Overview

Namespaces

  • Nethgui
    • Adapter
    • Authorization
    • Component
    • Controller
      • Collection
      • Table
    • Exception
    • Log
    • Model
    • Module
      • Help
      • Notification
    • Renderer
    • Serializer
    • System
    • Test
      • Tool
      • Unit
        • Nethgui
          • Adapter
            • ParameterSet
          • Authorization
          • Log
          • Module
            • Notification
          • Renderer
          • Serializer
          • System
          • Utility
          • View
        • Test
          • Tool
    • Utility
    • View
    • Widget
      • Xhtml
  • None
  • Test
    • Tool

Classes

  • Nethgui\Adapter\ArrayAdapter
  • Nethgui\Adapter\LazyLoaderAdapter
  • Nethgui\Adapter\MultipleAdapter
  • Nethgui\Adapter\RecordAdapter
  • Nethgui\Adapter\RecordKeyAdapter
  • Nethgui\Adapter\ScalarAdapter
  • Nethgui\Adapter\TableAdapter
  • Nethgui\Adapter\TabularValueAdapter
  • Nethgui\Authorization\AuthorizedModuleSet
  • Nethgui\Authorization\JsonPolicyDecisionPoint
  • Nethgui\Authorization\LazyAccessControlResponse
  • Nethgui\Authorization\PolicyRule
  • Nethgui\Authorization\User
  • Nethgui\Controller\AbstractController
  • Nethgui\Controller\Collection\AbstractAction
  • Nethgui\Controller\CollectionController
  • Nethgui\Controller\CompositeController
  • Nethgui\Controller\ListComposite
  • Nethgui\Controller\NullRequest
  • Nethgui\Controller\RequestTest
  • Nethgui\Controller\Table\AbstractAction
  • Nethgui\Controller\Table\Help
  • Nethgui\Controller\Table\Modify
  • Nethgui\Controller\Table\PluggableAction
  • Nethgui\Controller\Table\PluginCollector
  • Nethgui\Controller\Table\Read
  • Nethgui\Controller\Table\RowAbstractAction
  • Nethgui\Controller\Table\RowPluginAction
  • Nethgui\Controller\TableController
  • Nethgui\Controller\TabsController
  • Nethgui\Framework
  • Nethgui\Log\AbstractLog
  • Nethgui\Log\Nullog
  • Nethgui\Log\Syslog
  • Nethgui\Model\StaticFiles
  • Nethgui\Model\SystemTasks
  • Nethgui\Model\UserNotifications
  • Nethgui\Model\ValidationErrors
  • Nethgui\Module\AbstractModule
  • Nethgui\Module\Composite
  • Nethgui\Module\CompositeModuleAttributesProvider
  • Nethgui\Module\Help
  • Nethgui\Module\Help\Common
  • Nethgui\Module\Help\Read
  • Nethgui\Module\Help\Renderer
  • Nethgui\Module\Help\Show
  • Nethgui\Module\Help\Template
  • Nethgui\Module\Help\Widget
  • Nethgui\Module\Language
  • Nethgui\Module\Login
  • Nethgui\Module\Logout
  • Nethgui\Module\Main
  • Nethgui\Module\Menu
  • Nethgui\Module\ModuleLoader
  • Nethgui\Module\Notification
  • Nethgui\Module\Notification\AbstractNotification
  • Nethgui\Module\Resource
  • Nethgui\Module\SimpleModuleAttributesProvider
  • Nethgui\Module\SystemModuleAttributesProvider
  • Nethgui\Module\Tracker
  • Nethgui\Renderer\AbstractRenderer
  • Nethgui\Renderer\Json
  • Nethgui\Renderer\ReadonlyView
  • Nethgui\Renderer\TemplateRenderer
  • Nethgui\Renderer\Xhtml
  • Nethgui\Serializer\ArrayAccessSerializer
  • Nethgui\Serializer\KeySerializer
  • Nethgui\Serializer\PropSerializer
  • Nethgui\System\AlwaysFailValidator
  • Nethgui\System\CallbackValidator
  • Nethgui\System\NethPlatform
  • Nethgui\System\Process
  • Nethgui\System\SessionDatabase
  • Nethgui\System\Validator
  • Nethgui\Test\Tool\DB
  • Nethgui\Test\Tool\MockFactory
  • Nethgui\Test\Tool\MockObject
  • Nethgui\Test\Tool\MockState
  • Nethgui\Test\Tool\PermissivePolicyDecisionPoint
  • Nethgui\Test\Tool\StaticPolicyDecisionPoint
  • Nethgui\Test\Unit\Nethgui\Adapter\ArrayAdapterTest
  • Nethgui\Test\Unit\Nethgui\Adapter\MultipleAdapterTest
  • Nethgui\Test\Unit\Nethgui\Adapter\ParameterSet\EmptyTest
  • Nethgui\Test\Unit\Nethgui\Adapter\ParameterSet\WithAdaptersTest
  • Nethgui\Test\Unit\Nethgui\Adapter\RecordAdapterTest
  • Nethgui\Test\Unit\Nethgui\Adapter\RecordAdapterTester
  • Nethgui\Test\Unit\Nethgui\Adapter\RecordKeyAdapterTest
  • Nethgui\Test\Unit\Nethgui\Adapter\ScalarAdapterTest
  • Nethgui\Test\Unit\Nethgui\Adapter\TableAdapter1Test
  • Nethgui\Test\Unit\Nethgui\Adapter\TableAdapter2Test
  • Nethgui\Test\Unit\Nethgui\Adapter\TabularValueAdapterDegradedTest
  • Nethgui\Test\Unit\Nethgui\Adapter\TabularValueAdapterTest
  • Nethgui\Test\Unit\Nethgui\Authorization\JsonPolicyDecisionPointTest
  • Nethgui\Test\Unit\Nethgui\Authorization\LazyAccessControlResponseTest
  • Nethgui\Test\Unit\Nethgui\Authorization\PolicyRuleTest
  • Nethgui\Test\Unit\Nethgui\Authorization\ResourceX
  • Nethgui\Test\Unit\Nethgui\Authorization\ResourceY
  • Nethgui\Test\Unit\Nethgui\Authorization\UserTest
  • Nethgui\Test\Unit\Nethgui\Log\AbstractLogTest
  • Nethgui\Test\Unit\Nethgui\Log\NullogTest
  • Nethgui\Test\Unit\Nethgui\Log\SyslogTest
  • Nethgui\Test\Unit\Nethgui\Module\AbstractControllerTest
  • Nethgui\Test\Unit\Nethgui\Module\CompositeTest
  • Nethgui\Test\Unit\Nethgui\Module\ConcreteCompositeModule1
  • Nethgui\Test\Unit\Nethgui\Module\ConcreteStandardModule1
  • Nethgui\Test\Unit\Nethgui\Module\ModuleLoaderTest
  • Nethgui\Test\Unit\Nethgui\Module\Notification\TextNotificationBoxTest
  • Nethgui\Test\Unit\Nethgui\Module\SimpleModuleAttributesProviderTest
  • Nethgui\Test\Unit\Nethgui\Renderer\HttpCommandReceiverTest
  • Nethgui\Test\Unit\Nethgui\Renderer\JsonTest
  • Nethgui\Test\Unit\Nethgui\Renderer\MarshallingReceiverTest
  • Nethgui\Test\Unit\Nethgui\Renderer\XhtmlTest
  • Nethgui\Test\Unit\Nethgui\Serializer\ArrayAccessSerializerTest
  • Nethgui\Test\Unit\Nethgui\Serializer\KeySerializerTest
  • Nethgui\Test\Unit\Nethgui\Serializer\PropSerializerTest
  • Nethgui\Test\Unit\Nethgui\System\EsmithDatabaseTest
  • Nethgui\Test\Unit\Nethgui\System\NethPlatformTest
  • Nethgui\Test\Unit\Nethgui\System\PhpWrapperExec
  • Nethgui\Test\Unit\Nethgui\System\SessionDatabaseTest
  • Nethgui\Test\Unit\Nethgui\System\TestSession
  • Nethgui\Test\Unit\Nethgui\System\ValidatorTest
  • Nethgui\Test\Unit\Nethgui\Utility\PamAuthenticatorTest
  • Nethgui\Test\Unit\Nethgui\View\CommandTest
  • Nethgui\Test\Unit\Nethgui\View\TranslatorTest
  • Nethgui\Test\Unit\Nethgui\View\TranslatorTestModule
  • Nethgui\Test\Unit\Nethgui\View\TranslatorTestPhpWrapper
  • Nethgui\Test\Unit\Nethgui\View\ViewCommandSequenceTest
  • Nethgui\Test\Unit\Nethgui\View\ViewGenericTest
  • Nethgui\Test\Unit\Test\Tool\MockStateTest
  • Nethgui\Utility\ArrayDisposable
  • Nethgui\Utility\HttpResponse
  • Nethgui\Utility\NullSession
  • Nethgui\Utility\PhpWrapper
  • Nethgui\View\LegacyCommandBag
  • Nethgui\View\Translator
  • Nethgui\View\View
  • Nethgui\Widget\AbstractWidget
  • Nethgui\Widget\Xhtml\Button
  • Nethgui\Widget\Xhtml\CheckBox
  • Nethgui\Widget\Xhtml\CollectionEditor
  • Nethgui\Widget\Xhtml\Columns
  • Nethgui\Widget\Xhtml\ElementList
  • Nethgui\Widget\Xhtml\ElementModule
  • Nethgui\Widget\Xhtml\ElementRenderer
  • Nethgui\Widget\Xhtml\Fieldset
  • Nethgui\Widget\Xhtml\FieldsetSwitch
  • Nethgui\Widget\Xhtml\FileUpload
  • Nethgui\Widget\Xhtml\Form
  • Nethgui\Widget\Xhtml\Hidden
  • Nethgui\Widget\Xhtml\ObjectPicker
  • Nethgui\Widget\Xhtml\ObjectsCollection
  • Nethgui\Widget\Xhtml\Panel
  • Nethgui\Widget\Xhtml\ProgressBar
  • Nethgui\Widget\Xhtml\RadioButton
  • Nethgui\Widget\Xhtml\Selector
  • Nethgui\Widget\Xhtml\Slider
  • Nethgui\Widget\Xhtml\Tabs
  • Nethgui\Widget\Xhtml\TextArea
  • Nethgui\Widget\Xhtml\TextInput
  • Nethgui\Widget\Xhtml\TextLabel
  • Nethgui\Widget\Xhtml\TextList
  • Nethgui\Widget\XhtmlWidget

Interfaces

  • Nethgui\Adapter\AdapterAggregateInterface
  • Nethgui\Adapter\AdapterAggregationInterface
  • Nethgui\Adapter\AdapterInterface
  • Nethgui\Adapter\ModifiableInterface
  • Nethgui\Authorization\AccessControlResponseInterface
  • Nethgui\Authorization\AuthorizationAttributesProviderInterface
  • Nethgui\Authorization\PolicyDecisionPointInterface
  • Nethgui\Authorization\PolicyEnforcementPointInterface
  • Nethgui\Authorization\UserInterface
  • Nethgui\Component\DependencyConsumer
  • Nethgui\Component\DependencyInjectorAggregate
  • Nethgui\Controller\Collection\ActionInterface
  • Nethgui\Controller\RequestHandlerInterface
  • Nethgui\Controller\RequestInterface
  • Nethgui\Controller\ValidationReportInterface
  • Nethgui\Log\LogConsumerInterface
  • Nethgui\Log\LogInterface
  • Nethgui\Module\ModuleAttributesInterface
  • Nethgui\Module\ModuleCompositeInterface
  • Nethgui\Module\ModuleInterface
  • Nethgui\Module\ModuleSetInterface
  • Nethgui\Renderer\WidgetFactoryInterface
  • Nethgui\Renderer\WidgetInterface
  • Nethgui\System\DatabaseInterface
  • Nethgui\System\MandatoryValidatorInterface
  • Nethgui\System\PlatformConsumerInterface
  • Nethgui\System\PlatformInterface
  • Nethgui\System\ProcessInterface
  • Nethgui\System\ValidatorInterface
  • Nethgui\Utility\DisposableInterface
  • Nethgui\Utility\PhpConsumerInterface
  • Nethgui\Utility\SessionConsumerInterface
  • Nethgui\Utility\SessionInterface
  • Nethgui\View\CommandReceiverInterface
  • Nethgui\View\TranslatorInterface
  • Nethgui\View\ViewableInterface
  • Nethgui\View\ViewInterface

Exceptions

  • Nethgui\Exception\AuthorizationException
  • Nethgui\Exception\HttpException

Functions

  • Nethgui\array_end
  • Nethgui\array_head
  • Nethgui\array_rest
  • Overview
  • Namespace
  • Class
  • Deprecated
  1:   2:   3:   4:   5:   6:   7:   8:   9:  10:  11:  12:  13:  14:  15:  16:  17:  18:  19:  20:  21:  22:  23:  24:  25:  26:  27:  28:  29:  30:  31:  32:  33:  34:  35:  36:  37:  38:  39:  40:  41:  42:  43:  44:  45:  46:  47:  48:  49:  50:  51:  52:  53:  54:  55:  56:  57:  58:  59:  60:  61:  62:  63:  64:  65:  66:  67:  68:  69:  70:  71:  72:  73:  74:  75:  76:  77:  78:  79:  80:  81:  82:  83:  84:  85:  86:  87:  88:  89:  90:  91:  92:  93:  94:  95:  96:  97:  98:  99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 231: 232: 233: 234: 235: 236: 237: 238: 239: 240: 241: 242: 243: 244: 245: 246: 247: 248: 249: 250: 251: 252: 253: 254: 255: 256: 257: 258: 259: 260: 261: 262: 263: 264: 265: 266: 267: 268: 
<?php
namespace Nethgui\Test\Unit\Nethgui\Authorization;

/*
 * Copyright (C) 2012 Nethesis S.r.l.
 *
 * This script is part of NethServer.
 *
 * NethServer is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * NethServer is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with NethServer.  If not, see <http://www.gnu.org/licenses/>.
 */

/**
 * JsonPolicyDecisionPoint Unit test case
 *
 * @author Davide Principi <davide.principi@nethesis.it>
 * @since 1.0
 * @covers \Nethgui\Authorization\JsonPolicyDecisionPoint
 */
class JsonPolicyDecisionPointTest extends \PHPUnit_Framework_TestCase
{

    /**
     * @var \Nethgui\Authorization\JsonPolicyDecisionPoint
     */
    protected $object;

    /**
     *
     * @var \PHPUnit_Framework_MockObject_MockObject
     */
    private $phpMock;

    protected function setUp()
    {
        $this->phpMock = $this->getMockBuilder('Nethgui\Utility\PhpWrapper')
            ->setMethods(array('file_get_contents'))
            ->getMock()
        ;

        $this->object = new \Nethgui\Authorization\JsonPolicyDecisionPoint(function($name) {
                    return '/prefix/' . str_replace('\\', '/', $name);
                }, $this->phpMock);
    }

    private function getSubject($username = FALSE, $groups = array())
    {
        return \Nethgui\Test\Tool\MockFactory::getAuthenticationSubject($this, $username, $groups);
    }

    private function loadPolicy($policy)
    {
        $this->phpMock->expects($this->once())
            ->method('file_get_contents')
            ->with('/prefix/Nethgui/Authorization/BasicPolicy.json')
            ->will($this->returnValue($policy))
        ;

        $this->object->loadPolicy('Nethgui\Authorization\BasicPolicy.json');
    }

    public function testEmptyPdp()
    {
        $this->assertTrue($this->object->authorize('S', 'R', 'A')->isAllowed());
    }

    public function testNoMatchPdp()
    {
        $this->loadPolicy('[{"Id": 1234, "Effect": "ALLOW", "Subject": "XXX", "Action": "XXX", "Resource": "XXX"}]');
        $this->assertFalse($this->object->authorize('S', 'R', 'A')->isAllowed());
    }

    public function testGlobPolicyFiles()
    {
        $phpMock = $this->getMockBuilder('Nethgui\Utility\PhpWrapper')
            ->setMethods(array('file_get_contents', 'glob'))
            ->getMock()
        ;

        $phpMock->expects($this->at(0))
            ->method('glob')
            ->with('/prefix/Nethgui/Authorization/*.json')
            ->will($this->returnValue(array('/prefix/Nethgui/Authorization/A.json', '/prefix/Nethgui/Authorization/B.json')))
        ;

        $phpMock->expects($this->at(1))
            ->method('file_get_contents')
            ->with('/prefix/Nethgui/Authorization/A.json')
            ->will($this->returnValue('[]'));

        $phpMock->expects($this->at(2))
            ->method('file_get_contents')
            ->with('/prefix/Nethgui/Authorization/B.json')
            ->will($this->returnValue('[]'));

        $phpMock->expects($this->at(3))
            ->method('glob')
            ->with('/prefix/Product/Authorization/*.json')
            ->will($this->returnValue(FALSE))
        ;

        $logMock = $this->getMock('Nethgui\Log\Nullog', array('warning'));
        $logMock->expects($this->once())
            ->method('warning')
            ->with($this->stringContains('invalid policy file specification'))
            ->will($this->returnValue($logMock));

        $this->object->setPhpWrapper($phpMock)->setLog($logMock);
        $this->object->loadPolicy('Nethgui\Authorization\*.json');
        $this->object->loadPolicy('Product\Authorization\*.json');

        $this->assertTrue($this->object->authorize('S', 'R', 'A')->isAllowed());
    }

    public function testAuthorizeLogin1()
    {
        $this->loadPolicy('[            
            {
                "Id": 2,
                "Final": true,
                "Effect": "ALLOW",
                "Subject": "admin",
                "Action": "*",
                "Resource": "*",

                "Description":
                    "Admin has the full powa"
            }
            ,
            {
                "Id": 3,
                "Effect": "DENY",
                "Subject": "*",
                "Action": "*",
                "Resource": "PROCESSOR*",
                "Description":
                    "Unauthenticated users cannot access any PROCESSOR"
            }
            ,
            {
                "Id": 2,
                "Effect": "DENY",
                "Subject": "admin",
                "Action": "*",
                "Resource": "*",

                "Description":
                    "Try to override rule#2"
            }
            ,
            {
                "Id": 1,
                "Effect": "ALLOW",
                "Subject": ".groups HAS g1 OR .groups HAS g2",
                "Action": "USE OR SUSPEND OR RESUME",
                "Resource": "PROCESSOR1",
                "Description":
                    "g1 and g2 groups have access to PROCESSOR1"
            }
            ,
            {
                "Id": 3,
                "Effect": "DENY",
                "Subject": "*",
                "Action": "*",
                "Resource": "PROC*",
                "Description":
                    "Generic user has no access to any PROCESSOR (Override)"
            }
            ]');



        $assertions = array(
            0 => array($this->object->authorize($this->getSubject('admin'), 'PROCESSOR2', 'HALT'), TRUE),
            1 => array($this->object->authorize($this->getSubject('dude', array('g1')), 'PROCESSOR1', 'USE'), TRUE),
            2 => array($this->object->authorize($this->getSubject('dude', array('g2')), 'PROCESSOR1', 'HALT'), FALSE),
            3 => array($this->object->authorize($this->getSubject('dude', array('g1', 'g2')), 'PROCESSOR2', 'USE'), FALSE),
            4 => array($this->object->authorize($this->getSubject(FALSE), 'PROCESSOR3', 'USE'), FALSE),
            5 => array($this->object->authorize($this->getSubject('user', array('g1')), 'PROCESSOR3', 'USE'), FALSE),
            6 => array($this->object->authorize($this->getSubject('dude', array('g2')), 'PROCESSOR1', 'USE'), TRUE),
        );

        foreach ($assertions as $index => $assertion) {
            list($auth, $pass) = $assertion;

            if ( ! $auth instanceof \Nethgui\Authorization\AccessControlResponseInterface)
                continue;


            $cond = $pass ? $auth->isAllowed() : $auth->isDenied();
            $failMsg = sprintf('assertion[%d]: Rule#%d - %s', $index, $auth->getCode(), $auth->getMessage());
            $this->assertTrue($cond, $failMsg);
        }
    }

    /**
     * @expectedException \UnexpectedValueException
     */
    public function testAuthorizeLogin2()
    {
        // invalid json:
        $this->loadPolicy('error');

        $subject = $this->getSubject();
        $resource = 'Nethgui\Module\Login';
        $action = \Nethgui\Authorization\PolicyDecisionPointInterface::QUERY;

        $this->object->authorize($subject, $resource, $action)->isAllowed();
    }

    /**
     * @expectedException \UnexpectedValueException
     */
    public function testAuthorizeLogin3()
    {
        // valid json, invalid policy
        $this->loadPolicy('"error"');

        $subject = $this->getSubject();
        $resource = 'Nethgui\Module\Login';
        $action = \Nethgui\Authorization\PolicyDecisionPointInterface::QUERY;

        $this->object->authorize($subject, $resource, $action)->isAllowed();
    }

    public function testAuthorizeLogin4()
    {
        // empty policy
        $this->loadPolicy('[]');

        $subject = $this->getSubject('admin');
        $resource = 'None';
        $action = 'None';

        $this->object->authorize($subject, $resource, $action)->isAllowed();
    }

    public function testSetPhpWrapper()
    {
        $php = new \Nethgui\Utility\PhpWrapper();
        $this->assertSame($this->object, $this->object->setPhpWrapper($php));
    }

    public function testGetLog()
    {
        $this->assertInstanceOf('Nethgui\Log\LogInterface', $this->object->getLog());
    }

    public function testSetLog()
    {
        $log = new \Nethgui\Log\Nullog();
        $this->assertSame($this->object, $this->object->setLog($log));
        $this->assertInstanceOf('Nethgui\Log\LogInterface', $this->object->getLog());
    }

}
Nethgui Framework API documentation generated by ApiGen