// users should be able to do basic actions for themselves
$this->assertTrue($this->data->user->authorize($user,"userExists"),"User $user could not act for themselves.");
$this->assertTrue($this->data->user->authorize($user,"userRemove"),"User $user could not act for themselves.");
}
}
functiontestRegularUserLogic(){
foreach(self::USERSas$actor=>$rights){
if($rights!=User\Driver::RIGHTS_NONE)continue;
$this->data->user->auth($actor,"");
foreach(array_keys(self::USERS)as$affected){
// regular users should only be able to act for themselves
if($actor==$affected){
$this->assertTrue($this->data->user->authorize($affected,"userExists"),"User $actor acted properly for $affected, but the action was denied.");
$this->assertTrue($this->data->user->authorize($affected,"userRemove"),"User $actor acted properly for $affected, but the action was denied.");
}else{
$this->assertFalse($this->data->user->authorize($affected,"userExists"),"User $actor acted improperly for $affected, but the action was allowed.");
$this->assertFalse($this->data->user->authorize($affected,"userRemove"),"User $actor acted improperly for $affected, but the action was allowed.");
}
// they should never be able to set rights
foreach(self::LEVELSas$level){
$this->assertFalse($this->data->user->authorize($affected,"userRightsSet",$level),"User $actor acted improperly for $affected settings rights level $level, but the action was allowed.");
}
}
// they should not be able to list users
foreach(self::DOMAINSas$domain){
$this->assertFalse($this->data->user->authorize($domain,"userList"),"User $actor improperly checked user list for domain '$domain', but the action was allowed.");
$this->assertTrue($this->data->user->authorize($affected,"userRightsSet",$level),"User $actor acted properly for $affected settings rights level $level, but the action was denied.");
}else{
$this->assertFalse($this->data->user->authorize($affected,"userRightsSet",$level),"User $actor acted improperly for $affected settings rights level $level, but the action was allowed.");
}
}
}
// they should also be able to list all users on their own domain
foreach(self::DOMAINSas$domain){
if($domain=="@".$actorDomain){
$this->assertTrue($this->data->user->authorize($domain,"userList"),"User $actor properly checked user list for domain '$domain', but the action was denied.");
}else{
$this->assertFalse($this->data->user->authorize($domain,"userList"),"User $actor improperly checked user list for domain '$domain', but the action was allowed.");
$this->assertTrue($this->data->user->authorize($affected,"userRightsSet",$level),"User $actor acted properly for $affected settings rights level $level, but the action was denied.");
}else{
$this->assertFalse($this->data->user->authorize($affected,"userRightsSet",$level),"User $actor acted improperly for $affected settings rights level $level, but the action was allowed.");
}
}
}
// they should also be able to list all users on their own domain
foreach(self::DOMAINSas$domain){
if($domain=="@".$actorDomain){
$this->assertTrue($this->data->user->authorize($domain,"userList"),"User $actor properly checked user list for domain '$domain', but the action was denied.");
}else{
$this->assertFalse($this->data->user->authorize($domain,"userList"),"User $actor improperly checked user list for domain '$domain', but the action was allowed.");
$this->assertTrue($this->data->user->authorize($affected,"userRightsSet",$level),"User $actor acted properly for $affected settings rights level $level, but the action was denied.");
}else{
$this->assertFalse($this->data->user->authorize($affected,"userRightsSet",$level),"User $actor acted improperly for $affected settings rights level $level, but the action was allowed.");
}
}
}
// they should also be able to list all users
foreach(self::DOMAINSas$domain){
$this->assertTrue($this->data->user->authorize($domain,"userList"),"User $actor properly checked user list for domain '$domain', but the action was denied.");
$this->assertTrue($this->data->user->authorize($affected,"userExists"),"User $actor acted properly for $affected, but the action was denied.");
$this->assertTrue($this->data->user->authorize($affected,"userRemove"),"User $actor acted properly for $affected, but the action was denied.");
foreach(self::LEVELSas$level){
$this->assertTrue($this->data->user->authorize($affected,"userRightsSet",$level),"User $actor acted properly for $affected settings rights level $level, but the action was denied.");
}
}
foreach(self::DOMAINSas$domain){
$this->assertTrue($this->data->user->authorize($domain,"userList"),"User $actor properly checked user list for domain '$domain', but the action was denied.");