Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
67.06% covered (warning)
67.06%
57 / 85
77.78% covered (warning)
77.78%
7 / 9
 CRAP
0.00% covered (danger)
0.00%
0 / 1
phpbb_dbal_migrator_tool_permission_role_test
67.06% covered (warning)
67.06%
57 / 85
77.78% covered (warning)
77.78%
7 / 9
 17.15
0.00% covered (danger)
0.00%
0 / 1
 getDataSet
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
 1
 setUp
100.00% covered (success)
100.00%
10 / 10
100.00% covered (success)
100.00%
1 / 1
 2
 new_roles_add
100.00% covered (success)
100.00%
8 / 8
100.00% covered (success)
100.00%
1 / 1
 2
 data_test_new_role_exists
0.00% covered (danger)
0.00%
0 / 5
0.00% covered (danger)
0.00%
0 / 1
 2
 test_permission_new_role_exists
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
 1
 data_test_permission_assign_new_roles
0.00% covered (danger)
0.00%
0 / 23
0.00% covered (danger)
0.00%
0 / 1
 2
 test_permission_assign_new_roles
100.00% covered (success)
100.00%
8 / 8
100.00% covered (success)
100.00%
1 / 1
 2
 test_permission_new_role_remove
100.00% covered (success)
100.00%
16 / 16
100.00% covered (success)
100.00%
1 / 1
 1
 test_copied_permission_set
100.00% covered (success)
100.00%
13 / 13
100.00% covered (success)
100.00%
1 / 1
 1
1<?php
2/**
3*
4* This file is part of the phpBB Forum Software package.
5*
6* @copyright (c) phpBB Limited <https://www.phpbb.com>
7* @license GNU General Public License, version 2 (GPL-2.0)
8*
9* For full copyright and license information, please see
10* the docs/CREDITS.txt file.
11*
12*/
13
14class phpbb_dbal_migrator_tool_permission_role_test extends phpbb_database_test_case
15{
16    /** @var \phpbb\auth\auth */
17    protected $auth;
18
19    /** @var \includes\acp\auth\auth_admin */
20    protected $auth_admin;
21
22    /** @var \phpbb\db\migration\tool\permission */
23    protected $tool;
24
25    /** @var \phpbb\db\driver\driver_interface */
26    protected $db;
27
28    /** @var \phpbb\cache\service */
29    protected $cache;
30
31    public $group_ids = [
32        'REGISTERED' => 2,
33        'GLOBAL_MODERATORS' => 4,
34        'ADMINISTRATORS' => 5,
35    ];
36
37    public $role_ids = [
38        'ROLE_ADMIN_STANDARD' => 1,
39        'ROLE_USER_FULL' => 5,
40        'ROLE_MOD_FULL' => 10,
41    ];
42
43    public $new_roles = [
44        [
45            'ROLE_ADMIN_NEW',
46            'a_',
47            'A new admin role',
48            'a_new',
49        ],
50        [
51            'ROLE_MODERATOR_NEW',
52            'm_',
53            'A new mod role',
54            'm_new',
55        ],
56        [
57            'ROLE_USER_NEW',
58            'u_',
59            'A new user role',
60            'u_new',
61        ],
62    ];
63
64    public $new_role_ids = [];
65
66    public function getDataSet()
67    {
68        return $this->createXMLDataSet(__DIR__.'/fixtures/migrator_permission.xml');
69    }
70
71    protected function setUp(): void
72    {
73        // Global $db and $cache are needed in acp/auth.php constructor
74        global $phpbb_root_path, $phpEx, $db, $cache;
75
76        parent::setup();
77
78        $db = $this->db = $this->new_dbal();
79        $phpbb_dispatcher = new phpbb_mock_event_dispatcher();
80        $cache = $this->cache = new \phpbb\cache\service(new \phpbb\cache\driver\dummy(), new \phpbb\config\config(array()), $this->db, $phpbb_dispatcher, $phpbb_root_path, $phpEx);
81        $this->auth = new \phpbb\auth\auth();
82
83        // Initialize this auth_admin instance later after adding new auth options via this->tool->add()
84        if (!class_exists('auth_admin'))
85        {
86            include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
87        }
88
89        $this->tool = new \phpbb\db\migration\tool\permission($this->db, $this->cache, $this->auth, $phpbb_root_path, $phpEx);
90
91        $this->new_roles_add();
92    }
93
94    public function new_roles_add()
95    {
96        foreach ($this->new_roles as $new_role_data)
97        {
98            $role_name = $new_role_data[0];
99            $role_type = $new_role_data[1];
100            $role_description = $new_role_data[2];
101            $role_auth_option = $new_role_data[3];
102
103            $this->tool->add($role_auth_option);
104            $this->new_role_ids[$role_name] = $this->tool->role_add($role_name, $role_type, $role_description);
105        }
106
107        // Initialize external auth_admin instance here to keep acl_options array in sync with the one from the permission tool
108        $this->auth_admin = new \auth_admin();
109    }
110
111    public static function data_test_new_role_exists()
112    {
113        return [
114            ['ROLE_ADMIN_NEW', true],
115            ['ROLE_MODERATOR_NEW', true],
116            ['ROLE_USER_NEW', true],
117        ];
118    }
119
120    /**
121     * @dataProvider data_test_new_role_exists
122     */
123    public function test_permission_new_role_exists($role_name, $expected)
124    {
125        $this->assertEquals($expected, (bool) $this->tool->role_exists($role_name));
126    }
127
128    public static function data_test_permission_assign_new_roles()
129    {
130        return [
131            [
132                'group',
133                0,
134                'ADMINISTRATORS',
135                ['a_new' => true],
136                'ROLE_ADMIN_NEW',
137            ],
138            [
139                'group',
140                0,
141                'GLOBAL_MODERATORS',
142                ['m_new' => true],
143                'ROLE_MODERATOR_NEW',
144            ],
145            [
146                'group',
147                0,
148                'REGISTERED',
149                ['u_new' => true],
150                'ROLE_USER_NEW',
151            ],
152        ];
153    }
154
155    /**
156     * @dataProvider data_test_permission_assign_new_roles
157     */
158    public function test_permission_assign_new_roles($ug_type, $forum_id, $group_name, $auth, $role_name, $clear_prefetch = true)
159    {
160        $auth_option = key($auth);
161        $group_id = (int) $this->group_ids[$group_name];
162        $role_id = (int) $this->new_role_ids[$role_name];
163        $expected = current($auth);
164
165        // Set auth options for each role
166        $this->tool->permission_set($role_name, $auth_option, 'role', true);
167
168        // Assign roles to groups
169        $this->auth_admin->acl_set($ug_type, $forum_id, $group_id, $auth, $role_id, $clear_prefetch);
170
171        // Test if role based group permissions assigned correctly
172        $new_perm_state = $this->auth->acl_group_raw_data($group_id, $auth_option);
173        $this->assertEquals($expected, !empty($new_perm_state), "$auth_option is " . ($expected ? 'empty' : 'not empty') . " for $group_name");
174    }
175
176    /**
177     * @dataProvider data_test_permission_assign_new_roles
178     * @depends test_permission_new_role_exists
179     * @depends test_permission_assign_new_roles
180     */
181    public function test_permission_new_role_remove($ug_type, $forum_id, $group_name, $auth, $role_name)
182    {
183        $auth_option = key($auth);
184        $group_id = (int) $this->group_ids[$group_name];
185        $role_id = (int) $this->new_role_ids[$role_name];
186
187        $sql = 'SELECT agt.auth_role_id
188            FROM ' . ACL_GROUPS_TABLE . ' agt, ' . ACL_ROLES_TABLE . ' art
189            WHERE agt.auth_role_id = art.role_id
190                AND art.role_id = ' . $role_id;
191
192        // Set auth options for each role
193        $this->tool->permission_set($role_name, $auth_option, 'role', true);
194
195        // Assign roles to groups
196        $this->auth_admin->acl_set($ug_type, $forum_id, $group_id, $auth, $role_id);
197
198        // Check if the role is assigned to the group
199        $result = $this->db->sql_query($sql);
200        $this->assertEquals($role_id, $this->db->sql_fetchfield('auth_role_id'));
201        $this->db->sql_freeresult($result);
202
203        $this->tool->role_remove($role_name);
204        $this->assertFalse((bool) $this->tool->role_exists($role_name));
205
206        // Check if the role is unassigned
207        $result = $this->db->sql_query($sql);
208        $this->assertFalse($this->db->sql_fetchfield('auth_role_id'));
209        $this->db->sql_freeresult($result);
210    }
211
212    public function test_copied_permission_set()
213    {
214        $sql = 'SELECT rdt.auth_setting
215            FROM ' . ACL_OPTIONS_TABLE. ' ot, ' . ACL_ROLES_DATA_TABLE . ' rdt
216            WHERE rdt.role_id = ' . $this->role_ids['ROLE_ADMIN_STANDARD'] . "
217                AND auth_option = 'u_copied_permission'
218                AND ot.auth_option_id = rdt.auth_option_id";
219
220        // Add new local 'u_copied_permission' copied from 'u_test'
221        // It should be added to the ROLE_ADMIN_STANDARD role automatically similar to 'u_test' permission
222        $this->tool->add('u_copied_permission', false, 'u_test');
223        $this->assertEquals(true, $this->tool->exists('u_copied_permission', false));
224
225        // Copied permission setting should be equal to what it was copied from
226        $result = $this->db->sql_query($sql);
227        $this->assertEquals(0, $this->db->sql_fetchfield('auth_setting')); 
228        $this->db->sql_freeresult($result);
229
230        // Set new permission for copied auth option for the role
231        $this->tool->permission_set('ROLE_ADMIN_STANDARD', 'u_copied_permission', 'role', true);
232
233        // Copied permission setting should be updated
234        $result = $this->db->sql_query($sql);
235        $this->assertEquals(1, $this->db->sql_fetchfield('auth_setting'));
236        $this->db->sql_freeresult($result);
237    }
238
239}