Source of file FileSecuredTest.php
Size: 19,990 Bytes - Last Modified: 2021-12-24T06:44:15+00:00
/var/www/docs.ssmods.com/process/src/tests/FileSecuredTest.php
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519 | <?php /** * * Attempts to excercise all the customised canXX() methods on {@link FileSecured}. * * @author Deviate Ltd 2014-2015 http://www.deviate.net.nz * @package silverstripe-advancedassets * @todo Why is a user with ADMIN always running tests? * @todo Complete commented assertions. Note: FolderSecured may need its own canView() definition */ class FileSecuredTest extends FunctionalTest { /** * * @var string */ protected static $fixture_file = 'fixtures/FileSecuredTest.yml'; /** * @var string */ protected static $test_folder = 'test-secured'; /** * Remove test dir(s) after test runs */ public function tearDown() { $testFolder = ASSETS_PATH . '/' . self::$test_folder; if(file_exists($testFolder)) { rmdir($testFolder); } parent::tearDown(); } /** * Can ADMIN CMS users, view individual SECURED files in the CMS? */ public function testCanViewInCMSAsAdmin() { $member = $this->objFromFixture('Member', 'can-view-is-admin'); // LoggedInUsers: canView = yes $file = $this->createSecuredFile('CanViewType', 'LoggedInUsers'); $this->assertTrue($file->canView($member)); // Inherit: canView = yes $file = $this->createSecuredFile('CanViewType', 'Inherit'); $this->assertTrue($file->canView($member)); // Inherit: canView = yes (No parent folder specified, so inherits from nothing) $file = $this->createSecuredFile('CanViewType', 'OnlyTheseUsers'); $this->assertTrue($file->canView($member)); // Inherit: OnlyTheseUsers = yes $file = $this->createSecuredFile('CanViewType', 'Anyone'); $this->assertTrue($file->canView($member)); } /** * Can AdvancedAsset CMS users, view individual SECURED files in the CMS? */ public function testCanViewInCMSAsSecuredAssetAdmin() { $member = $this->objFromFixture('Member', 'can-view-secured-asset-admin'); // LoggedInUsers: canView = yes $file = $this->createSecuredFile('CanViewType', 'LoggedInUsers'); $this->assertTrue($file->canView($member)); // Inherit: canView = yes (No parent folder specified, so inherits from nothing) $file = $this->createSecuredFile('CanViewType', 'Inherit'); $this->assertTrue($file->canView($member)); // OnlyTheseUsers: canView = no $file = $this->createSecuredFile('CanViewType', 'OnlyTheseUsers'); $this->assertFalse($file->canView($member)); // Anyone: canView = yes $file = $this->createSecuredFile('CanViewType', 'Anyone'); $this->assertTrue($file->canView($member)); // Unsecured file: canView = yes $file = $this->createUnSecuredFile(); $this->assertTrue($file->canView($member)); /* * With reference to the above assertions, we assume individual file-level permissions work. * So now we test individual files' "Inherit" permissions, based on their immediate parent */ // Inherits 'LoggedInUsers': canView = yes $folder = $this->createSecuredFolder('CanViewType', 'LoggedInUsers', array( 'ParentID' => 1 )); $file = $this->createSecuredFile('CanViewType', 'Inherit', array( 'ParentID' => $folder->ID )); $this->assertTrue($file->canView($member)); // Inherits 'Inherit': canView = yes $folder = $this->createSecuredFolder('CanViewType', 'Inherit', array( 'ParentID' => 1 )); $file = $this->createSecuredFile('CanViewType', 'Inherit', array( 'ParentID' => $folder->ID )); $this->assertTrue($file->canView($member)); // Inherits 'OnlyTheseUsers': canView = no $folder = $this->createSecuredFolder('CanViewType', 'OnlyTheseUsers', array( 'ParentID' => 1 )); $file = $this->createSecuredFile('CanViewType', 'Inherit', array( 'ParentID' => $folder->ID )); $this->assertFalse($file->canView($member)); // Inherits 'Anyone': canView = yes $folder = $this->createSecuredFolder('CanViewType', 'Anyone', array( 'ParentID' => 1 )); $file = $this->createSecuredFile('CanViewType', 'Inherit', array( 'ParentID' => $folder->ID )); $this->assertTrue($file->canView($member)); } /** * Can Standard CMS asset-admin users, view individual SECURED files in the CMS? */ public function testCanViewInCMSAsStandardAssetAdmin() { $member = $this->objFromFixture('Member', 'can-view-standard-asset-admin-only'); // LoggedInUsers: canView = no $file = $this->createSecuredFile('CanViewType', 'LoggedInUsers'); $this->assertFalse($file->canView($member)); // Inherit: canView = yes (No parent folder specified, so inherits from nothing) $file = $this->createSecuredFile('CanViewType', 'Inherit'); $this->assertTrue($file->canView($member)); // OnlyTheseUsers: canView = no $file = $this->createSecuredFile('CanViewType', 'OnlyTheseUsers'); $this->assertFalse($file->canView($member)); // Anyone: canView = yes $file = $this->createSecuredFile('CanViewType', 'Anyone'); $this->assertTrue($file->canView($member)); /* * With reference to the above assertions, we assume individual file-level permissions work. * So now we test individual files' "Inherit" permissions, based on their immediate parent */ // Inherits 'LoggedInUsers': canView = no $folder = $this->createSecuredFolder('CanViewType', 'LoggedInUsers', array( 'ParentID' => 1 )); $file = $this->createSecuredFile('CanViewType', 'Inherit', array( 'ParentID' => $folder->ID )); $this->assertFalse($file->canView($member)); // Inherits 'Inherit': canView = no (Standard "Files" admin perms, nothing for $folder = $this->createSecuredFolder('CanViewType', 'Inherit', array( 'ParentID' => 1 )); $file = $this->createSecuredFile('CanViewType', 'Inherit', array( 'ParentID' => $folder->ID )); $this->assertFalse($file->canView($member)); // Inherits 'OnlyTheseUsers': canView = no $folder = $this->createSecuredFolder('CanViewType', 'OnlyTheseUsers', array( 'ParentID' => 1 )); $file = $this->createSecuredFile('CanViewType', 'Inherit', array( 'ParentID' => $folder->ID )); $this->assertFalse($file->canView($member)); // Inherits 'Anyone': canView = yes $folder = $this->createSecuredFolder('CanViewType', 'Anyone', array( 'ParentID' => 1 )); $file = $this->createSecuredFile('CanViewType', 'Inherit', array( 'ParentID' => $folder->ID )); $this->assertTrue($file->canView($member)); } /** * Can AdvancedAsset CMS users, also view individual UNSECURED files in the CMS? */ public function testCanViewStandardAssetsInCMSAsSecuredAssetAdmin() { $member = $this->objFromFixture('Member', 'can-view-secured-asset-admin'); $file = $this->createUnSecuredFile(); $this->assertTrue($file->canView($member)); } /** * Can Standard Asset CMS users, also view individual UNSECURED files in the CMS? * Essentially just replicates standard CMS tests for the same thing */ public function testCanViewStandardAssetsInCMSAsStandardAssetAdmin() { $member = $this->objFromFixture('Member', 'can-view-standard-asset-admin-only'); $file = $this->createUnSecuredFile(); $this->assertTrue($file->canView($member)); } /** * Users not logged-into the CMS, but can they see file(s) in the front-end too? * * See testCanViewFrontByUser() and testCanViewFrontByTime() for more complete tests */ public function testCanViewFrontNotLoggedIn() { // No logged-in users, but no canViewFront = no $file = $this->createSecuredFile('CanViewType', 'LoggedInUsers'); $this->assertFalse($file->canViewFront()); // No logged-in users, but set to "Inherit" with no parent: canViewFront = no (Erring) $file = $this->createSecuredFile('CanViewType', 'Inherit'); $this->assertFalse($file->canViewFront()); // No logged-in users, but set to "OnlyTheseUsers": canViewFront = no $file = $this->createSecuredFile('CanViewType', 'OnlyTheseUsers'); $this->assertFalse($file->canViewFront()); // No logged-in users, but set to "Anyone": canViewFront = yes $file = $this->createSecuredFile('CanViewType', 'Anyone'); $this->assertTrue($file->canViewFront()); } /** * Users may well be logged into the CMS, but can I see file(s) in the front-end too? * (and other stories) * * See testCanViewFrontByUser() and testCanViewFrontByTime() for more complete tests */ public function testCanViewFrontLoggedIn() { // Standard AssetAdmin users $member = $this->objFromFixture('Member', 'can-view-standard-asset-admin-only'); // Logged-in users: canViewFront = yes $file = $this->createSecuredFile('CanViewType', 'LoggedInUsers'); $this->assertTrue($file->canViewFront($member)); // Logged-in users, but set to "Inherit" with no parent: canViewFront = no // What this is _actually_ testing is what happens when a File has no parent by which to judge inheritance. // In this case, the logic is conservative in nature and returns false $file = $this->createSecuredFile('CanViewType', 'Inherit'); $this->assertFalse($file->canViewFront($member)); // Logged-in users, but set to "OnlyTheseUsers": canViewFront = no $file = $this->createSecuredFile('CanViewType', 'OnlyTheseUsers'); $this->assertFalse($file->canViewFront($member)); // Logged-in users, but set to "Anyone": canViewFront = yes $file = $this->createSecuredFile('CanViewType', 'Anyone'); $this->assertTrue($file->canViewFront($member)); // Advanced AssetAdmin users $member = $this->objFromFixture('Member', 'can-view-secured-asset-admin'); // Logged-in users: canViewFront = no $file = $this->createSecuredFile('CanViewType', 'LoggedInUsers'); $this->assertTrue($file->canViewFront($member)); // Logged-in users, but set to "Inherit" with no parent: canViewFront = yes // What this is _actually_ testing is what happens when a File has no parent by which to judge inheritance. // In this case, the logic is conservative in nature and returns false $file = $this->createSecuredFile('CanViewType', 'Inherit'); $this->assertFalse($file->canViewFront($member)); // Logged-in users, but set to "OnlyTheseUsers": canViewFront = no $file = $this->createSecuredFile('CanViewType', 'OnlyTheseUsers'); $this->assertFalse($file->canViewFront($member)); // Logged-in users, but set to "Anyone": canViewFront = yes $file = $this->createSecuredFile('CanViewType', 'Anyone'); $this->assertTrue($file->canViewFront($member)); // Users with permission to see all $member = $this->objFromFixture('Member', 'can-view-secure-assets-in-frontend'); // Logged-in users: canViewFront = no $file = $this->createSecuredFile('CanViewType', 'LoggedInUsers'); $this->assertTrue($file->canViewFront($member)); // Logged-in users, but set to "Inherit" with no parent: canViewFront = yes // What this is _actually_ testing is what happens when a File has no parent by which to judge inheritance. // In this case, the logic checks $member status in FileSecured::canViewFront() $file = $this->createSecuredFile('CanViewType', 'Inherit'); $this->assertTrue($file->canViewFront($member)); // Logged-in users, but set to "OnlyTheseUsers": canViewFront = yes $file = $this->createSecuredFile('CanViewType', 'OnlyTheseUsers'); $this->assertTrue($file->canViewFront($member)); // Logged-in users, but set to "Anyone": canViewFront = yes $file = $this->createSecuredFile('CanViewType', 'Anyone'); $this->assertTrue($file->canViewFront($member)); } /** * Simply tests the return status of FileSecured::canViewFrontByTime() which looks weird out of context. */ public function testCanViewFrontByTime() { $file = $this->createSecuredFile(null, null, array( 'ParentID' => 1, 'EmbargoType' => 'None' )); $this->assertTrue($file->canViewFrontByTime()); $file = $this->createSecuredFile(null, null, array( 'ParentID' => 1, 'EmbargoType' => 'Indefinitely' )); $this->assertFalse($file->canViewFrontByTime(true)); $file = $this->createSecuredFile(null, null, array( 'ParentID' => 1, 'EmbargoType' => 'UntilAFixedDate', 'EmbargoedUntilDate' => '2030-12-01 01:00:00' )); $this->assertFalse($file->canViewFrontByTime()); $file = $this->createSecuredFile(null, null, array( 'ParentID' => 1, 'EmbargoType' => 'UntilAFixedDate', 'EmbargoedUntilDate' => '2003-12-01 01:00:00' )); $this->assertTrue($file->canViewFrontByTime()); } /** * */ public function testCanViewFrontByAnyone() { // Logged-in only I'm afraid:canViewFrontByUser Deny $file = $this->createSecuredFile('CanViewType', 'LoggedInUsers'); $this->assertFalse($file->canViewFrontByUser()); // With "Inherit" set and no parent folder, we get conservative: Deny $file = $this->createSecuredFile('CanViewType', 'Inherit'); $this->assertFalse($file->canViewFrontByUser()); // OnlyTheseUsers = must be logged-in: Deny $file = $this->createSecuredFile('CanViewType', 'OnlyTheseUsers'); $this->assertFalse($file->canViewFrontByUser()); // Anyone: Allow $file = $this->createSecuredFile('CanViewType', 'Anyone'); $this->assertTrue($file->canViewFrontByUser()); // With parent folders $folder = $this->createSecuredFolder('CanViewType', 'LoggedInUsers'); $file = $this->createSecuredFile('CanViewType', 'Inherit', array( 'ParentID' => $folder->ID )); $this->assertFalse($file->canViewFrontByUser()); // Nothing for parent folder to inherit from $folder = $this->createSecuredFolder('CanViewType', 'Inherit'); $file = $this->createSecuredFile('CanViewType', 'Inherit', array( 'ParentID' => $folder->ID )); $this->assertFalse($file->canViewFrontByUser()); $folder = $this->createSecuredFolder('CanViewType', 'OnlyTheseUsers'); $file = $this->createSecuredFile('CanViewType', 'Inherit', array( 'ParentID' => $folder->ID )); $this->assertFalse($file->canViewFrontByUser()); $folder = $this->createSecuredFolder('CanViewType', 'Anyone'); $file = $this->createSecuredFile('CanViewType', 'Inherit', array( 'ParentID' => $folder->ID )); $this->assertTrue($file->canViewFrontByUser()); } /** * Can users accessing the frontend, while logged-in, access what they should and shouldn't? */ public function testCanViewFrontByLoggedInUsers() { // For standard "Files" admin, logged-in users only - allow $member = $this->objFromFixture('Member', 'can-view-standard-asset-admin-only'); $file = $this->createSecuredFile('CanViewType', 'LoggedInUsers'); $this->assertTrue($file->canViewFrontByUser($member)); // For logged-in users only - deny (Nothing to inherit from) $file = $this->createSecuredFile('CanViewType', 'Inherit'); $this->assertFalse($file->canViewFrontByUser($member)); // For logged-in users only - allow $file = $this->createSecuredFile('CanViewType', 'OnlyTheseUsers'); $this->assertFalse($file->canViewFrontByUser($member)); // For logged-in users only - allow $file = $this->createSecuredFile('CanViewType', 'Anyone'); $this->assertTrue($file->canViewFrontByUser($member)); // With parent folders $folder = $this->createSecuredFolder('CanViewType', 'LoggedInUsers'); $file = $this->createSecuredFile('CanViewType', 'Inherit', array( 'ParentID' => $folder->ID )); $this->assertTrue($file->canViewFrontByUser($member)); // Deny, nothing for parent folder to inherit from $folder = $this->createSecuredFolder('CanViewType', 'Inherit'); $file = $this->createSecuredFile('CanViewType', 'Inherit', array( 'ParentID' => $folder->ID )); $this->assertFalse($file->canViewFrontByUser($member)); $folder = $this->createSecuredFolder('CanViewType', 'OnlyTheseUsers'); $file = $this->createSecuredFile('CanViewType', 'Inherit', array( 'ParentID' => $folder->ID )); $this->assertFalse($file->canViewFrontByUser($member)); $folder = $this->createSecuredFolder('CanViewType', 'Anyone'); $file = $this->createSecuredFile('CanViewType', 'Inherit', array( 'ParentID' => $folder->ID )); $this->assertTrue($file->canViewFrontByUser($member)); // For advanced-assets "Files" admin, logged-in users only - allow $member = $this->objFromFixture('Member', 'can-view-secured-asset-admin'); $file = $this->createSecuredFile('CanViewType', 'LoggedInUsers'); $this->assertTrue($file->canViewFrontByUser($member)); $file = $this->createSecuredFile('CanViewType', 'Inherit'); $this->assertFalse($file->canViewFrontByUser($member)); $file = $this->createSecuredFile('CanViewType', 'OnlyTheseUsers'); $this->assertFalse($file->canViewFrontByUser($member)); $file = $this->createSecuredFile('CanViewType', 'Anyone'); $this->assertTrue($file->canViewFrontByUser($member)); } /** * Utility method. * * @return File */ private function createUnsecuredFile() { $file = File::create(); $file->ParentID = 1; $file->Secured = false; $file->write(); return $file; } /** * Utility method to create a {@link FileSecured} object and save to the test DB. * * @param string $can * @param string $type * @param array $props * @return File */ private function createSecuredFile($can = null, $type = null, $props = array()) { $file = File::create(); $file->Secured = true; if ($can && $type) { $file->$can = $type; } foreach ($props as $prop=>$val) { $file->$prop = $val; } $file->write(); return $file; } /** * Utility method to create a {@link FolderSecured} object and save to the test DB. * * @param string $can * @param string $type * @param array $props * @return Folder */ private function createSecuredFolder($can, $type, $props = array()) { $folder = Folder::find_or_make(self::$test_folder); $folder->Secured = true; $folder->$can = $type; $folder->ParentID = 1; foreach ($props as $prop=>$val) { $folder->$prop = $val; } $folder->write(); return $folder; } } |