diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2008-12-07 10:56:44 +0000 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2008-12-07 10:56:44 +0000 |
| commit | 5d23a6515d8c62f158c6369fafc6fc9bf0092775 (patch) | |
| tree | 8a72b459919317c37596acad6123cf10293485e4 | |
| parent | fef188d787fd07fc47e30bd7be46a8982dd71788 (diff) | |
Finish writing unit tests for Access. No bugs found!
| -rw-r--r-- | core/helpers/access.php | 9 | ||||
| -rw-r--r-- | core/tests/Access_Helper_Test.php | 90 |
2 files changed, 93 insertions, 6 deletions
diff --git a/core/helpers/access.php b/core/helpers/access.php index e859b1d5..4c623f7c 100644 --- a/core/helpers/access.php +++ b/core/helpers/access.php @@ -64,8 +64,6 @@ * o In the near future, we'll be moving the "view" columns out of Access_Intent_Model and * directly into Item_Model. By doing this, we'll be able to find viewable items (the most * common permission access) without doing table joins. - * - * o Write unit tests. */ class access_Core { const DENY = 0; @@ -403,12 +401,11 @@ class access_Core { $query = $db->query( "SELECT `access_intents`.`$field`, `items`.`left`, `items`.`right` " . "FROM `access_intents` JOIN (`items`) ON (`access_intents`.`item_id` = `items`.`id`) " . - "WHERE `left` >= ? " . - "AND `right` <= ? " . + "WHERE `left` >= $item->left " . + "AND `right` <= $item->right " . "AND `type` = 'album' " . "AND `$field` IS NOT NULL " . - "ORDER BY `level` ASC ", - array($item->left, $item->right)); + "ORDER BY `level` ASC"); foreach ($query as $row) { $db->query( "UPDATE `access_caches` SET `$field` = {$row->$field} " . diff --git a/core/tests/Access_Helper_Test.php b/core/tests/Access_Helper_Test.php index c924575d..78948beb 100644 --- a/core/tests/Access_Helper_Test.php +++ b/core/tests/Access_Helper_Test.php @@ -112,23 +112,113 @@ class Access_Helper_Test extends Unit_Test_Case { public function can_view_item_test() { + $root = ORM::factory("item", 1); + access::allow(0, "view", $root->id); + $this->assert_true(access::can(0, "view", $root->id)); } public function cant_view_child_of_hidden_parent_test() { + $root = ORM::factory("item", 1); + $album = ORM::factory("item")->add_to_parent($root); + access::add_item($album); + + access::deny(0, "view", $root->id); + access::reset(0, "view", $album->id); + $this->assert_false(access::can(0, "view", $album->id)); } public function view_permissions_propagate_down_test() { + $root = ORM::factory("item", 1); + $album = ORM::factory("item")->add_to_parent($root); + access::add_item($album); + + access::allow(0, "view", $root->id); + access::reset(0, "view", $album->id); + $this->assert_true(access::can(0, "view", $album->id)); + } + + public function can_toggle_view_permissions_propagate_down_test() { + $root = ORM::factory("item", 1); + $album1 = ORM::factory("item"); + $album1->type = "album"; + $album1->add_to_parent($root); + access::add_item($album1); + + $album2 = ORM::factory("item"); + $album2->type="album"; + $album2->add_to_parent($album1); + access::add_item($album2); + + $album3 = ORM::factory("item"); + $album3->type="album"; + $album3->add_to_parent($album2); + access::add_item($album3); + + $album4 = ORM::factory("item"); + $album4->type="album"; + $album4->add_to_parent($album3); + access::add_item($album4); + + access::allow(0, "view", $root->id); + access::deny(0, "view", $album1->id); + access::reset(0, "view", $album2->id); + access::reset(0, "view", $album3->id); + access::reset(0, "view", $album4->id); + $this->assert_false(access::can(0, "view", $album4->id)); + + access::allow(0, "view", $album1->id); + $this->assert_true(access::can(0, "view", $album4->id)); } public function revoked_view_permissions_cant_be_allowed_lower_down_test() { + $root = ORM::factory("item", 1); + $album = ORM::factory("item")->add_to_parent($root); + access::add_item($album); + + access::deny(0, "view", $root->id); + access::allow(0, "view", $album->id); + $this->assert_false(access::can(0, "view", $album->id)); } public function can_edit_item_test() { + $root = ORM::factory("item", 1); + access::allow(0, "edit", $root->id); + $this->assert_true(access::can(0, "edit", $root->id)); } public function non_view_permissions_propagate_down_test() { + $root = ORM::factory("item", 1); + $album = ORM::factory("item")->add_to_parent($root); + access::add_item($album); + + access::allow(0, "edit", $root->id); + access::reset(0, "edit", $album->id); + $this->assert_true(access::can(0, "edit", $album->id)); } public function non_view_permissions_can_be_revoked_lower_down_test() { + $root = ORM::factory("item", 1); + $outer = ORM::factory("item"); + $outer->type = "album"; + $outer->add_to_parent($root); + + access::add_item($outer); + $outer_photo = ORM::factory("item")->add_to_parent($outer); + access::add_item($outer_photo); + + $inner = ORM::factory("item"); + $inner->type = "album"; + $inner->add_to_parent($outer); + access::add_item($inner); + $inner_photo = ORM::factory("item")->add_to_parent($inner); + access::add_item($inner_photo); + + access::allow(0, "edit", $root->id); + access::deny(0, "edit", $outer->id); + access::allow(0, "edit", $inner->id); + + // Outer album is not editable, inner one is. + $this->assert_false(access::can(0, "edit", $outer_photo->id)); + $this->assert_true(access::can(0, "edit", $inner_photo->id)); } } |