role_delegation.test in Role Delegation 7
Tests for the Role Delegation module.
File
role_delegation.testView source
<?php
/**
* @file
* Tests for the Role Delegation module.
*/
/**
* Base class for Role Delegation tests.
*/
class RoleDelegationTestCase extends DrupalWebTestCase {
protected $rid_high, $rid_low, $user_high, $user_low;
/**
* Assign or remove one role to/from one user.
*
* The logged in user must have the "administer users"
* permission in order for this function to succeed.
*
* @param $rid
* The role id of the role to assign or remove.
* @param $user
* The user object of the user to assign/remove the role to.
* @param $assign
* TRUE (the default) to assign the role, or
* FALSE to remove it.
*
* @return
* TRUE or FALSE depending on whether the role was
* successfully assigned or removed.
*/
protected function assignRoleToUser($rid, $user, $assign = TRUE) {
$this
->drupalGet("user/{$user->uid}/edit");
if (count($this
->xpath("//input[@name='roles[{$rid}]']"))) {
$name = "roles[{$rid}]";
}
elseif (count($this
->xpath("//input[@name='roles_change[{$rid}]']"))) {
$name = "roles_change[{$rid}]";
}
else {
return FALSE;
}
$this
->drupalPost(NULL, array(
$name => $assign,
), t('Save'));
$elements = $this
->xpath("//input[@name='{$name}']");
return isset($elements[0]) && ($assign xor empty($elements[0]['checked']));
}
/**
* Assign or remove one permission to/from one role, and assert
* that the result succeeded.
*
* @param $permission
* The name of the permission to assign or remove.
* @param $rid
* The role id of the role to assign/remove the permission to/from.
* @param $assign
* TRUE (the default) to assign the permission, or
* FALSE to remove it.
*
* @return
* TRUE or FALSE depending on whether the permission was
* successfully assigned or removed.
*/
protected function assignPermissionToRole($permission, $rid, $assign = TRUE) {
$name = "{$rid}[{$permission}]";
$this
->drupalPost("admin/people/permissions/{$rid}", array(
$name => $assign,
), t('Save permissions'));
$elements = $this
->xpath("//input[@name='{$name}']");
$this
->assertTrue(isset($elements[0]) && ($assign xor empty($elements[0]['checked'])), ($assign ? 'Assign' : 'Remove') . ' permission "' . $permission . '" ' . ($assign ? 'to' : 'from') . " role {$rid}.");
}
public function setUp(array $modules = array(
'role_delegation',
)) {
// Enable modules
parent::setUp($modules);
// Create roles
$this->rid_high = $this
->drupalCreateRole(array(), 'high');
$this->rid_low = $this
->drupalCreateRole(array(), 'low');
// Create users
$this->user_high = $this
->drupalCreateUser(array(
'administer users',
'access user profiles',
));
$this->user_low = $this
->drupalCreateUser(array(
'administer users',
));
// Create privileged user and log in
$this
->drupalLogin($this
->drupalCreateUser(array(
'administer users',
'administer permissions',
'access user profiles',
)));
// Assign permissions to roles
$this
->assignPermissionToRole('assign low role', $this->rid_high);
// 'high' can assign 'low'
// Assign roles to users
$this
->assertTrue($this
->assignRoleToUser($this->rid_high, $this->user_high), 'Assign high role to high user');
}
}
/**
* Functional tests for permissions.
*/
class RoleDelegationPermissionsTestCase extends RoleDelegationTestCase {
public static function getInfo() {
return array(
'name' => t('Permissions'),
'description' => t('Check that role assignment permissions are enforced.'),
'group' => t('Role Delegation'),
);
}
/**
* Check that high role can assign low role.
*/
public function testHighLow() {
$this
->drupalLogin($this->user_high);
$this
->assertTrue($this
->assignRoleToUser($this->rid_low, $this->user_low), t('!role1 role can assign !role2 role.', array(
'!role1' => 'High',
'!role2' => 'low',
)), t('Role Delegation'));
}
/**
* Check that high role can't assign high role.
*/
public function testHighHigh() {
$this
->drupalLogin($this->user_high);
// Just check that no option is presented to the user.
$this
->assertFalse($this
->assignRoleToUser($this->rid_high, $this->user_high), t("!role1 role can't assign !role2 role.", array(
'!role1' => 'High',
'!role2' => 'high',
)), t('Role Delegation'));
}
/**
* Check that roles can't be assigned by forgery.
*/
public function testRoleForgery() {
$this
->drupalLogin($this->user_high);
// Have the nefarious high user forge an option to assign the high role...
$this
->drupalGet("user/{$this->user_low->uid}/edit");
$name = "roles_change[{$this->rid_low}]";
$input = $this
->xpath("//input[@name='{$name}']");
$dome = dom_import_simplexml($input[0]);
$dome
->setAttribute('value', $this->rid_high);
// ... then submit the form, and check that he didn't get the role.
$this
->drupalPost(NULL, array(
$name => TRUE,
), t('Save'));
$this
->assertRaw(t('An illegal choice has been detected. Please contact the site administrator.'), t('Role assignment forgery is blocked.') . ' (#1)', t('Role Delegation'));
$this
->assertFieldByName($name, $this->rid_low, t('Role assignment forgery is blocked.') . ' (#2)', t('Role Delegation'));
}
/**
* Check access to the role delegation page.
*/
public function testRoleDelegationPageAccess() {
// Users with 'administer permissions' can view the page.
$this
->drupalGet("user/{$this->user_low->uid}/roles");
$this
->assertResponse(200, t('Users with \'administer permissions\' can view the page.'));
// Anonymous users can never access the roles page.
$this
->drupalLogout();
$this
->drupalGet("user/{$this->user_low->uid}/roles");
$this
->assertResponse(403, t('Anonymous users can never access the roles page.'));
// Users with only 'administer users' cannot view the page.
$this
->drupalLogin($this
->drupalCreateUser(array(
'administer users',
)));
$this
->drupalGet("user/{$this->user_low->uid}/roles");
$this
->assertResponse(403, t('Users with only \'administer users\' cannot view the page.'));
$this
->drupalLogout();
$this
->drupalLogin($this->user_high);
$this
->drupalGet("user/{$this->user_low->uid}/roles");
$this
->assertResponse(200, t('Users with assign role permissions should be able to access the page.'));
$this
->drupalLogout();
$this
->drupalLogin($this->user_low);
$this
->drupalGet("user/{$this->user_low->uid}/roles");
$this
->assertResponse(403, t('Users without assign role permissions should not be able to access the page.'));
}
}
/**
* Functional tests for operations.
*/
class RoleDelegationOperationsTestCase extends RoleDelegationTestCase {
public static function getInfo() {
return array(
'name' => t('Operations'),
'description' => t('Check that role assignment bulk operations are available and work as intended.'),
'group' => t('Role Delegation'),
);
}
/**
* Check that the right combination of Add and Remove role
* operations is present in the user bulk update form.
*/
public function testOperationsExist() {
$this
->drupalLogin($this->user_high);
$this
->drupalGet('admin/people');
$this
->assertFieldByXPath('//select[@name="operation"]//option', "role_delegation_add_role-{$this->rid_low}", t("!user user can use Add !role role operation.", array(
'!user' => 'High',
'!role' => 'low',
)), t('Role Delegation'));
$this
->assertFieldByXPath('//select[@name="operation"]//option', "role_delegation_remove_role-{$this->rid_low}", t("!user user can use Remove !role role operation.", array(
'!user' => 'High',
'!role' => 'low',
)), t('Role Delegation'));
$this
->assertNoFieldByXPath('//select[@name="operation"]//option', "role_delegation_add_role-{$this->rid_high}", t("!user user can't use Add !role role operation.", array(
'!user' => 'High',
'!role' => 'high',
)), t('Role Delegation'));
$this
->assertNoFieldByXPath('//select[@name="operation"]//option', "role_delegation_remove_role-{$this->rid_high}", t("!user user can't use Remove !role role operation.", array(
'!user' => 'High',
'!role' => 'high',
)), t('Role Delegation'));
}
/**
* Check that Add and Remove role operations work as intended.
*/
public function testOperationsWork() {
$uids_to_test = array(
$this->user_high->uid,
$this->user_low->uid,
);
$edit = array();
foreach ($uids_to_test as $uid) {
$edit["accounts[{$uid}]"] = TRUE;
}
$this
->drupalLogin($this->user_high);
$this
->drupalGet('admin/people');
// Add low role
$edit['operation'] = "role_delegation_add_role-{$this->rid_low}";
$this
->drupalPost(NULL, $edit, t('Update'));
foreach ($uids_to_test as $uid) {
$this
->assertFieldByXPath("//tbody/tr[{$uid}]/td[4]//li", 'low', t('!user user assigned !role role to user !uid.', array(
'!user' => 'High',
'!role' => 'low',
'!uid' => $uid,
)), t('Role Delegation'));
}
// Remove low role
$edit['operation'] = "role_delegation_remove_role-{$this->rid_low}";
$this
->drupalPost(NULL, $edit, t('Update'));
foreach ($uids_to_test as $uid) {
$this
->assertNoFieldByXPath("//tbody/tr[{$uid}]/td[4]//li", 'low', t('!user user removed !role role from user !uid.', array(
'!user' => 'High',
'!role' => 'low',
'!uid' => $uid,
)), t('Role Delegation'));
}
}
/**
* Check that operations can't be forged.
*/
public function testOperationsForgery() {
$this
->drupalLogin($this->user_high);
$this
->drupalGet('admin/people');
// Forge an operation to add the high role...
$option = $this
->xpath("//select[@name='operation']//option[@value='role_delegation_add_role-{$this->rid_low}']");
if (count($option) == 0) {
return;
}
$dome = dom_import_simplexml($option[0]);
$dome
->setAttribute('value', "role_delegation_add_role-{$this->rid_high}");
// ... then submit the form, and check that it wasn't granted.
$edit = array(
"accounts[{$this->user_low->uid}]" => TRUE,
"operation" => "role_delegation_add_role-{$this->rid_high}",
);
$this
->drupalPost(NULL, $edit, t('Update'));
$this
->assertRaw(t('An illegal choice has been detected. Please contact the site administrator.'), t('Role assignment forgery is blocked.') . ' (#1)', t('Role Delegation'));
$this
->assertNoFieldByXPath("//tbody/tr[{$this->user_high->uid}]/td[4]//li", 'high', t('Role assignment forgery is blocked.') . ' (#2)', t('Role Delegation'));
}
}
/**
* Functional tests for editing roles.
*/
class RoleDelegationRoleEditingTestCase extends RoleDelegationTestCase {
public static function getInfo() {
return array(
'name' => t('Role editing'),
'description' => t('Check that role assignment permissions are updated correctly when roles are renamed or deleted.'),
'group' => t('Role Delegation'),
);
}
/**
* Rename a role, and check that users that had permission to assign
* the old role now have permission to assign the new one.
*/
public function testRenameRole() {
$this
->drupalPost("admin/people/permissions/roles/edit/{$this->rid_low}", array(
'name' => 'new low',
), t('Save role'));
$this
->drupalGet('admin/people/permissions');
$this
->assertFieldChecked("edit-{$this->rid_high}-assign-new-low-role", t('Permissions are updated when role is renamed.'), t('Role Delegation'));
}
/**
* Delete a role, then create a new one with the same name.
* Check that no users have permission to assign the new role.
*/
public function testDeleteRole() {
$this
->drupalPost("admin/people/permissions/roles/delete/{$this->rid_low}", NULL, t('Delete'));
$this
->drupalPost('admin/people/permissions/roles', array(
'name' => 'low',
), t('Add role'));
$this
->drupalGet('admin/people/permissions');
$this
->assertNoFieldChecked("edit-{$this->rid_high}-assign-low-role", t('Permissions are updated when role is deleted.'), t('Role Delegation'));
}
}
Classes
Name | Description |
---|---|
RoleDelegationOperationsTestCase | Functional tests for operations. |
RoleDelegationPermissionsTestCase | Functional tests for permissions. |
RoleDelegationRoleEditingTestCase | Functional tests for editing roles. |
RoleDelegationTestCase | Base class for Role Delegation tests. |