Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
0.00% covered (danger)
0.00%
0 / 83
0.00% covered (danger)
0.00%
0 / 7
 CRAP
0.00% covered (danger)
0.00%
0 / 1
phpbb_functional_acp_permissions_test
0.00% covered (danger)
0.00%
0 / 83
0.00% covered (danger)
0.00%
0 / 7
 56
0.00% covered (danger)
0.00%
0 / 1
 setUp
0.00% covered (danger)
0.00%
0 / 4
0.00% covered (danger)
0.00%
0 / 1
 2
 test_permissions_tab
0.00% covered (danger)
0.00%
0 / 2
0.00% covered (danger)
0.00%
0 / 1
 2
 test_select_user
0.00% covered (danger)
0.00%
0 / 7
0.00% covered (danger)
0.00%
0 / 1
 2
 permissions_data
0.00% covered (danger)
0.00%
0 / 28
0.00% covered (danger)
0.00%
0 / 1
 2
 test_change_permission
0.00% covered (danger)
0.00%
0 / 20
0.00% covered (danger)
0.00%
0 / 1
 2
 test_forum_permissions_misc
0.00% covered (danger)
0.00%
0 / 12
0.00% covered (danger)
0.00%
0 / 1
 2
 test_tracing_user_based_permissions
0.00% covered (danger)
0.00%
0 / 10
0.00% covered (danger)
0.00%
0 / 1
 2
1<?php
2/**
3*
4* This file is part of the phpBB Forum Software package.
5*
6* @copyright (c) phpBB Limited <https://www.phpbb.com>
7* @license GNU General Public License, version 2 (GPL-2.0)
8*
9* For full copyright and license information, please see
10* the docs/CREDITS.txt file.
11*
12*/
13
14/**
15* @group functional
16*/
17class phpbb_functional_acp_permissions_test extends phpbb_functional_test_case
18{
19    protected function setUp(): void
20    {
21        parent::setUp();
22
23        $this->login();
24        $this->admin_login();
25        $this->add_lang('acp/permissions');
26    }
27
28    public function test_permissions_tab()
29    {
30        // Permissions tab
31        // XXX hardcoded id
32        $crawler = self::request('GET', 'adm/index.php?i=16&sid=' . $this->sid);
33        // these language strings are html
34        $this->assertStringContainsString($this->lang('ACP_PERMISSIONS_EXPLAIN'), $this->get_content());
35    }
36
37    public function test_select_user()
38    {
39        // User permissions
40        $crawler = self::request('GET', 'adm/index.php?i=acp_permissions&icat=16&mode=setting_user_global&sid=' . $this->sid);
41        $this->assertStringContainsString($this->lang('ACP_USERS_PERMISSIONS_EXPLAIN'), $this->get_content());
42
43        // Select admin
44        $form = $crawler->selectButton($this->lang('SUBMIT'))->form();
45        $data = array('username[0]' => 'admin');
46        $form->setValues($data);
47        $crawler = self::submit($form);
48        $this->assertStringContainsString($this->lang('ACL_SET'), $crawler->filter('h1')->eq(1)->text());
49    }
50
51    public static function permissions_data()
52    {
53        return array(
54            // description
55            // permission type
56            // permission name
57            // mode
58            // object name
59            // object id
60            array(
61                'user permission',
62                'u_',
63                'u_hideonline',
64                'setting_user_global',
65                'user_id',
66                2,
67            ),
68            array(
69                'moderator permission',
70                'm_',
71                'm_ban',
72                'setting_mod_global',
73                'group_id',
74                4,
75            ),
76            /* Admin does not work yet, probably because founder can do everything
77            array(
78                'admin permission',
79                'a_',
80                'a_forum',
81                'setting_admin_global',
82                'group_id',
83                5,
84            ),
85            */
86        );
87    }
88
89    /**
90    * @dataProvider permissions_data
91    */
92    public function test_change_permission($description, $permission_type, $permission, $mode, $object_name, $object_id)
93    {
94        // Get the form
95        $crawler = self::request('GET', "adm/index.php?i=acp_permissions&icat=16&mode=$mode&{$object_name}[0]=$object_id&type=$permission_type&sid=" . $this->sid);
96        $this->assertStringContainsString($this->lang('ACL_SET'), $crawler->filter('h1')->eq(1)->text());
97
98        // XXX globals for \phpbb\auth\auth, refactor it later
99        global $db, $cache;
100        $db = $this->get_db();
101
102        $cache = new phpbb_mock_null_cache;
103
104        $auth = new \phpbb\auth\auth;
105        // XXX hardcoded id
106        $user_data = $auth->obtain_user_data(2);
107        $auth->acl($user_data);
108        $this->assertEquals(1, $auth->acl_get($permission));
109
110        // Set u_hideonline to never
111        $form = $crawler->selectButton($this->lang('APPLY_PERMISSIONS'))->form();
112        // initially it should be a yes
113        $values = $form->getValues();
114        $this->assertEquals(1, $values["setting[$object_id][0][$permission]"]);
115        // set to never
116        $data = array("setting[$object_id][0][$permission]" => '0');
117        $form->setValues($data);
118        $crawler = self::submit($form);
119        $this->assertStringContainsString($this->lang('AUTH_UPDATED'), $crawler->text());
120
121        // check acl again
122        $auth = new \phpbb\auth\auth;
123        // XXX hardcoded id
124        $user_data = $auth->obtain_user_data(2);
125        $auth->acl($user_data);
126        $this->assertEquals(0, $auth->acl_get($permission));
127    }
128
129    public function test_forum_permissions_misc()
130    {
131        // Open forum moderators permissions page
132        $crawler = self::request('GET', "adm/index.php?i=acp_permissions&icat=16&mode=setting_mod_local&sid=" . $this->sid);
133
134        // Select "Your first forum"
135        $form = $crawler->filter('#select_victim')->form(['forum_id' => [2]]);
136        $crawler = self::submit($form);
137
138        // Select "Global moderators"
139        $form = $crawler->filter('#add_groups')->form(['group_id' => [4]]);
140        $crawler = self::submit($form);
141
142        // Check that global permissions are not displayed
143        $this->add_lang('acp/permissions_phpbb');
144        $page_text = $crawler->text();
145        $this->assertNotContainsLang('ACL_M_BAN', $page_text);
146        $this->assertNotContainsLang('ACL_M_PM_REPORT', $page_text);
147        $this->assertNotContainsLang('ACL_M_WARN', $page_text);
148
149        // Check that other permissions exist
150        $this->assertContainsLang('ACL_M_EDIT', $page_text);
151        $this->assertContainsLang('ACL_M_MOVE', $page_text);
152    }
153
154    public function test_tracing_user_based_permissions()
155    {
156        $this->create_user('newlyregistereduser');
157
158        // Open user-based permissions masks page
159        $crawler = self::request('GET', "adm/index.php?i=acp_permissions&icat=16&mode=view_user_global&sid=" . $this->sid);
160
161        // Select newlyregistereduser
162        $form = $crawler->filter('#add_user')->form(['username' => ['newlyregistereduser']]);
163        $crawler = self::submit($form);
164
165        // Test 1st "Yes" permission tracing result match
166        $trace_link_yes = $crawler->filter('td.yes')->eq(0)->siblings()->filter('th > a.trace')->link();
167        $crawler_trace_yes = self::$client->click($trace_link_yes);
168        $this->assertEquals(1, $crawler_trace_yes->filter('tr.row2 > td.yes')->count());
169
170        // Test 1st "Never" permission tracing result match
171        $trace_link_never = $crawler->filter('td.never')->eq(0)->siblings()->filter('th > a.trace')->link();
172        $crawler_trace_never = self::$client->click($trace_link_never);
173        $this->assertEquals(1, $crawler_trace_never->filter('tr.row2 > td.never')->count());
174    }
175}