3 # Tests for C4::Auth::haspermission
5 # This file is part of Koha.
7 # Copyright 2016 Rijksmuseum
9 # Koha is free software; you can redistribute it and/or modify it
10 # under the terms of the GNU General Public License as published by
11 # the Free Software Foundation; either version 3 of the License, or
12 # (at your option) any later version.
14 # Koha is distributed in the hope that it will be useful, but
15 # WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
19 # You should have received a copy of the GNU General Public License
20 # along with Koha; if not, see <http://www.gnu.org/licenses>.
23 use Test
::More tests
=> 4;
27 use t
::lib
::TestBuilder
;
28 use C4
::Auth
qw(haspermission);
30 my $schema = Koha
::Database
->new->schema;
31 $schema->storage->txn_begin;
33 # Adding two borrowers and granular permissions for the second borrower
34 my $builder = t
::lib
::TestBuilder
->new();
35 my $borr1 = $builder->build(
39 surname
=> 'Superlib',
44 my $borr2 = $builder->build(
49 flags
=> 2 + 4 + 2**11, # circulate, catalogue, acquisition
53 my $borr3 = $builder->build(
58 flags
=> 2**13, # top level tools
64 source
=> 'UserPermission',
66 borrowernumber
=> $borr2->{borrowernumber
},
67 module_bit
=> 13, # tools
68 code
=> 'upload_local_cover_images',
74 source
=> 'UserPermission',
76 borrowernumber
=> $borr2->{borrowernumber
},
77 module_bit
=> 13, # tools
78 code
=> 'batch_upload_patron_images',
83 subtest
'undef top level tests' => sub {
87 my $pass = haspermission
( $borr2->{userid
} );
88 ok
($pass, "let through undef privs");
90 #throws_ok { my $r = haspermission( $borr1->{userid} ); }
91 #'Koha::Exceptions::WrongParameter',
92 # 'Exception thrown when missing $requiredflags';
93 #throws_ok { my $r = haspermission( $borr1->{userid}, undef ); }
94 #'Koha::Exceptions::WrongParameter', 'Exception thrown when explicit undef';
97 subtest
'scalar top level tests' => sub {
101 # Check top level permission for superlibrarian
102 my $r = haspermission
( $borr1->{userid
}, 'circulate' );
103 is
( ref($r), 'HASH', 'Superlibrarian/circulate' );
105 # Check specific top level permission(s) for borr2
106 $r = haspermission
( $borr2->{userid
}, 'circulate' );
107 is
( ref($r), 'HASH', 'Borrower2/circulate' );
108 $r = haspermission
( $borr2->{userid
}, 'updatecharges' );
109 is
( $r, 0, 'Borrower2/updatecharges should fail' );
112 subtest
'hashref top level AND tests' => sub {
116 # Check top level permission for superlibrarian
118 haspermission
( $borr1->{userid
}, { circulate
=> 1 } );
119 is
( ref($r), 'HASH', 'Superlibrarian/circulate' );
121 # Check specific top level permission(s) for borr2
122 $r = haspermission
( $borr2->{userid
}, { circulate
=> 1, catalogue
=> 1 } );
123 is
( ref($r), 'HASH', 'Borrower2/circulate' );
124 $r = haspermission
( $borr2->{userid
}, { updatecharges
=> 1 } );
125 is
( $r, 0, 'Borrower2/updatecharges should fail' );
127 # Check granular permission with 1: means all subpermissions
128 $r = haspermission
( $borr1->{userid
}, { tools
=> 1 } );
129 is
( ref($r), 'HASH', 'Superlibrarian/tools granular all' );
130 $r = haspermission
( $borr2->{userid
}, { tools
=> 1 } );
131 is
( $r, 0, 'Borrower2/tools granular all should fail' );
133 # Check granular permission with *: means at least one subpermission
134 $r = haspermission
( $borr1->{userid
}, { tools
=> '*' } );
135 is
( ref($r), 'HASH', 'Superlibrarian/tools granular *' );
136 $r = haspermission
( $borr2->{userid
}, { acquisition
=> '*' } );
137 is
( ref($r), 'HASH', 'Borrower2/acq granular *' );
138 $r = haspermission
( $borr2->{userid
}, { tools
=> '*' } );
139 is
( ref($r), 'HASH', 'Borrower2/tools granular *' );
140 $r = haspermission
( $borr2->{userid
}, { serials
=> '*' } );
141 is
( $r, 0, 'Borrower2/serials granular * should fail' );
143 # Check granular permission with one or more specific subperms
144 $r = haspermission
( $borr1->{userid
}, { tools
=> 'edit_news' } );
145 is
( ref($r), 'HASH', 'Superlibrarian/tools edit_news' );
146 $r = haspermission
( $borr2->{userid
}, { acquisition
=> 'budget_manage' } );
147 is
( ref($r), 'HASH', 'Borrower2/acq budget_manage' );
148 $r = haspermission
( $borr2->{userid
},
149 { acquisition
=> 'budget_manage', tools
=> 'edit_news' } );
150 is
( $r, 0, 'Borrower2 (/acquisition|budget_manage AND /tools|edit_news) should fail' );
155 'upload_local_cover_images' => 1,
156 'batch_upload_patron_images' => 1
160 is
( ref($r), 'HASH', 'Borrower2 (/tools|upload_local_cover_image AND /tools|batch_upload_patron_images) granular' );
165 'upload_local_cover_images' => 1,
166 'batch_upload_patron_images' => 1
170 is
( ref($r), 'HASH', 'Borrower3 (/tools|upload_local_cover_image AND /tools|batch_upload_patron_images) granular' );
175 'upload_local_cover_images' => 1,
180 is
( $r, 0, 'Borrower2 (/tools|upload_local_cover_image AND /tools|edit_news) granular' );
184 tools
=> [ 'upload_local_cover_images', 'edit_news'],
187 is
( ref($r), 'HASH', 'Borrower2 (/tools|upload_local_cover_image OR /tools|edit_news) granular' );
190 subtest
'arrayref top level OR tests' => sub {
194 # Check top level permission for superlibrarian
196 haspermission
( $borr1->{userid
}, [ 'circulate', 'editcatalogue' ] );
197 is
( ref($r), 'HASH', 'Superlibrarian/circulate' );
199 # Check specific top level permission(s) for borr2
200 $r = haspermission
( $borr2->{userid
}, [ 'circulate', 'updatecharges' ] );
201 is
( ref($r), 'HASH', 'Borrower2/circulate OR Borrower2/updatecharges' );
202 $r = haspermission
( $borr2->{userid
}, ['updatecharges', 'serials' ] );
203 is
( $r, 0, 'Borrower2/updatecharges OR Borrower2/serials should fail' );
205 # Check granular permission with 1: means all subpermissions
206 $r = haspermission
( $borr1->{userid
}, [ 'tools' ] );
207 is
( ref($r), 'HASH', 'Superlibrarian/tools granular all' );
208 $r = haspermission
( $borr2->{userid
}, [ 'tools' ] );
209 is
( $r, 0, 'Borrower2/tools granular all should fail' );
211 # Check granular permission with *: means at least one subpermission
212 $r = haspermission
( $borr1->{userid
}, [ { tools
=> '*' } ] );
213 is
( ref($r), 'HASH', 'Superlibrarian/tools granular *' );
214 $r = haspermission
( $borr2->{userid
}, [ { acquisition
=> '*' } ] );
215 is
( ref($r), 'HASH', 'Borrower2/acq granular *' );
216 $r = haspermission
( $borr2->{userid
}, [ { tools
=> '*' } ] );
217 is
( ref($r), 'HASH', 'Borrower2/tools granular *' );
218 $r = haspermission
( $borr2->{userid
}, [ { serials
=> '*' } ] );
219 is
( $r, 0, 'Borrower2/serials granular * should fail' );
221 # Check granular permission with one or more specific subperms
222 $r = haspermission
( $borr1->{userid
}, [ { tools
=> 'edit_news' } ] );
223 is
( ref($r), 'HASH', 'Superlibrarian/tools edit_news' );
225 haspermission
( $borr2->{userid
}, [ { acquisition
=> 'budget_manage' } ] );
226 is
( ref($r), 'HASH', 'Borrower2/acq budget_manage' );
227 $r = haspermission
( $borr2->{userid
},
228 [ { acquisition
=> 'budget_manage'}, { tools
=> 'edit_news' } ] );
229 is
( ref($r), 'HASH', 'Borrower2/two granular OR should pass' );
233 { tools
=> ['upload_local_cover_images'] },
234 { tools
=> ['edit_news'] }
237 is
( ref($r), 'HASH', 'Borrower2/tools granular OR subperms' );
240 $schema->storage->txn_rollback;