summaryrefslogtreecommitdiff
path: root/core/tests
diff options
context:
space:
mode:
Diffstat (limited to 'core/tests')
-rw-r--r--core/tests/Access_Helper_Test.php28
1 files changed, 28 insertions, 0 deletions
diff --git a/core/tests/Access_Helper_Test.php b/core/tests/Access_Helper_Test.php
index ead3c3a5..537aa1e8 100644
--- a/core/tests/Access_Helper_Test.php
+++ b/core/tests/Access_Helper_Test.php
@@ -31,6 +31,13 @@ class Access_Helper_Test extends Unit_Test_Case {
try {
access::delete_permission("access_test");
} catch (Exception $e) { }
+
+ try {
+ $user = ORM::factory("user")->where("name", "access_test")->find();
+ if ($user->loaded) {
+ user::delete($user->id);
+ }
+ } catch (Exception $e) { }
}
public function groups_and_permissions_are_bound_to_columns_test() {
@@ -221,4 +228,25 @@ class Access_Helper_Test extends Unit_Test_Case {
$this->assert_false(access::group_can(0, "edit", $outer_photo->id));
$this->assert_true(access::group_can(0, "edit", $inner_photo->id));
}
+
+ public function i_can_edit_test() {
+ // Create a new user that belongs to no groups
+ $user = user::create("access_test", "Access Test", "");
+ foreach ($user->groups as $group) {
+ group::remove_user($group->id, $user->id);
+ }
+ Session::instance()->set("user", $user);
+
+ // This user can't edit anything
+ $this->assert_false(access::can("edit", 1));
+
+ // Now add them to a group that has edit permission
+ $group = group::create("access_test");
+ group::add_user($group->id, $user->id);
+ access::allow($group->id, "edit", 1);
+ Session::instance()->set("user", $user->reload());
+
+ // And verify that the user can edit.
+ $this->assert_true(access::can("edit", 1));
+ }
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 23:39:07 +0000