ILIAS  Release_5_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
ilRBACTest.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
33 class ilRBACTest extends PHPUnit_Framework_TestCase
34 {
35  protected $backupGlobals = FALSE;
36 
37  protected function setUp()
38  {
39  include_once("./Services/PHPUnit/classes/class.ilUnitUtil.php");
40  ilUnitUtil::performInitialisation();
41  }
42 
49  public function testRbacFA()
50  {
51  global $rbacreview,$rbacadmin;
52 
53  // Protected
54  #$rbacadmin->setProtected(1,4,'y');
55  #$prot = $rbacreview->isProtected(8,4);
56  #$this->assertEquals($prot,true);
57  #$rbacadmin->setProtected(1,4,'n');
58  #$prot = $rbacreview->isProtected(8,4);
59  #$this->assertEquals($prot,false);
60 
61  $rbacreview->getRoleListByObject(8);
62  $rbacreview->getAssignableRoles();
63 
64 
65  $ass = $rbacreview->isAssignable(4,8);
66  $this->assertEquals($ass,true);
67 
68  $roles = $rbacreview->getRolesOfObject(8);
69 
70  $obj = $rbacreview->getObjectOfRole(4);
71  $this->assertEquals(8,$obj);
72  }
73 
78  public function testRbacUA()
79  {
80  global $rbacreview,$rbacadmin;
81 
82  $obj = ilUtil::_getObjectsByOperations('crs','join');
83 
84  $rbacreview->assignedUsers(4);
85  $rbacreview->assignedRoles(6);
86  }
87 
94  public function testRbacTA()
95  {
96  global $rbacreview,$rbacadmin;
97 
98  $sess_ops = $rbacreview->getOperationsOnTypeString('sess');
99 
100  $rbacadmin->assignOperationToObject($rbacreview->getTypeId('sess'),'7');
101  //$new_sess_ops = $rbacreview->getOperationsOnTypeString('sess');
102  //$this->assertEquals(array_merge($sess_ops,array(7)),$new_sess_ops);
103 
104  $rbacadmin->deassignOperationFromObject($rbacreview->getTypeId('sess'),'7');
105  $new_sess_ops = $rbacreview->getOperationsOnTypeString('sess');
106  $this->assertEquals($sess_ops,$new_sess_ops);
107  }
108 
113  public function testRbacPA()
114  {
115  global $rbacreview,$rbacadmin;
116 
117  $sess_ops = $rbacreview->getOperationsOnTypeString('cat');
118 
119  $rbacadmin->revokePermission(1,4);
120  $rbacadmin->grantPermission(4,array(2,3),1);
121 
122  }
123 
130  public function testConditions()
131  {
132  include_once './Services/AccessControl/classes/class.ilConditionHandler.php';
133 
134  ilConditionHandler::_getDistinctTargetRefIds();
135  ilConditionHandler::_deleteTargetConditionsByRefId(1);
136 
137  $handler = new ilConditionHandler();
138  $handler->setTargetRefId(99999);
139  $handler->setTargetObjId(99998);
140  $handler->setTargetType('xxx');
141  $handler->setTriggerRefId(99997);
142  $handler->setTriggerObjId(99996);
143  $handler->setTriggerType('yyy');
144  $handler->setReferenceHandlingType(0);
145  $handler->enableAutomaticValidation(false);
146  $suc = $handler->storeCondition();
147  $this->assertEquals($suc,true);
148 
149  $suc = $handler->checkExists();
150  $this->assertEquals($suc,false);
151 
152  $suc = $handler->delete(99999);
153  $this->assertEquals($suc,true);
154 
155  // syntax check
156  $handler->deleteByObjId(-1);
157  $handler->deleteCondition(-1);
158  ilConditionHandler::_getConditionsOfTrigger(-1,-1);
159  ilConditionHandler::_getConditionsOfTarget(-1,-1);
160  ilConditionHandler::_getCondition(-1);
161  }
162 
166  public function testCache()
167  {
168  include_once './Services/AccessControl/classes/class.ilAccessHandler.php';
169 
170  $handler = new ilAccessHandler();
171  $handler->setResults(array(1,2,3));
172  $handler->storeCache();
173  $handler->readCache();
174  $res = $handler->getResults();
175 
176  $this->assertEquals(array(1,2,3),$res);
177  }
178 
186  public function testAssignUser()
187  {
188  global $rbacreview, $rbacadmin;
189  //assign User 15 to role 10
190  $rbacadmin->assignUser(10,15);
191 
192  $this->assertTrue($rbacreview->isAssigned(15,10));
193 
194  //Test double assign
195  $rbacadmin->assignUser(10,15);
196  }
197 
206  public function testDeassignUser()
207  {
208  global $rbacreview, $rbacadmin;
209  //deassign User 15 from role 10
210  $rbacadmin->deassignUser(10,15);
211 
212  $this->assertFalse($rbacreview->isAssigned(15,10));
213  }
214 
222  public function testGrantPermission()
223  {
224  global $rbacreview, $rbacadmin;
225  //grant permissions 10,20 and 30 for role 10 on object 60
226  $rbacadmin->grantPermission(10,array(10,20,30),60);
227 
228  $this->assertEquals($rbacreview->getActiveOperationsOfRole(60,10), array(10,20,30));
229  }
230 
240  public function testRevokePermission()
241  {
242  global $rbacreview, $rbacadmin, $ilDB;
243 
244  $req = $ilDB->query("SELECT ref.ref_id FROM object_reference AS ref LEFT JOIN object_data AS data ON data.obj_id = ref.obj_id WHERE data.type='seas';");
245 
246  $ref_id = 0;
247 
248  while($row = $ilDB->fetchAssoc($req))
249  {
250  $ref_id = $row["ref_id"];
251  }
252 
253  $req = $ilDB->query("SELECT obj_id FROM object_data WHERE type='role';");
254  $ilDB->fetchAssoc($req);//First role is protected. Dont use it!
255  $role1 = $ilDB->fetchAssoc($req)["obj_id"];
256  $role2 = $ilDB->fetchAssoc($req)["obj_id"];
257  $role3 = $ilDB->fetchAssoc($req)["obj_id"];
258 
259  //save normal operations
260  $opt1 = $rbacreview->getActiveOperationsOfRole($ref_id,$role1);
261  $opt2 = $rbacreview->getActiveOperationsOfRole($ref_id,$role2);
262  $opt3 = $rbacreview->getActiveOperationsOfRole($ref_id,$role3);
263 
264  $rbacadmin->grantPermission($role1, array(1,2,3,4,5), $ref_id);
265  $rbacadmin->grantPermission($role2, array(1,2,3,4,5), $ref_id);
266  //$this->assertEquals($rbacreview->getActiveOperationsOfRole($ref_id,$role1), array(1,2,3,4,5));
267  //$this->assertEquals($rbacreview->getActiveOperationsOfRole($ref_id,$role2), array(1,2,3,4,5));
268  $rbacadmin->revokePermission($ref_id);
269  $this->assertEmpty($rbacreview->getActiveOperationsOfRole($ref_id,$role1));
270  $this->assertEmpty($rbacreview->getActiveOperationsOfRole($ref_id,$role2));
271 
272 
273  $rbacadmin->grantPermission($role1, array(1,2,3,4,5), $ref_id);
274  //$this->assertEquals($rbacreview->getActiveOperationsOfRole($ref_id,$role1), array(1,2,3,4,5));
275  $rbacadmin->revokePermission($ref_id, $role1);
276  $this->assertEmpty($rbacreview->getActiveOperationsOfRole($ref_id,$role1));
277 
278 
279  $rbacadmin->grantPermission($role2, array(1,2,3,4,5), $ref_id);
280  $rbacadmin->grantPermission($role3, array(1,2,3,4,5), $ref_id);
281  //$this->assertEquals($rbacreview->getActiveOperationsOfRole($ref_id,$role2), array(1,2,3,4,5));
282  //$this->assertEquals($rbacreview->getActiveOperationsOfRole($ref_id,$role3), array(1,2,3,4,5));
283  $rbacadmin->revokePermission($ref_id,0,false);
284  $this->assertEmpty($rbacreview->getActiveOperationsOfRole($ref_id,$role2));
285  $this->assertEmpty($rbacreview->getActiveOperationsOfRole($ref_id,$role3));
286 
287  $rbacadmin->grantPermission($role3, array(1,2,3,4,5), $ref_id);
288  //$this->assertEquals($rbacreview->getActiveOperationsOfRole($ref_id,$role3), array(1,2,3,4,5));
289  $rbacadmin->revokePermission($ref_id, $role3, false);
290  $this->assertEmpty($rbacreview->getActiveOperationsOfRole($ref_id,$role3));
291 
292  //set normal operations
293  $rbacadmin->grantPermission($role1, $opt1, $ref_id);
294  $rbacadmin->grantPermission($role2, $opt2, $ref_id);
295  $rbacadmin->grantPermission($role3, $opt3, $ref_id);
296  }
297 
306  public function testRevokeSubtreePermissions()
307  {
308  global $rbacreview, $rbacadmin, $tree, $ilDB;
309  $req = $ilDB->query("SELECT ref.ref_id FROM object_reference AS ref LEFT JOIN object_data AS data ON data.obj_id = ref.obj_id WHERE data.type='adm';");
310 
311  $ref_id = 0;
312 
313  while($row = $ilDB->fetchAssoc($req))
314  {
315  $ref_id = $row["ref_id"];
316  }
317 
318  $childs = $tree->getChildIds($ref_id);
319 
320  $req = $ilDB->query("SELECT obj_id FROM object_data WHERE type='role';");
321  $ilDB->fetchAssoc($req);//First role is protected. Dont use it!
322  $role = $ilDB->fetchAssoc($req)["obj_id"];
323 
324  $ops = array();
325 
326  foreach($childs as $id)
327  {
328  $ops[$id] = $rbacreview->getActiveOperationsOfRole($id,$role);//save normal operations
329  $rbacadmin->grantPermission($role, array(1,2,3,4,5),$id);
330  //$this->assertEquals($rbacreview->getActiveOperationsOfRole($id,$role), array(1,2,3,4,5));
331  }
332 
333  $rbacadmin->revokeSubtreePermissions($ref_id,$role);
334 
335  foreach($childs as $id)
336  {
337  $this->assertEmpty($rbacreview->getActiveOperationsOfRole($id,$role));
338  $rbacadmin->grantPermission($role, $ops[$id],$id);//set normal operations
339  }
340  }
341 
350  public function testRevokePermissionList()
351  {
352  global $rbacreview, $rbacadmin;
353  $list = array(1001, 1003, 1005, 1007);
354 
355  foreach($list as $id)
356  {
357  $rbacadmin->grantPermission(123, array(1,2,3,4,5),$id);
358  }
359 
360  $rbacadmin->revokePermissionList($list, 123);
361 
362  foreach($list as $id)
363  {
364  $this->assertEmpty($rbacreview->getActiveOperationsOfRole($id,123));
365  }
366  }
367 
375  public function testSetRolePermission()
376  {
377  global $rbacreview, $rbacadmin;
378  $rbacadmin->deleteTemplate(1010);
379 
380  $rbacadmin->setRolePermission(1010,"a",array(10,11,13,15),1100);
381  $rbacadmin->setRolePermission(1010,"b",array(20,22,23,25),1100);
382 
383  $assert = array("a" => array(10,11,13,15),"b" => array(20,22,23,25));
384  $dest = $rbacreview->getAllOperationsOfRole(1010,1100);
385 
386  sort($dest["a"]);
387  sort($dest["b"]);
388 
389  $this->assertEquals($assert, $dest);
390 
391  $rbacadmin->deleteTemplate(1010);
392  }
393 
402  public function testDeleteRolePermission()
403  {
404  global $rbacreview, $rbacadmin;
405  $rbacadmin->deleteTemplate(1010);
406 
407  $rbacadmin->setRolePermission(1010,"a",array(10,11,13,15),1100);
408  $rbacadmin->setRolePermission(1010,"b",array(20,22,23,25),1100);
409 
410  $rbacadmin->deleteRolePermission(1010,1100);
411 
412  $this->assertEmpty($rbacreview->getAllOperationsOfRole(1010,1100));
413 
414  $rbacadmin->setRolePermission(1010,"a",array(10,11,13,15),1100);
415  $rbacadmin->setRolePermission(1010,"b",array(20,22,23,25),1100);
416 
417  $rbacadmin->deleteRolePermission(1010,1100, "a");
418 
419  $assert = array("b" => array(20,22,23,25));
420  $dest = $rbacreview->getAllOperationsOfRole(1010,1100);
421 
422  sort($dest["b"]);
423 
424  $this->assertEquals($assert, $dest);
425 
426  $rbacadmin->deleteTemplate(1010);
427  }
428 
437  public function testCopyRoleTemplatePermissions()
438  {
439  global $rbacreview, $rbacadmin;
440  $rbacadmin->deleteTemplate(1010);
441  $rbacadmin->deleteTemplate(2020);
442 
443  $rbacadmin->setRolePermission(1010,"blub",array(10,11),1100);
444  $rbacadmin->setRolePermission(2020,"bulb",array(20,22),2200);
445 
446  $rbacadmin->copyRoleTemplatePermissions(1010,1100,2200,2020);
447 
448  $one = $rbacreview->getAllOperationsOfRole(1010,1100);
449  $two = $rbacreview->getAllOperationsOfRole(2020,2200);
450  sort($one["blub"]);
451  sort($two["blub"]);
452  $this->assertEquals($one, $two);
453  $rbacadmin->deleteTemplate(1010);
454  $rbacadmin->deleteTemplate(2020);
455  }
456 
468  public function testCopyRolePermissions()
469  {
470  global $rbacreview, $rbacadmin, $ilDB;
471 
472  $req = $ilDB->query("SELECT ref.ref_id FROM object_reference AS ref LEFT JOIN object_data AS data ON data.obj_id = ref.obj_id WHERE data.type='seas';");
473 
474  $seas = 0;
475 
476  while($row = $ilDB->fetchAssoc($req))
477  {
478  $seas = $row["ref_id"];
479  }
480 
481  $req = $ilDB->query("SELECT ref.ref_id FROM object_reference AS ref LEFT JOIN object_data AS data ON data.obj_id = ref.obj_id WHERE data.type='mail';");
482 
483  $mail = 0;
484 
485  while($row = $ilDB->fetchAssoc($req))
486  {
487  $mail = $row["ref_id"];
488  }
489 
490  $req = $ilDB->query("SELECT obj_id FROM object_data WHERE type='role';");
491  $ilDB->fetchAssoc($req);//First role is protected. Dont use it!
492  $role = $ilDB->fetchAssoc($req)["obj_id"];
493 
494  //save normal operations
495  $opt_mail = $rbacreview->getActiveOperationsOfRole($mail, $role);
496  $opt_seas = $rbacreview->getActiveOperationsOfRole($seas, $role);
497  $opt_temp_seas = $rbacreview->getAllOperationsOfRole($role, $seas);
498  $opt_temp_mail = $rbacreview->getAllOperationsOfRole($role, $mail);
499 
500  //set values
501  $rbacadmin->setRolePermission($role, "mail", array(1,2,3,4,5),$mail);
502  $rbacadmin->grantPermission($role, array(1,2,3,4,5), $mail);
503  $rbacadmin->setRolePermission($role, "seas", array(5,6,7,8,9),$seas);
504  $rbacadmin->grantPermission($role, array(5,6,7,8,9), $seas);
505 
506  $rbacadmin->copyRolePermissions($role,$seas,$mail, $role);
507  $this->assertEquals($rbacreview->getActiveOperationsOfRole($seas, $role),
508  $rbacreview->getActiveOperationsOfRole($mail, $role));
509 
510  //set normal operations
511  $rbacadmin->grantPermission($role,$opt_seas,$seas);
512  $rbacadmin->grantPermission($role,$opt_mail,$mail);
513 
514  $rbacadmin->deleteRolePermission($role,$mail);
515  $rbacadmin->deleteRolePermission($role,$seas);
516 
517  foreach($opt_temp_seas as $type => $opt)
518  {
519  $rbacadmin->setRolePermission($role, $type, $opt,$seas);
520  }
521 
522  foreach($opt_temp_mail as $type => $opt)
523  {
524  $rbacadmin->setRolePermission($role, $type, $opt,$mail);
525  }
526 
527  }
528 
537  public function testCopyRolePermissionIntersection()
538  {
539  global $rbacreview, $rbacadmin;
540  $rbacadmin->deleteTemplate(1010);
541  $rbacadmin->deleteTemplate(2020);
542  $rbacadmin->deleteTemplate(3030);
543 
544  $rbacadmin->setRolePermission(1010,"a",array(10,11,13,15),1100);
545  $rbacadmin->setRolePermission(2020,"a",array(11,12,13,16),2200);
546 
547  $rbacadmin->setRolePermission(1010,"b",array(20,22,23,25),1100);
548  $rbacadmin->setRolePermission(2020,"b",array(20,23,24,26),2200);
549 
550  $rbacadmin->setRolePermission(3030,"c",array(30,33),3300);
551  $rbacadmin->setRolePermission(3030,"a",array(30,33),3300);
552  $rbacadmin->setRolePermission(3030,"b",array(30,33),3300);
553 
554  $rbacadmin->copyRolePermissionIntersection(1010,1100,2020,2200,3300,3030);
555 
556  $intersect = array("a" => array(11,13), "b" => array(20,23));
557  $dest = $rbacreview->getAllOperationsOfRole(3030,3300);
558 
559  //sort
560  sort($dest["a"]);
561  sort($dest["b"]);
562 
563  $this->assertEquals($intersect, $dest);
564 
565  $rbacadmin->deleteTemplate(1010);
566  $rbacadmin->deleteTemplate(2020);
567  $rbacadmin->deleteTemplate(3030);
568  }
569 
579  public function testCopyRolePermissionUnion()
580  {
581  global $rbacreview, $rbacadmin;
582  $rbacadmin->deleteTemplate(1010);
583  $rbacadmin->deleteTemplate(2020);
584  $rbacadmin->deleteTemplate(3030);
585 
586  $rbacadmin->setRolePermission(1010,"a",array(10,11,13,15),1100);
587  $rbacadmin->setRolePermission(2020,"a",array(11,12,13,16),2200);
588 
589  $rbacadmin->setRolePermission(1010,"b",array(20,22,23,25),1100);
590  $rbacadmin->setRolePermission(2020,"b",array(20,23,24,26),2200);
591 
592  $rbacadmin->setRolePermission(1010,"c",array(30,33,34,35),1100);
593 
594  $rbacadmin->copyRolePermissionUnion(1010,1100,2020,2200,3030,3300);
595 
596  $union = array("a" => array(10,11,12,13,15,16), "b" => array(20,22,23,24,25,26), "c" => array(30,33,34,35));
597  $dest = $rbacreview->getAllOperationsOfRole(3030,3300);
598 
599  sort($dest["a"]);
600  sort($dest["b"]);
601  sort($dest["c"]);
602 
603  $this->assertEquals($union, $dest);
604 
605  $rbacadmin->deleteTemplate(1010);
606  $rbacadmin->deleteTemplate(2020);
607  $rbacadmin->deleteTemplate(3030);
608  }
609 
618  public function testCopyRolePermissionSubtract()
619  {
620  global $rbacreview, $rbacadmin;
621  $rbacadmin->deleteTemplate(1010);
622  $rbacadmin->deleteTemplate(2020);
623 
624  $rbacadmin->setRolePermission(1010,"a",array(10,11,13,15),1100);
625  $rbacadmin->setRolePermission(2020,"a",array(11,12,13,16),2200);
626 
627  $rbacadmin->setRolePermission(1010,"b",array(20,22,23,25),1100);
628  $rbacadmin->setRolePermission(2020,"b",array(20,23,24,26),2200);
629 
630  $rbacadmin->setRolePermission(2020,"c",array(30,33,34,35),2200);
631 
632  $rbacadmin->copyRolePermissionSubtract(1010,1100,2020,2200);
633 
634  $subtract = array("a" => array(12,16), "b" => array(24,26), "c" => array(30,33,34,35));
635  $dest = $rbacreview->getAllOperationsOfRole(2020,2200);
636 
637  sort($dest["a"]);
638  sort($dest["b"]);
639  sort($dest["c"]);
640 
641  $this->assertEquals($subtract, $dest);
642 
643  $rbacadmin->deleteTemplate(1010);
644  $rbacadmin->deleteTemplate(2020);
645  }
646 
654  public function testAssignOperationToObject()
655  {
656  global $rbacreview, $rbacadmin;
657 
658  $rbacadmin->assignOperationToObject(1001,10);
659  $rbacadmin->assignOperationToObject(1001,20);
660 
661  $this->assertEquals($rbacreview->getOperationsOnType(1001), array(10,20));
662  }
663 
670  public function testDeassignOperationFromObject()
671  {
672  global $rbacreview, $rbacadmin;
673  $rbacadmin->deassignOperationFromObject(1001,10);
674 
675  $this->assertEquals($rbacreview->getOperationsOnType(1001), array(20));
676 
677  $rbacadmin->deassignOperationFromObject(1001,20);
678 
679  $this->assertEmpty($rbacreview->getOperationsOnType(1001));
680  }
681 
682 }
683 ?>