351 lines
9.6 KiB
PHP
351 lines
9.6 KiB
PHP
<?php
|
|
|
|
use Kahlan\Plugin\Stub;
|
|
use Kahlan\Plugin\Monkey;
|
|
|
|
use api\core\AuthSystemDefault;
|
|
use error\core\Err;
|
|
|
|
describe('api', function(){
|
|
describe('core', function(){
|
|
|
|
describe('AuthSystemDefault', function(){
|
|
|
|
context('Permission combination (AND, OR)', function(){
|
|
|
|
it('pass when single permission granted', function(){
|
|
|
|
$perm = [['A']];
|
|
|
|
$asd = new AuthSystemDefault();
|
|
$_SESSION['PERM'] = ['A'];
|
|
$err = $asd::permission('moduleDefault', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::Success);
|
|
|
|
});
|
|
|
|
it('fail when \'unknown permission\' not granted', function(){
|
|
|
|
$perm = [['unknown_permission']];
|
|
|
|
$asd = new AuthSystemDefault();
|
|
$err = $asd::permission('moduleA', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::PermissionError);
|
|
|
|
});
|
|
|
|
it('pass if (A or B) and either A or B', function(){
|
|
|
|
$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];
|
|
|
|
// available permission
|
|
$perm = [['A'], ['B']];
|
|
$asd = new AuthSystemDefault();
|
|
|
|
/* (1) Permission A */
|
|
$_SESSION['PERM'] = ['A', 'C'];
|
|
$err = $asd::permission('moduleDefault', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::Success);
|
|
|
|
/* (2) Permission B */
|
|
$_SESSION['PERM'] = ['B', 'C'];
|
|
$err = $asd::permission('moduleDefault', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::Success);
|
|
|
|
});
|
|
|
|
it('fail if (A or B) and neither A nor B', function(){
|
|
|
|
$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];
|
|
|
|
// available permission
|
|
$perm = [['A'], ['B']];
|
|
$asd = new AuthSystemDefault();
|
|
|
|
$_SESSION['PERM'] = ['X', 'C'];
|
|
$err = $asd::permission('moduleDefault', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::PermissionError);
|
|
|
|
});
|
|
|
|
it('pass if (A and B) and A and B', function(){
|
|
|
|
$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];
|
|
|
|
// available permission
|
|
$perm = [['A', 'B']];
|
|
$asd = new AuthSystemDefault();
|
|
|
|
/* (1) Permission A */
|
|
$_SESSION['PERM'] = ['A', 'B', 'C'];
|
|
$err = $asd::permission('moduleDefault', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::Success);
|
|
|
|
});
|
|
|
|
it('fail if (A and B) and only A or B', function(){
|
|
|
|
$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];
|
|
|
|
// available permission
|
|
$perm = [['A', 'B']];
|
|
$asd = new AuthSystemDefault();
|
|
|
|
/* (1) Permission A */
|
|
$_SESSION['PERM'] = ['A', 'C'];
|
|
$err = $asd::permission('moduleDefault', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::PermissionError);
|
|
|
|
/* (2) Permission B */
|
|
$_SESSION['PERM'] = ['B', 'C'];
|
|
$err = $asd::permission('moduleDefault', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::PermissionError);
|
|
|
|
});
|
|
|
|
it('pass if ((A and B) OR (C and D)) and (A and B) or (C and D)', function(){
|
|
|
|
$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];
|
|
|
|
// available permission
|
|
$perm = [['A', 'B'], ['C', 'D']];
|
|
$asd = new AuthSystemDefault();
|
|
|
|
/* (1) Permission A+B */
|
|
$_SESSION['PERM'] = ['A', 'B'];
|
|
$err = $asd::permission('moduleDefault', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::Success);
|
|
|
|
/* (2) Permission C+D */
|
|
$_SESSION['PERM'] = ['C', 'D'];
|
|
$err = $asd::permission('moduleDefault', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::Success);
|
|
|
|
});
|
|
|
|
it('fail if ((A and B) OR (C and D)) and (A and C) or (A and D)', function(){
|
|
|
|
$_SESSION = [ 'WAREHOUSE' => [ 'modules' => ['moduleA'] ] ];
|
|
|
|
// available permission
|
|
$perm = [['A', 'B'], ['C', 'D']];
|
|
$asd = new AuthSystemDefault();
|
|
|
|
/* (1) Permission A+C */
|
|
$_SESSION['PERM'] = ['A', 'C'];
|
|
$err = $asd::permission('moduleDefault', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::PermissionError);
|
|
|
|
/* (2) Permission A+D */
|
|
$_SESSION['PERM'] = ['A', 'D'];
|
|
$err = $asd::permission('moduleDefault', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::PermissionError);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
context('LogAuth permissions', function(){
|
|
|
|
context('module availability', function(){
|
|
|
|
it('fail if disabled module', function(){
|
|
|
|
$perm = [['warehouse']];
|
|
|
|
$asd = new AuthSystemDefault();
|
|
$_SESSION['AUTH'] = [1];
|
|
$err = $asd::permission('unknown_module', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::DisabledModule);
|
|
|
|
});
|
|
|
|
it('pass if enabled module', function(){
|
|
|
|
$perm = [['warehouse']];
|
|
|
|
$asd = new AuthSystemDefault();
|
|
$_SESSION['AUTH'] = [1];
|
|
$_SESSION['WAREHOUSE'] = [
|
|
'modules' => ['known_module']
|
|
];
|
|
$err = $asd::permission('known_module', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::Success);
|
|
|
|
});
|
|
|
|
it('pass if default module', function(){
|
|
|
|
$perm = [['warehouse']];
|
|
|
|
$asd = new AuthSystemDefault();
|
|
$_SESSION['AUTH'] = [1];
|
|
$err = $asd::permission('modulenameDefault', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::Success);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
context('permission format', function(){
|
|
|
|
it('fail if incorrect format (not array)', function(){
|
|
|
|
$perm = 'a';
|
|
|
|
$asd = new AuthSystemDefault();
|
|
$err = $asd::permission('moduleA', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::FormatError);
|
|
|
|
});
|
|
|
|
it('fail if incorrect format (1-depth array)', function(){
|
|
|
|
$perm = ['a'];
|
|
|
|
$asd = new AuthSystemDefault();
|
|
$err = $asd::permission('moduleA', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::FormatError);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
context('single special permissions', function(){
|
|
|
|
it('fail when not \'warehouse\' granted', function(){
|
|
|
|
$perm = [['warehouse']];
|
|
|
|
$asd = new AuthSystemDefault();
|
|
$err = $asd::permission('moduleA', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::PermissionError);
|
|
|
|
});
|
|
|
|
it('fail when not \'admin\' granted', function(){
|
|
|
|
$perm = [['admin']];
|
|
|
|
$asd = new AuthSystemDefault();
|
|
$err = $asd::permission('moduleA', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::PermissionError);
|
|
|
|
});
|
|
|
|
it('fail when not \'sats\' granted', function(){
|
|
|
|
$perm = [['sats']];
|
|
|
|
$asd = new AuthSystemDefault();
|
|
$err = $asd::permission('moduleA', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::TokenError);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('pass when \'warehouse\' granted', function(){
|
|
|
|
$perm = [['warehouse']];
|
|
|
|
$asd = new AuthSystemDefault();
|
|
$_SESSION['AUTH'] = [1];
|
|
$err = $asd::permission('moduleDefault', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::Success);
|
|
|
|
});
|
|
|
|
it('pass when \'admin\' granted', function(){
|
|
|
|
$perm = [['admin']];
|
|
|
|
$asd = new AuthSystemDefault();
|
|
$_SESSION['AUTH'] = [1, 2];
|
|
$err = $asd::permission('moduleDefault', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::Success);
|
|
|
|
});
|
|
|
|
it('pass when \'sats\' granted', function(){
|
|
|
|
$perm = [['sats']];
|
|
|
|
$asd = new AuthSystemDefault();
|
|
$_SESSION['AUTH'] = [1, 2, 3];
|
|
$err = $asd::permission('moduleDefault', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::Success);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
context('special permissions inclusions (admin/sats in warehouse)', function(){
|
|
|
|
it('pass when \'warehouse\' required and have \'admin\'', function(){
|
|
|
|
$perm = [['warehouse']];
|
|
|
|
$asd = new AuthSystemDefault();
|
|
$_SESSION['AUTH'] = [1, 2]; // 2 = admin
|
|
$err = $asd::permission('moduleDefault', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::Success);
|
|
|
|
});
|
|
|
|
it('pass when \'warehouse\' required and have \'sats\'', function(){
|
|
|
|
$perm = [['warehouse']];
|
|
|
|
$asd = new AuthSystemDefault();
|
|
$_SESSION['AUTH'] = [1, 2, 3]; // 2 = sats
|
|
$err = $asd::permission('moduleDefault', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->toBe(Err::Success);
|
|
|
|
});
|
|
|
|
it('fail when \'admin\' required and have \'sats\'', function(){
|
|
|
|
$perm = [['admin']];
|
|
|
|
$asd = new AuthSystemDefault();
|
|
$_SESSION['AUTH'] = [1, 2, 3]; // 2 = sats
|
|
$err = $asd::permission('moduleDefault', $perm);
|
|
expect($err)->toBeAnInstanceOf('error\\core\\Error');
|
|
expect($err->get())->not->toBe(Err::Success);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
}); |