Open Monograph Press  1.1
 All Classes Namespaces Functions Variables Groups Pages
AuthorizationDecisionManagerTest.php
1 <?php
2 
17 import('lib.pkp.tests.classes.security.authorization.PolicyTestCase');
18 import('lib.pkp.classes.security.authorization.AuthorizationDecisionManager');
19 import('lib.pkp.classes.security.authorization.AuthorizationPolicy');
20 
22  private $decisionManager;
23 
24  protected function setUp() {
25  parent::setUp();
26  $this->decisionManager = new AuthorizationDecisionManager();
27  }
28 
32  public function testDecideIfNoPolicyApplies() {
33  // Mock a policy that doesn't apply.
34  $mockPolicy = $this->getMock('AuthorizationPolicy', array('applies'));
35  $mockPolicy->expects($this->any())
36  ->method('applies')
37  ->will($this->returnValue(false));
38  $this->decisionManager->addPolicy($mockPolicy);
39 
40  // The default decision should be "deny".
41  self::assertEquals(AUTHORIZATION_DENY, $this->decisionManager->decide());
42 
43  // Try a non-default decision.
44  $this->decisionManager->setDecisionIfNoPolicyApplies(AUTHORIZATION_PERMIT);
45  self::assertEquals(AUTHORIZATION_PERMIT, $this->decisionManager->decide());
46  }
47 
51  public function testAuthorizationMessages() {
52  // Create policies that deny access.
53  $denyPolicy1 = new AuthorizationPolicy('message 1');
54  $denyPolicy2 = new AuthorizationPolicy('message 2');
55 
56  // Mock a policy that permits access.
57  $permitPolicy = $this->getMock('AuthorizationPolicy', array('effect'), array('message 3'));
58  $permitPolicy->expects($this->any())
59  ->method('effect')
60  ->will($this->returnValue(AUTHORIZATION_PERMIT));
61 
62  // Create a permit overrides policy set to make sure that
63  // all policies will be tested even if several deny access.
64  $policySet = new PolicySet(COMBINING_PERMIT_OVERRIDES);
65  $policySet->addPolicy($denyPolicy1);
66  $policySet->addPolicy($denyPolicy2);
67  $policySet->addPolicy($permitPolicy);
68 
69  // Let the decision manager decide the policy set.
70  $this->decisionManager->addPolicy($policySet);
71  self::assertEquals(AUTHORIZATION_PERMIT, $this->decisionManager->decide());
72 
73  // Check that the messages for the policies that denied access
74  // can be retrieved from the decision manager.
75  self::assertEquals(array('message 1', 'message 2'), $this->decisionManager->getAuthorizationMessages());
76  }
77 
81  public function testAuthorizationContext() {
82  // Create a test environment that can be used to
83  // manipulate the authorization context.
84  $this->decisionManager->addPolicy($this->getAuthorizationContextManipulationPolicy());
85 
86  // Make sure that the authorization context is initially empty.
87  self::assertNull($this->decisionManager->getAuthorizedContextObject(ASSOC_TYPE_USER_GROUP));
88 
89  // Check whether the authorized context is correctly returned from the policy.
90  self::assertEquals(AUTHORIZATION_PERMIT, $this->decisionManager->decide());
91  self::assertInstanceOf('UserGroup', $this->decisionManager->getAuthorizedContextObject(ASSOC_TYPE_USER_GROUP));
92  }
93 
97  public function testDecide() {
98  // We have to test policies and policy sets
99  // as well as different combining algorithms.
100  $denyPolicy = new AuthorizationPolicy();
101  $permitPolicy = $this->getMock('AuthorizationPolicy', array('effect'));
102  $permitPolicy->expects($this->any())
103  ->method('effect')
104  ->will($this->returnCallback(array($this, 'mockEffect')));
105 
106  // deny overrides
107  // - permit policy
108  // - deny policy
109  $decisionManager = new AuthorizationDecisionManager();
110  $decisionManager->addPolicy($permitPolicy);
111  $decisionManager->addPolicy($denyPolicy);
112  self::assertEquals(AUTHORIZATION_DENY, $decisionManager->decide());
113 
114  // deny overrides
115  // - permit policy
116  // - permit policy
117  $decisionManager = new AuthorizationDecisionManager();
118  $decisionManager->addPolicy($permitPolicy);
119  $decisionManager->addPolicy($permitPolicy);
120  self::assertEquals(AUTHORIZATION_PERMIT, $decisionManager->decide());
121 
122  // deny overrides
123  // - permit policy
124  // - allow overrides
125  // -- deny policy
126  // -- deny policy
127  $decisionManager = new AuthorizationDecisionManager();
128  $decisionManager->addPolicy($permitPolicy);
129  $policySet = new PolicySet();
130  $policySet->addPolicy($denyPolicy);
131  $policySet->addPolicy($denyPolicy);
132  $decisionManager->addPolicy($policySet);
133  self::assertEquals(AUTHORIZATION_DENY, $decisionManager->decide());
134 
135  // deny overrides
136  // - permit policy
137  // - allow overrides
138  // -- deny policy
139  // -- permit policy
140  $decisionManager = new AuthorizationDecisionManager();
141  $decisionManager->addPolicy($permitPolicy);
142  $policySet = new PolicySet(COMBINING_PERMIT_OVERRIDES);
143  $policySet->addPolicy($denyPolicy);
144  $policySet->addPolicy($permitPolicy);
145  $decisionManager->addPolicy($policySet);
146  self::assertEquals(AUTHORIZATION_PERMIT, $decisionManager->decide());
147  }
148 
152  public function testCallOnDeny() {
153  // Create a policy with a call-on-deny advice.
154  $policy = $this->getMock('AuthorizationPolicy', array('callOnDeny'));
155  $policy->expects($this->once())
156  ->method('callOnDeny')
157  ->will($this->returnCallback(array($this, 'mockCallOnDeny')));
158  $callOnDenyAdvice = array(
159  $policy,
160  'callOnDeny',
161  array('argument')
162  );
163  $policy->setAdvice(AUTHORIZATION_ADVICE_CALL_ON_DENY, $callOnDenyAdvice);
164 
165  // Configure and execute the decision manager.
166  $this->decisionManager->addPolicy($policy);
167  self::assertEquals(AUTHORIZATION_DENY, $this->decisionManager->decide());
168  }
169 
175  public function mockCallOnDeny($argument) {
176  // Test whether the argument was correctly passed
177  // on to this method.
178  self::assertEquals('argument', $argument);
179  }
180 }
181 ?>
An ordered list of policies. Policy sets can be added to decision managers like policies. The decision manager will evaluate the contained policies in the order they were added.
getAuthorizationContextManipulationPolicy()
Abstract base test class that provides infrastructure for several types of policy tests...
A class that can take a list of authorization policies, apply them to the current authorization reque...
Test class for the AuthorizationDecisionManager class.
Class to represent an authorization policy.