You are here

function LdapAuthorizationDeriveFromAttr::testDeriveFromAttrNested in Lightweight Directory Access Protocol (LDAP) 7

File

ldap_authorization/tests/DeriveFromAttr/DeriveFromAttr.test, line 182

Class

LdapAuthorizationDeriveFromAttr

Code

function testDeriveFromAttrNested() {
  $this->ldapTestId = 'DeriveFromAttr.nested';
  $this->serversData = 'DeriveFromAttr/ldap_servers.nested.inc';
  $this->authorizationData = 'DeriveFromAttr/ldap_authorization.nested.inc';
  $this->authenticationData = 'DeriveFromAttr/ldap_authentication.inc';
  $this->consumerType = 'drupal_role';
  $this
    ->prepTestData();

  /**
   * test:  DeriveFromAttr.nested.nomatch no user entry found.
   *
   * should not match any groups
   */
  $user = $this
    ->drupalCreateUser(array());
  $unkool = $this->testFunctions
    ->drupalLdapUpdateUser(array(
    'name' => 'unkool',
    'mail' => 'unkool@nowhere.myuniversity.edu',
  ), TRUE, $user);
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($unkool, 'query', $this->consumerType);

  // just see if the correct ones are derived.
  $this
    ->assertTrue(!isset($new_authorizations[$this->consumerType]) || count($new_authorizations[$this->consumerType]) == 0, 'user account unkool tested for granting no drupal roles ', $this->ldapTestId . '.nomatch');

  /**
   * test:  DeriveFromAttr.nested.no_parent_groups  (result is single group)
   *
   */
  $user = $this
    ->drupalCreateUser(array());
  $justin = $this->testFunctions
    ->drupalLdapUpdateUser(array(
    'name' => 'justin',
    'mail' => 'justin@myuniversity.edu',
  ), TRUE, $user);
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($justin, 'query', $this->consumerType);

  // just see if the correct ones are derived.
  $this
    ->assertTrue(count($new_authorizations[$this->consumerType]) == 1, 'user account justin tested for granting 1 drupal roles ', $this->ldapTestId . '.no_parent_groups');
  $correct_roles = (bool) (isset($new_authorizations[$this->consumerType]) && in_array('cn=people,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType]));
  $this
    ->assertTrue($correct_roles, 'user account justin tested for granting drupal_role "cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu"', $this->ldapTestId . '.no_parent_groups');

  /**
   * test:  DeriveFromAttr.nested.parents1  (results are 4 nested groups)
   */
  $user = $this
    ->drupalCreateUser(array());
  $newkool = $this->testFunctions
    ->drupalLdapUpdateUser(array(
    'name' => 'newkool',
    'mail' => 'newkool@myuniversity.edu',
  ), TRUE, $user);
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($newkool, 'query', $this->consumerType);

  // just see if the correct ones are derived.
  $this
    ->assertTrue(count($new_authorizations[$this->consumerType]) == 4, 'user account newkool tested for granting 4 drupal roles ', $this->ldapTestId . '.nomatch');
  $correct_roles = (bool) (isset($new_authorizations[$this->consumerType]) && in_array('cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType]) && in_array('cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType]) && in_array('cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType]) && in_array('cn=people,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType]));
  $this
    ->assertTrue($correct_roles, 'user account newkool tested for granting correct drupal roles', $this->ldapTestId . '.parents1');

  /**
   * test:  DeriveFromAttr.nested.parents2  (results are 4 nested groups)
   */
  $user = $this
    ->drupalCreateUser(array());
  $joeprogrammer = $this->testFunctions
    ->drupalLdapUpdateUser(array(
    'name' => 'joeprogrammer',
    'mail' => 'joeprogrammer@myuniversity.edu',
  ), TRUE, $user);
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($joeprogrammer, 'query', $this->consumerType);

  // just see if the correct ones are derived.
  $this
    ->assertTrue(count($new_authorizations[$this->consumerType]) == 4, 'user account joeprogrammer tested for granting 4 drupal roles ', $this->ldapTestId . '.nomatch');
  $correct_roles = (bool) (isset($new_authorizations[$this->consumerType]) && in_array('cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType]) && in_array('cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType]) && in_array('cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType]) && in_array('cn=people,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType]));
  $this
    ->assertTrue($correct_roles, 'user joeprogrammer tested for granting correct drupal roles', $this->ldapTestId . '.parents2');

  /**
   * test:  DeriveFromAttr.nested.recursion  (tests some recursive patterns)
   */
  $user = $this
    ->drupalCreateUser(array());
  $memento = $this->testFunctions
    ->drupalLdapUpdateUser(array(
    'name' => 'memento',
    'mail' => 'memento@myuniversity.edu',
  ), TRUE, $user);
  list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($memento, 'query', $this->consumerType);

  // just see if the correct ones are derived.
  $this
    ->assertTrue(count($new_authorizations[$this->consumerType]) == 2, 'user account memento tested for granting 2 roles ', $this->ldapTestId . '.recursion');
  $correct_roles = (bool) (isset($new_authorizations[$this->consumerType]) && in_array('cn=lessrecursive,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType]) && in_array('cn=recursive,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType]));
  $this
    ->assertTrue($correct_roles, 'user memento tested for granting correct drupal roles', $this->ldapTestId . '.recursion');
}