Differential D9431 Diff 22523 src/applications/base/controller/__tests__/PhabricatorAccessControlTestCase.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/base/controller/__tests__/PhabricatorAccessControlTestCase.php
| Show First 20 Lines • Show All 57 Lines • ▼ Show 20 Lines | public function testControllerAccessControls() { | ||||
| $env->overrideEnvConfig('auth.require-email-verification', false); | $env->overrideEnvConfig('auth.require-email-verification', false); | ||||
| $env->overrideEnvConfig('auth.email-domains', array()); | $env->overrideEnvConfig('auth.email-domains', array()); | ||||
| $env->overrideEnvConfig('security.require-multi-factor-auth', false); | $env->overrideEnvConfig('security.require-multi-factor-auth', false); | ||||
| // Test standard defaults. | // Test standard defaults. | ||||
| $this->checkAccess( | $this->checkAccess( | ||||
| "Default", | 'Default', | ||||
| id(clone $controller), | id(clone $controller), | ||||
| $request, | $request, | ||||
| array( | array( | ||||
| $u_normal, | $u_normal, | ||||
| $u_admin, | $u_admin, | ||||
| $u_unverified, | $u_unverified, | ||||
| ), | ), | ||||
| array( | array( | ||||
| $u_public, | $u_public, | ||||
| $u_disabled, | $u_disabled, | ||||
| $u_notapproved, | $u_notapproved, | ||||
| )); | )); | ||||
| // Test email verification. | // Test email verification. | ||||
| $env->overrideEnvConfig('auth.require-email-verification', true); | $env->overrideEnvConfig('auth.require-email-verification', true); | ||||
| $this->checkAccess( | $this->checkAccess( | ||||
| "Email Verification Required", | 'Email Verification Required', | ||||
| id(clone $controller), | id(clone $controller), | ||||
| $request, | $request, | ||||
| array( | array( | ||||
| $u_normal, | $u_normal, | ||||
| $u_admin, | $u_admin, | ||||
| ), | ), | ||||
| array( | array( | ||||
| $u_unverified, | $u_unverified, | ||||
| $u_public, | $u_public, | ||||
| $u_disabled, | $u_disabled, | ||||
| $u_notapproved, | $u_notapproved, | ||||
| )); | )); | ||||
| $this->checkAccess( | $this->checkAccess( | ||||
| "Email Verification Required, With Exception", | 'Email Verification Required, With Exception', | ||||
| id(clone $controller)->setConfig('email', false), | id(clone $controller)->setConfig('email', false), | ||||
| $request, | $request, | ||||
| array( | array( | ||||
| $u_normal, | $u_normal, | ||||
| $u_admin, | $u_admin, | ||||
| $u_unverified, | $u_unverified, | ||||
| ), | ), | ||||
| array( | array( | ||||
| $u_public, | $u_public, | ||||
| $u_disabled, | $u_disabled, | ||||
| $u_notapproved, | $u_notapproved, | ||||
| )); | )); | ||||
| $env->overrideEnvConfig('auth.require-email-verification', false); | $env->overrideEnvConfig('auth.require-email-verification', false); | ||||
| // Test admin access. | // Test admin access. | ||||
| $this->checkAccess( | $this->checkAccess( | ||||
| "Admin Required", | 'Admin Required', | ||||
| id(clone $controller)->setConfig('admin', true), | id(clone $controller)->setConfig('admin', true), | ||||
| $request, | $request, | ||||
| array( | array( | ||||
| $u_admin, | $u_admin, | ||||
| ), | ), | ||||
| array( | array( | ||||
| $u_normal, | $u_normal, | ||||
| $u_unverified, | $u_unverified, | ||||
| $u_public, | $u_public, | ||||
| $u_disabled, | $u_disabled, | ||||
| $u_notapproved, | $u_notapproved, | ||||
| )); | )); | ||||
| // Test disabled access. | // Test disabled access. | ||||
| $this->checkAccess( | $this->checkAccess( | ||||
| "Allow Disabled", | 'Allow Disabled', | ||||
| id(clone $controller)->setConfig('enabled', false), | id(clone $controller)->setConfig('enabled', false), | ||||
| $request, | $request, | ||||
| array( | array( | ||||
| $u_normal, | $u_normal, | ||||
| $u_unverified, | $u_unverified, | ||||
| $u_admin, | $u_admin, | ||||
| $u_disabled, | $u_disabled, | ||||
| $u_notapproved, | $u_notapproved, | ||||
| ), | ), | ||||
| array( | array( | ||||
| $u_public, | $u_public, | ||||
| )); | )); | ||||
| // Test no login required. | // Test no login required. | ||||
| $this->checkAccess( | $this->checkAccess( | ||||
| "No Login Required", | 'No Login Required', | ||||
| id(clone $controller)->setConfig('login', false), | id(clone $controller)->setConfig('login', false), | ||||
| $request, | $request, | ||||
| array( | array( | ||||
| $u_normal, | $u_normal, | ||||
| $u_unverified, | $u_unverified, | ||||
| $u_admin, | $u_admin, | ||||
| $u_public, | $u_public, | ||||
| ), | ), | ||||
| array( | array( | ||||
| $u_disabled, | $u_disabled, | ||||
| $u_notapproved, | $u_notapproved, | ||||
| )); | )); | ||||
| // Test public access. | // Test public access. | ||||
| $this->checkAccess( | $this->checkAccess( | ||||
| "No Login Required", | 'No Login Required', | ||||
| id(clone $controller)->setConfig('public', true), | id(clone $controller)->setConfig('public', true), | ||||
| $request, | $request, | ||||
| array( | array( | ||||
| $u_normal, | $u_normal, | ||||
| $u_unverified, | $u_unverified, | ||||
| $u_admin, | $u_admin, | ||||
| ), | ), | ||||
| array( | array( | ||||
| $u_disabled, | $u_disabled, | ||||
| $u_public, | $u_public, | ||||
| )); | )); | ||||
| $env->overrideEnvConfig('policy.allow-public', true); | $env->overrideEnvConfig('policy.allow-public', true); | ||||
| $this->checkAccess( | $this->checkAccess( | ||||
| "Public + configured", | 'Public + configured', | ||||
| id(clone $controller)->setConfig('public', true), | id(clone $controller)->setConfig('public', true), | ||||
| $request, | $request, | ||||
| array( | array( | ||||
| $u_normal, | $u_normal, | ||||
| $u_unverified, | $u_unverified, | ||||
| $u_admin, | $u_admin, | ||||
| $u_public, | $u_public, | ||||
| ), | ), | ||||
| array( | array( | ||||
| $u_disabled, | $u_disabled, | ||||
| $u_notapproved, | $u_notapproved, | ||||
| )); | )); | ||||
| $env->overrideEnvConfig('policy.allow-public', false); | $env->overrideEnvConfig('policy.allow-public', false); | ||||
| $app = PhabricatorApplication::getByClass('PhabricatorApplicationTest'); | $app = PhabricatorApplication::getByClass('PhabricatorApplicationTest'); | ||||
| $app->reset(); | $app->reset(); | ||||
| $app->setPolicy( | $app->setPolicy( | ||||
| PhabricatorPolicyCapability::CAN_VIEW, | PhabricatorPolicyCapability::CAN_VIEW, | ||||
| PhabricatorPolicies::POLICY_NOONE); | PhabricatorPolicies::POLICY_NOONE); | ||||
| $app_controller = id(clone $controller)->setCurrentApplication($app); | $app_controller = id(clone $controller)->setCurrentApplication($app); | ||||
| $this->checkAccess( | $this->checkAccess( | ||||
| "Application Controller", | 'Application Controller', | ||||
| $app_controller, | $app_controller, | ||||
| $request, | $request, | ||||
| array( | array( | ||||
| ), | ), | ||||
| array( | array( | ||||
| $u_normal, | $u_normal, | ||||
| $u_unverified, | $u_unverified, | ||||
| $u_admin, | $u_admin, | ||||
| $u_public, | $u_public, | ||||
| $u_disabled, | $u_disabled, | ||||
| $u_notapproved, | $u_notapproved, | ||||
| )); | )); | ||||
| $this->checkAccess( | $this->checkAccess( | ||||
| "Application Controller", | 'Application Controller', | ||||
| id(clone $app_controller)->setConfig('login', false), | id(clone $app_controller)->setConfig('login', false), | ||||
| $request, | $request, | ||||
| array( | array( | ||||
| $u_normal, | $u_normal, | ||||
| $u_unverified, | $u_unverified, | ||||
| $u_admin, | $u_admin, | ||||
| $u_public, | $u_public, | ||||
| ), | ), | ||||
| ▲ Show 20 Lines • Show All 45 Lines • Show Last 20 Lines | |||||