mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-26 22:19:41 -08:00
323c3807fa
* Make delete routes work. We put a little form in the modal that spoofs the delete field. * Fix route on creating a user. * Fix redundant id parameter. * Port acceptance tests to new urls. * Initial work on migrating to model based policies instead of global gates. Will allow for much more detailed permissions bits in the future. * This needs to stay for the dashboard checks. * Add user states for permissions to build tests. * Build up unit tests for gates/permissions. Move accessories/consumables/assets to policies instead of in authserviceprovider * Migrate various locations to new syntax. Update test to be more specific * Fix functional tests. Add an artisan command for installing a settings setup on travis-ci * Try a different id... Need to come up with a better way of passing the id for tests that need an existing one. * Try to fix travis * Update urls to use routes and not hardcode old paths. Also fix some migration errors found along the way.: * Add a environment for travis functional tests. * Adjust config file to make travis use it. * Use redirect()->route instead of redirect()-to * Dump all failures in the output directory if travis fails. * Cleanups and minor fixes. * Adjust the supplier modelfactory to comply with new validation restrictions. * Some test fixes. * Locales can be longer than 5 characters according to faker... fex gez_ET. Increase lenght in mysql and add a validation * Update test database dump to latest migrations. * Extend Supplier phone/fax length. This catches issues found in testing with a phone number with a five digit extension. fex (356) 654-3024 x36632 Also move away from escaping all values put into eloquent. Eloquent already uses PDO parameter binding, and this was leading to names like Mr Ryan O'Malley turning into an html escaped version of that name when stored. All values should be escaped when using {{}}, we'll just have to be more cautious when we use {!!, but I think we already are? * Remove additional escaping here, like we did in suppliers controller. * No need to eager load all of these relationships when we can call the count on the querybuilder directly * Work on controller cleanup * Always start from scrach, catches more issues this way. * Update sql dump. Remove old code from permissions test. * Generate a deletable item on demand in the test, rather than relying on one existing. I think we should probably move to mock all the database stuff at some point.. * More travis related fixes * Break script into multiple functional lines * Update all controllers to use the new helper, also cleanup syntax and docblocks along the way.
430 lines
15 KiB
PHP
430 lines
15 KiB
PHP
<?php
|
|
|
|
use App\Models\Accessory;
|
|
use App\Models\Asset;
|
|
use App\Models\Component;
|
|
use App\Models\Consumable;
|
|
use App\Models\License;
|
|
use App\Models\User;
|
|
use Illuminate\Foundation\Testing\DatabaseMigrations;
|
|
use Illuminate\Foundation\Testing\DatabaseTransactions;
|
|
use Illuminate\Foundation\Testing\WithoutMiddleware;
|
|
|
|
class PermissionsTest extends TestCase
|
|
{
|
|
// use DatabaseMigrations;
|
|
use DatabaseTransactions;
|
|
public function setUp()
|
|
{
|
|
parent::setUp();
|
|
$this->hardwareId = Asset::first()->id;
|
|
$this->noHardware = [
|
|
route('hardware.index') => 403,
|
|
route('hardware.create') => 403,
|
|
route('hardware.edit', $this->hardwareId) => 403,
|
|
route('hardware.show', $this->hardwareId) => 403,
|
|
];
|
|
|
|
$this->licenseId = License::first()->id;
|
|
$this->noLicenses = [
|
|
route('licenses.index') => 403,
|
|
route('licenses.create') => 403,
|
|
route('licenses.edit', $this->licenseId) => 403,
|
|
route('licenses.show', $this->licenseId) => 403,
|
|
];
|
|
|
|
$this->accessoryId = Accessory::first()->id;
|
|
$this->noAccessories = [
|
|
route('accessories.index') => 403,
|
|
route('accessories.create') => 403,
|
|
route('accessories.edit', $this->accessoryId) => 403,
|
|
route('accessories.show', $this->accessoryId) => 403,
|
|
];
|
|
|
|
$this->consumableId = Consumable::first()->id;
|
|
$this->noConsumables = [
|
|
route('consumables.index') => 403,
|
|
route('consumables.create') => 403,
|
|
route('consumables.edit', $this->consumableId) => 403,
|
|
route('consumables.show', $this->consumableId) => 403,
|
|
];
|
|
|
|
$this->componentId = Component::first()->id;
|
|
$this->noComponents = [
|
|
route('components.index') => 403,
|
|
route('components.create') => 403,
|
|
route('components.edit', $this->componentId) => 403,
|
|
route('components.show', $this->componentId) => 403,
|
|
];
|
|
|
|
$this->userId = User::first()->id;
|
|
$this->noUsers = [
|
|
route('users.index') => 403,
|
|
route('users.create') => 403,
|
|
route('users.edit', $this->userId) => 403,
|
|
route('users.show', $this->userId) => 403,
|
|
];
|
|
|
|
}
|
|
|
|
public function tearDown()
|
|
{
|
|
}
|
|
private $noHardware;
|
|
private $noLicenses;
|
|
private $noAccessories;
|
|
private $noConsumables;
|
|
private $noComponents;
|
|
private $noUsers;
|
|
|
|
// An existing id for each type;
|
|
private $hardwareId;
|
|
private $licenseId;
|
|
private $accessoryId;
|
|
private $consumableId;
|
|
private $componentId;
|
|
private $userId;
|
|
// tests
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_no_permissions_sees_nothing()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->create();
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
// $permissions = $this->noHardware;
|
|
$this->hitRoutes($permissions, $u);
|
|
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_view_asset_permissions_can_view_assets()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('view-assets')->create();
|
|
$permissions = $this->noLicenses + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('hardware.index') => 200,
|
|
route('hardware.create') => 403,
|
|
route('hardware.edit', $this->hardwareId) => 403,
|
|
route('hardware.show', $this->hardwareId) => 200,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_create_asset_permissions_can_create_assets()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('create-assets')->create();
|
|
$permissions = $this->noLicenses + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('hardware.index') => 403,
|
|
route('hardware.create') => 200,
|
|
route('hardware.edit', $this->hardwareId) => 403,
|
|
route('hardware.show', $this->hardwareId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_edit_assets_permissions_can_edit_assets()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('edit-assets')->create();
|
|
|
|
$permissions = $this->noLicenses + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('hardware.index') => 403,
|
|
route('hardware.create') => 403,
|
|
route('hardware.edit', $this->hardwareId) => 200,
|
|
route('hardware.show', $this->hardwareId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_view_licenses_permissions_can_view_licenses()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('view-licenses')->create();
|
|
$permissions = $this->noHardware + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('licenses.index') => 200,
|
|
route('licenses.create') => 403,
|
|
route('licenses.edit', $this->licenseId) => 403,
|
|
route('licenses.show', $this->licenseId) => 200,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_create_licenses_permissions_can_create_licenses()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('create-licenses')->create();
|
|
$permissions = $this->noHardware + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('licenses.index') => 403,
|
|
route('licenses.create') => 200,
|
|
route('licenses.edit', $this->licenseId) => 403,
|
|
route('licenses.show', $this->licenseId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_edit_licenses_permissions_can_edit_licenses()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('edit-licenses')->create();
|
|
$permissions = $this->noHardware + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('licenses.index') => 403,
|
|
route('licenses.create') => 403,
|
|
route('licenses.edit', $this->licenseId) => 200,
|
|
route('licenses.show', $this->licenseId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_view_accessories_permissions_can_view_accessories()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('view-accessories')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('accessories.index') => 200,
|
|
route('accessories.create') => 403,
|
|
route('accessories.edit', $this->accessoryId) => 403,
|
|
route('accessories.show', $this->accessoryId) => 200,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_create_accessories_permissions_can_create_accessories()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('create-accessories')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('accessories.index') => 403,
|
|
route('accessories.create') => 200,
|
|
route('accessories.edit', $this->accessoryId) => 403,
|
|
route('accessories.show', $this->accessoryId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_edit_accessories_permissions_can_edit_accessories()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('edit-accessories')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('accessories.index') => 403,
|
|
route('accessories.create') => 403,
|
|
route('accessories.edit', $this->accessoryId) => 200,
|
|
route('accessories.show', $this->accessoryId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_view_consumables_permissions_can_view_consumables()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('view-consumables')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('consumables.index') => 200,
|
|
route('consumables.create') => 403,
|
|
route('consumables.edit', $this->consumableId) => 403,
|
|
route('consumables.show', $this->consumableId) => 200,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_create_consumables_permissions_can_create_consumables()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('create-consumables')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('consumables.index') => 403,
|
|
route('consumables.create') => 200,
|
|
route('consumables.edit', $this->consumableId) => 403,
|
|
route('consumables.show', $this->consumableId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_edit_consumables_permissions_can_edit_consumables()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('edit-consumables')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('consumables.index') => 403,
|
|
route('consumables.create') => 403,
|
|
route('consumables.edit', $this->consumableId) => 200,
|
|
route('consumables.show', $this->consumableId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_view_users_permissions_can_view_users()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('view-users')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories +$this->noConsumables + $this->noComponents;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('users.index') => 200,
|
|
route('users.create') => 403,
|
|
route('users.edit', $this->userId) => 403,
|
|
route('users.show', $this->userId) => 200,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_create_users_permissions_can_create_users()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('create-users')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories +$this->noConsumables + $this->noComponents;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('users.index') => 403,
|
|
route('users.create') => 200,
|
|
route('users.edit', $this->userId) => 403,
|
|
route('users.show', $this->userId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_edit_users_permissions_can_edit_users()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('edit-users')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories +$this->noConsumables + $this->noComponents;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('users.index') => 403,
|
|
route('users.create') => 403,
|
|
route('users.edit', $this->userId) => 200,
|
|
route('users.show', $this->userId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_view_components_permissions_can_view_components()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('view-components')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories +$this->noConsumables + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('components.index') => 200,
|
|
route('components.create') => 403,
|
|
route('components.edit', $this->componentId) => 403,
|
|
route('components.show', $this->componentId) => 200,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_create_components_permissions_can_create_components()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('create-components')->create();
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories +$this->noConsumables + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('components.index') => 403,
|
|
route('components.create') => 200,
|
|
route('components.edit', $this->componentId) => 403,
|
|
route('components.show', $this->componentId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_edit_components_permissions_can_edit_components()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('edit-components')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories +$this->noConsumables + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('components.index') => 403,
|
|
route('components.create') => 403,
|
|
route('components.edit', $this->componentId) => 200,
|
|
route('components.show', $this->componentId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
private function hitRoutes(array $routes, User $user)
|
|
{
|
|
$this->actingAs($user);
|
|
|
|
foreach ($routes as $route => $response) {
|
|
// dd($this->get(route($route)));
|
|
// echo($this->get(route($route))->dump());
|
|
$this->get($route)
|
|
->assertResponseStatus($response);
|
|
}
|
|
}
|
|
}
|