3 # Tests for C4::Auth::haspermission
5 # This file is part of Koha.
7 # Copyright 2016 Rijksmuseum
9 # Koha is free software; you can redistribute it and/or modify it
10 # under the terms of the GNU General Public License as published by
11 # the Free Software Foundation; either version 3 of the License, or
12 # (at your option) any later version.
14 # Koha is distributed in the hope that it will be useful, but
15 # WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
19 # You should have received a copy of the GNU General Public License
20 # along with Koha; if not, see <http://www.gnu.org/licenses>.
23 use Test::More tests => 4;
27 use t::lib::TestBuilder;
28 use C4::Auth qw(haspermission);
30 my $schema = Koha::Database->new->schema;
31 $schema->storage->txn_begin;
33 # Adding two borrowers and granular permissions for the second borrower
34 my $builder = t::lib::TestBuilder->new();
35 my $borr1 = $builder->build(
39 surname => 'Superlib',
44 my $borr2 = $builder->build(
49 flags => 2 + 4 + 2**11, # circulate, catalogue, acquisition
55 source => 'UserPermission',
57 borrowernumber => $borr2->{borrowernumber},
58 module_bit => 13, # tools
59 code => 'upload_local_cover_images',
65 source => 'UserPermission',
67 borrowernumber => $borr2->{borrowernumber},
68 module_bit => 13, # tools
69 code => 'batch_upload_patron_images',
74 subtest 'undef top level tests' => sub {
78 my $pass = haspermission( $borr2->{userid} );
79 ok($pass, "let through undef privs");
81 #throws_ok { my $r = haspermission( $borr1->{userid} ); }
82 #'Koha::Exceptions::WrongParameter',
83 # 'Exception thrown when missing $requiredflags';
84 #throws_ok { my $r = haspermission( $borr1->{userid}, undef ); }
85 #'Koha::Exceptions::WrongParameter', 'Exception thrown when explicit undef';
88 subtest 'scalar top level tests' => sub {
92 # Check top level permission for superlibrarian
93 my $r = haspermission( $borr1->{userid}, 'circulate' );
94 is( ref($r), 'HASH', 'Superlibrarian/circulate' );
96 # Check specific top level permission(s) for borr2
97 $r = haspermission( $borr2->{userid}, 'circulate' );
98 is( ref($r), 'HASH', 'Borrower2/circulate' );
99 $r = haspermission( $borr2->{userid}, 'updatecharges' );
100 is( $r, 0, 'Borrower2/updatecharges should fail' );
103 subtest 'hashref top level AND tests' => sub {
107 # Check top level permission for superlibrarian
109 haspermission( $borr1->{userid}, { circulate => 1 } );
110 is( ref($r), 'HASH', 'Superlibrarian/circulate' );
112 # Check specific top level permission(s) for borr2
113 $r = haspermission( $borr2->{userid}, { circulate => 1, catalogue => 1 } );
114 is( ref($r), 'HASH', 'Borrower2/circulate' );
115 $r = haspermission( $borr2->{userid}, { updatecharges => 1 } );
116 is( $r, 0, 'Borrower2/updatecharges should fail' );
118 # Check granular permission with 1: means all subpermissions
119 $r = haspermission( $borr1->{userid}, { tools => 1 } );
120 is( ref($r), 'HASH', 'Superlibrarian/tools granular all' );
121 $r = haspermission( $borr2->{userid}, { tools => 1 } );
122 is( $r, 0, 'Borrower2/tools granular all should fail' );
124 # Check granular permission with *: means at least one subpermission
125 $r = haspermission( $borr1->{userid}, { tools => '*' } );
126 is( ref($r), 'HASH', 'Superlibrarian/tools granular *' );
127 $r = haspermission( $borr2->{userid}, { acquisition => '*' } );
128 is( ref($r), 'HASH', 'Borrower2/acq granular *' );
129 $r = haspermission( $borr2->{userid}, { tools => '*' } );
130 is( ref($r), 'HASH', 'Borrower2/tools granular *' );
131 $r = haspermission( $borr2->{userid}, { serials => '*' } );
132 is( $r, 0, 'Borrower2/serials granular * should fail' );
134 # Check granular permission with one or more specific subperms
135 $r = haspermission( $borr1->{userid}, { tools => 'edit_news' } );
136 is( ref($r), 'HASH', 'Superlibrarian/tools edit_news' );
137 $r = haspermission( $borr2->{userid}, { acquisition => 'budget_manage' } );
138 is( ref($r), 'HASH', 'Borrower2/acq budget_manage' );
139 $r = haspermission( $borr2->{userid},
140 { acquisition => 'budget_manage', tools => 'edit_news' } );
141 is( $r, 0, 'Borrower2 (/acquisition|budget_manage AND /tools|edit_news) should fail' );
146 'upload_local_cover_images' => 1,
147 'batch_upload_patron_images' => 1
151 is( ref($r), 'HASH', 'Borrower2 (/tools|upload_local_cover_image AND /tools|batch_upload_patron_images) granular' );
156 'upload_local_cover_images' => 1,
161 is( $r, 0, 'Borrower2 (/tools|upload_local_cover_image AND /tools|edit_news) granular' );
165 tools => [ 'upload_local_cover_images', 'edit_news'],
168 is( ref($r), 'HASH', 'Borrower2 (/tools|upload_local_cover_image OR /tools|edit_news) granular' );
171 subtest 'arrayref top level OR tests' => sub {
175 # Check top level permission for superlibrarian
177 haspermission( $borr1->{userid}, [ 'circulate', 'editcatalogue' ] );
178 is( ref($r), 'HASH', 'Superlibrarian/circulate' );
180 # Check specific top level permission(s) for borr2
181 $r = haspermission( $borr2->{userid}, [ 'circulate', 'updatecharges' ] );
182 is( ref($r), 'HASH', 'Borrower2/circulate OR Borrower2/updatecharges' );
183 $r = haspermission( $borr2->{userid}, ['updatecharges', 'serials' ] );
184 is( $r, 0, 'Borrower2/updatecharges OR Borrower2/serials should fail' );
186 # Check granular permission with 1: means all subpermissions
187 $r = haspermission( $borr1->{userid}, [ 'tools' ] );
188 is( ref($r), 'HASH', 'Superlibrarian/tools granular all' );
189 $r = haspermission( $borr2->{userid}, [ 'tools' ] );
190 is( $r, 0, 'Borrower2/tools granular all should fail' );
192 # Check granular permission with *: means at least one subpermission
193 $r = haspermission( $borr1->{userid}, [ { tools => '*' } ] );
194 is( ref($r), 'HASH', 'Superlibrarian/tools granular *' );
195 $r = haspermission( $borr2->{userid}, [ { acquisition => '*' } ] );
196 is( ref($r), 'HASH', 'Borrower2/acq granular *' );
197 $r = haspermission( $borr2->{userid}, [ { tools => '*' } ] );
198 is( ref($r), 'HASH', 'Borrower2/tools granular *' );
199 $r = haspermission( $borr2->{userid}, [ { serials => '*' } ] );
200 is( $r, 0, 'Borrower2/serials granular * should fail' );
202 # Check granular permission with one or more specific subperms
203 $r = haspermission( $borr1->{userid}, [ { tools => 'edit_news' } ] );
204 is( ref($r), 'HASH', 'Superlibrarian/tools edit_news' );
206 haspermission( $borr2->{userid}, [ { acquisition => 'budget_manage' } ] );
207 is( ref($r), 'HASH', 'Borrower2/acq budget_manage' );
208 $r = haspermission( $borr2->{userid},
209 [ { acquisition => 'budget_manage'}, { tools => 'edit_news' } ] );
210 is( ref($r), 'HASH', 'Borrower2/two granular OR should pass' );
214 { tools => ['upload_local_cover_images'] },
215 { tools => ['edit_news'] }
218 is( ref($r), 'HASH', 'Borrower2/tools granular OR subperms' );
221 $schema->storage->txn_rollback;