/ */ class Content_Test_AclAssertsTest extends ModuleTest { /** * Test the is owner acl assertion. */ public function testIsOwner() { $acl = new Zend_Acl; $role = new Zend_Acl_Role('editor'); $resource = new Zend_Acl_Resource('content'); $privilege = 'does-not-matter'; // assert instance $isOwner = new Content_Acl_Assert_IsOwner(); // active user $user = new P4Cms_User; $user->setId('joe'); P4Cms_User::setActive($user); // non-content resource should return false. $resource = new Zend_Acl_Resource('lasdfjk'); $this->assertFalse( $isOwner->assert($acl, $role, $resource, $privilege), 'Unexpected isOwner = true with non-content resource.' ); // content resource with no id should return false. $resource = new Zend_Acl_Resource('content'); $this->assertFalse( $isOwner->assert($acl, $role, $resource, $privilege), 'Unexpected isOwner = true with non-content resource.' ); $resource = new Zend_Acl_Resource('content/'); $this->assertFalse( $isOwner->assert($acl, $role, $resource, $privilege), 'Unexpected isOwner = true with non-content resource.' ); // no active user should return false P4Cms_User::clearActive(); $this->assertFalse( $isOwner->assert($acl, $role, $resource, $privilege), 'Unexpected isOwner = true with no active user.' ); // anonymous user should return false $user->setId(null); P4Cms_User::setActive($user); $this->assertFalse( $isOwner->assert($acl, $role, $resource, $privilege), 'Unexpected isOwner = true with anonymous user.' ); // content resource with invalid id should return false. $resource = new Zend_Acl_Resource('content/123'); $this->assertFalse( $isOwner->assert($acl, $role, $resource, $privilege), 'Unexpected isOwner = true with non-existent content resource.' ); // make content entry. P4Cms_Content::store( array('id' => 1, 'title' => 'test', 'contentOwner' => 'tester') ); // valid content resource, but not owner should return false. $user->setId('joe'); P4Cms_User::setActive($user); $resource = new Zend_Acl_Resource('content/1'); $this->assertFalse( $isOwner->assert($acl, $role, $resource, $privilege), 'Unexpected isOwner = true when user not owner.' ); // valid owner should return true. $user->setId('tester'); P4Cms_User::setActive($user); $resource = new Zend_Acl_Resource('content/1'); $this->assertTrue( $isOwner->assert($acl, $role, $resource, $privilege), 'Expected isOwner = true when user is owner.' ); } /** * Test the can edit acl assertion. * * @param string $privilege optional - the privilege to test defaults * to 'edit', pass 'delete' to test CanDelete * @param string $privilegeAll optional - 'superior' privilege to test * defaults to 'edit-all', pass 'delete-any' * to test CanDelete */ public function testCanEdit($privilege = 'edit', $privilegeAll = 'edit-all') { $acl = new Zend_Acl; $author = new Zend_Acl_Role('author'); $editor = new Zend_Acl_Role('editor'); $resource = new Zend_Acl_Resource('content'); // assert instance $canDo = new P4Cms_Acl_Assert_Proxy( "Content_Acl_Assert_Can" . ucfirst($privilege) ); // active user $user = new P4Cms_User; $user->setId('joe'); P4Cms_User::setActive($user); // configure acl. $acl->addRole($author); $acl->addRole($editor); $acl->addResource($resource); $acl->allow($author, $resource, $privilege . '-own'); $acl->allow($editor, $resource, $privilegeAll); // non-content resource should return false. $resource = new Zend_Acl_Resource('lasdfjk'); $this->assertFalse( $canDo->assert($acl, $editor, $resource, $privilege), 'Unexpected canDo = true with non-content resource.' ); // non-content resource should return false. $resource = new Zend_Acl_Resource('contentkasdjf'); $this->assertFalse( $canDo->assert($acl, $editor, $resource, $privilege), 'Unexpected can ' . $privilege . ' = true with non-content resource.' ); // editor role (ie. edit-all) should return true. $resource = new Zend_Acl_Resource('content'); $this->assertTrue( $canDo->assert($acl, $editor, $resource, $privilege), 'Unexpected can ' . $privilege . ' = false with editor role.' ); // author (ie. edit-own) should return false for 'content' resource $resource = new Zend_Acl_Resource('content'); $this->assertFalse( $canDo->assert($acl, $author, $resource, $privilege), 'Unexpected can ' . $privilege . ' = true with author role.' ); // author should return false for non-existent 'content' resource $resource = new Zend_Acl_Resource('content/1'); $this->assertFalse( $canDo->assert($acl, $author, $resource, $privilege), 'Unexpected can ' . $privilege . ' = true with non-existent content.' ); // author some content. P4Cms_Content::store( array('id' => 1, 'title' => 'test', 'contentOwner' => 'joe') ); // author should return true for owned content. $resource = new Zend_Acl_Resource('content/1'); $this->assertTrue( $canDo->assert($acl, $author, $resource, $privilege), 'Unexpected can ' . $privilege . ' = false for owned content.' ); // switch id of active user to be different from content owner. P4Cms_User::fetchActive()->setId($this->p4->getUser()); // author should return false for un-owned content. $resource = new Zend_Acl_Resource('content/1'); $this->assertFalse( $canDo->assert($acl, $author, $resource, $privilege), 'Unexpected can ' . $privilege . ' = true with un-owned content.' ); } /** * Test can delete behavior. Should behave exactly like * can edit, just with delete privilege instead of edit. */ public function testCanDelete() { $this->testCanEdit('delete', 'delete-any'); } }