2017-02-27 23:04:13 -05:00
< ? php
2017-11-16 20:23:18 -05:00
/** @ license MIT
* Copyright 2017 J . King , Dustin Wilson et al .
* See LICENSE and AUTHORS files for details */
2017-02-27 23:04:13 -05:00
declare ( strict_types = 1 );
2017-12-22 11:41:54 -05:00
namespace JKingWeb\Arsse\TestCase\User ;
2017-08-29 10:50:31 -04:00
2017-12-22 11:41:54 -05:00
use JKingWeb\Arsse\Arsse ;
use JKingWeb\Arsse\Conf ;
use JKingWeb\Arsse\User ;
use JKingWeb\Arsse\User\Driver ;
2017-05-11 18:00:35 -04:00
use Phake ;
2017-02-27 23:04:13 -05:00
2017-07-20 18:36:03 -04:00
/** @covers \JKingWeb\Arsse\User */
2017-12-22 11:41:54 -05:00
class TestAuthorization extends \JKingWeb\Arsse\Test\AbstractTest {
2017-04-06 21:41:21 -04:00
const USERS = [
2017-12-22 11:41:54 -05:00
'user@example.com' => Driver :: RIGHTS_NONE ,
'user@example.org' => Driver :: RIGHTS_NONE ,
'dman@example.com' => Driver :: RIGHTS_DOMAIN_MANAGER ,
'dman@example.org' => Driver :: RIGHTS_DOMAIN_MANAGER ,
'dadm@example.com' => Driver :: RIGHTS_DOMAIN_ADMIN ,
'dadm@example.org' => Driver :: RIGHTS_DOMAIN_ADMIN ,
'gman@example.com' => Driver :: RIGHTS_GLOBAL_MANAGER ,
'gman@example.org' => Driver :: RIGHTS_GLOBAL_MANAGER ,
'gadm@example.com' => Driver :: RIGHTS_GLOBAL_ADMIN ,
'gadm@example.org' => Driver :: RIGHTS_GLOBAL_ADMIN ,
2017-04-06 21:41:21 -04:00
// invalid rights levels
2017-12-22 11:41:54 -05:00
'bad1@example.com' => Driver :: RIGHTS_NONE + 1 ,
'bad1@example.org' => Driver :: RIGHTS_NONE + 1 ,
'bad2@example.com' => Driver :: RIGHTS_DOMAIN_MANAGER + 1 ,
'bad2@example.org' => Driver :: RIGHTS_DOMAIN_MANAGER + 1 ,
'bad3@example.com' => Driver :: RIGHTS_DOMAIN_ADMIN + 1 ,
'bad3@example.org' => Driver :: RIGHTS_DOMAIN_ADMIN + 1 ,
'bad4@example.com' => Driver :: RIGHTS_GLOBAL_MANAGER + 1 ,
'bad4@example.org' => Driver :: RIGHTS_GLOBAL_MANAGER + 1 ,
'bad5@example.com' => Driver :: RIGHTS_GLOBAL_ADMIN + 1 ,
'bad5@example.org' => Driver :: RIGHTS_GLOBAL_ADMIN + 1 ,
2017-02-27 23:04:13 -05:00
2017-04-06 21:41:21 -04:00
];
const LEVELS = [
2017-12-22 11:41:54 -05:00
Driver :: RIGHTS_NONE ,
Driver :: RIGHTS_DOMAIN_MANAGER ,
Driver :: RIGHTS_DOMAIN_ADMIN ,
Driver :: RIGHTS_GLOBAL_MANAGER ,
Driver :: RIGHTS_GLOBAL_ADMIN ,
2017-04-06 21:41:21 -04:00
];
const DOMAINS = [
'@example.com' ,
'@example.org' ,
" " ,
];
protected $data ;
2017-02-27 23:04:13 -05:00
2017-12-22 11:41:54 -05:00
public function setUp ( string $drv = \JkingWeb\Arsse\Test\User\DriverInternalMock :: class , string $db = null ) {
2017-04-06 21:41:21 -04:00
$this -> clearData ();
$conf = new Conf ();
$conf -> userDriver = $drv ;
2017-07-15 13:33:17 -04:00
$conf -> userPreAuth = false ;
2017-07-17 07:47:57 -04:00
Arsse :: $conf = $conf ;
2017-08-29 10:50:31 -04:00
if ( $db !== null ) {
2017-07-17 07:47:57 -04:00
Arsse :: $db = new $db ();
2017-04-06 21:41:21 -04:00
}
2017-07-22 15:29:12 -04:00
Arsse :: $user = Phake :: partialMock ( User :: class );
2017-07-17 07:47:57 -04:00
Phake :: when ( Arsse :: $user ) -> authorize -> thenReturn ( true );
2017-08-29 10:50:31 -04:00
foreach ( self :: USERS as $user => $level ) {
2017-07-17 07:47:57 -04:00
Arsse :: $user -> add ( $user , " " );
Arsse :: $user -> rightsSet ( $user , $level );
2017-04-06 21:41:21 -04:00
}
2017-07-17 07:47:57 -04:00
Phake :: reset ( Arsse :: $user );
2017-04-06 21:41:21 -04:00
}
2017-03-28 18:50:00 -04:00
2017-08-29 10:50:31 -04:00
public function tearDown () {
2017-04-06 21:41:21 -04:00
$this -> clearData ();
}
2017-02-27 23:04:13 -05:00
2017-08-29 10:50:31 -04:00
public function testToggleLogic () {
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorizationEnabled ());
$this -> assertTrue ( Arsse :: $user -> authorizationEnabled ( true ));
$this -> assertFalse ( Arsse :: $user -> authorizationEnabled ( false ));
$this -> assertFalse ( Arsse :: $user -> authorizationEnabled ( false ));
$this -> assertFalse ( Arsse :: $user -> authorizationEnabled ( true ));
$this -> assertTrue ( Arsse :: $user -> authorizationEnabled ( true ));
2017-05-11 18:00:35 -04:00
}
2018-10-26 14:58:04 -04:00
2017-08-29 10:50:31 -04:00
public function testSelfActionLogic () {
foreach ( array_keys ( self :: USERS ) as $user ) {
2017-07-17 07:47:57 -04:00
Arsse :: $user -> auth ( $user , " " );
2017-04-06 21:41:21 -04:00
// users should be able to do basic actions for themselves
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorize ( $user , " userExists " ), " User $user could not act for themselves. " );
$this -> assertTrue ( Arsse :: $user -> authorize ( $user , " userRemove " ), " User $user could not act for themselves. " );
2017-04-06 21:41:21 -04:00
}
}
2017-02-28 10:52:02 -05:00
2017-08-29 10:50:31 -04:00
public function testRegularUserLogic () {
foreach ( self :: USERS as $actor => $rights ) {
2017-12-22 11:41:54 -05:00
if ( $rights != Driver :: RIGHTS_NONE ) {
2017-07-20 22:40:09 -04:00
continue ;
}
2017-07-17 07:47:57 -04:00
Arsse :: $user -> auth ( $actor , " " );
2017-08-29 10:50:31 -04:00
foreach ( array_keys ( self :: USERS ) as $affected ) {
2017-04-06 21:41:21 -04:00
// regular users should only be able to act for themselves
2017-08-29 10:50:31 -04:00
if ( $actor == $affected ) {
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorize ( $affected , " userExists " ), " User $actor acted properly for $affected , but the action was denied. " );
$this -> assertTrue ( Arsse :: $user -> authorize ( $affected , " userRemove " ), " User $actor acted properly for $affected , but the action was denied. " );
2017-04-06 21:41:21 -04:00
} else {
2017-07-17 07:47:57 -04:00
$this -> assertFalse ( Arsse :: $user -> authorize ( $affected , " userExists " ), " User $actor acted improperly for $affected , but the action was allowed. " );
$this -> assertFalse ( Arsse :: $user -> authorize ( $affected , " userRemove " ), " User $actor acted improperly for $affected , but the action was allowed. " );
2017-04-06 21:41:21 -04:00
}
// they should never be able to set rights
2017-08-29 10:50:31 -04:00
foreach ( self :: LEVELS as $level ) {
2017-07-17 07:47:57 -04:00
$this -> assertFalse ( Arsse :: $user -> authorize ( $affected , " userRightsSet " , $level ), " User $actor acted improperly for $affected settings rights level $level , but the action was allowed. " );
2017-04-06 21:41:21 -04:00
}
}
// they should not be able to list users
2017-08-29 10:50:31 -04:00
foreach ( self :: DOMAINS as $domain ) {
2017-07-17 07:47:57 -04:00
$this -> assertFalse ( Arsse :: $user -> authorize ( $domain , " userList " ), " User $actor improperly checked user list for domain ' $domain ', but the action was allowed. " );
2017-04-06 21:41:21 -04:00
}
}
}
2017-02-28 10:52:02 -05:00
2017-08-29 10:50:31 -04:00
public function testDomainManagerLogic () {
foreach ( self :: USERS as $actor => $actorRights ) {
2017-12-22 11:41:54 -05:00
if ( $actorRights != Driver :: RIGHTS_DOMAIN_MANAGER ) {
2017-07-20 22:40:09 -04:00
continue ;
}
2017-08-29 10:50:31 -04:00
$actorDomain = substr ( $actor , strrpos ( $actor , " @ " ) + 1 );
2017-07-17 07:47:57 -04:00
Arsse :: $user -> auth ( $actor , " " );
2017-08-29 10:50:31 -04:00
foreach ( self :: USERS as $affected => $affectedRights ) {
$affectedDomain = substr ( $affected , strrpos ( $affected , " @ " ) + 1 );
2017-04-06 21:41:21 -04:00
// domain managers should be able to check any user on the same domain
2017-08-29 10:50:31 -04:00
if ( $actorDomain == $affectedDomain ) {
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorize ( $affected , " userExists " ), " User $actor acted properly for $affected , but the action was denied. " );
2017-04-06 21:41:21 -04:00
} else {
2017-07-17 07:47:57 -04:00
$this -> assertFalse ( Arsse :: $user -> authorize ( $affected , " userExists " ), " User $actor acted improperly for $affected , but the action was allowed. " );
2017-04-06 21:41:21 -04:00
}
// they should only be able to act for regular users on the same domain
2017-08-29 10:50:31 -04:00
if ( $actor == $affected || ( $actorDomain == $affectedDomain && $affectedRights == User\Driver :: RIGHTS_NONE )) {
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorize ( $affected , " userRemove " ), " User $actor acted properly for $affected , but the action was denied. " );
2017-04-06 21:41:21 -04:00
} else {
2017-07-17 07:47:57 -04:00
$this -> assertFalse ( Arsse :: $user -> authorize ( $affected , " userRemove " ), " User $actor acted improperly for $affected , but the action was allowed. " );
2017-04-06 21:41:21 -04:00
}
// and they should only be able to set their own rights to regular user
2017-08-29 10:50:31 -04:00
foreach ( self :: LEVELS as $level ) {
2017-12-22 11:41:54 -05:00
if ( $actor == $affected && in_array ( $level , [ User\Driver :: RIGHTS_NONE , Driver :: RIGHTS_DOMAIN_MANAGER ])) {
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorize ( $affected , " userRightsSet " , $level ), " User $actor acted properly for $affected settings rights level $level , but the action was denied. " );
2017-04-06 21:41:21 -04:00
} else {
2017-07-17 07:47:57 -04:00
$this -> assertFalse ( Arsse :: $user -> authorize ( $affected , " userRightsSet " , $level ), " User $actor acted improperly for $affected settings rights level $level , but the action was allowed. " );
2017-04-06 21:41:21 -04:00
}
}
}
// they should also be able to list all users on their own domain
2017-08-29 10:50:31 -04:00
foreach ( self :: DOMAINS as $domain ) {
if ( $domain == " @ " . $actorDomain ) {
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorize ( $domain , " userList " ), " User $actor properly checked user list for domain ' $domain ', but the action was denied. " );
2017-04-06 21:41:21 -04:00
} else {
2017-07-17 07:47:57 -04:00
$this -> assertFalse ( Arsse :: $user -> authorize ( $domain , " userList " ), " User $actor improperly checked user list for domain ' $domain ', but the action was allowed. " );
2017-04-06 21:41:21 -04:00
}
}
}
}
2017-02-28 10:52:02 -05:00
2017-08-29 10:50:31 -04:00
public function testDomainAdministratorLogic () {
foreach ( self :: USERS as $actor => $actorRights ) {
2017-12-22 11:41:54 -05:00
if ( $actorRights != Driver :: RIGHTS_DOMAIN_ADMIN ) {
2017-07-20 22:40:09 -04:00
continue ;
}
2017-08-29 10:50:31 -04:00
$actorDomain = substr ( $actor , strrpos ( $actor , " @ " ) + 1 );
2017-07-17 07:47:57 -04:00
Arsse :: $user -> auth ( $actor , " " );
2017-04-06 21:41:21 -04:00
$allowed = [ User\Driver :: RIGHTS_NONE , User\Driver :: RIGHTS_DOMAIN_MANAGER , User\Driver :: RIGHTS_DOMAIN_ADMIN ];
2017-08-29 10:50:31 -04:00
foreach ( self :: USERS as $affected => $affectedRights ) {
$affectedDomain = substr ( $affected , strrpos ( $affected , " @ " ) + 1 );
2017-04-06 21:41:21 -04:00
// domain admins should be able to check any user on the same domain
2017-08-29 10:50:31 -04:00
if ( $actorDomain == $affectedDomain ) {
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorize ( $affected , " userExists " ), " User $actor acted properly for $affected , but the action was denied. " );
2017-04-06 21:41:21 -04:00
} else {
2017-07-17 07:47:57 -04:00
$this -> assertFalse ( Arsse :: $user -> authorize ( $affected , " userExists " ), " User $actor acted improperly for $affected , but the action was allowed. " );
2017-04-06 21:41:21 -04:00
}
// they should be able to act for any user on the same domain who is not a global manager or admin
2017-08-29 10:50:31 -04:00
if ( $actorDomain == $affectedDomain && in_array ( $affectedRights , $allowed )) {
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorize ( $affected , " userRemove " ), " User $actor acted properly for $affected , but the action was denied. " );
2017-04-06 21:41:21 -04:00
} else {
2017-07-17 07:47:57 -04:00
$this -> assertFalse ( Arsse :: $user -> authorize ( $affected , " userRemove " ), " User $actor acted improperly for $affected , but the action was allowed. " );
2017-04-06 21:41:21 -04:00
}
// they should be able to set rights for any user on their domain who is not a global manager or admin, up to domain admin level
2017-08-29 10:50:31 -04:00
foreach ( self :: LEVELS as $level ) {
if ( $actorDomain == $affectedDomain && in_array ( $affectedRights , $allowed ) && in_array ( $level , $allowed )) {
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorize ( $affected , " userRightsSet " , $level ), " User $actor acted properly for $affected settings rights level $level , but the action was denied. " );
2017-04-06 21:41:21 -04:00
} else {
2017-07-17 07:47:57 -04:00
$this -> assertFalse ( Arsse :: $user -> authorize ( $affected , " userRightsSet " , $level ), " User $actor acted improperly for $affected settings rights level $level , but the action was allowed. " );
2017-04-06 21:41:21 -04:00
}
}
}
// they should also be able to list all users on their own domain
2017-08-29 10:50:31 -04:00
foreach ( self :: DOMAINS as $domain ) {
if ( $domain == " @ " . $actorDomain ) {
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorize ( $domain , " userList " ), " User $actor properly checked user list for domain ' $domain ', but the action was denied. " );
2017-04-06 21:41:21 -04:00
} else {
2017-07-17 07:47:57 -04:00
$this -> assertFalse ( Arsse :: $user -> authorize ( $domain , " userList " ), " User $actor improperly checked user list for domain ' $domain ', but the action was allowed. " );
2017-04-06 21:41:21 -04:00
}
}
}
}
2017-02-28 10:52:02 -05:00
2017-08-29 10:50:31 -04:00
public function testGlobalManagerLogic () {
foreach ( self :: USERS as $actor => $actorRights ) {
2017-12-22 11:41:54 -05:00
if ( $actorRights != Driver :: RIGHTS_GLOBAL_MANAGER ) {
2017-07-20 22:40:09 -04:00
continue ;
}
2017-08-29 10:50:31 -04:00
$actorDomain = substr ( $actor , strrpos ( $actor , " @ " ) + 1 );
2017-07-17 07:47:57 -04:00
Arsse :: $user -> auth ( $actor , " " );
2017-08-29 10:50:31 -04:00
foreach ( self :: USERS as $affected => $affectedRights ) {
$affectedDomain = substr ( $affected , strrpos ( $affected , " @ " ) + 1 );
2017-04-06 21:41:21 -04:00
// global managers should be able to check any user
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorize ( $affected , " userExists " ), " User $actor acted properly for $affected , but the action was denied. " );
2017-04-06 21:41:21 -04:00
// they should only be able to act for regular users
2017-08-29 10:50:31 -04:00
if ( $actor == $affected || $affectedRights == User\Driver :: RIGHTS_NONE ) {
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorize ( $affected , " userRemove " ), " User $actor acted properly for $affected , but the action was denied. " );
2017-04-06 21:41:21 -04:00
} else {
2017-07-17 07:47:57 -04:00
$this -> assertFalse ( Arsse :: $user -> authorize ( $affected , " userRemove " ), " User $actor acted improperly for $affected , but the action was allowed. " );
2017-04-06 21:41:21 -04:00
}
// and they should only be able to set their own rights to regular user
2017-08-29 10:50:31 -04:00
foreach ( self :: LEVELS as $level ) {
2017-12-22 11:41:54 -05:00
if ( $actor == $affected && in_array ( $level , [ User\Driver :: RIGHTS_NONE , Driver :: RIGHTS_GLOBAL_MANAGER ])) {
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorize ( $affected , " userRightsSet " , $level ), " User $actor acted properly for $affected settings rights level $level , but the action was denied. " );
2017-04-06 21:41:21 -04:00
} else {
2017-07-17 07:47:57 -04:00
$this -> assertFalse ( Arsse :: $user -> authorize ( $affected , " userRightsSet " , $level ), " User $actor acted improperly for $affected settings rights level $level , but the action was allowed. " );
2017-04-06 21:41:21 -04:00
}
}
}
// they should also be able to list all users
2017-08-29 10:50:31 -04:00
foreach ( self :: DOMAINS as $domain ) {
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorize ( $domain , " userList " ), " User $actor properly checked user list for domain ' $domain ', but the action was denied. " );
2017-04-06 21:41:21 -04:00
}
}
}
2017-02-28 10:52:02 -05:00
2017-08-29 10:50:31 -04:00
public function testGlobalAdministratorLogic () {
foreach ( self :: USERS as $actor => $actorRights ) {
2017-12-22 11:41:54 -05:00
if ( $actorRights != Driver :: RIGHTS_GLOBAL_ADMIN ) {
2017-07-20 22:40:09 -04:00
continue ;
}
2017-07-17 07:47:57 -04:00
Arsse :: $user -> auth ( $actor , " " );
2017-04-06 21:41:21 -04:00
// global admins can do anything
2017-08-29 10:50:31 -04:00
foreach ( self :: USERS as $affected => $affectedRights ) {
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorize ( $affected , " userExists " ), " User $actor acted properly for $affected , but the action was denied. " );
$this -> assertTrue ( Arsse :: $user -> authorize ( $affected , " userRemove " ), " User $actor acted properly for $affected , but the action was denied. " );
2017-08-29 10:50:31 -04:00
foreach ( self :: LEVELS as $level ) {
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorize ( $affected , " userRightsSet " , $level ), " User $actor acted properly for $affected settings rights level $level , but the action was denied. " );
2017-04-06 21:41:21 -04:00
}
}
2017-08-29 10:50:31 -04:00
foreach ( self :: DOMAINS as $domain ) {
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorize ( $domain , " userList " ), " User $actor properly checked user list for domain ' $domain ', but the action was denied. " );
2017-04-06 21:41:21 -04:00
}
}
}
2017-02-28 11:19:33 -05:00
2017-08-29 10:50:31 -04:00
public function testInvalidLevelLogic () {
foreach ( self :: USERS as $actor => $rights ) {
if ( in_array ( $rights , self :: LEVELS )) {
2017-07-20 22:40:09 -04:00
continue ;
}
2017-07-17 07:47:57 -04:00
Arsse :: $user -> auth ( $actor , " " );
2017-08-29 10:50:31 -04:00
foreach ( array_keys ( self :: USERS ) as $affected ) {
2017-04-06 21:41:21 -04:00
// users with unknown/invalid rights should be treated just like regular users and only be able to act for themselves
2017-08-29 10:50:31 -04:00
if ( $actor == $affected ) {
2017-07-17 07:47:57 -04:00
$this -> assertTrue ( Arsse :: $user -> authorize ( $affected , " userExists " ), " User $actor acted properly for $affected , but the action was denied. " );
$this -> assertTrue ( Arsse :: $user -> authorize ( $affected , " userRemove " ), " User $actor acted properly for $affected , but the action was denied. " );
2017-04-06 21:41:21 -04:00
} else {
2017-07-17 07:47:57 -04:00
$this -> assertFalse ( Arsse :: $user -> authorize ( $affected , " userExists " ), " User $actor acted improperly for $affected , but the action was allowed. " );
$this -> assertFalse ( Arsse :: $user -> authorize ( $affected , " userRemove " ), " User $actor acted improperly for $affected , but the action was allowed. " );
2017-04-06 21:41:21 -04:00
}
// they should never be able to set rights
2017-08-29 10:50:31 -04:00
foreach ( self :: LEVELS as $level ) {
2017-07-17 07:47:57 -04:00
$this -> assertFalse ( Arsse :: $user -> authorize ( $affected , " userRightsSet " , $level ), " User $actor acted improperly for $affected settings rights level $level , but the action was allowed. " );
2017-04-06 21:41:21 -04:00
}
}
// they should not be able to list users
2017-08-29 10:50:31 -04:00
foreach ( self :: DOMAINS as $domain ) {
2017-07-17 07:47:57 -04:00
$this -> assertFalse ( Arsse :: $user -> authorize ( $domain , " userList " ), " User $actor improperly checked user list for domain ' $domain ', but the action was allowed. " );
2017-04-06 21:41:21 -04:00
}
}
}
2017-02-28 12:37:45 -05:00
2017-08-29 10:50:31 -04:00
public function testInternalExceptionLogic () {
2017-04-06 21:41:21 -04:00
$tests = [
// methods of User class to test, with parameters besides affected user
'exists' => [],
'remove' => [],
'add' => [ '' ],
'passwordSet' => [ '' ],
'propertiesGet' => [],
'propertiesSet' => [[]],
'rightsGet' => [],
'rightsSet' => [ User\Driver :: RIGHTS_GLOBAL_ADMIN ],
'list' => [],
];
// try first with a global admin (there should be no exception)
2017-07-17 07:47:57 -04:00
Arsse :: $user -> auth ( " gadm@example.com " , " " );
2017-04-06 21:41:21 -04:00
$this -> assertCount ( 0 , $this -> checkExceptions ( " user@example.org " , $tests ));
// next try with a regular user acting on another user (everything should fail)
2017-07-17 07:47:57 -04:00
Arsse :: $user -> auth ( " user@example.com " , " " );
2017-04-06 21:41:21 -04:00
$this -> assertCount ( sizeof ( $tests ), $this -> checkExceptions ( " user@example.org " , $tests ));
}
2017-02-28 12:37:45 -05:00
2017-08-29 10:50:31 -04:00
public function testExternalExceptionLogic () {
2017-04-06 21:41:21 -04:00
// set up the test for an external driver
2017-12-22 11:41:54 -05:00
$this -> setUp ( \JKingWeb\Arsse\Test\User\DriverExternalMock :: class , \JKingWeb\Arsse\Test\User\Database :: class );
2017-04-06 21:41:21 -04:00
// run the previous test with the external driver set up
$this -> testInternalExceptionLogic ();
}
2017-02-28 12:37:45 -05:00
2017-04-06 21:41:21 -04:00
// meat of testInternalExceptionLogic and testExternalExceptionLogic
// calls each requested function with supplied arguments, catches authorization exceptions, and returns an array of caught failed calls
protected function checkExceptions ( string $user , $tests ) : array {
$err = [];
2017-08-29 10:50:31 -04:00
foreach ( $tests as $func => $args ) {
2017-04-06 21:41:21 -04:00
// list method does not take an affected user, so do not unshift for that one
2017-08-29 10:50:31 -04:00
if ( $func != " list " ) {
2017-07-20 22:40:09 -04:00
array_unshift ( $args , $user );
}
2017-04-06 21:41:21 -04:00
try {
2017-07-17 07:47:57 -04:00
call_user_func_array ( array ( Arsse :: $user , $func ), $args );
2017-12-22 11:41:54 -05:00
} catch ( \JKingWeb\Arsse\User\ExceptionAuthz $e ) {
2017-04-06 21:41:21 -04:00
$err [] = $func ;
}
}
return $err ;
}
2017-05-11 18:00:35 -04:00
2017-08-29 10:50:31 -04:00
public function testMissingUserLogic () {
2017-07-17 07:47:57 -04:00
Arsse :: $user -> auth ( " gadm@example.com " , " " );
$this -> assertTrue ( Arsse :: $user -> authorize ( " user@example.com " , " someFunction " ));
2017-05-11 18:00:35 -04:00
$this -> assertException ( " doesNotExist " , " User " );
2017-07-17 07:47:57 -04:00
Arsse :: $user -> authorize ( " this_user_does_not_exist@example.org " , " someFunction " );
2017-05-11 18:00:35 -04:00
}
2017-08-29 10:50:31 -04:00
}