| [ Index ] |
PHP Cross Reference of Phabricator |
[Summary view] [Print] [Text view]
1 <?php 2 3 final class PhabricatorAccessControlTestCase extends PhabricatorTestCase { 4 5 protected function getPhabricatorTestCaseConfiguration() { 6 return array( 7 self::PHABRICATOR_TESTCONFIG_BUILD_STORAGE_FIXTURES => true, 8 ); 9 } 10 11 public function testControllerAccessControls() { 12 $root = dirname(phutil_get_library_root('phabricator')); 13 require_once $root.'/support/PhabricatorStartup.php'; 14 15 $application_configuration = new AphrontDefaultApplicationConfiguration(); 16 17 $host = 'meow.example.com'; 18 19 $_SERVER['REQUEST_METHOD'] = 'GET'; 20 21 $request = id(new AphrontRequest($host, '/')) 22 ->setApplicationConfiguration($application_configuration) 23 ->setRequestData(array()); 24 25 $controller = new PhabricatorTestController(); 26 $controller->setRequest($request); 27 28 $u_public = id(new PhabricatorUser()) 29 ->setUsername('public'); 30 31 $u_unverified = $this->generateNewTestUser() 32 ->setUsername('unverified') 33 ->save(); 34 $u_unverified->setIsEmailVerified(0)->save(); 35 36 $u_normal = $this->generateNewTestUser() 37 ->setUsername('normal') 38 ->save(); 39 40 $u_disabled = $this->generateNewTestUser() 41 ->setIsDisabled(true) 42 ->setUsername('disabled') 43 ->save(); 44 45 $u_admin = $this->generateNewTestUser() 46 ->setIsAdmin(true) 47 ->setUsername('admin') 48 ->save(); 49 50 $u_notapproved = $this->generateNewTestUser() 51 ->setIsApproved(0) 52 ->setUsername('notapproved') 53 ->save(); 54 55 $env = PhabricatorEnv::beginScopedEnv(); 56 $env->overrideEnvConfig('phabricator.base-uri', 'http://'.$host); 57 $env->overrideEnvConfig('policy.allow-public', false); 58 $env->overrideEnvConfig('auth.require-email-verification', false); 59 $env->overrideEnvConfig('auth.email-domains', array()); 60 $env->overrideEnvConfig('security.require-multi-factor-auth', false); 61 62 63 // Test standard defaults. 64 65 $this->checkAccess( 66 'Default', 67 id(clone $controller), 68 $request, 69 array( 70 $u_normal, 71 $u_admin, 72 $u_unverified, 73 ), 74 array( 75 $u_public, 76 $u_disabled, 77 $u_notapproved, 78 )); 79 80 81 // Test email verification. 82 83 $env->overrideEnvConfig('auth.require-email-verification', true); 84 $this->checkAccess( 85 'Email Verification Required', 86 id(clone $controller), 87 $request, 88 array( 89 $u_normal, 90 $u_admin, 91 ), 92 array( 93 $u_unverified, 94 $u_public, 95 $u_disabled, 96 $u_notapproved, 97 )); 98 99 $this->checkAccess( 100 'Email Verification Required, With Exception', 101 id(clone $controller)->setConfig('email', false), 102 $request, 103 array( 104 $u_normal, 105 $u_admin, 106 $u_unverified, 107 ), 108 array( 109 $u_public, 110 $u_disabled, 111 $u_notapproved, 112 )); 113 $env->overrideEnvConfig('auth.require-email-verification', false); 114 115 116 // Test admin access. 117 118 $this->checkAccess( 119 'Admin Required', 120 id(clone $controller)->setConfig('admin', true), 121 $request, 122 array( 123 $u_admin, 124 ), 125 array( 126 $u_normal, 127 $u_unverified, 128 $u_public, 129 $u_disabled, 130 $u_notapproved, 131 )); 132 133 134 // Test disabled access. 135 136 $this->checkAccess( 137 'Allow Disabled', 138 id(clone $controller)->setConfig('enabled', false), 139 $request, 140 array( 141 $u_normal, 142 $u_unverified, 143 $u_admin, 144 $u_disabled, 145 $u_notapproved, 146 ), 147 array( 148 $u_public, 149 )); 150 151 152 // Test no login required. 153 154 $this->checkAccess( 155 'No Login Required', 156 id(clone $controller)->setConfig('login', false), 157 $request, 158 array( 159 $u_normal, 160 $u_unverified, 161 $u_admin, 162 $u_public, 163 ), 164 array( 165 $u_disabled, 166 $u_notapproved, 167 )); 168 169 170 // Test public access. 171 172 $this->checkAccess( 173 'No Login Required', 174 id(clone $controller)->setConfig('public', true), 175 $request, 176 array( 177 $u_normal, 178 $u_unverified, 179 $u_admin, 180 ), 181 array( 182 $u_disabled, 183 $u_public, 184 )); 185 186 $env->overrideEnvConfig('policy.allow-public', true); 187 $this->checkAccess( 188 'Public + configured', 189 id(clone $controller)->setConfig('public', true), 190 $request, 191 array( 192 $u_normal, 193 $u_unverified, 194 $u_admin, 195 $u_public, 196 ), 197 array( 198 $u_disabled, 199 $u_notapproved, 200 )); 201 $env->overrideEnvConfig('policy.allow-public', false); 202 203 204 $app = PhabricatorApplication::getByClass('PhabricatorTestApplication'); 205 $app->reset(); 206 $app->setPolicy( 207 PhabricatorPolicyCapability::CAN_VIEW, 208 PhabricatorPolicies::POLICY_NOONE); 209 210 $app_controller = id(clone $controller)->setCurrentApplication($app); 211 212 $this->checkAccess( 213 'Application Controller', 214 $app_controller, 215 $request, 216 array( 217 ), 218 array( 219 $u_normal, 220 $u_unverified, 221 $u_admin, 222 $u_public, 223 $u_disabled, 224 $u_notapproved, 225 )); 226 227 $this->checkAccess( 228 'Application Controller', 229 id(clone $app_controller)->setConfig('login', false), 230 $request, 231 array( 232 $u_normal, 233 $u_unverified, 234 $u_admin, 235 $u_public, 236 ), 237 array( 238 $u_disabled, 239 $u_notapproved, 240 )); 241 } 242 243 private function checkAccess( 244 $label, 245 $controller, 246 $request, 247 array $yes, 248 array $no) { 249 250 foreach ($yes as $user) { 251 $request->setUser($user); 252 $uname = $user->getUsername(); 253 254 try { 255 $result = id(clone $controller)->willBeginExecution(); 256 } catch (Exception $ex) { 257 $result = $ex; 258 } 259 260 $this->assertTrue( 261 ($result === null), 262 "Expect user '{$uname}' to be allowed access to '{$label}'."); 263 } 264 265 foreach ($no as $user) { 266 $request->setUser($user); 267 $uname = $user->getUsername(); 268 269 try { 270 $result = id(clone $controller)->willBeginExecution(); 271 } catch (Exception $ex) { 272 $result = $ex; 273 } 274 275 $this->assertFalse( 276 ($result === null), 277 "Expect user '{$uname}' to be denied access to '{$label}'."); 278 } 279 } 280 281 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sun Nov 30 09:20:46 2014 | Cross-referenced by PHPXref 0.7.1 |