diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2015-08-01 09:18:32 +0200 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2015-08-01 09:18:32 +0200 |
| commit | b60dfa578d6ab5e1766af7adb3f882e585ed161e (patch) | |
| tree | 3db7fa910670aa2098655c547e0d663eac3f71bd /Acl/Tests/Dbal | |
| parent | 64e5aa5963622bfcf7d036e2aabfd8b99e8bba4e (diff) | |
| parent | fc68db0b1c78e0ae166f00b2dc7ac5893cd883bf (diff) | |
| download | symfony-security-b60dfa578d6ab5e1766af7adb3f882e585ed161e.zip symfony-security-b60dfa578d6ab5e1766af7adb3f882e585ed161e.tar.gz symfony-security-b60dfa578d6ab5e1766af7adb3f882e585ed161e.tar.bz2 | |
feature #15013 [Security] Removed security-acl from the core (iltar)
This PR was squashed before being merged into the 2.8 branch (closes #15013).
Discussion
----------
[Security] Removed security-acl from the core
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | part of #14718
| License | MIT
| Doc PR | ~
The `Security\Acl` is removed from the core and is loaded from its own repository. All tests were passing and this is fully backwards compatible. I have removed all but the Test files in the first step and added the dependency to verify the Test were still working with the package dependency. The second step was to remove the remaining test files and tests are still running for both the Bundle and the Framework. Once the Read-Only repository is a full standalone repository, this PR can be merged.
- [x] Remove component from the core
- [ ] Remove read-only from https://github.com/symfony/security-acl
Once this PR is merged, I can start working on splitting the SecurityBundle and extracting the ACL part to the AclBundle.
/cc @fabpot
Commits
-------
b26a449 [Security] Removed security-acl from the core
Diffstat (limited to 'Acl/Tests/Dbal')
| -rw-r--r-- | Acl/Tests/Dbal/AclProviderBenchmarkTest.php | 267 | ||||
| -rw-r--r-- | Acl/Tests/Dbal/AclProviderTest.php | 281 | ||||
| -rw-r--r-- | Acl/Tests/Dbal/MutableAclProviderTest.php | 573 |
3 files changed, 0 insertions, 1121 deletions
diff --git a/Acl/Tests/Dbal/AclProviderBenchmarkTest.php b/Acl/Tests/Dbal/AclProviderBenchmarkTest.php deleted file mode 100644 index c95b474..0000000 --- a/Acl/Tests/Dbal/AclProviderBenchmarkTest.php +++ /dev/null @@ -1,267 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Acl\Tests\Dbal; - -use Symfony\Component\Security\Acl\Dbal\AclProvider; -use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy; -use Symfony\Component\Security\Acl\Domain\ObjectIdentity; -use Symfony\Component\Security\Acl\Dbal\Schema; -use Doctrine\DBAL\DriverManager; - -/** - * @group benchmark - */ -class AclProviderBenchmarkTest extends \PHPUnit_Framework_TestCase -{ - /** @var \Doctrine\DBAL\Connection */ - protected $con; - protected $insertClassStmt; - protected $insertSidStmt; - protected $insertOidAncestorStmt; - protected $insertOidStmt; - protected $insertEntryStmt; - - protected function setUp() - { - try { - $this->con = DriverManager::getConnection(array( - 'driver' => 'pdo_mysql', - 'host' => 'localhost', - 'user' => 'root', - 'dbname' => 'testdb', - )); - $this->con->connect(); - } catch (\Exception $e) { - $this->markTestSkipped('Unable to connect to the database: '.$e->getMessage()); - } - } - - protected function tearDown() - { - $this->con = null; - } - - public function testFindAcls() - { - // $this->generateTestData(); - - // get some random test object identities from the database - $oids = array(); - $stmt = $this->con->executeQuery('SELECT object_identifier, class_type FROM acl_object_identities o INNER JOIN acl_classes c ON c.id = o.class_id ORDER BY RAND() LIMIT 25'); - foreach ($stmt->fetchAll() as $oid) { - $oids[] = new ObjectIdentity($oid['object_identifier'], $oid['class_type']); - } - - $provider = $this->getProvider(); - - $start = microtime(true); - $provider->findAcls($oids); - $time = microtime(true) - $start; - echo 'Total Time: '.$time."s\n"; - } - - /** - * This generates a huge amount of test data to be used mainly for benchmarking - * purposes, not so much for testing. That's why it's not called by default. - */ - protected function generateTestData() - { - $sm = $this->con->getSchemaManager(); - $sm->dropAndCreateDatabase('testdb'); - $this->con->exec('USE testdb'); - - // import the schema - $schema = new Schema($options = $this->getOptions()); - foreach ($schema->toSql($this->con->getDatabasePlatform()) as $sql) { - $this->con->exec($sql); - } - - // setup prepared statements - $this->insertClassStmt = $this->con->prepare('INSERT INTO acl_classes (id, class_type) VALUES (?, ?)'); - $this->insertSidStmt = $this->con->prepare('INSERT INTO acl_security_identities (id, identifier, username) VALUES (?, ?, ?)'); - $this->insertOidStmt = $this->con->prepare('INSERT INTO acl_object_identities (id, class_id, object_identifier, parent_object_identity_id, entries_inheriting) VALUES (?, ?, ?, ?, ?)'); - $this->insertEntryStmt = $this->con->prepare('INSERT INTO acl_entries (id, class_id, object_identity_id, field_name, ace_order, security_identity_id, mask, granting, granting_strategy, audit_success, audit_failure) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'); - $this->insertOidAncestorStmt = $this->con->prepare('INSERT INTO acl_object_identity_ancestors (object_identity_id, ancestor_id) VALUES (?, ?)'); - - for ($i = 0; $i < 40000; ++$i) { - $this->generateAclHierarchy(); - } - } - - protected function generateAclHierarchy() - { - $rootId = $this->generateAcl($this->chooseClassId(), null, array()); - - $this->generateAclLevel(rand(1, 15), $rootId, array($rootId)); - } - - protected function generateAclLevel($depth, $parentId, $ancestors) - { - $level = count($ancestors); - for ($i = 0, $t = rand(1, 10); $i < $t; ++$i) { - $id = $this->generateAcl($this->chooseClassId(), $parentId, $ancestors); - - if ($level < $depth) { - $this->generateAclLevel($depth, $id, array_merge($ancestors, array($id))); - } - } - } - - protected function chooseClassId() - { - static $id = 1000; - - if ($id === 1000 || ($id < 1500 && rand(0, 1))) { - $this->insertClassStmt->execute(array($id, $this->getRandomString(rand(20, 100), 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789\\_'))); - ++$id; - - return $id - 1; - } else { - return rand(1000, $id - 1); - } - } - - protected function generateAcl($classId, $parentId, $ancestors) - { - static $id = 1000; - - $this->insertOidStmt->execute(array( - $id, - $classId, - $this->getRandomString(rand(20, 50)), - $parentId, - rand(0, 1), - )); - - $this->insertOidAncestorStmt->execute(array($id, $id)); - foreach ($ancestors as $ancestor) { - $this->insertOidAncestorStmt->execute(array($id, $ancestor)); - } - - $this->generateAces($classId, $id); - ++$id; - - return $id - 1; - } - - protected function chooseSid() - { - static $id = 1000; - - if ($id === 1000 || ($id < 11000 && rand(0, 1))) { - $this->insertSidStmt->execute(array( - $id, - $this->getRandomString(rand(5, 30)), - rand(0, 1), - )); - ++$id; - - return $id - 1; - } else { - return rand(1000, $id - 1); - } - } - - protected function generateAces($classId, $objectId) - { - static $id = 1000; - - $sids = array(); - $fieldOrder = array(); - - for ($i = 0; $i <= 30; ++$i) { - $fieldName = rand(0, 1) ? null : $this->getRandomString(rand(10, 20)); - - do { - $sid = $this->chooseSid(); - } while (array_key_exists($sid, $sids) && in_array($fieldName, $sids[$sid], true)); - - $fieldOrder[$fieldName] = array_key_exists($fieldName, $fieldOrder) ? $fieldOrder[$fieldName] + 1 : 0; - if (!isset($sids[$sid])) { - $sids[$sid] = array(); - } - $sids[$sid][] = $fieldName; - - $strategy = rand(0, 2); - if ($strategy === 0) { - $strategy = PermissionGrantingStrategy::ALL; - } elseif ($strategy === 1) { - $strategy = PermissionGrantingStrategy::ANY; - } else { - $strategy = PermissionGrantingStrategy::EQUAL; - } - - // id, cid, oid, field, order, sid, mask, granting, strategy, a success, a failure - $this->insertEntryStmt->execute(array( - $id, - $classId, - rand(0, 5) ? $objectId : null, - $fieldName, - $fieldOrder[$fieldName], - $sid, - $this->generateMask(), - rand(0, 1), - $strategy, - rand(0, 1), - rand(0, 1), - )); - - ++$id; - } - } - - protected function generateMask() - { - $i = rand(1, 30); - $mask = 0; - - while ($i <= 30) { - $mask |= 1 << rand(0, 30); - ++$i; - } - - return $mask; - } - - protected function getRandomString($length, $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') - { - $s = ''; - $cLength = strlen($chars); - - while (strlen($s) < $length) { - $s .= $chars[mt_rand(0, $cLength - 1)]; - } - - return $s; - } - - protected function getOptions() - { - return array( - 'oid_table_name' => 'acl_object_identities', - 'oid_ancestors_table_name' => 'acl_object_identity_ancestors', - 'class_table_name' => 'acl_classes', - 'sid_table_name' => 'acl_security_identities', - 'entry_table_name' => 'acl_entries', - ); - } - - protected function getStrategy() - { - return new PermissionGrantingStrategy(); - } - - protected function getProvider() - { - return new AclProvider($this->con, $this->getStrategy(), $this->getOptions()); - } -} diff --git a/Acl/Tests/Dbal/AclProviderTest.php b/Acl/Tests/Dbal/AclProviderTest.php deleted file mode 100644 index becfb51..0000000 --- a/Acl/Tests/Dbal/AclProviderTest.php +++ /dev/null @@ -1,281 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Acl\Tests\Dbal; - -use Symfony\Component\Security\Acl\Dbal\AclProvider; -use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy; -use Symfony\Component\Security\Acl\Domain\ObjectIdentity; -use Symfony\Component\Security\Acl\Dbal\Schema; -use Doctrine\DBAL\DriverManager; - -class AclProviderTest extends \PHPUnit_Framework_TestCase -{ - protected $con; - protected $insertClassStmt; - protected $insertEntryStmt; - protected $insertOidStmt; - protected $insertOidAncestorStmt; - protected $insertSidStmt; - - /** - * @expectedException \Symfony\Component\Security\Acl\Exception\AclNotFoundException - * @expectedMessage There is no ACL for the given object identity. - */ - public function testFindAclThrowsExceptionWhenNoAclExists() - { - $this->getProvider()->findAcl(new ObjectIdentity('foo', 'foo')); - } - - public function testFindAclsThrowsExceptionUnlessAnACLIsFoundForEveryOID() - { - $oids = array(); - $oids[] = new ObjectIdentity('1', 'foo'); - $oids[] = new ObjectIdentity('foo', 'foo'); - - try { - $this->getProvider()->findAcls($oids); - - $this->fail('Provider did not throw an expected exception.'); - } catch (\Exception $e) { - $this->assertInstanceOf('Symfony\Component\Security\Acl\Exception\AclNotFoundException', $e); - $this->assertInstanceOf('Symfony\Component\Security\Acl\Exception\NotAllAclsFoundException', $e); - - $partialResult = $e->getPartialResult(); - $this->assertTrue($partialResult->contains($oids[0])); - $this->assertFalse($partialResult->contains($oids[1])); - } - } - - public function testFindAcls() - { - $oids = array(); - $oids[] = new ObjectIdentity('1', 'foo'); - $oids[] = new ObjectIdentity('2', 'foo'); - - $provider = $this->getProvider(); - - $acls = $provider->findAcls($oids); - $this->assertInstanceOf('SplObjectStorage', $acls); - $this->assertCount(2, $acls); - $this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\Acl', $acl0 = $acls->offsetGet($oids[0])); - $this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\Acl', $acl1 = $acls->offsetGet($oids[1])); - $this->assertTrue($oids[0]->equals($acl0->getObjectIdentity())); - $this->assertTrue($oids[1]->equals($acl1->getObjectIdentity())); - } - - public function testFindAclsWithDifferentTypes() - { - $oids = array(); - $oids[] = new ObjectIdentity('123', 'Bundle\SomeVendor\MyBundle\Entity\SomeEntity'); - $oids[] = new ObjectIdentity('123', 'Bundle\MyBundle\Entity\AnotherEntity'); - - $provider = $this->getProvider(); - - $acls = $provider->findAcls($oids); - $this->assertInstanceOf('SplObjectStorage', $acls); - $this->assertCount(2, $acls); - $this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\Acl', $acl0 = $acls->offsetGet($oids[0])); - $this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\Acl', $acl1 = $acls->offsetGet($oids[1])); - $this->assertTrue($oids[0]->equals($acl0->getObjectIdentity())); - $this->assertTrue($oids[1]->equals($acl1->getObjectIdentity())); - } - - public function testFindAclCachesAclInMemory() - { - $oid = new ObjectIdentity('1', 'foo'); - $provider = $this->getProvider(); - - $acl = $provider->findAcl($oid); - $this->assertSame($acl, $cAcl = $provider->findAcl($oid)); - - $cAces = $cAcl->getObjectAces(); - foreach ($acl->getObjectAces() as $index => $ace) { - $this->assertSame($ace, $cAces[$index]); - } - } - - public function testFindAcl() - { - $oid = new ObjectIdentity('1', 'foo'); - $provider = $this->getProvider(); - - $acl = $provider->findAcl($oid); - - $this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\Acl', $acl); - $this->assertTrue($oid->equals($acl->getObjectIdentity())); - $this->assertEquals(4, $acl->getId()); - $this->assertCount(0, $acl->getClassAces()); - $this->assertCount(0, $this->getField($acl, 'classFieldAces')); - $this->assertCount(3, $acl->getObjectAces()); - $this->assertCount(0, $this->getField($acl, 'objectFieldAces')); - - $aces = $acl->getObjectAces(); - $this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\Entry', $aces[0]); - $this->assertTrue($aces[0]->isGranting()); - $this->assertTrue($aces[0]->isAuditSuccess()); - $this->assertTrue($aces[0]->isAuditFailure()); - $this->assertEquals('all', $aces[0]->getStrategy()); - $this->assertSame(2, $aces[0]->getMask()); - - // check ACE are in correct order - $i = 0; - foreach ($aces as $index => $ace) { - $this->assertEquals($i, $index); - ++$i; - } - - $sid = $aces[0]->getSecurityIdentity(); - $this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\UserSecurityIdentity', $sid); - $this->assertEquals('john.doe', $sid->getUsername()); - $this->assertEquals('SomeClass', $sid->getClass()); - } - - protected function setUp() - { - if (!class_exists('PDO') || !in_array('sqlite', \PDO::getAvailableDrivers())) { - self::markTestSkipped('This test requires SQLite support in your environment'); - } - - $this->con = DriverManager::getConnection(array( - 'driver' => 'pdo_sqlite', - 'memory' => true, - )); - - // import the schema - $schema = new Schema($options = $this->getOptions()); - foreach ($schema->toSql($this->con->getDatabasePlatform()) as $sql) { - $this->con->exec($sql); - } - - // populate the schema with some test data - $this->insertClassStmt = $this->con->prepare('INSERT INTO acl_classes (id, class_type) VALUES (?, ?)'); - foreach ($this->getClassData() as $data) { - $this->insertClassStmt->execute($data); - } - - $this->insertSidStmt = $this->con->prepare('INSERT INTO acl_security_identities (id, identifier, username) VALUES (?, ?, ?)'); - foreach ($this->getSidData() as $data) { - $this->insertSidStmt->execute($data); - } - - $this->insertOidStmt = $this->con->prepare('INSERT INTO acl_object_identities (id, class_id, object_identifier, parent_object_identity_id, entries_inheriting) VALUES (?, ?, ?, ?, ?)'); - foreach ($this->getOidData() as $data) { - $this->insertOidStmt->execute($data); - } - - $this->insertEntryStmt = $this->con->prepare('INSERT INTO acl_entries (id, class_id, object_identity_id, field_name, ace_order, security_identity_id, mask, granting, granting_strategy, audit_success, audit_failure) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'); - foreach ($this->getEntryData() as $data) { - $this->insertEntryStmt->execute($data); - } - - $this->insertOidAncestorStmt = $this->con->prepare('INSERT INTO acl_object_identity_ancestors (object_identity_id, ancestor_id) VALUES (?, ?)'); - foreach ($this->getOidAncestorData() as $data) { - $this->insertOidAncestorStmt->execute($data); - } - } - - protected function tearDown() - { - $this->con = null; - } - - protected function getField($object, $field) - { - $reflection = new \ReflectionProperty($object, $field); - $reflection->setAccessible(true); - - return $reflection->getValue($object); - } - - protected function getEntryData() - { - // id, cid, oid, field, order, sid, mask, granting, strategy, a success, a failure - return array( - array(1, 1, 1, null, 0, 1, 1, 1, 'all', 1, 1), - array(2, 1, 1, null, 1, 2, 1 << 2 | 1 << 1, 0, 'any', 0, 0), - array(3, 3, 4, null, 0, 1, 2, 1, 'all', 1, 1), - array(4, 3, 4, null, 2, 2, 1, 1, 'all', 1, 1), - array(5, 3, 4, null, 1, 3, 1, 1, 'all', 1, 1), - ); - } - - protected function getOidData() - { - // id, cid, oid, parent_oid, entries_inheriting - return array( - array(1, 1, '123', null, 1), - array(2, 2, '123', 1, 1), - array(3, 2, 'i:3:123', 1, 1), - array(4, 3, '1', 2, 1), - array(5, 3, '2', 2, 1), - ); - } - - protected function getOidAncestorData() - { - return array( - array(1, 1), - array(2, 1), - array(2, 2), - array(3, 1), - array(3, 3), - array(4, 2), - array(4, 1), - array(4, 4), - array(5, 2), - array(5, 1), - array(5, 5), - ); - } - - protected function getSidData() - { - return array( - array(1, 'SomeClass-john.doe', 1), - array(2, 'MyClass-john.doe@foo.com', 1), - array(3, 'FooClass-123', 1), - array(4, 'MooClass-ROLE_USER', 1), - array(5, 'ROLE_USER', 0), - array(6, 'IS_AUTHENTICATED_FULLY', 0), - ); - } - - protected function getClassData() - { - return array( - array(1, 'Bundle\SomeVendor\MyBundle\Entity\SomeEntity'), - array(2, 'Bundle\MyBundle\Entity\AnotherEntity'), - array(3, 'foo'), - ); - } - - protected function getOptions() - { - return array( - 'oid_table_name' => 'acl_object_identities', - 'oid_ancestors_table_name' => 'acl_object_identity_ancestors', - 'class_table_name' => 'acl_classes', - 'sid_table_name' => 'acl_security_identities', - 'entry_table_name' => 'acl_entries', - ); - } - - protected function getStrategy() - { - return new PermissionGrantingStrategy(); - } - - protected function getProvider() - { - return new AclProvider($this->con, $this->getStrategy(), $this->getOptions()); - } -} diff --git a/Acl/Tests/Dbal/MutableAclProviderTest.php b/Acl/Tests/Dbal/MutableAclProviderTest.php deleted file mode 100644 index 37e1d77..0000000 --- a/Acl/Tests/Dbal/MutableAclProviderTest.php +++ /dev/null @@ -1,573 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Acl\Tests\Dbal; - -use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity; -use Symfony\Component\Security\Acl\Model\FieldEntryInterface; -use Symfony\Component\Security\Acl\Model\AuditableEntryInterface; -use Symfony\Component\Security\Acl\Model\EntryInterface; -use Symfony\Component\Security\Acl\Domain\Entry; -use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity; -use Symfony\Component\Security\Acl\Domain\Acl; -use Symfony\Component\Security\Acl\Exception\AclNotFoundException; -use Symfony\Component\Security\Acl\Exception\ConcurrentModificationException; -use Symfony\Component\Security\Acl\Dbal\AclProvider; -use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy; -use Symfony\Component\Security\Acl\Dbal\MutableAclProvider; -use Symfony\Component\Security\Acl\Dbal\Schema; -use Doctrine\DBAL\DriverManager; -use Symfony\Component\Security\Acl\Domain\ObjectIdentity; - -class MutableAclProviderTest extends \PHPUnit_Framework_TestCase -{ - protected $con; - - public static function assertAceEquals(EntryInterface $a, EntryInterface $b) - { - self::assertInstanceOf(get_class($a), $b); - - foreach (array('getId', 'getMask', 'getStrategy', 'isGranting') as $getter) { - self::assertSame($a->$getter(), $b->$getter()); - } - - self::assertTrue($a->getSecurityIdentity()->equals($b->getSecurityIdentity())); - self::assertSame($a->getAcl()->getId(), $b->getAcl()->getId()); - - if ($a instanceof AuditableEntryInterface) { - self::assertSame($a->isAuditSuccess(), $b->isAuditSuccess()); - self::assertSame($a->isAuditFailure(), $b->isAuditFailure()); - } - - if ($a instanceof FieldEntryInterface) { - self::assertSame($a->getField(), $b->getField()); - } - } - - /** - * @expectedException \Symfony\Component\Security\Acl\Exception\AclAlreadyExistsException - */ - public function testCreateAclThrowsExceptionWhenAclAlreadyExists() - { - $provider = $this->getProvider(); - $oid = new ObjectIdentity('123456', 'FOO'); - $provider->createAcl($oid); - $provider->createAcl($oid); - } - - public function testCreateAcl() - { - $provider = $this->getProvider(); - $oid = new ObjectIdentity('123456', 'FOO'); - $acl = $provider->createAcl($oid); - $cachedAcl = $provider->findAcl($oid); - - $this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\Acl', $acl); - $this->assertSame($acl, $cachedAcl); - $this->assertTrue($acl->getObjectIdentity()->equals($oid)); - } - - public function testDeleteAcl() - { - $provider = $this->getProvider(); - $oid = new ObjectIdentity(1, 'Foo'); - $acl = $provider->createAcl($oid); - - $provider->deleteAcl($oid); - $loadedAcls = $this->getField($provider, 'loadedAcls'); - $this->assertCount(0, $loadedAcls['Foo']); - - try { - $provider->findAcl($oid); - $this->fail('ACL has not been properly deleted.'); - } catch (AclNotFoundException $e) { - } - } - - public function testDeleteAclDeletesChildren() - { - $provider = $this->getProvider(); - $acl = $provider->createAcl(new ObjectIdentity(1, 'Foo')); - $parentAcl = $provider->createAcl(new ObjectIdentity(2, 'Foo')); - $acl->setParentAcl($parentAcl); - $provider->updateAcl($acl); - $provider->deleteAcl($parentAcl->getObjectIdentity()); - - try { - $provider->findAcl(new ObjectIdentity(1, 'Foo')); - $this->fail('Child-ACLs have not been deleted.'); - } catch (AclNotFoundException $e) { - } - } - - public function testFindAclsAddsPropertyListener() - { - $provider = $this->getProvider(); - $acl = $provider->createAcl(new ObjectIdentity(1, 'Foo')); - - $propertyChanges = $this->getField($provider, 'propertyChanges'); - $this->assertCount(1, $propertyChanges); - $this->assertTrue($propertyChanges->contains($acl)); - $this->assertEquals(array(), $propertyChanges->offsetGet($acl)); - - $listeners = $this->getField($acl, 'listeners'); - $this->assertSame($provider, $listeners[0]); - } - - public function testFindAclsAddsPropertyListenerOnlyOnce() - { - $provider = $this->getProvider(); - $acl = $provider->createAcl(new ObjectIdentity(1, 'Foo')); - $acl = $provider->findAcl(new ObjectIdentity(1, 'Foo')); - - $propertyChanges = $this->getField($provider, 'propertyChanges'); - $this->assertCount(1, $propertyChanges); - $this->assertTrue($propertyChanges->contains($acl)); - $this->assertEquals(array(), $propertyChanges->offsetGet($acl)); - - $listeners = $this->getField($acl, 'listeners'); - $this->assertCount(1, $listeners); - $this->assertSame($provider, $listeners[0]); - } - - public function testFindAclsAddsPropertyListenerToParentAcls() - { - $provider = $this->getProvider(); - $this->importAcls($provider, array( - 'main' => array( - 'object_identifier' => '1', - 'class_type' => 'foo', - 'parent_acl' => 'parent', - ), - 'parent' => array( - 'object_identifier' => '1', - 'class_type' => 'anotherFoo', - ), - )); - - $propertyChanges = $this->getField($provider, 'propertyChanges'); - $this->assertCount(0, $propertyChanges); - - $acl = $provider->findAcl(new ObjectIdentity('1', 'foo')); - $this->assertCount(2, $propertyChanges); - $this->assertTrue($propertyChanges->contains($acl)); - $this->assertTrue($propertyChanges->contains($acl->getParentAcl())); - } - - /** - * @expectedException \InvalidArgumentException - */ - public function testPropertyChangedDoesNotTrackUnmanagedAcls() - { - $provider = $this->getProvider(); - $acl = new Acl(1, new ObjectIdentity(1, 'foo'), new PermissionGrantingStrategy(), array(), false); - - $provider->propertyChanged($acl, 'classAces', array(), array('foo')); - } - - public function testPropertyChangedTracksChangesToAclProperties() - { - $provider = $this->getProvider(); - $acl = $provider->createAcl(new ObjectIdentity(1, 'Foo')); - $propertyChanges = $this->getField($provider, 'propertyChanges'); - - $provider->propertyChanged($acl, 'entriesInheriting', false, true); - $changes = $propertyChanges->offsetGet($acl); - $this->assertTrue(isset($changes['entriesInheriting'])); - $this->assertFalse($changes['entriesInheriting'][0]); - $this->assertTrue($changes['entriesInheriting'][1]); - - $provider->propertyChanged($acl, 'entriesInheriting', true, false); - $provider->propertyChanged($acl, 'entriesInheriting', false, true); - $provider->propertyChanged($acl, 'entriesInheriting', true, false); - $changes = $propertyChanges->offsetGet($acl); - $this->assertFalse(isset($changes['entriesInheriting'])); - } - - public function testPropertyChangedTracksChangesToAceProperties() - { - $provider = $this->getProvider(); - $acl = $provider->createAcl(new ObjectIdentity(1, 'Foo')); - $ace = new Entry(1, $acl, new UserSecurityIdentity('foo', 'FooClass'), 'all', 1, true, true, true); - $ace2 = new Entry(2, $acl, new UserSecurityIdentity('foo', 'FooClass'), 'all', 1, true, true, true); - $propertyChanges = $this->getField($provider, 'propertyChanges'); - - $provider->propertyChanged($ace, 'mask', 1, 3); - $changes = $propertyChanges->offsetGet($acl); - $this->assertTrue(isset($changes['aces'])); - $this->assertInstanceOf('\SplObjectStorage', $changes['aces']); - $this->assertTrue($changes['aces']->contains($ace)); - $aceChanges = $changes['aces']->offsetGet($ace); - $this->assertTrue(isset($aceChanges['mask'])); - $this->assertEquals(1, $aceChanges['mask'][0]); - $this->assertEquals(3, $aceChanges['mask'][1]); - - $provider->propertyChanged($ace, 'strategy', 'all', 'any'); - $changes = $propertyChanges->offsetGet($acl); - $this->assertTrue(isset($changes['aces'])); - $this->assertInstanceOf('\SplObjectStorage', $changes['aces']); - $this->assertTrue($changes['aces']->contains($ace)); - $aceChanges = $changes['aces']->offsetGet($ace); - $this->assertTrue(isset($aceChanges['mask'])); - $this->assertTrue(isset($aceChanges['strategy'])); - $this->assertEquals('all', $aceChanges['strategy'][0]); - $this->assertEquals('any', $aceChanges['strategy'][1]); - - $provider->propertyChanged($ace, 'mask', 3, 1); - $changes = $propertyChanges->offsetGet($acl); - $aceChanges = $changes['aces']->offsetGet($ace); - $this->assertFalse(isset($aceChanges['mask'])); - $this->assertTrue(isset($aceChanges['strategy'])); - - $provider->propertyChanged($ace2, 'mask', 1, 3); - $provider->propertyChanged($ace, 'strategy', 'any', 'all'); - $changes = $propertyChanges->offsetGet($acl); - $this->assertTrue(isset($changes['aces'])); - $this->assertFalse($changes['aces']->contains($ace)); - $this->assertTrue($changes['aces']->contains($ace2)); - - $provider->propertyChanged($ace2, 'mask', 3, 4); - $provider->propertyChanged($ace2, 'mask', 4, 1); - $changes = $propertyChanges->offsetGet($acl); - $this->assertFalse(isset($changes['aces'])); - } - - /** - * @expectedException \InvalidArgumentException - */ - public function testUpdateAclDoesNotAcceptUntrackedAcls() - { - $provider = $this->getProvider(); - $acl = new Acl(1, new ObjectIdentity(1, 'Foo'), new PermissionGrantingStrategy(), array(), true); - $provider->updateAcl($acl); - } - - public function testUpdateDoesNothingWhenThereAreNoChanges() - { - $con = $this->getMock('Doctrine\DBAL\Connection', array(), array(), '', false); - $con - ->expects($this->never()) - ->method('beginTransaction') - ; - $con - ->expects($this->never()) - ->method('executeQuery') - ; - - $provider = new MutableAclProvider($con, new PermissionGrantingStrategy(), array()); - $acl = new Acl(1, new ObjectIdentity(1, 'Foo'), new PermissionGrantingStrategy(), array(), true); - $propertyChanges = $this->getField($provider, 'propertyChanges'); - $propertyChanges->offsetSet($acl, array()); - $provider->updateAcl($acl); - } - - public function testUpdateAclThrowsExceptionOnConcurrentModificationOfSharedProperties() - { - $provider = $this->getProvider(); - $acl1 = $provider->createAcl(new ObjectIdentity(1, 'Foo')); - $acl2 = $provider->createAcl(new ObjectIdentity(2, 'Foo')); - $acl3 = $provider->createAcl(new ObjectIdentity(1, 'AnotherFoo')); - $sid = new RoleSecurityIdentity('ROLE_FOO'); - - $acl1->insertClassAce($sid, 1); - $acl3->insertClassAce($sid, 1); - $provider->updateAcl($acl1); - $provider->updateAcl($acl3); - - $acl2->insertClassAce($sid, 16); - $provider->updateAcl($acl2); - - $acl1->insertClassAce($sid, 3); - $acl2->insertClassAce($sid, 5); - try { - $provider->updateAcl($acl1); - $this->fail('Provider failed to detect a concurrent modification.'); - } catch (ConcurrentModificationException $e) { - } - } - - public function testUpdateAcl() - { - $provider = $this->getProvider(); - $acl = $provider->createAcl(new ObjectIdentity(1, 'Foo')); - $sid = new UserSecurityIdentity('johannes', 'FooClass'); - $acl->setEntriesInheriting(!$acl->isEntriesInheriting()); - - $acl->insertObjectAce($sid, 1); - $acl->insertClassAce($sid, 5, 0, false); - $acl->insertObjectAce($sid, 2, 1, true); - $acl->insertClassFieldAce('field', $sid, 2, 0, true); - $provider->updateAcl($acl); - - $acl->updateObjectAce(0, 3); - $acl->deleteObjectAce(1); - $acl->updateObjectAuditing(0, true, false); - $acl->updateClassFieldAce(0, 'field', 15); - $provider->updateAcl($acl); - - $reloadProvider = $this->getProvider(); - $reloadedAcl = $reloadProvider->findAcl(new ObjectIdentity(1, 'Foo')); - $this->assertNotSame($acl, $reloadedAcl); - $this->assertSame($acl->isEntriesInheriting(), $reloadedAcl->isEntriesInheriting()); - - $aces = $acl->getObjectAces(); - $reloadedAces = $reloadedAcl->getObjectAces(); - $this->assertEquals(count($aces), count($reloadedAces)); - foreach ($aces as $index => $ace) { - $this->assertAceEquals($ace, $reloadedAces[$index]); - } - } - - public function testUpdateAclWorksForChangingTheParentAcl() - { - $provider = $this->getProvider(); - $acl = $provider->createAcl(new ObjectIdentity(1, 'Foo')); - $parentAcl = $provider->createAcl(new ObjectIdentity(1, 'AnotherFoo')); - $acl->setParentAcl($parentAcl); - $provider->updateAcl($acl); - - $reloadProvider = $this->getProvider(); - $reloadedAcl = $reloadProvider->findAcl(new ObjectIdentity(1, 'Foo')); - $this->assertNotSame($acl, $reloadedAcl); - $this->assertSame($parentAcl->getId(), $reloadedAcl->getParentAcl()->getId()); - } - - public function testUpdateAclUpdatesChildAclsCorrectly() - { - $provider = $this->getProvider(); - $acl = $provider->createAcl(new ObjectIdentity(1, 'Foo')); - - $parentAcl = $provider->createAcl(new ObjectIdentity(1, 'Bar')); - $acl->setParentAcl($parentAcl); - $provider->updateAcl($acl); - - $parentParentAcl = $provider->createAcl(new ObjectIdentity(1, 'Baz')); - $parentAcl->setParentAcl($parentParentAcl); - $provider->updateAcl($parentAcl); - - $newParentParentAcl = $provider->createAcl(new ObjectIdentity(2, 'Baz')); - $parentAcl->setParentAcl($newParentParentAcl); - $provider->updateAcl($parentAcl); - - $reloadProvider = $this->getProvider(); - $reloadedAcl = $reloadProvider->findAcl(new ObjectIdentity(1, 'Foo')); - $this->assertEquals($newParentParentAcl->getId(), $reloadedAcl->getParentAcl()->getParentAcl()->getId()); - } - - public function testUpdateAclInsertingMultipleObjectFieldAcesThrowsDBConstraintViolations() - { - $provider = $this->getProvider(); - $oid = new ObjectIdentity(1, 'Foo'); - $sid1 = new UserSecurityIdentity('johannes', 'FooClass'); - $sid2 = new UserSecurityIdentity('guilro', 'FooClass'); - $sid3 = new UserSecurityIdentity('bmaz', 'FooClass'); - $fieldName = 'fieldName'; - - $acl = $provider->createAcl($oid); - $acl->insertObjectFieldAce($fieldName, $sid1, 4); - $provider->updateAcl($acl); - - $acl = $provider->findAcl($oid); - $acl->insertObjectFieldAce($fieldName, $sid2, 4); - $provider->updateAcl($acl); - - $acl = $provider->findAcl($oid); - $acl->insertObjectFieldAce($fieldName, $sid3, 4); - $provider->updateAcl($acl); - } - - public function testUpdateAclDeletingObjectFieldAcesThrowsDBConstraintViolations() - { - $provider = $this->getProvider(); - $oid = new ObjectIdentity(1, 'Foo'); - $sid1 = new UserSecurityIdentity('johannes', 'FooClass'); - $sid2 = new UserSecurityIdentity('guilro', 'FooClass'); - $sid3 = new UserSecurityIdentity('bmaz', 'FooClass'); - $fieldName = 'fieldName'; - - $acl = $provider->createAcl($oid); - $acl->insertObjectFieldAce($fieldName, $sid1, 4); - $provider->updateAcl($acl); - - $acl = $provider->findAcl($oid); - $acl->insertObjectFieldAce($fieldName, $sid2, 4); - $provider->updateAcl($acl); - - $index = 0; - $acl->deleteObjectFieldAce($index, $fieldName); - $provider->updateAcl($acl); - - $acl = $provider->findAcl($oid); - $acl->insertObjectFieldAce($fieldName, $sid3, 4); - $provider->updateAcl($acl); - } - - public function testUpdateUserSecurityIdentity() - { - $provider = $this->getProvider(); - $acl = $provider->createAcl(new ObjectIdentity(1, 'Foo')); - $sid = new UserSecurityIdentity('johannes', 'FooClass'); - $acl->setEntriesInheriting(!$acl->isEntriesInheriting()); - - $acl->insertObjectAce($sid, 1); - $acl->insertClassAce($sid, 5, 0, false); - $acl->insertObjectAce($sid, 2, 1, true); - $acl->insertClassFieldAce('field', $sid, 2, 0, true); - $provider->updateAcl($acl); - - $newSid = new UserSecurityIdentity('mathieu', 'FooClass'); - $provider->updateUserSecurityIdentity($newSid, 'johannes'); - - $reloadProvider = $this->getProvider(); - $reloadedAcl = $reloadProvider->findAcl(new ObjectIdentity(1, 'Foo')); - - $this->assertNotSame($acl, $reloadedAcl); - $this->assertSame($acl->isEntriesInheriting(), $reloadedAcl->isEntriesInheriting()); - - $aces = $acl->getObjectAces(); - $reloadedAces = $reloadedAcl->getObjectAces(); - $this->assertEquals(count($aces), count($reloadedAces)); - foreach ($reloadedAces as $ace) { - $this->assertTrue($ace->getSecurityIdentity()->equals($newSid)); - } - } - - /** - * Imports acls. - * - * Data must have the following format: - * array( - * *name* => array( - * 'object_identifier' => *required* - * 'class_type' => *required*, - * 'parent_acl' => *name (optional)* - * ), - * ) - * - * @param AclProvider $provider - * @param array $data - * - * @throws \InvalidArgumentException - * @throws \Exception - */ - protected function importAcls(AclProvider $provider, array $data) - { - $aclIds = $parentAcls = array(); - $con = $this->getField($provider, 'connection'); - $con->beginTransaction(); - try { - foreach ($data as $name => $aclData) { - if (!isset($aclData['object_identifier'], $aclData['class_type'])) { - throw new \InvalidArgumentException('"object_identifier", and "class_type" must be present.'); - } - - $this->callMethod($provider, 'createObjectIdentity', array(new ObjectIdentity($aclData['object_identifier'], $aclData['class_type']))); - $aclId = $con->lastInsertId(); - $aclIds[$name] = $aclId; - - $sql = $this->callMethod($provider, 'getInsertObjectIdentityRelationSql', array($aclId, $aclId)); - $con->executeQuery($sql); - - if (isset($aclData['parent_acl'])) { - if (isset($aclIds[$aclData['parent_acl']])) { - $con->executeQuery('UPDATE acl_object_identities SET parent_object_identity_id = '.$aclIds[$aclData['parent_acl']].' WHERE id = '.$aclId); - $con->executeQuery($this->callMethod($provider, 'getInsertObjectIdentityRelationSql', array($aclId, $aclIds[$aclData['parent_acl']]))); - } else { - $parentAcls[$aclId] = $aclData['parent_acl']; - } - } - } - - foreach ($parentAcls as $aclId => $name) { - if (!isset($aclIds[$name])) { - throw new \InvalidArgumentException(sprintf('"%s" does not exist.', $name)); - } - - $con->executeQuery(sprintf('UPDATE acl_object_identities SET parent_object_identity_id = %d WHERE id = %d', $aclIds[$name], $aclId)); - $con->executeQuery($this->callMethod($provider, 'getInsertObjectIdentityRelationSql', array($aclId, $aclIds[$name]))); - } - - $con->commit(); - } catch (\Exception $e) { - $con->rollBack(); - - throw $e; - } - } - - protected function callMethod($object, $method, array $args) - { - $method = new \ReflectionMethod($object, $method); - $method->setAccessible(true); - - return $method->invokeArgs($object, $args); - } - - protected function setUp() - { - if (!class_exists('PDO') || !in_array('sqlite', \PDO::getAvailableDrivers())) { - self::markTestSkipped('This test requires SQLite support in your environment'); - } - - $this->con = DriverManager::getConnection(array( - 'driver' => 'pdo_sqlite', - 'memory' => true, - )); - - // import the schema - $schema = new Schema($this->getOptions()); - foreach ($schema->toSql($this->con->getDatabasePlatform()) as $sql) { - $this->con->exec($sql); - } - } - - protected function tearDown() - { - $this->con = null; - } - - protected function getField($object, $field) - { - $reflection = new \ReflectionProperty($object, $field); - $reflection->setAccessible(true); - - return $reflection->getValue($object); - } - - public function setField($object, $field, $value) - { - $reflection = new \ReflectionProperty($object, $field); - $reflection->setAccessible(true); - $reflection->setValue($object, $value); - $reflection->setAccessible(false); - } - - protected function getOptions() - { - return array( - 'oid_table_name' => 'acl_object_identities', - 'oid_ancestors_table_name' => 'acl_object_identity_ancestors', - 'class_table_name' => 'acl_classes', - 'sid_table_name' => 'acl_security_identities', - 'entry_table_name' => 'acl_entries', - ); - } - - protected function getStrategy() - { - return new PermissionGrantingStrategy(); - } - - protected function getProvider($cache = null) - { - return new MutableAclProvider($this->con, $this->getStrategy(), $this->getOptions(), $cache); - } -} |