|
|
<?php |
|
|
|
|
|
require_once __DIR__.'/BaseProcedureTest.php'; |
|
|
|
|
|
class ProcedureAuthorizationTest extends BaseProcedureTest |
|
|
{ |
|
|
public function testApiCredentialDoNotHaveAccessToUserCredentialProcedure() |
|
|
{ |
|
|
$this->expectException('JsonRPC\Exception\AccessDeniedException'); |
|
|
$this->app->getMe(); |
|
|
} |
|
|
|
|
|
public function testUserCredentialDoNotHaveAccessToAdminProcedures() |
|
|
{ |
|
|
$this->expectException('JsonRPC\Exception\AccessDeniedException'); |
|
|
$this->user->getUser(1); |
|
|
} |
|
|
|
|
|
public function testManagerCredentialDoNotHaveAccessToAdminProcedures() |
|
|
{ |
|
|
$this->expectException('JsonRPC\Exception\AccessDeniedException'); |
|
|
$this->user->getAllProjects(); |
|
|
} |
|
|
|
|
|
public function testUserCredentialDoNotHaveAccessToManagerProcedures() |
|
|
{ |
|
|
$this->expectException('JsonRPC\Exception\AccessDeniedException'); |
|
|
$this->user->createProject('Team project creation are only for app managers'); |
|
|
} |
|
|
|
|
|
public function testAppManagerCanCreateTeamProject() |
|
|
{ |
|
|
$this->assertNotFalse($this->manager->createProject('Team project created by app manager')); |
|
|
} |
|
|
|
|
|
public function testAdminManagerCanCreateTeamProject() |
|
|
{ |
|
|
$projectId = $this->admin->createProject('Team project created by admin'); |
|
|
$this->assertNotFalse($projectId); |
|
|
|
|
|
$this->expectException('JsonRPC\Exception\AccessDeniedException'); |
|
|
$this->assertNotNull($this->manager->getProjectById($projectId)); |
|
|
} |
|
|
|
|
|
public function testProjectManagerCanUpdateHisProject() |
|
|
{ |
|
|
$projectId = $this->manager->createProject(array( |
|
|
'name' => 'Team project can be updated', |
|
|
'owner_id' => $this->managerUserId, |
|
|
)); |
|
|
|
|
|
$this->assertNotFalse($projectId); |
|
|
$this->assertEquals('project-manager', $this->app->getProjectUserRole($projectId, $this->managerUserId)); |
|
|
$this->assertNotNull($this->manager->getProjectById($projectId)); |
|
|
|
|
|
$this->assertTrue($this->manager->updateProject($projectId, 'My team project have been updated')); |
|
|
} |
|
|
|
|
|
public function testProjectAuthorizationForbidden() |
|
|
{ |
|
|
$projectId = $this->manager->createProject('A team project without members'); |
|
|
$this->assertNotFalse($projectId); |
|
|
|
|
|
$this->expectException('JsonRPC\Exception\AccessDeniedException'); |
|
|
$this->user->getProjectById($projectId); |
|
|
} |
|
|
|
|
|
public function testProjectAuthorizationGranted() |
|
|
{ |
|
|
$projectId = $this->manager->createProject(array( |
|
|
'name' => 'A team project with members', |
|
|
'owner_id' => $this->managerUserId, |
|
|
)); |
|
|
|
|
|
$this->assertNotFalse($projectId); |
|
|
|
|
|
$this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId)); |
|
|
$this->assertNotNull($this->user->getProjectById($projectId)); |
|
|
} |
|
|
|
|
|
public function testActionAuthorizationForbidden() |
|
|
{ |
|
|
$projectId = $this->manager->createProject(array( |
|
|
'name' => 'Test Project', |
|
|
'owner_id' => $this->managerUserId, |
|
|
)); |
|
|
|
|
|
$this->assertNotFalse($projectId); |
|
|
|
|
|
$actionId = $this->manager->createAction($projectId, 'task.move.column', '\Kanboard\Action\TaskCloseColumn', array('column_id' => 1)); |
|
|
$this->assertNotFalse($actionId); |
|
|
|
|
|
$this->expectException('JsonRPC\Exception\AccessDeniedException'); |
|
|
$this->user->removeAction($projectId); |
|
|
} |
|
|
|
|
|
public function testActionAuthorizationForbiddenBecauseNotProjectManager() |
|
|
{ |
|
|
$projectId = $this->manager->createProject(array( |
|
|
'name' => 'Test Project', |
|
|
'owner_id' => $this->managerUserId, |
|
|
)); |
|
|
|
|
|
$this->assertNotFalse($projectId); |
|
|
|
|
|
$actionId = $this->manager->createAction($projectId, 'task.move.column', '\Kanboard\Action\TaskCloseColumn', array('column_id' => 1)); |
|
|
$this->assertNotFalse($actionId); |
|
|
|
|
|
$this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-member')); |
|
|
|
|
|
$this->expectException('JsonRPC\Exception\AccessDeniedException'); |
|
|
$this->user->removeAction($actionId); |
|
|
} |
|
|
|
|
|
public function testActionAuthorizationGranted() |
|
|
{ |
|
|
$projectId = $this->manager->createProject(array( |
|
|
'name' => 'Test Project', |
|
|
'owner_id' => $this->managerUserId, |
|
|
)); |
|
|
|
|
|
$this->assertNotFalse($projectId); |
|
|
|
|
|
$actionId = $this->manager->createAction($projectId, 'task.move.column', '\Kanboard\Action\TaskCloseColumn', array('column_id' => 1)); |
|
|
$this->assertNotFalse($actionId); |
|
|
|
|
|
$this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-manager')); |
|
|
$this->assertTrue($this->user->removeAction($actionId)); |
|
|
} |
|
|
|
|
|
public function testCategoryAuthorizationForbidden() |
|
|
{ |
|
|
$projectId = $this->manager->createProject(array( |
|
|
'name' => 'Test Project', |
|
|
'owner_id' => $this->managerUserId, |
|
|
)); |
|
|
|
|
|
$this->assertNotFalse($projectId); |
|
|
|
|
|
$categoryId = $this->manager->createCategory($projectId, 'Test'); |
|
|
$this->assertNotFalse($categoryId); |
|
|
|
|
|
$this->expectException('JsonRPC\Exception\AccessDeniedException'); |
|
|
$this->user->removeCategory($categoryId); |
|
|
} |
|
|
|
|
|
public function testCategoryAuthorizationForbiddenBecauseNotProjectManager() |
|
|
{ |
|
|
$projectId = $this->manager->createProject(array( |
|
|
'name' => 'Test Project', |
|
|
'owner_id' => $this->managerUserId, |
|
|
)); |
|
|
|
|
|
$this->assertNotFalse($projectId); |
|
|
|
|
|
$categoryId = $this->manager->createCategory($projectId, 'Test'); |
|
|
$this->assertNotFalse($categoryId); |
|
|
|
|
|
$this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-member')); |
|
|
$this->expectException('JsonRPC\Exception\AccessDeniedException'); |
|
|
$this->user->removeCategory($categoryId); |
|
|
} |
|
|
|
|
|
public function testCategoryAuthorizationGranted() |
|
|
{ |
|
|
$projectId = $this->manager->createProject(array( |
|
|
'name' => 'Test Project', |
|
|
'owner_id' => $this->managerUserId, |
|
|
)); |
|
|
|
|
|
$this->assertNotFalse($projectId); |
|
|
|
|
|
$categoryId = $this->manager->createCategory($projectId, 'Test'); |
|
|
$this->assertNotFalse($categoryId); |
|
|
|
|
|
$this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-manager')); |
|
|
$this->assertTrue($this->user->removeCategory($categoryId)); |
|
|
} |
|
|
|
|
|
public function testColumnAuthorizationForbidden() |
|
|
{ |
|
|
$projectId = $this->manager->createProject(array( |
|
|
'name' => 'Test Project', |
|
|
'owner_id' => $this->managerUserId, |
|
|
)); |
|
|
|
|
|
$this->assertNotFalse($projectId); |
|
|
|
|
|
$columnId = $this->manager->addColumn($projectId, 'Test'); |
|
|
$this->assertNotFalse($columnId); |
|
|
|
|
|
$this->expectException('JsonRPC\Exception\AccessDeniedException'); |
|
|
$this->user->removeColumn($columnId); |
|
|
} |
|
|
|
|
|
public function testColumnAuthorizationForbiddenBecauseNotProjectManager() |
|
|
{ |
|
|
$projectId = $this->manager->createProject(array( |
|
|
'name' => 'Test Project', |
|
|
'owner_id' => $this->managerUserId, |
|
|
)); |
|
|
|
|
|
$this->assertNotFalse($projectId); |
|
|
|
|
|
$columnId = $this->manager->addColumn($projectId, 'Test'); |
|
|
$this->assertNotFalse($columnId); |
|
|
|
|
|
$this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-member')); |
|
|
$this->expectException('JsonRPC\Exception\AccessDeniedException'); |
|
|
$this->user->removeColumn($columnId); |
|
|
} |
|
|
|
|
|
public function testColumnAuthorizationGranted() |
|
|
{ |
|
|
$projectId = $this->manager->createProject(array( |
|
|
'name' => 'Test Project', |
|
|
'owner_id' => $this->managerUserId, |
|
|
)); |
|
|
|
|
|
$this->assertNotFalse($projectId); |
|
|
|
|
|
$columnId = $this->manager->addColumn($projectId, 'Test'); |
|
|
$this->assertNotFalse($columnId); |
|
|
|
|
|
$this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-manager')); |
|
|
$this->assertTrue($this->user->removeColumn($columnId)); |
|
|
} |
|
|
|
|
|
public function testCommentAuthorizationForbidden() |
|
|
{ |
|
|
$projectId = $this->manager->createProject(array( |
|
|
'name' => 'Test Project', |
|
|
'owner_id' => $this->managerUserId, |
|
|
)); |
|
|
|
|
|
$this->assertNotFalse($projectId); |
|
|
$this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-viewer')); |
|
|
|
|
|
$taskId = $this->manager->createTask('My Task', $projectId); |
|
|
$this->assertNotFalse($taskId); |
|
|
|
|
|
$commentId = $this->manager->createComment($taskId, $this->userUserId, 'My comment'); |
|
|
$this->assertNotFalse($commentId); |
|
|
|
|
|
$this->expectException('JsonRPC\Exception\AccessDeniedException'); |
|
|
$this->user->updateComment($commentId, 'something else'); |
|
|
} |
|
|
|
|
|
public function testCommentAuthorizationGranted() |
|
|
{ |
|
|
$projectId = $this->manager->createProject(array( |
|
|
'name' => 'Test Project', |
|
|
'owner_id' => $this->managerUserId, |
|
|
)); |
|
|
|
|
|
$this->assertNotFalse($projectId); |
|
|
$this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-member')); |
|
|
|
|
|
$taskId = $this->user->createTask('My Task', $projectId); |
|
|
$this->assertNotFalse($taskId); |
|
|
|
|
|
$commentId = $this->user->createComment($taskId, $this->userUserId, 'My comment'); |
|
|
$this->assertNotFalse($commentId); |
|
|
|
|
|
$this->assertTrue($this->user->updateComment($commentId, 'something else')); |
|
|
} |
|
|
|
|
|
public function testSubtaskAuthorizationForbidden() |
|
|
{ |
|
|
$projectId = $this->manager->createProject(array( |
|
|
'name' => 'Test Project', |
|
|
'owner_id' => $this->managerUserId, |
|
|
)); |
|
|
|
|
|
$this->assertNotFalse($projectId); |
|
|
$this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-viewer')); |
|
|
|
|
|
$taskId = $this->manager->createTask('My Task', $projectId); |
|
|
$this->assertNotFalse($taskId); |
|
|
|
|
|
$subtaskId = $this->manager->createSubtask($taskId, 'My subtask'); |
|
|
$this->assertNotFalse($subtaskId); |
|
|
|
|
|
$this->expectException('JsonRPC\Exception\AccessDeniedException'); |
|
|
$this->user->removeSubtask($subtaskId); |
|
|
} |
|
|
|
|
|
public function testSubtaskAuthorizationGranted() |
|
|
{ |
|
|
$projectId = $this->manager->createProject(array( |
|
|
'name' => 'Test Project', |
|
|
'owner_id' => $this->managerUserId, |
|
|
)); |
|
|
|
|
|
$this->assertNotFalse($projectId); |
|
|
$this->assertTrue($this->manager->addProjectUser($projectId, $this->userUserId, 'project-member')); |
|
|
|
|
|
$taskId = $this->user->createTask('My Task', $projectId); |
|
|
$this->assertNotFalse($taskId); |
|
|
|
|
|
$subtaskId = $this->manager->createSubtask($taskId, 'My subtask'); |
|
|
$this->assertNotFalse($subtaskId); |
|
|
|
|
|
$this->assertTrue($this->user->removeSubtask($subtaskId)); |
|
|
} |
|
|
} |
|
|
|
