SMMP/spec/build/api/core/AuthSystemDefaultSpec.php

<?php

	use Kahlan\Plugin\Stub;
	use Kahlan\Plugin\Monkey;

	use api\core\AuthSystemDefault;
	use error\core\Err;

	describe('api', function(){
		describe('core', function(){

			describe('AuthSystemDefault', function(){

				context('Permission combination (AND, OR)', function(){

					it('pass when single permission granted', function(){

						$perm = [['A']];

						$asd = new AuthSystemDefault();
						$_SESSION['PERM'] = ['A'];
						$err = $asd::permission('fetchDefault', $perm);
						expect($err)->toBeAnInstanceOf('error\\core\\Error');
						expect($err->get())->toBe(Err::Success);

					});

					it('fail when \'unknown permission\' not granted', function(){

						$perm = [['unknown_permission']];

						$asd = new AuthSystemDefault();
						$err = $asd::permission('moduleA', $perm);
						expect($err)->toBeAnInstanceOf('error\\core\\Error');
						expect($err->get())->toBe(Err::PermissionError);

					});

					it('pass if (A or B) and either A or B', function(){

						$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];

						// available permission
						$perm = [['A'], ['B']];
						$asd = new AuthSystemDefault();

						/* (1) Permission A */
						$_SESSION['PERM'] = ['A', 'C'];
						$err = $asd::permission('fetchDefault', $perm);
						expect($err)->toBeAnInstanceOf('error\\core\\Error');
						expect($err->get())->toBe(Err::Success);

						/* (2) Permission B */
						$_SESSION['PERM'] = ['B', 'C'];
						$err = $asd::permission('fetchDefault', $perm);
						expect($err)->toBeAnInstanceOf('error\\core\\Error');
						expect($err->get())->toBe(Err::Success);

					});

					it('fail if (A or B) and neither A nor B', function(){

						$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];

						// available permission
						$perm = [['A'], ['B']];
						$asd = new AuthSystemDefault();

						$_SESSION['PERM'] = ['X', 'C'];
						$err = $asd::permission('fetchDefault', $perm);
						expect($err)->toBeAnInstanceOf('error\\core\\Error');
						expect($err->get())->toBe(Err::PermissionError);

					});

					it('pass if (A and B) and A and B', function(){

						$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];

						// available permission
						$perm = [['A', 'B']];
						$asd = new AuthSystemDefault();

						/* (1) Permission A */
						$_SESSION['PERM'] = ['A', 'B', 'C'];
						$err = $asd::permission('fetchDefault', $perm);
						expect($err)->toBeAnInstanceOf('error\\core\\Error');
						expect($err->get())->toBe(Err::Success);

					});

					it('fail if (A and B) and only A or B', function(){

						$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];

						// available permission
						$perm = [['A', 'B']];
						$asd = new AuthSystemDefault();

						/* (1) Permission A */
						$_SESSION['PERM'] = ['A', 'C'];
						$err = $asd::permission('fetchDefault', $perm);
						expect($err)->toBeAnInstanceOf('error\\core\\Error');
						expect($err->get())->toBe(Err::PermissionError);

						/* (2) Permission B */
						$_SESSION['PERM'] = ['B', 'C'];
						$err = $asd::permission('fetchDefault', $perm);
						expect($err)->toBeAnInstanceOf('error\\core\\Error');
						expect($err->get())->toBe(Err::PermissionError);

					});

					it('pass if ((A and B) OR (C and D)) and (A and B) or (C and D)', function(){

						$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];

						// available permission
						$perm = [['A', 'B'], ['C', 'D']];
						$asd = new AuthSystemDefault();

						/* (1) Permission A+B */
						$_SESSION['PERM'] = ['A', 'B'];
						$err = $asd::permission('fetchDefault', $perm);
						expect($err)->toBeAnInstanceOf('error\\core\\Error');
						expect($err->get())->toBe(Err::Success);

						/* (2) Permission C+D */
						$_SESSION['PERM'] = ['C', 'D'];
						$err = $asd::permission('fetchDefault', $perm);
						expect($err)->toBeAnInstanceOf('error\\core\\Error');
						expect($err->get())->toBe(Err::Success);

					});

					it('fail if ((A and B) OR (C and D)) and (A and C) or (A and D)', function(){

						$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];

						// available permission
						$perm = [['A', 'B'], ['C', 'D']];
						$asd = new AuthSystemDefault();

						/* (1) Permission A+C */
						$_SESSION['PERM'] = ['A', 'C'];
						$err = $asd::permission('fetchDefault', $perm);
						expect($err)->toBeAnInstanceOf('error\\core\\Error');
						expect($err->get())->toBe(Err::PermissionError);

						/* (2) Permission A+D */
						$_SESSION['PERM'] = ['A', 'D'];
						$err = $asd::permission('fetchDefault', $perm);
						expect($err)->toBeAnInstanceOf('error\\core\\Error');
						expect($err->get())->toBe(Err::PermissionError);

					});

				});

				context('LogAuth permissions', function(){

					context('module availability', function(){

						it('fail if disabled module', function(){

							$perm = [['warehouse']];

							$asd = new AuthSystemDefault();
							$_SESSION['AUTH'] = [1];
							$_SESSION['WAREHOUSE'] = [
								'id'       => 1,
								'modules'  => []
							];
							$err = $asd::permission('unknown_module', $perm);
							expect($err)->toBeAnInstanceOf('error\\core\\Error');
							expect($err->get())->toBe(Err::DisabledModule);

						});

						it('pass if enabled module', function(){

							$perm = [['warehouse']];

							$asd = new AuthSystemDefault();
							$_SESSION['AUTH'] = [1];
							$_SESSION['WAREHOUSE'] = [
								'id'      => 1,
								'modules' => ['known_module']
							];
							$err = $asd::permission('known_module', $perm);
							expect($err)->toBeAnInstanceOf('error\\core\\Error');
							expect($err->get())->toBe(Err::Success);

						});

						it('pass if default module', function(){

							$perm = [['warehouse']];

							$asd = new AuthSystemDefault();
							$_SESSION['AUTH'] = [1];
							$_SESSION['WAREHOUSE'] = [
								'id'       => 1,
								'modules'  => []
							];
							$err = $asd::permission('modulenameDefault', $perm);
							expect($err)->toBeAnInstanceOf('error\\core\\Error');
							expect($err->get())->toBe(Err::Success);

						});

					});

					context('permission format', function(){

						it('fail if incorrect format (not array)', function(){

							$perm = 'a';

							$asd = new AuthSystemDefault();
							$err = $asd::permission('moduleA', $perm);
							expect($err)->toBeAnInstanceOf('error\\core\\Error');
							expect($err->get())->toBe(Err::FormatError);

						});

						it('fail if incorrect format (1-depth array)', function(){

							$perm = ['a'];

							$asd = new AuthSystemDefault();
							$err = $asd::permission('moduleA', $perm);
							expect($err)->toBeAnInstanceOf('error\\core\\Error');
							expect($err->get())->toBe(Err::FormatError);

						});

					});

					context('single special permissions', function(){

						it('fail when not \'warehouse\' granted', function(){

							$perm = [['warehouse']];

							$asd = new AuthSystemDefault();
							$err = $asd::permission('moduleA', $perm);
							expect($err)->toBeAnInstanceOf('error\\core\\Error');
							expect($err->get())->toBe(Err::PermissionError);

						});

						it('fail when not \'admin\' granted', function(){

							$perm = [['admin']];

							$asd = new AuthSystemDefault();
							$err = $asd::permission('moduleA', $perm);
							expect($err)->toBeAnInstanceOf('error\\core\\Error');
							expect($err->get())->toBe(Err::PermissionError);

						});

						it('fail when not \'sats\' granted', function(){

							$perm = [['sats']];

							$asd = new AuthSystemDefault();
							$err = $asd::permission('moduleA', $perm);
							expect($err)->toBeAnInstanceOf('error\\core\\Error');
							expect($err->get())->toBe(Err::TokenError);

						});



						it('pass when \'warehouse\' granted', function(){

							$perm = [['warehouse']];

							$asd = new AuthSystemDefault();
							$_SESSION['AUTH'] = [1];
							$_SESSION['WAREHOUSE']['id'] = 1; // have id
							$err = $asd::permission('fetchDefault', $perm);
							expect($err)->toBeAnInstanceOf('error\\core\\Error');
							expect($err->get())->toBe(Err::Success);

						});

						it('pass when \'admin\' granted', function(){

							$perm = [['admin']];

							$asd = new AuthSystemDefault();
							$_SESSION['AUTH'] = [1, 2];
							$_SESSION['WAREHOUSE']['id'] = 1;
							$_SESSION['ADMIN']['id'] = 1;
							$err = $asd::permission('fetchDefault', $perm);
							expect($err)->toBeAnInstanceOf('error\\core\\Error');
							expect($err->get())->toBe(Err::Success);

						});

						it('pass when \'sats\' granted', function(){

							$perm = [['sats']];

							$asd = new AuthSystemDefault();
							$_SESSION['AUTH'] = [1, 2, 3];
							$_SESSION['WAREHOUSE']['id'] = 1;
							$_SESSION['ADMIN']['id'] = 1;
							$_SESSION['SATS']['id'] = 1;
							$err = $asd::permission('fetchDefault', $perm);
							expect($err)->toBeAnInstanceOf('error\\core\\Error');
							expect($err->get())->toBe(Err::Success);

						});

					});

					context('special permissions inclusions (admin/sats in warehouse)', function(){

						it('pass when \'warehouse\' required and have \'admin\'', function(){

							$perm = [['warehouse']];

							$asd = new AuthSystemDefault();
							$_SESSION['AUTH'] = [1, 2]; // 2 = admin
							$_SESSION['WAREHOUSE']['id'] = 1;
							$_SESSION['ADMIN']['id'] = 1;
							$err = $asd::permission('fetchDefault', $perm);
							expect($err)->toBeAnInstanceOf('error\\core\\Error');
							expect($err->get())->toBe(Err::Success);

						});

						it('pass when \'warehouse\' required and have \'sats\'', function(){

							$perm = [['warehouse']];

							$asd = new AuthSystemDefault();
							$_SESSION['AUTH'] = [1, 2, 3]; // 2 = sats
							$_SESSION['WAREHOUSE']['id'] = 1;
							$_SESSION['ADMIN']['id'] = 1;
							$_SESSION['SATS']['id'] = 1;
							$err = $asd::permission('fetchDefault', $perm);
							expect($err)->toBeAnInstanceOf('error\\core\\Error');
							expect($err->get())->toBe(Err::Success);

						});

						it('fail when \'admin\' required and have \'sats\'', function(){

							$perm = [['admin']];

							$asd = new AuthSystemDefault();
							$_SESSION['AUTH'] = [1, 2, 3]; // 2 = sats
							$_SESSION['WAREHOUSE']['id'] = 1;
							$_SESSION['ADMIN']['id'] = 1;
							$_SESSION['SATS']['id'] = 1;
							$err = $asd::permission('fetchDefault', $perm);
							expect($err)->toBeAnInstanceOf('error\\core\\Error');
							expect($err->get())->not->toBe(Err::Success);

						});

						it('pass when (\'admin\' OR \'sats\') required and have only \'admin\'', function(){

							$perm = [['admin'], ['sats']];

							$asd = new AuthSystemDefault();
							$_SESSION['AUTH'] = [1, 2]; // 2 = admin
							$_SESSION['WAREHOUSE']['id'] = 1;
							$_SESSION['ADMIN']['id'] = 1;
							$err = $asd::permission('fetchDefault', $perm);
							expect($err)->toBeAnInstanceOf('error\\core\\Error');
							expect($err->get())->toBe(Err::Success);

						});

						it('pass when (\'admin\' OR \'sats\') required and have only \'sats\'', function(){

							$perm = [['admin'], ['sats']];

							$asd = new AuthSystemDefault();
							$_SESSION['AUTH'] = [1, 2, 3]; // 2 = sats
							$_SESSION['WAREHOUSE']['id'] = 1;
							$_SESSION['ADMIN']['id'] = 1;
							$_SESSION['SATS']['id'] = 1;
							$err = $asd::permission('fetchDefault', $perm);
							expect($err)->toBeAnInstanceOf('error\\core\\Error');
							expect($err->get())->toBe(Err::Success);

						});

					});

				});

			});

		});
	});