Hiā¦
Of course :).
Still trying to define the interface correctly, here is a possible acceptance test with the authentication stripped out. I have called it tests/acceptance_tests.php. Edit to taste (switch it to PHPUnit if you like)ā¦
<?php
require_once('../authoriser.php');
require_once('../access_controller.php');
require_once('../authoriser_options.php');
AuthoriserOptions::setConfigurationFile('authoriser.conf');
class RoleBasedPermissionsTest extends UnitTestCase {
function RoleBasedPermissionsTest() {
$this->UnitTestCase();
}
function setUp() {
$authoriser = &new Authoriser();
$authoriser->addUsage('fred');
$authoriser->addRole('pleb');
$authoriser->addOperation('do_stuff');
$authoriser->attachRole('fred', 'pleb');
$authoriser->permit('pleb', 'do_stuff');
}
function tearDown() {
$authoriser = &new Authoriser();
$authoriser->dropUsage('fred');
$authoriser->dropRole('pleb');
$authoriser->dropOperation('do_stuff');
}
function testNonUserHasNothingAllowed() {
$access_controller = &new AccessController();
$permissions = &$access_controller->getPermissions('public');
$this->assertFalse($permissions->can('do_stuff'));
}
function testBadPasswordHasNothingAllowed() {
$access_controller = &new AccessController();
$permissions = &$access_controller->getPermissions('fred');
$this->assertFalse($permissions->can('do_stuff'));
}
function testLegitimateUserHasActionAllowed() {
$access_controller = &new AccessController();
$permissions = &$access_controller->getPermissions('fred');
$this->assertTrue($permissions->can('do_stuff'));
}
function testUserCannotDoNonAction() {
$access_controller = &new AccessController();
$permissions = &$access_controller->getPermissions('fred');
$this->assertFalse($permissions->can('do_unknown'));
}
}
?>
I have split Authorisor from AccessController so that the whole of the library doesnāt have to be loaded just to check someoneās permissions. If someone has an alternate scheme it would simplify the interface slightly to have one object instead of two.
Here is a sample test runnerā¦
<?php
define('SIMPLE_TEST', '/var/www/html/simpletest/');
require_once(SIMPLE_TEST . 'unit_tester.php');
require_once(SIMPLE_TEST . 'reporter.php');
$test = &new GroupTest('Sitepoint advPHP RBAC');
$test->addTestFile('acceptance_tests.php');
$test->run(new HtmlReporter());
?>
This obviously only works on my machine.
To get this test so that it doesnāt crash I have to create the files. First authoriser.phpā¦
<?php
class Authoriser {
function Authoriser() {
}
function addUsage() {
}
function dropUsage() {
}
function addRole() {
}
function dropRole() {
}
function addOperation() {
}
function dropOperation() {
}
function attachRole() {
}
function permit() {
}
}
?
Then access_controller.phpā¦
<?php
class AccessController {
function AccessController() {
}
function getPermissions() {
return new Permissions(); // Blatant fake
}
}
class Permissions {
function Permissions() {
}
function can() {
}
}
?>
And finally authoriser_options.phpā¦
<?php
class AuthoriserOptions {
function setConfigurationFile() {
}
}
?>
With this set up I get just one failure. This is just about the minimum amount of code I can write for RBAC to make sense. It should work as a starting skeleton at least.
yours, Marcus