| | <?php |
| |
|
| | require_once __DIR__.'/BaseProcedureTest.php'; |
| |
|
| | class ProcedureAuthorizationTest extends BaseProcedureTest |
| | { |
| | public function testApiCredentialDoNotHaveAccessToUserCredentialProcedure() |
| | { |
| | $this->expectException('JsonRPC\Exception\AccessDeniedException'); |
| | $this->app->getMe(); |
| | } |
| |
|
| | public function testUserCredentialDoNotHaveAccessToAdminProcedures() |
| | { |
| | $this->expectException('JsonRPC\Exception\AccessDeniedException'); |
| | $this->user->getUser(1); |
| | } |
| |
|
| | public function testManagerCredentialDoNotHaveAccessToAdminProcedures() |
| | { |
| | $this->expectException('JsonRPC\Exception\AccessDeniedException'); |
| | $this->user->getAllProjects(); |
| | } |
| |
|
| | public function testUserCredentialDoNotHaveAccessToManagerProcedures() |
| | { |
| | $this->expectException('JsonRPC\Exception\AccessDeniedException'); |
| | $this->user->createProject('Team project creation are only for app managers'); |
| | } |
| |
|
| | public function testAppManagerCanCreateTeamProject() |
| | { |
| | $this->assertNotFalse($this->manager->createProject('Team project created by app manager')); |
| | } |
| |
|
| | public function testAdminManagerCanCreateTeamProject() |
| | { |
| | $projectId = $this->admin->createProject('Team project created by admin'); |
| | $this->assertNotFalse($projectId); |
| |
|
| | $this->expectException('JsonRPC\Exception\AccessDeniedException'); |
| | $this->assertNotNull($this->manager->getProjectById($projectId)); |
| | } |
| |
|
| | public function testProjectManagerCanUpdateHisProject() |
| | { |
| | $projectId = $this->manager->createProject(array( |
| | 'name' => 'Team project can be updated', |
| | 'owner_id' => $this->managerUserId, |
| | )); |
| |
|
| | $this->assertNotFalse($projectId); |
| | $this->assertEquals('project-manager', $this->app->getProjectUserRole($projectId, $this->managerUserId)); |
| | $this->assertNotNull($this->manager->getProjectById($projectId)); |
| |
|
| | $this->assertTrue($this->manager->updateProject($projectId, 'My team project have been updated')); |
| | } |
| |
|
| | public function testProjectAuthorizationForbidden() |
| | { |
| | $projectId = $this->manager->createProject('A team project without members'); |
| | $this->assertNotFalse($projectId); |
| |
|
| | $this->expectException('JsonRPC\Exception\AccessDeniedException'); |
| | $this->user->getProjectById($projectId); |
| | } |
| |
|
| | public function testProjectAuthorizationGranted() |
| | { |
| | $projectId = $this->manager->createProject(array( |
| | 'name' => 'A team project with members', |
| | 'owner_id' => $this->managerUserId, |
| | )); |
| |
|
| | $this->assertNotFalse($projectId); |
| |
|
| | $this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId)); |
| | $this->assertNotNull($this->user->getProjectById($projectId)); |
| | } |
| |
|
| | public function testActionAuthorizationForbidden() |
| | { |
| | $projectId = $this->manager->createProject(array( |
| | 'name' => 'Test Project', |
| | 'owner_id' => $this->managerUserId, |
| | )); |
| |
|
| | $this->assertNotFalse($projectId); |
| |
|
| | $actionId = $this->manager->createAction($projectId, 'task.move.column', '\Kanboard\Action\TaskCloseColumn', array('column_id' => 1)); |
| | $this->assertNotFalse($actionId); |
| |
|
| | $this->expectException('JsonRPC\Exception\AccessDeniedException'); |
| | $this->user->removeAction($projectId); |
| | } |
| |
|
| | public function testActionAuthorizationForbiddenBecauseNotProjectManager() |
| | { |
| | $projectId = $this->manager->createProject(array( |
| | 'name' => 'Test Project', |
| | 'owner_id' => $this->managerUserId, |
| | )); |
| |
|
| | $this->assertNotFalse($projectId); |
| |
|
| | $actionId = $this->manager->createAction($projectId, 'task.move.column', '\Kanboard\Action\TaskCloseColumn', array('column_id' => 1)); |
| | $this->assertNotFalse($actionId); |
| |
|
| | $this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-member')); |
| |
|
| | $this->expectException('JsonRPC\Exception\AccessDeniedException'); |
| | $this->user->removeAction($actionId); |
| | } |
| |
|
| | public function testActionAuthorizationGranted() |
| | { |
| | $projectId = $this->manager->createProject(array( |
| | 'name' => 'Test Project', |
| | 'owner_id' => $this->managerUserId, |
| | )); |
| |
|
| | $this->assertNotFalse($projectId); |
| |
|
| | $actionId = $this->manager->createAction($projectId, 'task.move.column', '\Kanboard\Action\TaskCloseColumn', array('column_id' => 1)); |
| | $this->assertNotFalse($actionId); |
| |
|
| | $this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-manager')); |
| | $this->assertTrue($this->user->removeAction($actionId)); |
| | } |
| |
|
| | public function testCategoryAuthorizationForbidden() |
| | { |
| | $projectId = $this->manager->createProject(array( |
| | 'name' => 'Test Project', |
| | 'owner_id' => $this->managerUserId, |
| | )); |
| |
|
| | $this->assertNotFalse($projectId); |
| |
|
| | $categoryId = $this->manager->createCategory($projectId, 'Test'); |
| | $this->assertNotFalse($categoryId); |
| |
|
| | $this->expectException('JsonRPC\Exception\AccessDeniedException'); |
| | $this->user->removeCategory($categoryId); |
| | } |
| |
|
| | public function testCategoryAuthorizationForbiddenBecauseNotProjectManager() |
| | { |
| | $projectId = $this->manager->createProject(array( |
| | 'name' => 'Test Project', |
| | 'owner_id' => $this->managerUserId, |
| | )); |
| |
|
| | $this->assertNotFalse($projectId); |
| |
|
| | $categoryId = $this->manager->createCategory($projectId, 'Test'); |
| | $this->assertNotFalse($categoryId); |
| |
|
| | $this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-member')); |
| | $this->expectException('JsonRPC\Exception\AccessDeniedException'); |
| | $this->user->removeCategory($categoryId); |
| | } |
| |
|
| | public function testCategoryAuthorizationGranted() |
| | { |
| | $projectId = $this->manager->createProject(array( |
| | 'name' => 'Test Project', |
| | 'owner_id' => $this->managerUserId, |
| | )); |
| |
|
| | $this->assertNotFalse($projectId); |
| |
|
| | $categoryId = $this->manager->createCategory($projectId, 'Test'); |
| | $this->assertNotFalse($categoryId); |
| |
|
| | $this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-manager')); |
| | $this->assertTrue($this->user->removeCategory($categoryId)); |
| | } |
| |
|
| | public function testColumnAuthorizationForbidden() |
| | { |
| | $projectId = $this->manager->createProject(array( |
| | 'name' => 'Test Project', |
| | 'owner_id' => $this->managerUserId, |
| | )); |
| |
|
| | $this->assertNotFalse($projectId); |
| |
|
| | $columnId = $this->manager->addColumn($projectId, 'Test'); |
| | $this->assertNotFalse($columnId); |
| |
|
| | $this->expectException('JsonRPC\Exception\AccessDeniedException'); |
| | $this->user->removeColumn($columnId); |
| | } |
| |
|
| | public function testColumnAuthorizationForbiddenBecauseNotProjectManager() |
| | { |
| | $projectId = $this->manager->createProject(array( |
| | 'name' => 'Test Project', |
| | 'owner_id' => $this->managerUserId, |
| | )); |
| |
|
| | $this->assertNotFalse($projectId); |
| |
|
| | $columnId = $this->manager->addColumn($projectId, 'Test'); |
| | $this->assertNotFalse($columnId); |
| |
|
| | $this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-member')); |
| | $this->expectException('JsonRPC\Exception\AccessDeniedException'); |
| | $this->user->removeColumn($columnId); |
| | } |
| |
|
| | public function testColumnAuthorizationGranted() |
| | { |
| | $projectId = $this->manager->createProject(array( |
| | 'name' => 'Test Project', |
| | 'owner_id' => $this->managerUserId, |
| | )); |
| |
|
| | $this->assertNotFalse($projectId); |
| |
|
| | $columnId = $this->manager->addColumn($projectId, 'Test'); |
| | $this->assertNotFalse($columnId); |
| |
|
| | $this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-manager')); |
| | $this->assertTrue($this->user->removeColumn($columnId)); |
| | } |
| |
|
| | public function testCommentAuthorizationForbidden() |
| | { |
| | $projectId = $this->manager->createProject(array( |
| | 'name' => 'Test Project', |
| | 'owner_id' => $this->managerUserId, |
| | )); |
| |
|
| | $this->assertNotFalse($projectId); |
| | $this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-viewer')); |
| |
|
| | $taskId = $this->manager->createTask('My Task', $projectId); |
| | $this->assertNotFalse($taskId); |
| |
|
| | $commentId = $this->manager->createComment($taskId, $this->userUserId, 'My comment'); |
| | $this->assertNotFalse($commentId); |
| |
|
| | $this->expectException('JsonRPC\Exception\AccessDeniedException'); |
| | $this->user->updateComment($commentId, 'something else'); |
| | } |
| |
|
| | public function testCommentAuthorizationGranted() |
| | { |
| | $projectId = $this->manager->createProject(array( |
| | 'name' => 'Test Project', |
| | 'owner_id' => $this->managerUserId, |
| | )); |
| |
|
| | $this->assertNotFalse($projectId); |
| | $this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-member')); |
| |
|
| | $taskId = $this->user->createTask('My Task', $projectId); |
| | $this->assertNotFalse($taskId); |
| |
|
| | $commentId = $this->user->createComment($taskId, $this->userUserId, 'My comment'); |
| | $this->assertNotFalse($commentId); |
| |
|
| | $this->assertTrue($this->user->updateComment($commentId, 'something else')); |
| | } |
| |
|
| | public function testSubtaskAuthorizationForbidden() |
| | { |
| | $projectId = $this->manager->createProject(array( |
| | 'name' => 'Test Project', |
| | 'owner_id' => $this->managerUserId, |
| | )); |
| |
|
| | $this->assertNotFalse($projectId); |
| | $this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-viewer')); |
| |
|
| | $taskId = $this->manager->createTask('My Task', $projectId); |
| | $this->assertNotFalse($taskId); |
| |
|
| | $subtaskId = $this->manager->createSubtask($taskId, 'My subtask'); |
| | $this->assertNotFalse($subtaskId); |
| |
|
| | $this->expectException('JsonRPC\Exception\AccessDeniedException'); |
| | $this->user->removeSubtask($subtaskId); |
| | } |
| |
|
| | public function testSubtaskAuthorizationGranted() |
| | { |
| | $projectId = $this->manager->createProject(array( |
| | 'name' => 'Test Project', |
| | 'owner_id' => $this->managerUserId, |
| | )); |
| |
|
| | $this->assertNotFalse($projectId); |
| | $this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-member')); |
| |
|
| | $taskId = $this->user->createTask('My Task', $projectId); |
| | $this->assertNotFalse($taskId); |
| |
|
| | $subtaskId = $this->manager->createSubtask($taskId, 'My subtask'); |
| | $this->assertNotFalse($subtaskId); |
| |
|
| | $this->assertTrue($this->user->removeSubtask($subtaskId)); |
| | } |
| | } |
| |
|
