ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
ilRBACTest.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
34{
35 protected $backupGlobals = FALSE;
36
37 protected function setUp()
38 {
39 include_once("./Services/PHPUnit/classes/class.ilUnitUtil.php");
40 ilUnitUtil::performInitialisation();
41 }
42
49 public function testRbacFA()
50 {
51 global $rbacreview,$rbacadmin;
52
53 // Protected
54 #$rbacadmin->setProtected(1,4,'y');
55 #$prot = $rbacreview->isProtected(8,4);
56 #$this->assertEquals($prot,true);
57 #$rbacadmin->setProtected(1,4,'n');
58 #$prot = $rbacreview->isProtected(8,4);
59 #$this->assertEquals($prot,false);
60
61 $rbacreview->getRoleListByObject(8);
62 $rbacreview->getAssignableRoles();
63
64
65 $ass = $rbacreview->isAssignable(4,8);
66 $this->assertEquals($ass,true);
67
68 $roles = $rbacreview->getRolesOfObject(8);
69
70 $obj = $rbacreview->getObjectOfRole(4);
71 $this->assertEquals(8,$obj);
72 }
73
78 public function testRbacUA()
79 {
80 global $rbacreview,$rbacadmin;
81
82 $obj = ilUtil::_getObjectsByOperations('crs','join');
83
84 $rbacreview->assignedUsers(4);
85 $rbacreview->assignedRoles(6);
86 }
87
94 public function testRbacTA()
95 {
96 global $rbacreview,$rbacadmin;
97
98 $sess_ops = $rbacreview->getOperationsOnTypeString('sess');
99
100 $rbacadmin->assignOperationToObject($rbacreview->getTypeId('sess'),'7');
101 //$new_sess_ops = $rbacreview->getOperationsOnTypeString('sess');
102 //$this->assertEquals(array_merge($sess_ops,array(7)),$new_sess_ops);
103
104 $rbacadmin->deassignOperationFromObject($rbacreview->getTypeId('sess'),'7');
105 $new_sess_ops = $rbacreview->getOperationsOnTypeString('sess');
106 $this->assertEquals($sess_ops,$new_sess_ops);
107 }
108
113 public function testRbacPA()
114 {
115 global $rbacreview,$rbacadmin;
116
117 $sess_ops = $rbacreview->getOperationsOnTypeString('cat');
118
119 $rbacadmin->revokePermission(1,4);
120 $rbacadmin->grantPermission(4,array(2,3),1);
121
122 }
123
130 public function testConditions()
131 {
132 include_once './Services/AccessControl/classes/class.ilConditionHandler.php';
133
136
137 $handler = new ilConditionHandler();
138 $handler->setTargetRefId(99999);
139 $handler->setTargetObjId(99998);
140 $handler->setTargetType('xxx');
141 $handler->setTriggerRefId(99997);
142 $handler->setTriggerObjId(99996);
143 $handler->setTriggerType('yyy');
144 $handler->setReferenceHandlingType(0);
145 $handler->enableAutomaticValidation(false);
146 $suc = $handler->storeCondition();
147 $this->assertEquals($suc,true);
148
149 $suc = $handler->checkExists();
150 $this->assertEquals($suc,false);
151
152 $suc = $handler->delete(99999);
153 $this->assertEquals($suc,true);
154
155 // syntax check
156 $handler->deleteByObjId(-1);
157 $handler->deleteCondition(-1);
161 }
162
166 public function testCache()
167 {
168 include_once './Services/AccessControl/classes/class.ilAccessHandler.php';
169
170 $handler = new ilAccessHandler();
171 $handler->setResults(array(1,2,3));
172 $handler->storeCache();
173 $handler->readCache();
174 $res = $handler->getResults();
175
176 $this->assertEquals(array(1,2,3),$res);
177 }
178
186 public function testAssignUser()
187 {
188 global $rbacreview, $rbacadmin;
189 //assign User 15 to role 10
190 $rbacadmin->assignUser(10,15);
191
192 $this->assertTrue($rbacreview->isAssigned(15,10));
193
194 //Test double assign
195 $rbacadmin->assignUser(10,15);
196 }
197
206 public function testDeassignUser()
207 {
208 global $rbacreview, $rbacadmin;
209 //deassign User 15 from role 10
210 $rbacadmin->deassignUser(10,15);
211
212 $this->assertFalse($rbacreview->isAssigned(15,10));
213 }
214
222 public function testGrantPermission()
223 {
224 global $rbacreview, $rbacadmin;
225 //grant permissions 10,20 and 30 for role 10 on object 60
226 $rbacadmin->grantPermission(10,array(10,20,30),60);
227
228 $this->assertEquals($rbacreview->getActiveOperationsOfRole(60,10), array(10,20,30));
229 }
230
240 public function testRevokePermission()
241 {
242 global $rbacreview, $rbacadmin, $ilDB;
243
244 $req = $ilDB->query("SELECT ref.ref_id FROM object_reference AS ref LEFT JOIN object_data AS data ON data.obj_id = ref.obj_id WHERE data.type='seas';");
245
246 $ref_id = 0;
247
248 while($row = $ilDB->fetchAssoc($req))
249 {
250 $ref_id = $row["ref_id"];
251 }
252
253 $req = $ilDB->query("SELECT obj_id FROM object_data WHERE type='role';");
254 $ilDB->fetchAssoc($req);//First role is protected. Dont use it!
255 $role1 = $ilDB->fetchAssoc($req)["obj_id"];
256 $role2 = $ilDB->fetchAssoc($req)["obj_id"];
257 $role3 = $ilDB->fetchAssoc($req)["obj_id"];
258
259 //save normal operations
260 $opt1 = $rbacreview->getActiveOperationsOfRole($ref_id,$role1);
261 $opt2 = $rbacreview->getActiveOperationsOfRole($ref_id,$role2);
262 $opt3 = $rbacreview->getActiveOperationsOfRole($ref_id,$role3);
263
264 $rbacadmin->grantPermission($role1, array(1,2,3,4,5), $ref_id);
265 $rbacadmin->grantPermission($role2, array(1,2,3,4,5), $ref_id);
266 //$this->assertEquals($rbacreview->getActiveOperationsOfRole($ref_id,$role1), array(1,2,3,4,5));
267 //$this->assertEquals($rbacreview->getActiveOperationsOfRole($ref_id,$role2), array(1,2,3,4,5));
268 $rbacadmin->revokePermission($ref_id);
269 $this->assertEmpty($rbacreview->getActiveOperationsOfRole($ref_id,$role1));
270 $this->assertEmpty($rbacreview->getActiveOperationsOfRole($ref_id,$role2));
271
272
273 $rbacadmin->grantPermission($role1, array(1,2,3,4,5), $ref_id);
274 //$this->assertEquals($rbacreview->getActiveOperationsOfRole($ref_id,$role1), array(1,2,3,4,5));
275 $rbacadmin->revokePermission($ref_id, $role1);
276 $this->assertEmpty($rbacreview->getActiveOperationsOfRole($ref_id,$role1));
277
278
279 $rbacadmin->grantPermission($role2, array(1,2,3,4,5), $ref_id);
280 $rbacadmin->grantPermission($role3, array(1,2,3,4,5), $ref_id);
281 //$this->assertEquals($rbacreview->getActiveOperationsOfRole($ref_id,$role2), array(1,2,3,4,5));
282 //$this->assertEquals($rbacreview->getActiveOperationsOfRole($ref_id,$role3), array(1,2,3,4,5));
283 $rbacadmin->revokePermission($ref_id,0,false);
284 $this->assertEmpty($rbacreview->getActiveOperationsOfRole($ref_id,$role2));
285 $this->assertEmpty($rbacreview->getActiveOperationsOfRole($ref_id,$role3));
286
287 $rbacadmin->grantPermission($role3, array(1,2,3,4,5), $ref_id);
288 //$this->assertEquals($rbacreview->getActiveOperationsOfRole($ref_id,$role3), array(1,2,3,4,5));
289 $rbacadmin->revokePermission($ref_id, $role3, false);
290 $this->assertEmpty($rbacreview->getActiveOperationsOfRole($ref_id,$role3));
291
292 //set normal operations
293 $rbacadmin->grantPermission($role1, $opt1, $ref_id);
294 $rbacadmin->grantPermission($role2, $opt2, $ref_id);
295 $rbacadmin->grantPermission($role3, $opt3, $ref_id);
296 }
297
307 {
308 global $rbacreview, $rbacadmin, $tree, $ilDB;
309 $req = $ilDB->query("SELECT ref.ref_id FROM object_reference AS ref LEFT JOIN object_data AS data ON data.obj_id = ref.obj_id WHERE data.type='adm';");
310
311 $ref_id = 0;
312
313 while($row = $ilDB->fetchAssoc($req))
314 {
315 $ref_id = $row["ref_id"];
316 }
317
318 $childs = $tree->getChildIds($ref_id);
319
320 $req = $ilDB->query("SELECT obj_id FROM object_data WHERE type='role';");
321 $ilDB->fetchAssoc($req);//First role is protected. Dont use it!
322 $role = $ilDB->fetchAssoc($req)["obj_id"];
323
324 $ops = array();
325
326 foreach($childs as $id)
327 {
328 $ops[$id] = $rbacreview->getActiveOperationsOfRole($id,$role);//save normal operations
329 $rbacadmin->grantPermission($role, array(1,2,3,4,5),$id);
330 //$this->assertEquals($rbacreview->getActiveOperationsOfRole($id,$role), array(1,2,3,4,5));
331 }
332
333 $rbacadmin->revokeSubtreePermissions($ref_id,$role);
334
335 foreach($childs as $id)
336 {
337 $this->assertEmpty($rbacreview->getActiveOperationsOfRole($id,$role));
338 $rbacadmin->grantPermission($role, $ops[$id],$id);//set normal operations
339 }
340 }
341
350 public function testRevokePermissionList()
351 {
352 global $rbacreview, $rbacadmin;
353 $list = array(1001, 1003, 1005, 1007);
354
355 foreach($list as $id)
356 {
357 $rbacadmin->grantPermission(123, array(1,2,3,4,5),$id);
358 }
359
360 $rbacadmin->revokePermissionList($list, 123);
361
362 foreach($list as $id)
363 {
364 $this->assertEmpty($rbacreview->getActiveOperationsOfRole($id,123));
365 }
366 }
367
375 public function testSetRolePermission()
376 {
377 global $rbacreview, $rbacadmin;
378 $rbacadmin->deleteTemplate(1010);
379
380 $rbacadmin->setRolePermission(1010,"a",array(10,11,13,15),1100);
381 $rbacadmin->setRolePermission(1010,"b",array(20,22,23,25),1100);
382
383 $assert = array("a" => array(10,11,13,15),"b" => array(20,22,23,25));
384 $dest = $rbacreview->getAllOperationsOfRole(1010,1100);
385
386 sort($dest["a"]);
387 sort($dest["b"]);
388
389 $this->assertEquals($assert, $dest);
390
391 $rbacadmin->deleteTemplate(1010);
392 }
393
402 public function testDeleteRolePermission()
403 {
404 global $rbacreview, $rbacadmin;
405 $rbacadmin->deleteTemplate(1010);
406
407 $rbacadmin->setRolePermission(1010,"a",array(10,11,13,15),1100);
408 $rbacadmin->setRolePermission(1010,"b",array(20,22,23,25),1100);
409
410 $rbacadmin->deleteRolePermission(1010,1100);
411
412 $this->assertEmpty($rbacreview->getAllOperationsOfRole(1010,1100));
413
414 $rbacadmin->setRolePermission(1010,"a",array(10,11,13,15),1100);
415 $rbacadmin->setRolePermission(1010,"b",array(20,22,23,25),1100);
416
417 $rbacadmin->deleteRolePermission(1010,1100, "a");
418
419 $assert = array("b" => array(20,22,23,25));
420 $dest = $rbacreview->getAllOperationsOfRole(1010,1100);
421
422 sort($dest["b"]);
423
424 $this->assertEquals($assert, $dest);
425
426 $rbacadmin->deleteTemplate(1010);
427 }
428
438 {
439 global $rbacreview, $rbacadmin;
440 $rbacadmin->deleteTemplate(1010);
441 $rbacadmin->deleteTemplate(2020);
442
443 $rbacadmin->setRolePermission(1010,"blub",array(10,11),1100);
444 $rbacadmin->setRolePermission(2020,"bulb",array(20,22),2200);
445
446 $rbacadmin->copyRoleTemplatePermissions(1010,1100,2200,2020);
447
448 $one = $rbacreview->getAllOperationsOfRole(1010,1100);
449 $two = $rbacreview->getAllOperationsOfRole(2020,2200);
450 sort($one["blub"]);
451 sort($two["blub"]);
452 $this->assertEquals($one, $two);
453 $rbacadmin->deleteTemplate(1010);
454 $rbacadmin->deleteTemplate(2020);
455 }
456
468 public function testCopyRolePermissions()
469 {
470 global $rbacreview, $rbacadmin, $ilDB;
471
472 $req = $ilDB->query("SELECT ref.ref_id FROM object_reference AS ref LEFT JOIN object_data AS data ON data.obj_id = ref.obj_id WHERE data.type='seas';");
473
474 $seas = 0;
475
476 while($row = $ilDB->fetchAssoc($req))
477 {
478 $seas = $row["ref_id"];
479 }
480
481 $req = $ilDB->query("SELECT ref.ref_id FROM object_reference AS ref LEFT JOIN object_data AS data ON data.obj_id = ref.obj_id WHERE data.type='mail';");
482
483 $mail = 0;
484
485 while($row = $ilDB->fetchAssoc($req))
486 {
487 $mail = $row["ref_id"];
488 }
489
490 $req = $ilDB->query("SELECT obj_id FROM object_data WHERE type='role';");
491 $ilDB->fetchAssoc($req);//First role is protected. Dont use it!
492 $role = $ilDB->fetchAssoc($req)["obj_id"];
493
494 //save normal operations
495 $opt_mail = $rbacreview->getActiveOperationsOfRole($mail, $role);
496 $opt_seas = $rbacreview->getActiveOperationsOfRole($seas, $role);
497 $opt_temp_seas = $rbacreview->getAllOperationsOfRole($role, $seas);
498 $opt_temp_mail = $rbacreview->getAllOperationsOfRole($role, $mail);
499
500 //set values
501 $rbacadmin->setRolePermission($role, "mail", array(1,2,3,4,5),$mail);
502 $rbacadmin->grantPermission($role, array(1,2,3,4,5), $mail);
503 $rbacadmin->setRolePermission($role, "seas", array(5,6,7,8,9),$seas);
504 $rbacadmin->grantPermission($role, array(5,6,7,8,9), $seas);
505
506 $rbacadmin->copyRolePermissions($role,$seas,$mail, $role);
507 $this->assertEquals($rbacreview->getActiveOperationsOfRole($seas, $role),
508 $rbacreview->getActiveOperationsOfRole($mail, $role));
509
510 //set normal operations
511 $rbacadmin->grantPermission($role,$opt_seas,$seas);
512 $rbacadmin->grantPermission($role,$opt_mail,$mail);
513
514 $rbacadmin->deleteRolePermission($role,$mail);
515 $rbacadmin->deleteRolePermission($role,$seas);
516
517 foreach($opt_temp_seas as $type => $opt)
518 {
519 $rbacadmin->setRolePermission($role, $type, $opt,$seas);
520 }
521
522 foreach($opt_temp_mail as $type => $opt)
523 {
524 $rbacadmin->setRolePermission($role, $type, $opt,$mail);
525 }
526
527 }
528
538 {
539 global $rbacreview, $rbacadmin;
540 $rbacadmin->deleteTemplate(1010);
541 $rbacadmin->deleteTemplate(2020);
542 $rbacadmin->deleteTemplate(3030);
543
544 $rbacadmin->setRolePermission(1010,"a",array(10,11,13,15),1100);
545 $rbacadmin->setRolePermission(2020,"a",array(11,12,13,16),2200);
546
547 $rbacadmin->setRolePermission(1010,"b",array(20,22,23,25),1100);
548 $rbacadmin->setRolePermission(2020,"b",array(20,23,24,26),2200);
549
550 $rbacadmin->setRolePermission(3030,"c",array(30,33),3300);
551 $rbacadmin->setRolePermission(3030,"a",array(30,33),3300);
552 $rbacadmin->setRolePermission(3030,"b",array(30,33),3300);
553
554 $rbacadmin->copyRolePermissionIntersection(1010,1100,2020,2200,3300,3030);
555
556 $intersect = array("a" => array(11,13), "b" => array(20,23));
557 $dest = $rbacreview->getAllOperationsOfRole(3030,3300);
558
559 //sort
560 sort($dest["a"]);
561 sort($dest["b"]);
562
563 $this->assertEquals($intersect, $dest);
564
565 $rbacadmin->deleteTemplate(1010);
566 $rbacadmin->deleteTemplate(2020);
567 $rbacadmin->deleteTemplate(3030);
568 }
569
580 {
581 global $rbacreview, $rbacadmin;
582 $rbacadmin->deleteTemplate(1010);
583 $rbacadmin->deleteTemplate(2020);
584 $rbacadmin->deleteTemplate(3030);
585
586 $rbacadmin->setRolePermission(1010,"a",array(10,11,13,15),1100);
587 $rbacadmin->setRolePermission(2020,"a",array(11,12,13,16),2200);
588
589 $rbacadmin->setRolePermission(1010,"b",array(20,22,23,25),1100);
590 $rbacadmin->setRolePermission(2020,"b",array(20,23,24,26),2200);
591
592 $rbacadmin->setRolePermission(1010,"c",array(30,33,34,35),1100);
593
594 $rbacadmin->copyRolePermissionUnion(1010,1100,2020,2200,3030,3300);
595
596 $union = array("a" => array(10,11,12,13,15,16), "b" => array(20,22,23,24,25,26), "c" => array(30,33,34,35));
597 $dest = $rbacreview->getAllOperationsOfRole(3030,3300);
598
599 sort($dest["a"]);
600 sort($dest["b"]);
601 sort($dest["c"]);
602
603 $this->assertEquals($union, $dest);
604
605 $rbacadmin->deleteTemplate(1010);
606 $rbacadmin->deleteTemplate(2020);
607 $rbacadmin->deleteTemplate(3030);
608 }
609
619 {
620 global $rbacreview, $rbacadmin;
621 $rbacadmin->deleteTemplate(1010);
622 $rbacadmin->deleteTemplate(2020);
623
624 $rbacadmin->setRolePermission(1010,"a",array(10,11,13,15),1100);
625 $rbacadmin->setRolePermission(2020,"a",array(11,12,13,16),2200);
626
627 $rbacadmin->setRolePermission(1010,"b",array(20,22,23,25),1100);
628 $rbacadmin->setRolePermission(2020,"b",array(20,23,24,26),2200);
629
630 $rbacadmin->setRolePermission(2020,"c",array(30,33,34,35),2200);
631
632 $rbacadmin->copyRolePermissionSubtract(1010,1100,2020,2200);
633
634 $subtract = array("a" => array(12,16), "b" => array(24,26), "c" => array(30,33,34,35));
635 $dest = $rbacreview->getAllOperationsOfRole(2020,2200);
636
637 sort($dest["a"]);
638 sort($dest["b"]);
639 sort($dest["c"]);
640
641 $this->assertEquals($subtract, $dest);
642
643 $rbacadmin->deleteTemplate(1010);
644 $rbacadmin->deleteTemplate(2020);
645 }
646
655 {
656 global $rbacreview, $rbacadmin;
657
658 $rbacadmin->assignOperationToObject(1001,10);
659 $rbacadmin->assignOperationToObject(1001,20);
660
661 $this->assertEquals($rbacreview->getOperationsOnType(1001), array(10,20));
662 }
663
671 {
672 global $rbacreview, $rbacadmin;
673 $rbacadmin->deassignOperationFromObject(1001,10);
674
675 $this->assertEquals($rbacreview->getOperationsOnType(1001), array(20));
676
677 $rbacadmin->deassignOperationFromObject(1001,20);
678
679 $this->assertEmpty($rbacreview->getOperationsOnType(1001));
680 }
681
682}
683?>
Class ilAccessHandler.
Handles conditions for accesses to different ILIAS objects.
static _deleteTargetConditionsByRefId($a_target_ref_id)
Delete conditions by target ref id Note: only conditions on the target type are deleted Conditions on...
static _getDistinctTargetRefIds()
Get all target ref ids.
_getConditionsOfTrigger($a_trigger_obj_type, $a_trigger_id)
get all conditions of trigger object
static _getConditionsOfTarget($a_target_ref_id, $a_target_obj_id, $a_target_type="")
get all conditions of target object
Unit tests for tree table.
Definition: ilRBACTest.php:34
testDeassignOperationFromObject()
Test deassignOperationFromObject Method @global ilRbacReview $rbacreview @global ilRbacAdmin $rbacadm...
Definition: ilRBACTest.php:670
testConditions()
test preconditions @group IL_Init
Definition: ilRBACTest.php:130
testRbacTA()
rbac ta test @group IL_Init
Definition: ilRBACTest.php:94
testRbacUA()
test rbac_ua @group IL_Init
Definition: ilRBACTest.php:78
testCache()
@group IL_Init
Definition: ilRBACTest.php:166
testRbacFA()
RBAC FA tests @group IL_Init.
Definition: ilRBACTest.php:49
testRevokeSubtreePermissions()
Test revokeSubtreePermissions Method DB: rbac_pa.
Definition: ilRBACTest.php:306
testCopyRolePermissionIntersection()
Test Copy Role Permission Intersection Method DB: rbac_template.
Definition: ilRBACTest.php:537
testGrantPermission()
Test grant Permission Method DB: rbac_pa.
Definition: ilRBACTest.php:222
testCopyRolePermissionUnion()
Test Copy Role Permission Union Method DB: rbac_template.
Definition: ilRBACTest.php:579
testRbacPA()
test rbac_pa @group IL_Init
Definition: ilRBACTest.php:113
testCopyRoleTemplatePermissions()
Test Copy Role Template Permission Method DB: rbac_template.
Definition: ilRBACTest.php:437
testDeleteRolePermission()
Test Delete Role Permission Method DB: rbac_template.
Definition: ilRBACTest.php:402
testAssignOperationToObject()
Test assignOperationToObject Method DB: rbac_ta.
Definition: ilRBACTest.php:654
testCopyRolePermissionSubtract()
Test Copy Role Permission Subtract Method DB: rbac_template.
Definition: ilRBACTest.php:618
testRevokePermissionList()
Test revokePermissionList Method DB: rbac_pa.
Definition: ilRBACTest.php:350
testRevokePermission()
Test revoke Permission Method DB: rbac_pa.
Definition: ilRBACTest.php:240
testDeassignUser()
Test deassign user Method DB: rbac_ua.
Definition: ilRBACTest.php:206
testCopyRolePermissions()
Test Method DB: rbac_template DB: rbac_pa.
Definition: ilRBACTest.php:468
testAssignUser()
Test Assign User Method DB: rbac_ua.
Definition: ilRBACTest.php:186
testSetRolePermission()
Test Set Role Permission Method DB: rbac_template.
Definition: ilRBACTest.php:375
static _getObjectsByOperations($a_obj_type, $a_operation, $a_usr_id=0, $limit=0)
Get all objects of a specific type and check access This function is not recursive,...
$ref_id
Definition: sahs_server.php:39
global $ilDB