From 4de473ce776e0eb6eaa00f30857ace49698b0df4 Mon Sep 17 00:00:00 2001
From: xdrm-brackets <doowap31@gmail.com>
Date: Thu, 21 Sep 2017 01:55:53 +0200
Subject: [PATCH] [kahlan:api/core/AuthSystemDefault] tests + fixed
 AuthSystemDefault (format check + error propagation + 'admin' not included in
 'sats')

---
 build/api/core/AuthSystemDefault.php          |  10 +-
 spec/build/api/core/AuthSystemDefaultSpec.php | 351 ++++++++++++++++++
 2 files changed, 359 insertions(+), 2 deletions(-)
 create mode 100644 spec/build/api/core/AuthSystemDefaultSpec.php

diff --git a/build/api/core/AuthSystemDefault.php b/build/api/core/AuthSystemDefault.php
index 0887245..74c7d84 100755
--- a/build/api/core/AuthSystemDefault.php
+++ b/build/api/core/AuthSystemDefault.php
@@ -179,7 +179,11 @@
 
 			/* [1] Check format -> if not array of array(s) -> ERROR
 			=========================================================*/
-			/* (1) If not array of array(s) -> ERROR*/
+			/* (1) If not array -> ERROR */
+			if( !is_array($expected) )
+				return new Error(Err::FormatError);
+
+			/* (2) If not array of array(s) -> ERROR */
 			foreach($expected as $permissions)
 				if( !is_array($permissions) )
 					return new Error(Err::FormatError);
@@ -191,6 +195,7 @@
 
 				/* If granted -> don't go further */
 				$error_propag[]= self::check_permission_group($module, $permission_group);
+
 				if( $error_propag[count($error_propag)-1] == Err::Success )
 					return new Error(Err::Success);
 
@@ -232,7 +237,7 @@
 
 				/* (2) Si admin requis, mais manquant
 				---------------------------------------------------------*/
-				if( in_array('admin', $expected) && self::auth() < 2 )
+				if( in_array('admin', $expected) && self::auth() != 2 )
 					return Err::PermissionError;
 
 				/* (3) Si SATS requis, mais manquant
@@ -252,6 +257,7 @@
 
 			/* [2] Gestion des permissions
 			=========================================================*/
+
 				/* (1) Vérification de toutes les permissions requises */
 				foreach($expected as $permission)
 					// Si il manque au minimum une permission, on retourne FALSE
diff --git a/spec/build/api/core/AuthSystemDefaultSpec.php b/spec/build/api/core/AuthSystemDefaultSpec.php
new file mode 100644
index 0000000..5946fe6
--- /dev/null
+++ b/spec/build/api/core/AuthSystemDefaultSpec.php
@@ -0,0 +1,351 @@
+<?php
+
+	use Kahlan\Plugin\Stub;
+	use Kahlan\Plugin\Monkey;
+
+	use api\core\AuthSystemDefault;
+	use error\core\Err;
+
+	describe('api', function(){
+		describe('core', function(){
+
+			describe('AuthSystemDefault', function(){
+
+				context('Permission combination (AND, OR)', function(){
+
+					it('pass when single permission granted', function(){
+
+						$perm = [['A']];
+
+						$asd = new AuthSystemDefault();
+						$_SESSION['PERM'] = ['A'];
+						$err = $asd::permission('moduleDefault', $perm);
+						expect($err)->toBeAnInstanceOf('error\\core\\Error');
+						expect($err->get())->toBe(Err::Success);
+
+					});
+
+					it('fail when \'unknown permission\' not granted', function(){
+
+						$perm = [['unknown_permission']];
+
+						$asd = new AuthSystemDefault();
+						$err = $asd::permission('moduleA', $perm);
+						expect($err)->toBeAnInstanceOf('error\\core\\Error');
+						expect($err->get())->toBe(Err::PermissionError);
+
+					});
+
+					it('pass if (A or B) and either A or B', function(){
+
+						$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];
+
+						// available permission
+						$perm = [['A'], ['B']];
+						$asd = new AuthSystemDefault();
+
+						/* (1) Permission A */
+						$_SESSION['PERM'] = ['A', 'C'];
+						$err = $asd::permission('moduleDefault', $perm);
+						expect($err)->toBeAnInstanceOf('error\\core\\Error');
+						expect($err->get())->toBe(Err::Success);
+
+						/* (2) Permission B */
+						$_SESSION['PERM'] = ['B', 'C'];
+						$err = $asd::permission('moduleDefault', $perm);
+						expect($err)->toBeAnInstanceOf('error\\core\\Error');
+						expect($err->get())->toBe(Err::Success);
+
+					});
+
+					it('fail if (A or B) and neither A nor B', function(){
+
+						$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];
+
+						// available permission
+						$perm = [['A'], ['B']];
+						$asd = new AuthSystemDefault();
+
+						$_SESSION['PERM'] = ['X', 'C'];
+						$err = $asd::permission('moduleDefault', $perm);
+						expect($err)->toBeAnInstanceOf('error\\core\\Error');
+						expect($err->get())->toBe(Err::PermissionError);
+
+					});
+
+					it('pass if (A and B) and A and B', function(){
+
+						$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];
+
+						// available permission
+						$perm = [['A', 'B']];
+						$asd = new AuthSystemDefault();
+
+						/* (1) Permission A */
+						$_SESSION['PERM'] = ['A', 'B', 'C'];
+						$err = $asd::permission('moduleDefault', $perm);
+						expect($err)->toBeAnInstanceOf('error\\core\\Error');
+						expect($err->get())->toBe(Err::Success);
+
+					});
+
+					it('fail if (A and B) and only A or B', function(){
+
+						$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];
+
+						// available permission
+						$perm = [['A', 'B']];
+						$asd = new AuthSystemDefault();
+
+						/* (1) Permission A */
+						$_SESSION['PERM'] = ['A', 'C'];
+						$err = $asd::permission('moduleDefault', $perm);
+						expect($err)->toBeAnInstanceOf('error\\core\\Error');
+						expect($err->get())->toBe(Err::PermissionError);
+
+						/* (2) Permission B */
+						$_SESSION['PERM'] = ['B', 'C'];
+						$err = $asd::permission('moduleDefault', $perm);
+						expect($err)->toBeAnInstanceOf('error\\core\\Error');
+						expect($err->get())->toBe(Err::PermissionError);
+
+					});
+
+					it('pass if ((A and B) OR (C and D)) and (A and B) or (C and D)', function(){
+
+						$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];
+
+						// available permission
+						$perm = [['A', 'B'], ['C', 'D']];
+						$asd = new AuthSystemDefault();
+
+						/* (1) Permission A+B */
+						$_SESSION['PERM'] = ['A', 'B'];
+						$err = $asd::permission('moduleDefault', $perm);
+						expect($err)->toBeAnInstanceOf('error\\core\\Error');
+						expect($err->get())->toBe(Err::Success);
+
+						/* (2) Permission C+D */
+						$_SESSION['PERM'] = ['C', 'D'];
+						$err = $asd::permission('moduleDefault', $perm);
+						expect($err)->toBeAnInstanceOf('error\\core\\Error');
+						expect($err->get())->toBe(Err::Success);
+
+					});
+
+					it('fail if ((A and B) OR (C and D)) and (A and C) or (A and D)', function(){
+
+						$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];
+
+						// available permission
+						$perm = [['A', 'B'], ['C', 'D']];
+						$asd = new AuthSystemDefault();
+
+						/* (1) Permission A+C */
+						$_SESSION['PERM'] = ['A', 'C'];
+						$err = $asd::permission('moduleDefault', $perm);
+						expect($err)->toBeAnInstanceOf('error\\core\\Error');
+						expect($err->get())->toBe(Err::PermissionError);
+
+						/* (2) Permission A+D */
+						$_SESSION['PERM'] = ['A', 'D'];
+						$err = $asd::permission('moduleDefault', $perm);
+						expect($err)->toBeAnInstanceOf('error\\core\\Error');
+						expect($err->get())->toBe(Err::PermissionError);
+
+					});
+
+				});
+
+				context('LogAuth permissions', function(){
+
+					context('module availability', function(){
+
+						it('fail if disabled module', function(){
+
+							$perm = [['warehouse']];
+
+							$asd = new AuthSystemDefault();
+							$_SESSION['AUTH'] = [1];
+							$err = $asd::permission('unknown_module', $perm);
+							expect($err)->toBeAnInstanceOf('error\\core\\Error');
+							expect($err->get())->toBe(Err::DisabledModule);
+
+						});
+
+						it('pass if enabled module', function(){
+
+							$perm = [['warehouse']];
+
+							$asd = new AuthSystemDefault();
+							$_SESSION['AUTH'] = [1];
+							$_SESSION['WAREHOUSE'] = [
+								'modules' => ['known_module']
+							];
+							$err = $asd::permission('known_module', $perm);
+							expect($err)->toBeAnInstanceOf('error\\core\\Error');
+							expect($err->get())->toBe(Err::Success);
+
+						});
+
+						it('pass if default module', function(){
+
+							$perm = [['warehouse']];
+
+							$asd = new AuthSystemDefault();
+							$_SESSION['AUTH'] = [1];
+							$err = $asd::permission('modulenameDefault', $perm);
+							expect($err)->toBeAnInstanceOf('error\\core\\Error');
+							expect($err->get())->toBe(Err::Success);
+
+						});
+
+					});
+
+					context('permission format', function(){
+
+						it('fail if incorrect format (not array)', function(){
+
+							$perm = 'a';
+
+							$asd = new AuthSystemDefault();
+							$err = $asd::permission('moduleA', $perm);
+							expect($err)->toBeAnInstanceOf('error\\core\\Error');
+							expect($err->get())->toBe(Err::FormatError);
+
+						});
+
+						it('fail if incorrect format (1-depth array)', function(){
+
+							$perm = ['a'];
+
+							$asd = new AuthSystemDefault();
+							$err = $asd::permission('moduleA', $perm);
+							expect($err)->toBeAnInstanceOf('error\\core\\Error');
+							expect($err->get())->toBe(Err::FormatError);
+
+						});
+
+					});
+
+					context('single special permissions', function(){
+
+						it('fail when not \'warehouse\' granted', function(){
+
+							$perm = [['warehouse']];
+
+							$asd = new AuthSystemDefault();
+							$err = $asd::permission('moduleA', $perm);
+							expect($err)->toBeAnInstanceOf('error\\core\\Error');
+							expect($err->get())->toBe(Err::PermissionError);
+
+						});
+
+						it('fail when not \'admin\' granted', function(){
+
+							$perm = [['admin']];
+
+							$asd = new AuthSystemDefault();
+							$err = $asd::permission('moduleA', $perm);
+							expect($err)->toBeAnInstanceOf('error\\core\\Error');
+							expect($err->get())->toBe(Err::PermissionError);
+
+						});
+
+						it('fail when not \'sats\' granted', function(){
+
+							$perm = [['sats']];
+
+							$asd = new AuthSystemDefault();
+							$err = $asd::permission('moduleA', $perm);
+							expect($err)->toBeAnInstanceOf('error\\core\\Error');
+							expect($err->get())->toBe(Err::TokenError);
+
+						});
+
+
+
+						it('pass when \'warehouse\' granted', function(){
+
+							$perm = [['warehouse']];
+
+							$asd = new AuthSystemDefault();
+							$_SESSION['AUTH'] = [1];
+							$err = $asd::permission('moduleDefault', $perm);
+							expect($err)->toBeAnInstanceOf('error\\core\\Error');
+							expect($err->get())->toBe(Err::Success);
+
+						});
+
+						it('pass when \'admin\' granted', function(){
+
+							$perm = [['admin']];
+
+							$asd = new AuthSystemDefault();
+							$_SESSION['AUTH'] = [1, 2];
+							$err = $asd::permission('moduleDefault', $perm);
+							expect($err)->toBeAnInstanceOf('error\\core\\Error');
+							expect($err->get())->toBe(Err::Success);
+
+						});
+
+						it('pass when \'sats\' granted', function(){
+
+							$perm = [['sats']];
+
+							$asd = new AuthSystemDefault();
+							$_SESSION['AUTH'] = [1, 2, 3];
+							$err = $asd::permission('moduleDefault', $perm);
+							expect($err)->toBeAnInstanceOf('error\\core\\Error');
+							expect($err->get())->toBe(Err::Success);
+
+						});
+
+					});
+
+					context('special permissions inclusions (admin/sats in warehouse)', function(){
+
+						it('pass when \'warehouse\' required and have \'admin\'', function(){
+
+							$perm = [['warehouse']];
+
+							$asd = new AuthSystemDefault();
+							$_SESSION['AUTH'] = [1, 2]; // 2 = admin
+							$err = $asd::permission('moduleDefault', $perm);
+							expect($err)->toBeAnInstanceOf('error\\core\\Error');
+							expect($err->get())->toBe(Err::Success);
+
+						});
+
+						it('pass when \'warehouse\' required and have \'sats\'', function(){
+
+							$perm = [['warehouse']];
+
+							$asd = new AuthSystemDefault();
+							$_SESSION['AUTH'] = [1, 2, 3]; // 2 = sats
+							$err = $asd::permission('moduleDefault', $perm);
+							expect($err)->toBeAnInstanceOf('error\\core\\Error');
+							expect($err->get())->toBe(Err::Success);
+
+						});
+
+						it('fail when \'admin\' required and have \'sats\'', function(){
+
+							$perm = [['admin']];
+
+							$asd = new AuthSystemDefault();
+							$_SESSION['AUTH'] = [1, 2, 3]; // 2 = sats
+							$err = $asd::permission('moduleDefault', $perm);
+							expect($err)->toBeAnInstanceOf('error\\core\\Error');
+							expect($err->get())->not->toBe(Err::Success);
+
+						});
+
+					});
+
+				});
+
+			});
+
+		});
+	});
\ No newline at end of file