Adding access right tests

dontdrinkandroot · Feb 22, 2016 · 00fff0f · 00fff0f
1 parent 83caa48
commit 00fff0f
Show file tree

Hide file tree

Showing 9 changed files with 189 additions and 8 deletions.
diff --git a/app/config/config_test.yml b/app/config/config_test.yml
@@ -20,3 +20,10 @@ doctrine:
 
 liip_functional_test:
     cache_sqlite_db: true
+
+ddr_gitki:
+    repository_path: '/tmp/gitkirepo/'
+    roles:
+        watcher: ROLE_WATCHER
+        committer: ROLE_COMMITTER
+        admin: ROLE_ADMIN
diff --git a/bin/set-permissions b/bin/set-permissions
@@ -13,3 +13,7 @@ sudo chown :www-data var/
 setAcl var/logs/
 setAcl var/cache/
 setAcl var/data/
+if [ -z "$1" ];
+    sudo chown :www-data $1
+    then setAcl $1
+fi
diff --git a/composer.lock b/composer.lock
diff --git a/src/WebBundle/Command/LoadFixturesCommand.php b/src/WebBundle/Command/LoadFixturesCommand.php
@@ -39,7 +39,7 @@ protected function execute(InputInterface $input, OutputInterface $output)
         }
 
         $repositoryPath = $this->getContainer()->getParameter('repository_path');
-        $testRepoPath = realPath(__DIR__ . '/../../../var/data/test/repo/');
+        $testRepoPath = realPath(__DIR__ . '/../../../vendor/dontdrinkandroot/gitki-bundle/Tests/Data/repo/');
 
         $fileSystem = new Filesystem();
         $fileSystem->remove($repositoryPath);

diff --git a/src/WebBundle/DataFixtures/ORM/ReferenceTrait.php b/src/WebBundle/DataFixtures/ORM/ReferenceTrait.php
@@ -0,0 +1,15 @@
+<?php
+
+
+namespace Dontdrinkandroot\Gitki\WebBundle\DataFixtures\ORM;
+
+trait ReferenceTrait
+{
+
+    /**
+     * @param string $name
+     *
+     * @return mixed
+     */
+    abstract protected function getReference($name);
+}
diff --git a/src/WebBundle/DataFixtures/ORM/UserReferenceTrait.php b/src/WebBundle/DataFixtures/ORM/UserReferenceTrait.php
@@ -0,0 +1,20 @@
+<?php
+
+
+namespace Dontdrinkandroot\Gitki\WebBundle\DataFixtures\ORM;
+
+use Dontdrinkandroot\Gitki\WebBundle\Entity\User;
+
+trait UserReferenceTrait
+{
+
+    /**
+     * @param string $name
+     *
+     * @return User
+     */
+    public function getUser($name)
+    {
+        return $this->getReference($name);
+    }
+}
diff --git a/src/WebBundle/DataFixtures/ORM/Users.php b/src/WebBundle/DataFixtures/ORM/Users.php
@@ -2,15 +2,19 @@
 
 namespace Dontdrinkandroot\Gitki\WebBundle\DataFixtures\ORM;
 
-use Doctrine\Common\DataFixtures\FixtureInterface;
+use Doctrine\Common\DataFixtures\AbstractFixture;
 use Doctrine\Common\Persistence\ObjectManager;
 use FOS\UserBundle\Model\UserManagerInterface;
 use Symfony\Component\DependencyInjection\ContainerAwareInterface;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 
-class Users implements FixtureInterface, ContainerAwareInterface
+class Users extends AbstractFixture implements ContainerAwareInterface
 {
 
+    const WATCHER = 'user_watcher';
+    const COMMITTER = 'user_committer';
+    const ADMIN = 'user_admin';
+
     /**
      * @var ContainerInterface
      */
@@ -36,24 +40,33 @@ public function load(ObjectManager $manager)
         $user->setUsername('watcher');
         $user->setEmail('watcher@example.com');
         $user->setPlainPassword('watcher');
+        $user->addRole('ROLE_WATCHER');
         $user->setEnabled(true);
 
         $userManager->updateUser($user);
+        $this->addReference(self::WATCHER, $user);
 
         $user = $userManager->createUser();
         $user->setUsername('committer');
         $user->setEmail('committer@example.com');
         $user->setPlainPassword('committer');
+        $user->addRole('ROLE_WATCHER');
+        $user->addRole('ROLE_COMMITTER');
         $user->setEnabled(true);
 
         $userManager->updateUser($user);
+        $this->addReference(self::COMMITTER, $user);
 
         $user = $userManager->createUser();
         $user->setUsername('admin');
         $user->setEmail('admin@example.com');
         $user->setPlainPassword('admin');
+        $user->addRole('ROLE_WATCHER');
+        $user->addRole('ROLE_COMMITTER');
+        $user->addRole('ROLE_ADMIN');
         $user->setEnabled(true);
 
         $userManager->updateUser($user);
+        $this->addReference(self::ADMIN, $user);
     }
 }
diff --git a/src/WebBundle/Tests/Acceptance/AccessRightsTest.php b/src/WebBundle/Tests/Acceptance/AccessRightsTest.php
@@ -0,0 +1,122 @@
+<?php
+
+
+namespace Dontdrinkandroot\Gitki\WebBundle\Tests\Acceptance;
+
+use Dontdrinkandroot\Gitki\WebBundle\DataFixtures\ORM\UserReferenceTrait;
+use Dontdrinkandroot\Gitki\WebBundle\DataFixtures\ORM\Users;
+use Dontdrinkandroot\Gitki\WebBundle\Entity\User;
+
+class AccessRightsTest extends BaseAcceptanceTest
+{
+
+    use UserReferenceTrait;
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function getFixtureClasses()
+    {
+        return [Users::class];
+    }
+
+    public function testAnonymousRights()
+    {
+        $this->assertAccessRights('/history');
+
+        $this->assertAccessRights('/browse/');
+        $this->assertAccessRights('/browse/?action=list');
+        $this->assertAccessRights('/browse/?action=file.upload');
+        $this->assertAccessRights('/browse/?action=file.create&extension=txt');
+        $this->assertAccessRights('/browse/?action=file.create&extension=md');
+        $this->assertAccessRights('/browse/?action=subdirectory.create');
+
+        $this->assertAccessRights('/browse/index.md');
+        $this->assertAccessRights('/browse/index.md?action=history');
+        $this->assertAccessRights('/browse/index.md?action=edit');
+        $this->assertAccessRights('/browse/index.md?action=move');
+        $this->assertAccessRights('/browse/index.md?action=delete');
+    }
+
+    public function testWatcherRights()
+    {
+        $this->assertAccessRights('/history', 200, $this->getUser(Users::WATCHER));
+
+        $this->assertAccessRights('/browse/', 302, $this->getUser(Users::WATCHER));
+        $this->assertAccessRights('/browse/?action=list', 200, $this->getUser(Users::WATCHER));
+        $this->assertAccessRights('/browse/?action=file.upload', null, $this->getUser(Users::WATCHER));
+        $this->assertAccessRights('/browse/?action=file.create&extension=txt', null, $this->getUser(Users::WATCHER));
+        $this->assertAccessRights('/browse/?action=file.create&extension=md', null, $this->getUser(Users::WATCHER));
+        $this->assertAccessRights('/browse/?action=subdirectory.create', null, $this->getUser(Users::WATCHER));
+
+        $this->assertAccessRights('/browse/index.md', 200, $this->getUser(Users::WATCHER));
+        $this->assertAccessRights('/browse/index.md?action=history', 200, $this->getUser(Users::WATCHER));
+        $this->assertAccessRights('/browse/index.md?action=edit', null, $this->getUser(Users::WATCHER));
+        $this->assertAccessRights('/browse/index.md?action=move', null, $this->getUser(Users::WATCHER));
+        $this->assertAccessRights('/browse/index.md?action=delete', null, $this->getUser(Users::WATCHER));
+    }
+
+    public function testCommitterRights()
+    {
+        $this->assertAccessRights('/history', 200, $this->getUser(Users::COMMITTER));
+
+        $this->assertAccessRights('/browse/', 302, $this->getUser(Users::COMMITTER));
+        $this->assertAccessRights('/browse/?action=list', 200, $this->getUser(Users::COMMITTER));
+        $this->assertAccessRights('/browse/?action=file.upload', 200, $this->getUser(Users::COMMITTER));
+        $this->assertAccessRights('/browse/?action=file.create&extension=txt', 200, $this->getUser(Users::COMMITTER));
+        $this->assertAccessRights('/browse/?action=file.create&extension=md', 200, $this->getUser(Users::COMMITTER));
+        $this->assertAccessRights('/browse/?action=subdirectory.create', 200, $this->getUser(Users::COMMITTER));
+
+        $this->assertAccessRights('/browse/index.md', 200, $this->getUser(Users::COMMITTER));
+        $this->assertAccessRights('/browse/index.md?action=history', 200, $this->getUser(Users::COMMITTER));
+        $this->assertAccessRights('/browse/index.md?action=edit', 200, $this->getUser(Users::COMMITTER));
+        $this->assertAccessRights('/browse/index.md?action=move', 200, $this->getUser(Users::COMMITTER));
+        $this->assertAccessRights('/browse/index.md?action=delete', 302, $this->getUser(Users::COMMITTER));
+    }
+
+    public function testAdminRights()
+    {
+        $this->assertAccessRights('/history', 200, $this->getUser(Users::ADMIN));
+
+        $this->assertAccessRights('/browse/', 302, $this->getUser(Users::ADMIN));
+        $this->assertAccessRights('/browse/?action=list', 200, $this->getUser(Users::ADMIN));
+        $this->assertAccessRights('/browse/?action=file.upload', 200, $this->getUser(Users::ADMIN));
+        $this->assertAccessRights('/browse/?action=file.create&extension=txt', 200, $this->getUser(Users::ADMIN));
+        $this->assertAccessRights('/browse/?action=file.create&extension=md', 200, $this->getUser(Users::ADMIN));
+        $this->assertAccessRights('/browse/?action=subdirectory.create', 200, $this->getUser(Users::ADMIN));
+
+        $this->assertAccessRights('/browse/index.md', 200, $this->getUser(Users::ADMIN));
+        $this->assertAccessRights('/browse/index.md?action=history', 200, $this->getUser(Users::ADMIN));
+        $this->assertAccessRights('/browse/index.md?action=edit', 200, $this->getUser(Users::ADMIN));
+        $this->assertAccessRights('/browse/index.md?action=move', 200, $this->getUser(Users::ADMIN));
+        $this->assertAccessRights('/browse/index.md?action=delete', 302, $this->getUser(Users::ADMIN));
+    }
+
+    /**
+     * @param string $url            The url to test.
+     * @param null   $expectedStatus The expected status code. Null if login is expected.
+     * @param User   $user           The user to test or null for anonymous.
+     */
+    protected function assertAccessRights($url, $expectedStatus = null, User $user = null)
+    {
+        $this->logOut();
+        if (null !== $user) {
+            $this->logIn($user);
+        }
+        $this->client->request('GET', $url);
+        $response = $this->client->getResponse();
+
+        if (null === $expectedStatus) {
+            $this->assertEquals(302, $response->getStatusCode(), sprintf('%s: Login expected', $url));
+            $this->assertEquals('http://localhost/login/', $response->headers->get('Location'));
+
+            return;
+        }
+
+        $this->assertEquals(
+            $expectedStatus,
+            $response->getStatusCode(),
+            sprintf('%s [%s]', $url, $user !== null ? $user->getUsername() : null)
+        );
+    }
+}
diff --git a/src/WebBundle/Tests/Acceptance/BaseAcceptanceTest.php b/src/WebBundle/Tests/Acceptance/BaseAcceptanceTest.php
@@ -34,7 +34,7 @@ protected function logIn(User $user)
     {
         $session = $this->client->getContainer()->get('session');
 
-        $firewall = 'main';
+        $firewall = 'secured_area';
         $token = new UsernamePasswordToken($user, null, $firewall, $user->getRoles());
         $session->set('_security_' . $firewall, serialize($token));
         $session->save();