Page MenuHomePhabricator
Differential D13104 Diff 31769 src/applications/policy/__tests__/PhabricatorPolicyTestCase.php

Changeset View

Standalone View

View Options

src/applications/policy/__tests__/PhabricatorPolicyTestCase.php

Show First 20 LinesShow All 184 Lines▼ Show 20 Lines $this->expectVisibility(
'user' => false, 'user' => false,
'admin' => false, 'admin' => false,
), ),
pht('Invalid Policy')); pht('Invalid Policy'));
} }
/** /**
* Test that extended policies work.
*/
public function testExtendedPolicies() {
$object = $this->buildObject(PhabricatorPolicies::POLICY_USER)
->setPHID('PHID-TEST-1');
$this->expectVisibility(
$object,
array(
'public' => false,
'user' => true,
'admin' => true,
),
pht('No Extended Policy'));
// Add a restrictive extended policy.
$extended = $this->buildObject(PhabricatorPolicies::POLICY_ADMIN)
->setPHID('PHID-TEST-2');
$object->setExtendedPolicies(
array(
PhabricatorPolicyCapability::CAN_VIEW => array(
array($extended, PhabricatorPolicyCapability::CAN_VIEW),
),
));
$this->expectVisibility(
$object,
array(
'public' => false,
'user' => false,
'admin' => true,
),
pht('With Extended Policy'));
// Depend on a different capability.
$object->setExtendedPolicies(
array(
PhabricatorPolicyCapability::CAN_VIEW => array(
array($extended, PhabricatorPolicyCapability::CAN_EDIT),
),
));
$extended->setCapabilities(array(PhabricatorPolicyCapability::CAN_EDIT));
$extended->setPolicies(
array(
PhabricatorPolicyCapability::CAN_EDIT =>
PhabricatorPolicies::POLICY_NOONE,
));
$this->expectVisibility(
$object,
array(
'public' => false,
'user' => false,
'admin' => false,
),
pht('With Extended Policy + Edit'));
}
/**
* Test that cyclic extended policies are arrested properly.
*/
public function testExtendedPolicyCycles() {
$object = $this->buildObject(PhabricatorPolicies::POLICY_USER)
->setPHID('PHID-TEST-1');
$this->expectVisibility(
$object,
array(
'public' => false,
'user' => true,
'admin' => true,
),
pht('No Extended Policy'));
// Set a self-referential extended policy on the object. This should
// make it fail all policy checks.
$object->setExtendedPolicies(
array(
PhabricatorPolicyCapability::CAN_VIEW => array(
array($object, PhabricatorPolicyCapability::CAN_VIEW),
),
));
$this->expectVisibility(
$object,
array(
'public' => false,
'user' => false,
'admin' => false,
),
pht('Extended Policy with Cycle'));
}
/**
* An omnipotent user should be able to see even objects with invalid * An omnipotent user should be able to see even objects with invalid
* policies. * policies.
*/ */
public function testInvalidPolicyVisibleByOmnipotentUser() { public function testInvalidPolicyVisibleByOmnipotentUser() {
$invalid_policy = 'the cow goes moo'; $invalid_policy = 'the cow goes moo';
$object = $this->buildObject($invalid_policy); $object = $this->buildObject($invalid_policy);
$results = array( $results = array(
▲ Show 20 LinesShow All 68 Lines▼ Show 20 Lines private function expectVisibility(
foreach ($map as $spec => $expect) { foreach ($map as $spec => $expect) {
$viewer = $this->buildUser($spec); $viewer = $this->buildUser($spec);
$query = new PhabricatorPolicyAwareTestQuery(); $query = new PhabricatorPolicyAwareTestQuery();
$query->setResults(array($object)); $query->setResults(array($object));
$query->setViewer($viewer); $query->setViewer($viewer);
$caught = null; $caught = null;
$result = null;
try { try {
$result = $query->executeOne(); $result = $query->executeOne();
} catch (PhabricatorPolicyException $ex) { } catch (PhabricatorPolicyException $ex) {
$caught = $ex; $caught = $ex;
} }
if ($expect) { if ($expect) {
$this->assertEqual( $this->assertEqual(
▲ Show 20 LinesShow All 54 LinesShow Last 20 Lines
Phabricator · Built by Phacility