assertEquals($item->bizRule, $bizRule);
+		$this->assertEquals($item->data, $data);
+
+		// test shortcut
+		$name2 = 'createUser';
+		$item2 = $this->auth->createRole($name2, $description, $bizRule, $data);
+		$this->assertEquals($item2->type, Item::TYPE_ROLE);
+
+		// test adding an item with the same name
+		$this->setExpectedException('Exception');
+		$this->auth->createItem($name, $type, $description, $bizRule, $data);
+	}
+
+	public function testGetItem()
+	{
+		$this->assertTrue($this->auth->getItem('readPost') instanceof Item);
+		$this->assertTrue($this->auth->getItem('reader') instanceof Item);
+		$this->assertNull($this->auth->getItem('unknown'));
+	}
+
+	public function testRemoveAuthItem()
+	{
+		$this->assertTrue($this->auth->getItem('updatePost') instanceof Item);
+		$this->assertTrue($this->auth->removeItem('updatePost'));
+		$this->assertNull($this->auth->getItem('updatePost'));
+		$this->assertFalse($this->auth->removeItem('updatePost'));
+	}
+
+	public function testChangeItemName()
+	{
+		$item = $this->auth->getItem('readPost');
+		$this->assertTrue($item instanceof Item);
+		$this->assertTrue($this->auth->hasItemChild('reader', 'readPost'));
+		$item->name = 'readPost2';
+		$this->assertNull($this->auth->getItem('readPost'));
+		$this->assertEquals($this->auth->getItem('readPost2'), $item);
+		$this->assertFalse($this->auth->hasItemChild('reader', 'readPost'));
+		$this->assertTrue($this->auth->hasItemChild('reader', 'readPost2'));
+	}
+
+	public function testAddItemChild()
+	{
+		$this->auth->addItemChild('createPost', 'updatePost');
+
+		// test adding upper level item to lower one
+		$this->setExpectedException('Exception');
+		$this->auth->addItemChild('readPost', 'reader');
+	}
+
+	public function testAddItemChild2()
+	{
+		// test adding inexistent items
+		$this->setExpectedException('Exception');
+		$this->assertFalse($this->auth->addItemChild('createPost2', 'updatePost'));
+	}
+
+	public function testRemoveItemChild()
+	{
+		$this->assertTrue($this->auth->hasItemChild('reader', 'readPost'));
+		$this->assertTrue($this->auth->removeItemChild('reader', 'readPost'));
+		$this->assertFalse($this->auth->hasItemChild('reader', 'readPost'));
+		$this->assertFalse($this->auth->removeItemChild('reader', 'readPost'));
+	}
+
+	public function testGetItemChildren()
+	{
+		$this->assertEquals(array(), $this->auth->getItemChildren('readPost'));
+		$children = $this->auth->getItemChildren('author');
+		$this->assertEquals(3, count($children));
+		$this->assertTrue(reset($children) instanceof Item);
+	}
+
+	public function testAssign()
+	{
+		$auth = $this->auth->assign('new user', 'createPost', 'rule', 'data');
+		$this->assertTrue($auth instanceof Assignment);
+		$this->assertEquals($auth->userId, 'new user');
+		$this->assertEquals($auth->itemName, 'createPost');
+		$this->assertEquals($auth->bizRule, 'rule');
+		$this->assertEquals($auth->data, 'data');
+
+		$this->setExpectedException('Exception');
+		$this->auth->assign('new user', 'createPost2', 'rule', 'data');
+	}
+
+	public function testRevoke()
+	{
+		$this->assertTrue($this->auth->isAssigned('author B', 'author'));
+		$auth = $this->auth->getAssignment('author B', 'author');
+		$this->assertTrue($auth instanceof Assignment);
+		$this->assertTrue($this->auth->revoke('author B', 'author'));
+		$this->assertFalse($this->auth->isAssigned('author B', 'author'));
+		$this->assertFalse($this->auth->revoke('author B', 'author'));
+	}
+
+	public function testGetAssignments()
+	{
+		$this->auth->assign('author B', 'deletePost');
+		$auths = $this->auth->getAssignments('author B');
+		$this->assertEquals(2, count($auths));
+		$this->assertTrue(reset($auths) instanceof Assignment);
+	}
+
+	public function testGetItems()
+	{
+		$this->assertEquals(count($this->auth->getRoles()), 4);
+		$this->assertEquals(count($this->auth->getOperations()), 4);
+		$this->assertEquals(count($this->auth->getTasks()), 1);
+		$this->assertEquals(count($this->auth->getItems()), 9);
+
+		$this->assertEquals(count($this->auth->getItems('author B', null)), 1);
+		$this->assertEquals(count($this->auth->getItems('author C', null)), 0);
+		$this->assertEquals(count($this->auth->getItems('author B', Item::TYPE_ROLE)), 1);
+		$this->assertEquals(count($this->auth->getItems('author B', Item::TYPE_OPERATION)), 0);
+	}
+
+	public function testClearAll()
+	{
+		$this->auth->clearAll();
+		$this->assertEquals(count($this->auth->getRoles()), 0);
+		$this->assertEquals(count($this->auth->getOperations()), 0);
+		$this->assertEquals(count($this->auth->getTasks()), 0);
+		$this->assertEquals(count($this->auth->getItems()), 0);
+		$this->assertEquals(count($this->auth->getAssignments('author B')), 0);
+	}
+
+	public function testClearAssignments()
+	{
+		$this->auth->clearAssignments();
+		$this->assertEquals(count($this->auth->getAssignments('author B')), 0);
+	}
+
+	public function testDetectLoop()
+	{
+		$this->setExpectedException('Exception');
+		$this->auth->addItemChild('readPost', 'readPost');
+	}
+
+	public function testExecuteBizRule()
+	{
+		$this->assertTrue($this->auth->executeBizRule(null, array(), null));
+		$this->assertTrue($this->auth->executeBizRule('return 1==true;', array(), null));
+		$this->assertTrue($this->auth->executeBizRule('return $params[0]==$params[1];', array(1, '1'), null));
+		$this->assertFalse($this->auth->executeBizRule('invalid', array(), null));
+	}
+
+	public function testCheckAccess()
+	{
+		$results = array(
+			'reader A' => array(
+				'createPost' => false,
+				'readPost' => true,
+				'updatePost' => false,
+				'updateOwnPost' => false,
+				'deletePost' => false,
+			),
+			'author B' => array(
+				'createPost' => true,
+				'readPost' => true,
+				'updatePost' => true,
+				'updateOwnPost' => true,
+				'deletePost' => false,
+			),
+			'editor C' => array(
+				'createPost' => false,
+				'readPost' => true,
+				'updatePost' => true,
+				'updateOwnPost' => false,
+				'deletePost' => false,
+			),
+			'admin D' => array(
+				'createPost' => true,
+				'readPost' => true,
+				'updatePost' => true,
+				'updateOwnPost' => false,
+				'deletePost' => true,
+			),
+		);
+
+		$params = array('authorID' => 'author B');
+
+		foreach (array('reader A', 'author B', 'editor C', 'admin D') as $user) {
+			$params['userID'] = $user;
+			foreach (array('createPost', 'readPost', 'updatePost', 'updateOwnPost', 'deletePost') as $operation) {
+				$result = $this->auth->checkAccess($user, $operation, $params);
+				$this->assertEquals($results[$user][$operation], $result);
+			}
+		}
+	}
+
+	protected function prepareData()
+	{
+		$this->auth->createOperation('createPost', 'create a post');
+		$this->auth->createOperation('readPost', 'read a post');
+		$this->auth->createOperation('updatePost', 'update a post');
+		$this->auth->createOperation('deletePost', 'delete a post');
+
+		$task = $this->auth->createTask('updateOwnPost', 'update a post by author himself', 'return $params["authorID"]==$params["userID"];');
+		$task->addChild('updatePost');
+
+		$role = $this->auth->createRole('reader');
+		$role->addChild('readPost');
+
+		$role = $this->auth->createRole('author');
+		$role->addChild('reader');
+		$role->addChild('createPost');
+		$role->addChild('updateOwnPost');
+
+		$role = $this->auth->createRole('editor');
+		$role->addChild('reader');
+		$role->addChild('updatePost');
+
+		$role = $this->auth->createRole('admin');
+		$role->addChild('editor');
+		$role->addChild('author');
+		$role->addChild('deletePost');
+
+		$this->auth->assign('reader A', 'reader');
+		$this->auth->assign('author B', 'author');
+		$this->auth->assign('editor C', 'editor');
+		$this->auth->assign('admin D', 'admin');
+	}
+}

tests/unit/framework/rbac/PhpManagerTest.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace yiiunit\framework\rbac;
+
+use yii\rbac\PhpManager;
+
+require_once(__DIR__ . '/ManagerTestBase.php');
+
+class PhpManagerTest extends ManagerTestBase
+{
+	public function setUp()
+	{
+		$authFile = \Yii::$app->getRuntimePath() . '/rbac.php';
+		@unlink($authFile);
+		$this->auth = new PhpManager;
+		$this->auth->authFile = $authFile;
+		$this->auth->init();
+		$this->prepareData();
+	}
+
+	public function tearDown()
+	{
+		@unlink($this->auth->authFile);
+	}
+
+	public function testSaveLoad()
+	{
+		$this->auth->save();
+		$this->auth->clearAll();
+		$this->auth->load();
+		$this->testCheckAccess();
+	}
+}