Working on user ticket security checker
parent
5112a6a13b
commit
37149ec831
@ -0,0 +1,26 @@
|
||||
<?php
|
||||
|
||||
namespace BusinessLogic\Security;
|
||||
|
||||
|
||||
use BusinessLogic\Tickets\Ticket;
|
||||
|
||||
class UserToTicketChecker {
|
||||
|
||||
/**
|
||||
* @param $user UserContext
|
||||
* @param $ticket Ticket
|
||||
* @param $isEditing bool true if editing a ticket, false if creating
|
||||
* @param $heskSettings array
|
||||
* @return bool
|
||||
*/
|
||||
function isTicketWritableToUser($user, $ticket, $isEditing, $heskSettings) {
|
||||
$hasAccess = $user->admin === true ||
|
||||
(in_array($ticket->categoryId, $user->categories) &&
|
||||
in_array(UserPrivilege::CAN_VIEW_TICKETS, $user->permissions));
|
||||
|
||||
return $isEditing
|
||||
? $hasAccess && in_array(UserPrivilege::CAN_EDIT_TICKETS, $user->permissions)
|
||||
: $hasAccess;
|
||||
}
|
||||
}
|
@ -0,0 +1,88 @@
|
||||
<?php
|
||||
|
||||
|
||||
namespace BusinessLogic\Security;
|
||||
|
||||
|
||||
use BusinessLogic\Tickets\Ticket;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
|
||||
class UserToTicketCheckerTest extends TestCase {
|
||||
|
||||
/* @var $userToTicketChecker UserToTicketChecker */
|
||||
private $userToTicketChecker;
|
||||
|
||||
/* @var $heskSettings array */
|
||||
private $heskSettings;
|
||||
|
||||
protected function setUp() {
|
||||
$this->userToTicketChecker = new UserToTicketChecker();
|
||||
}
|
||||
|
||||
function testItReturnsTrueWhenTheUserIsAnAdmin() {
|
||||
//-- Arrange
|
||||
$user = new UserContext();
|
||||
$user->admin = true;
|
||||
|
||||
$ticket = new Ticket();
|
||||
|
||||
//-- Act
|
||||
$result = $this->userToTicketChecker->isTicketWritableToUser($user, $ticket, false, $this->heskSettings);
|
||||
|
||||
//-- Assert
|
||||
self::assertThat($result, self::isTrue());
|
||||
}
|
||||
|
||||
function testItReturnsTrueWhenTheUserHasAccessToTheCategory() {
|
||||
//-- Arrange
|
||||
$user = new UserContext();
|
||||
$user->admin = false;
|
||||
$user->categories = array(1);
|
||||
$user->permissions = array(UserPrivilege::CAN_VIEW_TICKETS);
|
||||
|
||||
$ticket = new Ticket();
|
||||
$ticket->categoryId = 1;
|
||||
|
||||
//-- Act
|
||||
$result = $this->userToTicketChecker->isTicketWritableToUser($user, $ticket, false, $this->heskSettings);
|
||||
|
||||
//-- Assert
|
||||
self::assertThat($result, self::isTrue());
|
||||
}
|
||||
|
||||
function testItReturnsFalseWhenTheUserCannotViewTickets() {
|
||||
//-- Arrange
|
||||
$user = new UserContext();
|
||||
$user->admin = false;
|
||||
$user->categories = array(1);
|
||||
$user->permissions = array();
|
||||
|
||||
$ticket = new Ticket();
|
||||
$ticket->categoryId = 1;
|
||||
|
||||
//-- Act
|
||||
$result = $this->userToTicketChecker->isTicketWritableToUser($user, $ticket, false, $this->heskSettings);
|
||||
|
||||
//-- Assert
|
||||
self::assertThat($result, self::isFalse());
|
||||
}
|
||||
|
||||
function testItReturnsFalseWhenTheUserCannotViewAndEditTicketsWhenEditFlagIsTrue() {
|
||||
//-- Arrange
|
||||
$user = new UserContext();
|
||||
$user->admin = false;
|
||||
$user->categories = array(1);
|
||||
$user->permissions = array(UserPrivilege::CAN_VIEW_TICKETS, 'something else');
|
||||
|
||||
$ticket = new Ticket();
|
||||
$ticket->categoryId = 1;
|
||||
|
||||
//-- Act
|
||||
$result = $this->userToTicketChecker->isTicketWritableToUser($user, $ticket, true, $this->heskSettings);
|
||||
|
||||
//-- Assert
|
||||
self::assertThat($result, self::isFalse());
|
||||
}
|
||||
|
||||
//-- TODO Category Manager
|
||||
}
|
Loading…
Reference in New Issue