X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=rt%2Ft%2Fapi%2Frights.t;h=a6346a737ddbe49f6c95b10aa65d28e773055fc6;hb=cbfeb5f6b7490f78361318ce6290bfb442dbfcbe;hp=7bd332f13a13881054126cb55b67b65873a24717;hpb=63a268637b2d51a8766412617724b9436439deb6;p=freeside.git diff --git a/rt/t/api/rights.t b/rt/t/api/rights.t index 7bd332f13..a6346a737 100644 --- a/rt/t/api/rights.t +++ b/rt/t/api/rights.t @@ -1,142 +1,176 @@ -#!/usr/bin/perl -w -# BEGIN BPS TAGGED BLOCK {{{ -# -# COPYRIGHT: -# -# This software is Copyright (c) 1996-2007 Best Practical Solutions, LLC -# -# -# (Except where explicitly superseded by other copyright notices) -# -# -# LICENSE: -# -# This work is made available to you under the terms of Version 2 of -# the GNU General Public License. A copy of that license should have -# been provided with this software, but in any event can be snarfed -# from www.gnu.org. -# -# This work is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -# 02110-1301 or visit their web page on the internet at -# http://www.gnu.org/copyleft/gpl.html. -# -# -# CONTRIBUTION SUBMISSION POLICY: -# -# (The following paragraph is not intended to limit the rights granted -# to you to modify and distribute this software under the terms of -# the GNU General Public License and is only of importance to you if -# you choose to contribute your changes and enhancements to the -# community by submitting them to Best Practical Solutions, LLC.) -# -# By intentionally submitting any modifications, corrections or -# derivatives to this work, or any other work intended for use with -# Request Tracker, to Best Practical Solutions, LLC, you confirm that -# you are the copyright holder for those contributions and you grant -# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, -# royalty-free, perpetual, license to use, copy, create derivative -# works based on those contributions, and sublicense and distribute -# those contributions and any derivatives thereof. -# -# END BPS TAGGED BLOCK }}} - -use RT; -use RT::Test tests => 26; - -use RT::I18N; +use RT::Test nodata => 1, tests => 38; + use strict; -no warnings 'once'; +use warnings; -use RT::Queue; -use RT::ACE; -use RT::User; -use RT::Group; -use RT::Ticket; +use Test::Warn; +sub reset_rights { RT::Test->set_rights } # clear all global right -my $acl = RT::ACL->new($RT::SystemUser); -$acl->Limit( FIELD => 'RightName', OPERATOR => '!=', VALUE => 'SuperUser' ); -$acl->LimitToObject( $RT::System ); -while( my $ace = $acl->Next ) { - $ace->Delete; +reset_rights; + +my $queue = RT::Test->load_or_create_queue( Name => 'Regression' ); +ok $queue && $queue->id, 'loaded or created queue'; +my $qname = $queue->Name; + +my $user = RT::Test->load_or_create_user( + Name => 'user', Password => 'password', +); +ok $user && $user->id, 'loaded or created user'; + +{ + ok( !$user->HasRight( Right => 'OwnTicket', Object => $queue ), + "user can't own ticket" + ); + ok( !$user->HasRight( Right => 'ReplyToTicket', Object => $queue ), + "user can't reply to ticket" + ); +} + +{ + my $group = $queue->RoleGroup( 'Owner' ); + ok( $group->Id, "load queue owners role group" ); + my $ace = RT::ACE->new( RT->SystemUser ); + my ($ace_id, $msg) = $group->PrincipalObj->GrantRight( + Right => 'ReplyToTicket', Object => $queue + ); + ok( $ace_id, "Granted queue owners role group with ReplyToTicket right: $msg" ); + ok( $group->PrincipalObj->HasRight( Right => 'ReplyToTicket', Object => $queue ), + "role group can reply to ticket" + ); + ok( !$user->HasRight( Right => 'ReplyToTicket', Object => $queue ), + "user can't reply to ticket" + ); +} + +my $ticket; +{ + # new ticket + $ticket = RT::Ticket->new(RT->SystemUser); + my ($ticket_id) = $ticket->Create( Queue => $queue->id, Subject => 'test'); + ok( $ticket_id, 'new ticket created' ); + is( $ticket->Owner, RT->Nobody->Id, 'owner of the new ticket is nobody' ); + + ok( !$user->HasRight( Right => 'OwnTicket', Object => $ticket ), + "user can't reply to ticket" + ); + my ($status, $msg) = $ticket->SetOwner( $user->id ); + ok( !$status, "no permissions to be an owner" ); +} + +{ + my ($status, $msg) = $user->PrincipalObj->GrantRight( + Object => $queue, Right => 'OwnTicket' + ); + ok( $status, "successfuly granted right: $msg" ); + ok( $user->HasRight( Right => 'OwnTicket', Object => $queue ), + "user can own ticket" + ); + ok( $user->HasRight( Right => 'OwnTicket', Object => $ticket ), + "user can own ticket" + ); + + ($status, $msg) = $ticket->SetOwner( $user->id ); + ok( $status, "successfuly set owner: $msg" ); + is( $ticket->Owner, $user->id, "set correct owner" ); + + ok( $user->HasRight( Right => 'ReplyToTicket', Object => $ticket ), + "user is owner and can reply to ticket" + ); +} + +{ + # Testing of EquivObjects + my $group = $queue->RoleGroup( 'AdminCc' ); + ok( $group->Id, "load queue AdminCc role group" ); + my $ace = RT::ACE->new( RT->SystemUser ); + my ($ace_id, $msg) = $group->PrincipalObj->GrantRight( + Right => 'ModifyTicket', Object => $queue + ); + ok( $ace_id, "Granted queue AdminCc role group with ModifyTicket right: $msg" ); + ok( $group->PrincipalObj->HasRight( Right => 'ModifyTicket', Object => $queue ), + "role group can modify ticket" + ); + ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket ), + "user is not AdminCc and can't modify ticket" + ); +} + +{ + my ($status, $msg) = $ticket->AddWatcher( + Type => 'AdminCc', PrincipalId => $user->PrincipalId + ); + ok( $status, "successfuly added user as AdminCc"); + ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket ), + "user is AdminCc and can modify ticket" + ); +} + +my $ticket2; +{ + $ticket2 = RT::Ticket->new(RT->SystemUser); + my ($id) = $ticket2->Create( Queue => $queue->id, Subject => 'test2'); + ok( $id, 'new ticket created' ); + ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2 ), + "user is not AdminCc and can't modify ticket2" + ); + + # now we can finally test EquivObjectsa + my $has = $user->HasRight( + Right => 'ModifyTicket', + Object => $ticket2, + EquivObjects => [$ticket], + ); + ok( $has, "user is not AdminCc but can modify ticket2 because of EquivObjects" ); +} + +{ + # the first a third test below are the same, so they should both pass + # make sure passed equive list is not changed + my @list = (); + ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => \@list ), + "user is not AdminCc and can't modify ticket2" + ); + ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket, EquivObjects => \@list ), + "user is AdminCc and can modify ticket" + ); + ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => \@list ), + "user is not AdminCc and can't modify ticket2 (same question different answer)" + ); } -my $rand_name = "rights". int rand($$); -# create new queue to be shure we don't mess with rights -my $queue = RT::Queue->new($RT::SystemUser); -my ($queue_id) = $queue->Create( Name => $rand_name); -ok( $queue_id, 'queue created for rights tests' ); - -# new privileged user to check rights -my $user = RT::User->new( $RT::SystemUser ); -my ($user_id) = $user->Create( Name => $rand_name, - EmailAddress => $rand_name .'@localhost', - Privileged => 1, - Password => 'qwe123', - ); -ok( !$user->HasRight( Right => 'OwnTicket', Object => $queue ), "user can't own ticket" ); -ok( !$user->HasRight( Right => 'ReplyToTicket', Object => $queue ), "user can't reply to ticket" ); - -my $group = RT::Group->new( $RT::SystemUser ); -ok( $group->LoadQueueRoleGroup( Queue => $queue_id, Type=> 'Owner' ), "load queue owners role group" ); -my $ace = RT::ACE->new( $RT::SystemUser ); -my ($ace_id, $msg) = $group->PrincipalObj->GrantRight( Right => 'ReplyToTicket', Object => $queue ); -ok( $ace_id, "Granted queue owners role group with ReplyToTicket right: $msg" ); -ok( $group->PrincipalObj->HasRight( Right => 'ReplyToTicket', Object => $queue ), "role group can reply to ticket" ); -ok( !$user->HasRight( Right => 'ReplyToTicket', Object => $queue ), "user can't reply to ticket" ); - -# new ticket -my $ticket = RT::Ticket->new($RT::SystemUser); -my ($ticket_id) = $ticket->Create( Queue => $queue_id, Subject => 'test'); -ok( $ticket_id, 'new ticket created' ); -is( $ticket->Owner, $RT::Nobody->Id, 'owner of the new ticket is nobody' ); - -my $status; -($status, $msg) = $user->PrincipalObj->GrantRight( Object => $queue, Right => 'OwnTicket' ); -ok( $status, "successfuly granted right: $msg" ); -ok( $user->HasRight( Right => 'OwnTicket', Object => $queue ), "user can own ticket" ); - -($status, $msg) = $ticket->SetOwner( $user_id ); -ok( $status, "successfuly set owner: $msg" ); -is( $ticket->Owner, $user_id, "set correct owner" ); - -ok( $user->HasRight( Right => 'ReplyToTicket', Object => $ticket ), "user is owner and can reply to ticket" ); - -# Testing of EquivObjects -$group = RT::Group->new( $RT::SystemUser ); -ok( $group->LoadQueueRoleGroup( Queue => $queue_id, Type=> 'AdminCc' ), "load queue AdminCc role group" ); -$ace = RT::ACE->new( $RT::SystemUser ); -($ace_id, $msg) = $group->PrincipalObj->GrantRight( Right => 'ModifyTicket', Object => $queue ); -ok( $ace_id, "Granted queue AdminCc role group with ModifyTicket right: $msg" ); -ok( $group->PrincipalObj->HasRight( Right => 'ModifyTicket', Object => $queue ), "role group can modify ticket" ); -ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket ), "user is not AdminCc and can't modify ticket" ); -($status, $msg) = $ticket->AddWatcher(Type => 'AdminCc', PrincipalId => $user->PrincipalId); -ok( $status, "successfuly added user as AdminCc"); -ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket ), "user is AdminCc and can modify ticket" ); - -my $ticket2 = RT::Ticket->new($RT::SystemUser); -my ($ticket2_id) = $ticket2->Create( Queue => $queue_id, Subject => 'test2'); -ok( $ticket2_id, 'new ticket created' ); -ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2 ), "user is not AdminCc and can't modify ticket2" ); - -# now we can finally test EquivObjects -my $equiv = [ $ticket ]; -ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => $equiv ), - "user is not AdminCc but can modify ticket2 because of EquivObjects" ); - -# the first a third test below are the same, so they should both pass -my $equiv2 = []; -ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => $equiv2 ), - "user is not AdminCc and can't modify ticket2" ); -ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket, EquivObjects => $equiv2 ), - "user is AdminCc and can modify ticket" ); -ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => $equiv2 ), - "user is not AdminCc and can't modify ticket2 (same question different answer)" ); +my $queue2 = RT::Test->load_or_create_queue( Name => 'Rights' ); +ok $queue2 && $queue2->id, 'loaded or created queue'; + +my $user2 = RT::Test->load_or_create_user( + Name => 'user2', Password => 'password', +); +ok $user2 && $user2->id, 'Created user: ' . $user2->Name . ' with id ' . $user2->Id; + +warning_like { + ok( !$user2->HasRight( Right => 'Foo', Object => $queue2 ), + "HasRight false for invalid right Foo" + ); +} qr/Invalid right\. Couldn't canonicalize right 'Foo'/, + 'Got warning on invalid right'; + + +note "Right name canonicalization"; +{ + reset_rights; + my ($ok, $msg) = $user->PrincipalObj->GrantRight( + Right => "showticket", + Object => RT->System, + ); + ok $ok, "Granted showticket: $msg"; + ok $user->HasRight( Right => "ShowTicket", Object => RT->System ), "HasRight ShowTicket"; + + reset_rights; + ($ok, $msg) = $user->PrincipalObj->GrantRight( + Right => "ShowTicket", + Object => RT->System, + ); + ok $ok, "Granted ShowTicket: $msg"; + ok $user->HasRight( Right => "showticket", Object => RT->System ), "HasRight showticket"; +}