mirror of
https://github.com/e107inc/e107.git
synced 2025-07-23 16:01:39 +02:00
Issue #5473 Permissions tests. Permissions logic moved to separate method.
This commit is contained in:
camer0n
@@ -1197,6 +1197,11 @@ class e_admin_dispatcher
|
||||
*/
|
||||
public function hasRouteAccess($route)
|
||||
{
|
||||
if(empty($route))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
if(isset($this->access[$route]) && !e107::getUser()->checkClass($this->access[$route], false))
|
||||
{
|
||||
e107::getMessage()->addDebug('Userclass Permissions Failed: ' .$this->access[$route]);
|
||||
@@ -1209,7 +1214,6 @@ class e_admin_dispatcher
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -1614,44 +1618,26 @@ class e_admin_dispatcher
|
||||
*
|
||||
* @return string|array
|
||||
*/
|
||||
public function renderMenu($debug=false)
|
||||
public function renderMenu($debug = false)
|
||||
{
|
||||
|
||||
$tp = e107::getParser();
|
||||
$var = array();
|
||||
$adminMenu = $this->getMenuData();
|
||||
$var = [];
|
||||
$selected = false;
|
||||
|
||||
foreach($this->getMenuData() as $key => $val)
|
||||
// First loop: Build $var without permissions checks
|
||||
foreach($adminMenu as $key => $val)
|
||||
{
|
||||
if(isset($val['perm']) && $val['perm'] !== '' && !$this->hasPerms($val['perm']))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
$parentKey = '';
|
||||
|
||||
$tmp = explode('/', trim($key, '/'), 2); // mode/action
|
||||
|
||||
$tmp = explode('/', trim($key, '/'), 2);
|
||||
$isSubItem = !empty($val['group']);
|
||||
|
||||
if($isSubItem)
|
||||
{
|
||||
$parentKey = $val['group'];
|
||||
if(!$this->hasModeAccess($tmp[0]) || !$this->hasRouteAccess($parentKey))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
// Check if the parent group has valid permissions
|
||||
$parentData = $this->getMenuData()[$parentKey] ?? null;
|
||||
if ($parentData && isset($parentData['perm']) && $parentData['perm'] !== '' && !$this->hasPerms($parentData['perm']))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if(!$this->hasModeAccess($tmp[0]) || !$this->hasRouteAccess($key))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
$parentKey = $val['group'] ?? '';
|
||||
}
|
||||
|
||||
if(isset($val['selected']) && $val['selected'])
|
||||
@@ -1666,11 +1652,11 @@ class e_admin_dispatcher
|
||||
{
|
||||
if(!isset($var[$parentKey]))
|
||||
{
|
||||
$var[$parentKey] = array(
|
||||
$var[$parentKey] = [
|
||||
'text' => 'Unknown',
|
||||
'image_src' => e_navigation::guessMenuIcon($parentKey),
|
||||
'link_id' => str_replace('/', '-', $parentKey)
|
||||
);
|
||||
];
|
||||
}
|
||||
$subKey = str_replace($parentKey . '/', '', $key);
|
||||
$var[$parentKey]['sub'][$subKey] = $processedItem;
|
||||
@@ -1687,32 +1673,11 @@ class e_admin_dispatcher
|
||||
$selected = $request->getMode() . '/' . $request->getAction();
|
||||
}
|
||||
|
||||
// Handle links and collapse attributes
|
||||
// Second loop: Handle links and collapse attributes without permissions checks
|
||||
foreach($var as $key => &$item)
|
||||
{
|
||||
if(!empty($item['sub']))
|
||||
{
|
||||
|
||||
$hasValidSubItems = false;
|
||||
foreach($item['sub'] as $subKey => $subItem)
|
||||
{
|
||||
if(isset($subItem['perm']) && $this->hasPerms($subItem['perm']))
|
||||
{
|
||||
$hasValidSubItems = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// If no valid sub-items, remove the group
|
||||
if(!$hasValidSubItems)
|
||||
{
|
||||
unset($var[$key]);
|
||||
continue;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
$item['link'] = '#';
|
||||
$item['link_caret'] = true;
|
||||
$item['link_data'] = [
|
||||
@@ -1721,9 +1686,8 @@ class e_admin_dispatcher
|
||||
'role' => 'button'
|
||||
];
|
||||
$item['sub_class'] = 'collapse';
|
||||
$item['caret'] = true; // Indicate caret for sub-menu parents
|
||||
$item['caret'] = true;
|
||||
|
||||
// Check if any sub-item is active to expand the parent
|
||||
foreach($item['sub'] as $subKey => &$subItem)
|
||||
{
|
||||
if($selected === $subKey && !empty($subItem['group']))
|
||||
@@ -1732,10 +1696,7 @@ class e_admin_dispatcher
|
||||
$var[$parent]['link_data']['aria-expanded'] = 'true';
|
||||
$item['sub_class'] = 'collapse in';
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
elseif(!isset($item['link']))
|
||||
{
|
||||
@@ -1744,6 +1705,9 @@ class e_admin_dispatcher
|
||||
}
|
||||
}
|
||||
|
||||
// Apply permissions restrictions
|
||||
$var = $this->restrictMenuAccess($var, $adminMenu);
|
||||
|
||||
if(empty($var))
|
||||
{
|
||||
return '';
|
||||
@@ -1753,7 +1717,6 @@ class e_admin_dispatcher
|
||||
$selected = vartrue($adminMenuAliases[$selected], $selected);
|
||||
|
||||
$icon = '';
|
||||
|
||||
$adminMenuIcon = $this->getMenuIcon();
|
||||
if(!empty($adminMenuIcon))
|
||||
{
|
||||
@@ -1766,7 +1729,7 @@ class e_admin_dispatcher
|
||||
|
||||
$toggle = "<span class='e-toggle-sidebar'><!-- --></span>";
|
||||
|
||||
$var['_extras_'] = array('icon' => $icon, 'return' => true);
|
||||
$var['_extras_'] = ['icon' => $icon, 'return' => true];
|
||||
|
||||
if($debug)
|
||||
{
|
||||
@@ -1774,7 +1737,55 @@ class e_admin_dispatcher
|
||||
}
|
||||
|
||||
return $toggle . e107::getNav()->admin($this->getMenuTitle(), $selected, $var);
|
||||
}
|
||||
|
||||
/**
|
||||
* Restrict menu items based on permissions and access.
|
||||
*
|
||||
* @param array $var The menu structure to filter.
|
||||
* @param array $adminMenu The original menu data for reference.
|
||||
* @return array The filtered menu structure.
|
||||
*/
|
||||
private function restrictMenuAccess($var, $adminMenu)
|
||||
{
|
||||
|
||||
foreach($var as $key => &$item)
|
||||
{
|
||||
// Check top-level item permissions
|
||||
$val = $adminMenu[$key] ?? [];
|
||||
if((isset($val['perm']) && $val['perm'] !== '' && !$this->hasPerms($val['perm'])) || !$this->hasModeAccess(explode('/', trim($key, '/'), 2)[0]) || !$this->hasRouteAccess($key))
|
||||
{
|
||||
unset($var[$key]);
|
||||
continue;
|
||||
}
|
||||
|
||||
if(!empty($item['sub']))
|
||||
{
|
||||
$hasValidSubItems = false;
|
||||
$parentKey = $key;
|
||||
foreach($item['sub'] as $subKey => &$subItem)
|
||||
{
|
||||
$subVal = $adminMenu[$subKey] ?? [];
|
||||
if(isset($subVal['perm']) && $this->hasPerms($subVal['perm']) && $this->hasRouteAccess($subKey) && $this->hasRouteAccess($parentKey))
|
||||
{
|
||||
$hasValidSubItems = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
unset($item['sub'][$subKey]);
|
||||
}
|
||||
}
|
||||
|
||||
// Remove parent if no valid sub-items or sub-items array is empty
|
||||
if(!$hasValidSubItems || empty($item['sub']))
|
||||
{
|
||||
unset($var[$key]);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $var;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
222
e107_tests/tests/unit/e_admin_dispatcherTest.php
Normal file
222
e107_tests/tests/unit/e_admin_dispatcherTest.php
Normal file
@@ -0,0 +1,222 @@
|
||||
<?php
|
||||
/**
|
||||
* e107 website system
|
||||
*
|
||||
* Copyright (C) 2008-2020 e107 Inc (e107.org)
|
||||
* Released under the terms and conditions of the
|
||||
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
|
||||
*/
|
||||
|
||||
|
||||
class e_admin_dispatcherTest extends \Codeception\Test\Unit
|
||||
{
|
||||
|
||||
protected $dp;
|
||||
|
||||
/** @var e_admin_controller */
|
||||
protected $controller;
|
||||
|
||||
protected $req;
|
||||
|
||||
protected function _before()
|
||||
{
|
||||
|
||||
try
|
||||
{
|
||||
$this->controller = $this->make(e_admin_controller_ui::class);
|
||||
$this->dp = $this->getMockBuilder('e_admin_dispatcher')
|
||||
->onlyMethods(['hasPerms', 'hasRouteAccess', 'getMenuData', 'getMenuAliases', 'getMenuIcon', 'getMenuTitle', 'hasModeAccess'])
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
|
||||
$this->req = $this->make(e_admin_request::class);
|
||||
$this->dp->setRequest($this->req);
|
||||
|
||||
// Shared mocks for both tests
|
||||
$this->dp->expects($this->any())
|
||||
->method('hasPerms')
|
||||
->willReturnCallback(function ($perm)
|
||||
{
|
||||
|
||||
return $perm === 'Y';
|
||||
});
|
||||
|
||||
$this->dp->expects($this->any())
|
||||
->method('hasModeAccess')
|
||||
->willReturn(true);
|
||||
|
||||
// Mock getMenuData to return $this->adminMenu (set by setMenuData)
|
||||
$this->dp->expects($this->any())
|
||||
->method('getMenuData')
|
||||
->willReturnCallback(function ()
|
||||
{
|
||||
|
||||
$reflection = new ReflectionClass($this->dp);
|
||||
$adminMenuProperty = $reflection->getProperty('adminMenu');
|
||||
$adminMenuProperty->setAccessible(true);
|
||||
|
||||
return $adminMenuProperty->getValue($this->dp) ?: [];
|
||||
});
|
||||
|
||||
$this->dp->expects($this->any())
|
||||
->method('getMenuAliases')
|
||||
->willReturn([]);
|
||||
|
||||
$this->dp->expects($this->any())
|
||||
->method('getMenuIcon')
|
||||
->willReturn('');
|
||||
|
||||
$this->dp->expects($this->any())
|
||||
->method('getMenuTitle')
|
||||
->willReturn('Admin Menu');
|
||||
|
||||
|
||||
}
|
||||
catch(Exception $e)
|
||||
{
|
||||
$this::fail("Setup failed: " . $e->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
public function testRenderMenuGroupPerms()
|
||||
{
|
||||
|
||||
$this->req->setMode('main');
|
||||
$this->req->setAction('list');
|
||||
|
||||
$adminMenu = [
|
||||
'main/list' => ['caption' => 'Manage', 'perm' => '0'],
|
||||
'main/create' => ['caption' => 'LAN_CREATE', 'perm' => 'Y'],
|
||||
'main/prefs' => ['caption' => 'Settings', 'perm' => 'J', 'icon' => 'fa-cog'],
|
||||
|
||||
'main/custom' => ['caption' => 'Custom Pages', 'perm' => '0', 'icon' => 'fa-asterisk'],
|
||||
'main/custom1' => ['group' => 'main/custom', 'caption' => 'Custom Page 1', 'perm' => 'Y'],
|
||||
'main/custom2' => ['group' => 'main/custom', 'caption' => 'Custom Page 2', 'perm' => '0'],
|
||||
|
||||
'other/custom' => ['caption' => 'Other Pages', 'perm' => 'Y', 'icon' => 'fa-asterisk'], // should be ignored since no access to sub-items. 'other/custom1' => ['group' => 'other/custom', 'caption' => 'Other Page 1', 'perm' => '0'],
|
||||
'other/custom2' => ['group' => 'other/custom', 'caption' => 'Other Page 2', 'perm' => '0'],
|
||||
|
||||
'misc/custom' => ['caption' => 'Misc Pages', 'perm' => 'Y', 'icon' => 'fa-asterisk'],
|
||||
'misc/custom1' => ['group' => 'misc/custom', 'caption' => 'misc Page 1', 'perm' => '0'],
|
||||
'misc/custom2' => ['group' => 'misc/custom', 'caption' => 'misc Page 2', 'perm' => 'Y'],
|
||||
];
|
||||
|
||||
// Use real setMenuData
|
||||
$this->dp->setMenuData($adminMenu);
|
||||
|
||||
// Override hasRouteAccess for this test
|
||||
$this->dp->method('hasRouteAccess')
|
||||
->willReturnCallback(function ($route) use (&$access)
|
||||
{
|
||||
|
||||
if(isset($access[$route]) && ((int) $access[$route] === 255))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
});
|
||||
|
||||
$result = $this->dp->renderMenu(true);
|
||||
|
||||
$this::assertNotEmpty($result, 'Render menu result is empty');
|
||||
$this::assertNotEmpty($result['main/create'], 'Main create menu item should be present');
|
||||
$this::assertArrayNotHasKey('main/custom', $result, 'Main custom group should not be present');
|
||||
$this::assertArrayNotHasKey('other/custom', $result, 'Other custom menu item should NOT be present');
|
||||
$this::assertNotEmpty($result['misc/custom'], 'Misc custom group should be present');
|
||||
$this::assertArrayNotHasKey('misc/custom1', $result['misc/custom']['sub'], 'Misc custom1 sub-item should not be present');
|
||||
$this::assertNotEmpty($result['misc/custom']['sub']['misc/custom2'], 'Misc custom2 sub-item should be present');
|
||||
|
||||
|
||||
}
|
||||
|
||||
public function testRenderMenuUserclassAccess()
|
||||
{
|
||||
|
||||
$this->req->setMode('main');
|
||||
$this->req->setAction('list');
|
||||
|
||||
|
||||
$adminMenu = [
|
||||
'main/list' => ['caption' => 'Manage', 'perm' => '0'],
|
||||
'main/create' => ['caption' => 'LAN_CREATE', 'perm' => 'Y'],
|
||||
'main/prefs' => ['caption' => 'Settings', 'perm' => 'Y', 'icon' => 'fa-cog'],
|
||||
|
||||
'main/custom' => ['caption' => 'Custom Pages', 'perm' => '0', 'icon' => 'fa-asterisk'],
|
||||
'main/custom1' => ['group' => 'main/custom', 'caption' => 'Custom Page 1', 'perm' => 'Y'],
|
||||
'main/custom2' => ['group' => 'main/custom', 'caption' => 'Custom Page 2', 'perm' => 'Y'],
|
||||
|
||||
'other/custom' => ['caption' => 'Other Pages', 'perm' => 'Y', 'icon' => 'fa-asterisk'],
|
||||
'other/custom1' => ['group' => 'other/custom', 'caption' => 'Other Page 1', 'perm' => 'Y'],
|
||||
'other/custom2' => ['group' => 'other/custom', 'caption' => 'Other Page 2', 'perm' => 'Y'],
|
||||
|
||||
'misc/custom' => ['caption' => 'Misc Pages', 'perm' => 'Y', 'icon' => 'fa-asterisk'],
|
||||
'misc/custom1' => ['group' => 'misc/custom', 'caption' => 'misc Page 1', 'perm' => 'Y'],
|
||||
'misc/custom2' => ['group' => 'misc/custom', 'caption' => 'misc Page 2', 'perm' => 'Y'],
|
||||
|
||||
'cat/custom' => ['caption' => 'Category Pages', 'perm' => 'Y', 'icon' => 'fa-asterisk'],
|
||||
'cat/custom1' => ['group' => 'cat/custom', 'caption' => 'Category Page 1', 'perm' => 'Y'],
|
||||
'cat/custom2' => ['group' => 'cat/custom', 'caption' => 'Category Page 2', 'perm' => 'Y'],
|
||||
|
||||
'treatment' => array('caption'=> "Treatment", 'perm' => 'P', 'icon'=>'fas-syringe'),
|
||||
'treatment/day' => array('group'=>'treatment', 'caption'=> "Treatment Today (Status)", 'perm' => 'P', 'icon'=>'fas-syringe'),
|
||||
'schedule/week' => array('group'=>'treatment', 'caption'=> "Treatment Today (Scheduled)", 'perm' => 'P', 'icon'=>'fas-calendar-week'),
|
||||
|
||||
];
|
||||
|
||||
$access = [
|
||||
'main/list' => e_UC_ADMIN,
|
||||
'main/create' => e_UC_ADMIN,
|
||||
'main/prefs' => e_UC_NOBODY,
|
||||
|
||||
'main/custom' => e_UC_ADMIN,
|
||||
'main/custom1' => e_UC_ADMIN,
|
||||
'main/custom2' => e_UC_ADMIN,
|
||||
|
||||
'other/custom' => e_UC_NOBODY,
|
||||
'other/custom1' => e_UC_NOBODY,
|
||||
'other/custom2' => e_UC_NOBODY,
|
||||
|
||||
'misc/custom' => e_UC_ADMIN,
|
||||
'misc/custom1' => e_UC_ADMIN,
|
||||
'misc/custom2' => e_UC_NOBODY,
|
||||
|
||||
'cat/custom1' => e_UC_NOBODY,
|
||||
'cat/custom2' => e_UC_NOBODY,
|
||||
|
||||
'treatment/day' => e_UC_ADMIN,
|
||||
'schedule/week' => e_UC_ADMIN,
|
||||
];
|
||||
|
||||
// Use real setMenuData and setAccess
|
||||
$this->dp->setMenuData($adminMenu);
|
||||
$this->dp->setAccess($access);
|
||||
|
||||
|
||||
// Override hasRouteAccess for this test
|
||||
$this->dp->method('hasRouteAccess')
|
||||
->willReturnCallback(function ($route) use (&$access)
|
||||
{
|
||||
|
||||
if(isset($access[$route]) && ((int) $access[$route] === 255))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
});
|
||||
|
||||
$result = $this->dp->renderMenu(true);
|
||||
|
||||
$this::assertNotEmpty($result, 'Render menu result is empty');
|
||||
$this::assertArrayNotHasKey('main/list', $result, 'Main list menu item should NOT be present');
|
||||
$this::assertNotEmpty($result['main/create'], 'Main create menu item should be present');
|
||||
$this::assertArrayNotHasKey('main/prefs', $result, 'Main prefs menu item should NOT be present');
|
||||
$this::assertArrayNotHasKey('main/custom', $result, 'Main custom menu item should NOT be present');
|
||||
$this::assertArrayNotHasKey('other/custom', $result, 'Other custom group should NOT be present');
|
||||
|
||||
$this::assertArrayNotHasKey('cat/custom', $result, 'Category group should NOT be present');
|
||||
|
||||
// $this::assertArrayHasKey('treatment/day', $result, 'Treatment day sub-item should be present'); // This is failing.
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user