MDL-38498 repository: Unit tests for repository::check_capability()

2025-01-18 05:58:34 +01:00 · 2013-05-02 14:49:13 +08:00 · 2013-05-02 14:49:13 +08:00 · 29ebdddd22
commit 29ebdddd22
parent e2637d1da3
1 changed files with 228 additions and 1 deletions
--- a/repository/tests/repository_test.php
+++ b/repository/tests/repository_test.php
@ -161,7 +161,6 @@ class repositorylib_testcase extends advanced_testcase {
        $course = $this->getDataGenerator()->create_course();
        $coursecontext = context_course::instance($course->id);
        $roleid = create_role('A role', 'arole', 'A role', '');
-        set_role_contextlevels($roleid, array($syscontext->contextlevel, $coursecontext->contextlevel));
        $user = $this->getDataGenerator()->create_user();
        $this->setUser($user);

@ -237,4 +236,232 @@ class repositorylib_testcase extends advanced_testcase {

    }

+    public function test_check_capability() {
+        $this->resetAfterTest(true);
+
+        $syscontext = context_system::instance();
+        $course1 = $this->getDataGenerator()->create_course();
+        $course1context = context_course::instance($course1->id);
+        $course2 = $this->getDataGenerator()->create_course();
+        $course2context = context_course::instance($course2->id);
+
+        $forumdata = new stdClass();
+        $forumdata->course = $course1->id;
+        $forumc1 = $this->getDataGenerator()->create_module('forum', $forumdata);
+        $forumc1context = context_module::instance($forumc1->id);
+        $forumdata->course = $course2->id;
+        $forumc2 = $this->getDataGenerator()->create_module('forum', $forumdata);
+        $forumc2context = context_module::instance($forumc2->id);
+
+        $blockdata = new stdClass();
+        $blockdata->parentcontextid = $course1context->id;
+        $blockc1 = $this->getDataGenerator()->create_block('online_users', $blockdata);
+        $blockc1context = context_block::instance($blockc1->id);
+        $blockdata->parentcontextid = $course2context->id;
+        $blockc2 = $this->getDataGenerator()->create_block('online_users', $blockdata);
+        $blockc2context = context_block::instance($blockc2->id);
+
+        $user1 = $this->getDataGenerator()->create_user();
+        $user1context = context_user::instance($user1->id);
+        $user2 = $this->getDataGenerator()->create_user();
+        $user2context = context_user::instance($user2->id);
+
+        // New role prohibiting Flickr Public access.
+        $roleid = create_role('No Flickr Public', 'noflickrpublic', 'No Flickr Public', '');
+        set_role_contextlevels($roleid, array(CONTEXT_SYSTEM, CONTEXT_COURSE));
+        assign_capability('repository/flickr_public:view', CAP_PROHIBIT, $roleid, $syscontext, true);
+
+        // Disallow system access to Flickr Public to user 2.
+        role_assign($roleid, $user2->id, $syscontext->id);
+        accesslib_clear_all_caches_for_unit_testing();
+
+        // Enable repositories.
+        $plugintype = new repository_type('flickr_public');
+        $plugintype->create(true);
+        $plugintype = new repository_type('dropbox');
+        $plugintype->create(true);
+        $params = array(
+            'name' => 'Flickr Public'
+        );
+
+        // Instance on a site level.
+        $repoid = repository::static_function('flickr_public', 'create', 'flickr_public', 0, $syscontext, $params);
+        $systemrepo = repository::get_repository_by_id($repoid, $syscontext);
+
+        // Check that everyone with right capability can view a site-wide repository.
+        $this->setUser($user1);
+        $this->assertTrue($systemrepo->check_capability());
+
+        // Without the capability, we cannot view a site-wide repository.
+        $this->setUser($user2);
+        $caughtexception = false;
+        try {
+            $systemrepo->check_capability();
+        } catch (repository_exception $e) {
+            $caughtexception = true;
+        }
+        $this->assertTrue($caughtexception);
+
+        // Instance on a course level.
+        $courserepoid = repository::static_function('flickr_public', 'create', 'flickr_public', 0, $course1context, $params);
+
+        // Within the course, I can view the repository.
+        $courserepo = repository::get_repository_by_id($courserepoid, $course1context);
+        $this->setUser($user1);
+        $this->assertTrue($courserepo->check_capability());
+        // But not without the capability.
+        $this->setUser($user2);
+        $caughtexception = false;
+        try {
+            $courserepo->check_capability();
+        } catch (repository_exception $e) {
+            $caughtexception = true;
+        }
+        $this->assertTrue($caughtexception);
+
+        // From another course I cannot, with or without the capability.
+        $courserepo = repository::get_repository_by_id($courserepoid, $course2context);
+        $this->setUser($user1);
+        $caughtexception = false;
+        try {
+            $courserepo->check_capability();
+        } catch (repository_exception $e) {
+            $caughtexception = true;
+        }
+        $this->assertTrue($caughtexception);
+        $this->setUser($user2);
+        $caughtexception = false;
+        try {
+            $courserepo->check_capability();
+        } catch (repository_exception $e) {
+            $caughtexception = true;
+        }
+        $this->assertTrue($caughtexception);
+
+        // From a module within the course, I can view the repository.
+        $courserepo = repository::get_repository_by_id($courserepoid, $forumc1context);
+        $this->setUser($user1);
+        $this->assertTrue($courserepo->check_capability());
+        // But not without the capability.
+        $this->setUser($user2);
+        $caughtexception = false;
+        try {
+            $courserepo->check_capability();
+        } catch (repository_exception $e) {
+            $caughtexception = true;
+        }
+        $this->assertTrue($caughtexception);
+
+        // From a module in the wrong course, I cannot view the repository.
+        $courserepo = repository::get_repository_by_id($courserepoid, $forumc2context);
+        $this->setUser($user1);
+        $caughtexception = false;
+        try {
+            $courserepo->check_capability();
+        } catch (repository_exception $e) {
+            $caughtexception = true;
+        }
+        $this->assertTrue($caughtexception);
+
+        // From a block within the course, I can view the repository.
+        $courserepo = repository::get_repository_by_id($courserepoid, $blockc1context);
+        $this->setUser($user1);
+        $this->assertTrue($courserepo->check_capability());
+        // But not without the capability.
+        $this->setUser($user2);
+        $caughtexception = false;
+        try {
+            $courserepo->check_capability();
+        } catch (repository_exception $e) {
+            $caughtexception = true;
+        }
+        $this->assertTrue($caughtexception);
+
+        // From a block in the wrong course, I cannot view the repository.
+        $courserepo = repository::get_repository_by_id($courserepoid, $blockc2context);
+        $this->setUser($user1);
+        $caughtexception = false;
+        try {
+            $courserepo->check_capability();
+        } catch (repository_exception $e) {
+            $caughtexception = true;
+        }
+        $this->assertTrue($caughtexception);
+
+        // Instance on a user level.
+        $user1repoid = repository::static_function('flickr_public', 'create', 'flickr_public', 0, $user1context, $params);
+        $user2repoid = repository::static_function('flickr_public', 'create', 'flickr_public', 0, $user2context, $params);
+
+        // Check that a user can see its own repository.
+        $userrepo = repository::get_repository_by_id($user1repoid, $syscontext);
+        $this->setUser($user1);
+        $this->assertTrue($userrepo->check_capability());
+        // But not without the capability.
+        $userrepo = repository::get_repository_by_id($user2repoid, $syscontext);
+        $this->setUser($user2);
+        $caughtexception = false;
+        try {
+            $userrepo->check_capability();
+        } catch (repository_exception $e) {
+            $caughtexception = true;
+        }
+        $this->assertTrue($caughtexception);
+
+        // Check that a user cannot see someone's repository.
+        $userrepo = repository::get_repository_by_id($user2repoid, $syscontext);
+        $this->setUser($user1);
+        $caughtexception = false;
+        try {
+            $userrepo->check_capability();
+        } catch (repository_exception $e) {
+            $caughtexception = true;
+        }
+        $this->assertTrue($caughtexception);
+        // Make sure the repo from user 2 was accessible.
+        role_unassign($roleid, $user2->id, $syscontext->id);
+        accesslib_clear_all_caches_for_unit_testing();
+        $this->setUser($user2);
+        $this->assertTrue($userrepo->check_capability());
+        role_assign($roleid, $user2->id, $syscontext->id);
+        accesslib_clear_all_caches_for_unit_testing();
+
+        // Check that a user can view SOME repositories when logged in as someone else.
+        $params = new stdClass();
+        $params->name = 'Dropbox';
+        $params->dropbox_key = 'key';
+        $params->dropbox_secret = 'secret';
+        $privaterepoid = repository::static_function('dropbox', 'create', 'dropbox', 0, $syscontext, $params);
+        $params = new stdClass();
+        $params->name = 'Upload';
+        $notprivaterepoid = repository::static_function('upload', 'create', 'upload', 0, $syscontext, $params);
+
+        $privaterepo = repository::get_repository_by_id($privaterepoid, $syscontext);
+        $notprivaterepo = repository::get_repository_by_id($notprivaterepoid, $syscontext);
+        $userrepo = repository::get_repository_by_id($user1repoid, $syscontext);
+
+        $this->setAdminUser();
+        session_loginas($user1->id, $syscontext);
+
+        // Logged in as, I cannot view a user instance.
+        $caughtexception = false;
+        try {
+            $userrepo->check_capability();
+        } catch (repository_exception $e) {
+            $caughtexception = true;
+        }
+        $this->assertTrue($caughtexception);
+
+        // Logged in as, I cannot view a private instance.
+        $caughtexception = false;
+        try {
+            $privaterepo->check_capability();
+        } catch (repository_exception $e) {
+            $caughtexception = true;
+        }
+        $this->assertTrue($caughtexception);
+
+        // Logged in as, I can view a non-private instance.
+        $this->assertTrue($notprivaterepo->check_capability());
+    }
+
 }