Working on user ticket security checker

remotes/upstream/api-rewrite
Mike Koch 7 years ago
parent 5112a6a13b
commit 37149ec831

@ -12,4 +12,5 @@ namespace BusinessLogic\Security;
class UserPrivilege {
const CAN_VIEW_TICKETS = 'can_view_tickets';
const CAN_REPLY_TO_TICKETS = 'can_reply_tickets';
const CAN_EDIT_TICKETS = 'can_edit_tickets';
}

@ -0,0 +1,26 @@
<?php
namespace BusinessLogic\Security;
use BusinessLogic\Tickets\Ticket;
class UserToTicketChecker {
/**
* @param $user UserContext
* @param $ticket Ticket
* @param $isEditing bool true if editing a ticket, false if creating
* @param $heskSettings array
* @return bool
*/
function isTicketWritableToUser($user, $ticket, $isEditing, $heskSettings) {
$hasAccess = $user->admin === true ||
(in_array($ticket->categoryId, $user->categories) &&
in_array(UserPrivilege::CAN_VIEW_TICKETS, $user->permissions));
return $isEditing
? $hasAccess && in_array(UserPrivilege::CAN_EDIT_TICKETS, $user->permissions)
: $hasAccess;
}
}

@ -0,0 +1,88 @@
<?php
namespace BusinessLogic\Security;
use BusinessLogic\Tickets\Ticket;
use PHPUnit\Framework\TestCase;
class UserToTicketCheckerTest extends TestCase {
/* @var $userToTicketChecker UserToTicketChecker */
private $userToTicketChecker;
/* @var $heskSettings array */
private $heskSettings;
protected function setUp() {
$this->userToTicketChecker = new UserToTicketChecker();
}
function testItReturnsTrueWhenTheUserIsAnAdmin() {
//-- Arrange
$user = new UserContext();
$user->admin = true;
$ticket = new Ticket();
//-- Act
$result = $this->userToTicketChecker->isTicketWritableToUser($user, $ticket, false, $this->heskSettings);
//-- Assert
self::assertThat($result, self::isTrue());
}
function testItReturnsTrueWhenTheUserHasAccessToTheCategory() {
//-- Arrange
$user = new UserContext();
$user->admin = false;
$user->categories = array(1);
$user->permissions = array(UserPrivilege::CAN_VIEW_TICKETS);
$ticket = new Ticket();
$ticket->categoryId = 1;
//-- Act
$result = $this->userToTicketChecker->isTicketWritableToUser($user, $ticket, false, $this->heskSettings);
//-- Assert
self::assertThat($result, self::isTrue());
}
function testItReturnsFalseWhenTheUserCannotViewTickets() {
//-- Arrange
$user = new UserContext();
$user->admin = false;
$user->categories = array(1);
$user->permissions = array();
$ticket = new Ticket();
$ticket->categoryId = 1;
//-- Act
$result = $this->userToTicketChecker->isTicketWritableToUser($user, $ticket, false, $this->heskSettings);
//-- Assert
self::assertThat($result, self::isFalse());
}
function testItReturnsFalseWhenTheUserCannotViewAndEditTicketsWhenEditFlagIsTrue() {
//-- Arrange
$user = new UserContext();
$user->admin = false;
$user->categories = array(1);
$user->permissions = array(UserPrivilege::CAN_VIEW_TICKETS, 'something else');
$ticket = new Ticket();
$ticket->categoryId = 1;
//-- Act
$result = $this->userToTicketChecker->isTicketWritableToUser($user, $ticket, true, $this->heskSettings);
//-- Assert
self::assertThat($result, self::isFalse());
}
//-- TODO Category Manager
}
Loading…
Cancel
Save