functional tests for user roles

alterphp · Jan 29, 2018 · 54be272 · 54be272
1 parent 560969b
commit 54be272
Show file tree

Hide file tree

Showing 5 changed files with 183 additions and 1 deletion.
diff --git a/tests/Controller/UserRolesTest.php b/tests/Controller/UserRolesTest.php
@@ -0,0 +1,142 @@
+<?php
+
+namespace AlterPHP\EasyAdminExtensionBundle\Tests\Controller;
+
+use AlterPHP\EasyAdminExtensionBundle\Tests\Fixtures\AbstractTestCase;
+use Symfony\Component\BrowserKit\Cookie;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+
+class UserRolesTest extends AbstractTestCase
+{
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->initClient(array('environment' => 'user_roles'));
+    }
+
+    private function logIn($roles = ['ROLE_ADMIN'])
+    {
+        $session = $this->client->getContainer()->get('session');
+
+        // the firewall context defaults to the firewall name
+        $firewallContext = 'secured_area';
+
+        $token = new UsernamePasswordToken('admin', null, $firewallContext, $roles);
+        $session->set('_security_'.$firewallContext, serialize($token));
+        $session->save();
+
+        $cookie = new Cookie($session->getName(), $session->getId());
+        $this->client->getCookieJar()->set($cookie);
+    }
+
+    public function testAdminIsNotReachableWithoutMinimumRole()
+    {
+        $this->logIn(['ROLE_CATEGORY_LIST']);
+
+        $this->client->followRedirects();
+
+        $crawler = $this->getBackendPage();
+
+        $this->assertEquals(403, $this->client->getResponse()->getStatusCode());
+
+        $this->assertEquals(
+            'You must be granted ROLE_ADMIN role to access admin ! (403 Forbidden)',
+            trim($crawler->filterXPath('//head/title')->text())
+        );
+    }
+
+    public function testAdminIsReachableWithMinimumRole()
+    {
+        $this->logIn(['ROLE_ADMIN', 'ROLE_CATEGORY_LIST']);
+
+        $this->client->followRedirects();
+
+        $crawler = $this->getBackendPage();
+
+        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
+    }
+
+    public function testMenuIsWellPRuned()
+    {
+        $this->logIn(['ROLE_ADMIN', 'ROLE_CATEGORY_LIST']);
+
+        $this->client->followRedirects();
+
+        $crawler = $this->getBackendPage();
+
+        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
+
+        $this->assertEquals(
+            1,
+            $crawler->filter('body ul.sidebar-menu li:contains("Catalog")')->count()
+        );
+        $this->assertEquals(
+            1,
+            $crawler->filter('body ul.sidebar-menu li ul li:contains("Categories")')->count()
+        );
+        $this->assertEquals(
+            0,
+            $crawler->filter('body ul.sidebar-menu li ul li:contains("Products")')->count()
+        );
+        $this->assertEquals(
+            0,
+            $crawler->filter('body ul.sidebar-menu li:contains("Images")')->count()
+        );
+        $this->assertEquals(
+            0,
+            $crawler->filter('body ul.sidebar-menu li:contains("Sales")')->count()
+        );
+        $this->assertEquals(
+            0,
+            $crawler->filter('body ul.sidebar-menu li ul li:contains("Purchases")')->count()
+        );
+        $this->assertEquals(
+            0,
+            $crawler->filter('body ul.sidebar-menu li ul li:contains("Purchases items")')->count()
+        );
+    }
+
+    public function testEntityActionsAreFilteredOnPrefixedRoles()
+    {
+        $this->logIn(['ROLE_ADMIN', 'ROLE_CATEGORY_LIST', 'ROLE_CATEGORY_SHOW']);
+
+        $this->client->followRedirects();
+
+        $this->getBackendPage(['entity' => 'Category', 'action' => 'list']);
+        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
+
+        // Tests that embeddedList is mapped on list action required roles
+        $this->getBackendPage(['entity' => 'Category', 'action' => 'embeddedList']);
+        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
+
+        $crawler = $this->getBackendPage(['entity' => 'Category', 'action' => 'edit', 'id' => 1]);
+        $this->assertEquals(403, $this->client->getResponse()->getStatusCode());
+        $this->assertEquals(
+            'You must be granted ROLE_CATEGORY_EDIT role to perform this entity action ! (403 Forbidden)',
+            trim($crawler->filterXPath('//head/title')->text())
+        );
+
+        $this->getBackendPage(['entity' => 'Category', 'action' => 'show', 'id' => 1]);
+        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
+    }
+
+    public function testEntityActionsAreFilteredOnSpecificRoles()
+    {
+        $this->logIn(['ROLE_ADMIN', 'ROLE_PRODUCT_LIST', 'ROLE_TEST_EDIT_PRODUCT']);
+
+        $this->client->followRedirects();
+
+        $this->getBackendPage(['entity' => 'Product', 'action' => 'list']);
+
+        $this->getBackendPage(['entity' => 'Product', 'action' => 'edit', 'id' => 1]);
+        $this->assertEquals(200, $this->client->getResponse()->getStatusCode());
+
+        $crawler = $this->getBackendPage(['entity' => 'Product', 'action' => 'show', 'id' => 1]);
+        $this->assertEquals(403, $this->client->getResponse()->getStatusCode());
+        $this->assertEquals(
+            'You must be granted ROLE_TEST_SHOW_PRODUCT role to perform this entity action ! (403 Forbidden)',
+            trim($crawler->filterXPath('//head/title')->text())
+        );
+    }
+}
diff --git a/tests/Fixtures/AbstractTestCase.php b/tests/Fixtures/AbstractTestCase.php
@@ -59,7 +59,7 @@ protected function initDatabase()
      *
      * @return Crawler
      */
-    protected function getBackendPage(array $queryParameters)
+    protected function getBackendPage(array $queryParameters = [])
     {
         return $this->client->request('GET', '/admin/?'.http_build_query($queryParameters, '', '&'));
     }

diff --git a/tests/Fixtures/App/config/config.yml b/tests/Fixtures/App/config/config.yml
@@ -44,6 +44,7 @@ doctrine:
 security:
     firewalls:
         secured_area:
+            http_basic: ~
             pattern:    ^/
             anonymous:  true
     providers:

diff --git a/tests/Fixtures/App/config/config_user_roles.yml b/tests/Fixtures/App/config/config_user_roles.yml
@@ -0,0 +1,38 @@
+imports:
+    - { resource: config.yml }
+
+easy_admin_extension:
+    minimum_role: ROLE_ADMIN
+
+easy_admin:
+    design:
+        menu:
+            - label: Catalog
+              children:
+                - { label: Categories, entity: Category, role: ROLE_CATEGORY_LIST }
+                - { label: Products, entity: Product, role: ROLE_PRODUCT_LIST }
+            - { label: Images, entity: Image, role: ROLE_IMAGE_LIST }
+            - label: Sales
+              children:
+                - { label: Purchases, entity: Purchase, role: ROLE_PURCHASE_LIST }
+                - { label: Purchases items, entity: PurchaseItem, role: ROLE_PURCHASEITEM_LIST }
+    entities:
+        Category:
+            class: AppTestBundle\Entity\FunctionalTests\Category
+            role_prefix: ROLE_CATEGORY
+        Image:
+            class: AppTestBundle\Entity\FunctionalTests\Image
+            role_prefix: ROLE_IMAGE
+        Purchase:
+            class: AppTestBundle\Entity\FunctionalTests\Purchase
+            role_prefix: ROLE_PURCHASE
+        PurchaseItem:
+            class: AppTestBundle\Entity\FunctionalTests\PurchaseItem
+            role_prefix: ROLE_PURCHASEITEM
+        Product:
+            class: AppTestBundle\Entity\FunctionalTests\Product
+            role_prefix: ROLE_PRODUCT
+            edit:
+                role: ROLE_TEST_EDIT_PRODUCT
+            show:
+                role: ROLE_TEST_SHOW_PRODUCT
diff --git a/tests/Fixtures/AppTestBundle/Resources/views/dasboard/dashboard.html.twig b/tests/Fixtures/AppTestBundle/Resources/views/dasboard/dashboard.html.twig
@@ -0,0 +1 @@
+Dashboard