Open Journal Systems  3.3.0
AuthorizationDecisionManagerTest.php
1 <?php
2 
17 import('lib.pkp.tests.classes.security.authorization.PolicyTestCase');
18 import('lib.pkp.classes.security.authorization.AuthorizationDecisionManager');
19 import('lib.pkp.classes.security.authorization.AuthorizationPolicy');
20 
21 class AuthorizationDecisionManagerTest extends PolicyTestCase {
22  private $decisionManager;
23 
24  protected function setUp() : void {
25  parent::setUp();
26  $this->decisionManager = new AuthorizationDecisionManager();
27  }
28 
32  public function testDecideIfNoPolicyApplies() {
33  // Mock a policy that doesn't apply.
34  $mockPolicy = $this->getMockBuilder(AuthorizationPolicy::class)
35  ->setMethods(array('applies'))
36  ->getMock();
37  $mockPolicy->expects($this->any())
38  ->method('applies')
39  ->will($this->returnValue(false));
40  $this->decisionManager->addPolicy($mockPolicy);
41 
42  // The default decision should be "deny".
43  self::assertEquals(AUTHORIZATION_DENY, $this->decisionManager->decide());
44 
45  // Try a non-default decision.
46  $this->decisionManager->setDecisionIfNoPolicyApplies(AUTHORIZATION_PERMIT);
47  self::assertEquals(AUTHORIZATION_PERMIT, $this->decisionManager->decide());
48  }
49 
53  public function testAuthorizationMessages() {
54  // Create policies that deny access.
55  $denyPolicy1 = new AuthorizationPolicy('message 1');
56  $denyPolicy2 = new AuthorizationPolicy('message 2');
57 
58  // Mock a policy that permits access.
59  $permitPolicy = $this->getMockBuilder(AuthorizationPolicy::class)
60  ->setMethods(array('effect'))
61  ->setConstructorArgs(array('message 3'))
62  ->getMock();
63  $permitPolicy->expects($this->any())
64  ->method('effect')
65  ->will($this->returnValue(AUTHORIZATION_PERMIT));
66 
67  // Create a permit overrides policy set to make sure that
68  // all policies will be tested even if several deny access.
69  $policySet = new PolicySet(COMBINING_PERMIT_OVERRIDES);
70  $policySet->addPolicy($denyPolicy1);
71  $policySet->addPolicy($denyPolicy2);
72  $policySet->addPolicy($permitPolicy);
73 
74  // Let the decision manager decide the policy set.
75  $this->decisionManager->addPolicy($policySet);
76  self::assertEquals(AUTHORIZATION_PERMIT, $this->decisionManager->decide());
77 
78  // Check that the messages for the policies that denied access
79  // can be retrieved from the decision manager.
80  self::assertEquals(array('message 1', 'message 2'), $this->decisionManager->getAuthorizationMessages());
81  }
82 
86  public function testAuthorizationContext() {
87  // Create a test environment that can be used to
88  // manipulate the authorization context.
89  $this->decisionManager->addPolicy($this->getAuthorizationContextManipulationPolicy());
90 
91  // Make sure that the authorization context is initially empty.
92  self::assertNull($this->decisionManager->getAuthorizedContextObject(ASSOC_TYPE_USER_GROUP));
93 
94  // Check whether the authorized context is correctly returned from the policy.
95  self::assertEquals(AUTHORIZATION_PERMIT, $this->decisionManager->decide());
96  self::assertInstanceOf('UserGroup', $this->decisionManager->getAuthorizedContextObject(ASSOC_TYPE_USER_GROUP));
97  }
98 
102  public function testDecide() {
103  // We have to test policies and policy sets
104  // as well as different combining algorithms.
105  $denyPolicy = new AuthorizationPolicy();
106  $permitPolicy = $this->getMockBuilder(AuthorizationPolicy::class)
107  ->setMethods(array('effect'))
108  ->getMock();
109  $permitPolicy->expects($this->any())
110  ->method('effect')
111  ->will($this->returnCallback(array($this, 'mockEffect')));
112 
113  // deny overrides
114  // - permit policy
115  // - deny policy
116  $decisionManager = new AuthorizationDecisionManager();
117  $decisionManager->addPolicy($permitPolicy);
118  $decisionManager->addPolicy($denyPolicy);
119  self::assertEquals(AUTHORIZATION_DENY, $decisionManager->decide());
120 
121  // deny overrides
122  // - permit policy
123  // - permit policy
124  $decisionManager = new AuthorizationDecisionManager();
125  $decisionManager->addPolicy($permitPolicy);
126  $decisionManager->addPolicy($permitPolicy);
127  self::assertEquals(AUTHORIZATION_PERMIT, $decisionManager->decide());
128 
129  // deny overrides
130  // - permit policy
131  // - allow overrides
132  // -- deny policy
133  // -- deny policy
134  $decisionManager = new AuthorizationDecisionManager();
135  $decisionManager->addPolicy($permitPolicy);
136  $policySet = new PolicySet();
137  $policySet->addPolicy($denyPolicy);
138  $policySet->addPolicy($denyPolicy);
139  $decisionManager->addPolicy($policySet);
140  self::assertEquals(AUTHORIZATION_DENY, $decisionManager->decide());
141 
142  // deny overrides
143  // - permit policy
144  // - allow overrides
145  // -- deny policy
146  // -- permit policy
147  $decisionManager = new AuthorizationDecisionManager();
148  $decisionManager->addPolicy($permitPolicy);
149  $policySet = new PolicySet(COMBINING_PERMIT_OVERRIDES);
150  $policySet->addPolicy($denyPolicy);
151  $policySet->addPolicy($permitPolicy);
152  $decisionManager->addPolicy($policySet);
153  self::assertEquals(AUTHORIZATION_PERMIT, $decisionManager->decide());
154  }
155 
159  public function testCallOnDeny() {
160  // Create a policy with a call-on-deny advice.
161  $policy = $this->getMockBuilder(AuthorizationPolicy::class)
162  ->setMethods(array('callOnDeny'))
163  ->getMock();
164  $policy->expects($this->once())
165  ->method('callOnDeny')
166  ->will($this->returnCallback(array($this, 'mockCallOnDeny')));
167  $callOnDenyAdvice = array(
168  $policy,
169  'callOnDeny',
170  array('argument')
171  );
172  $policy->setAdvice(AUTHORIZATION_ADVICE_CALL_ON_DENY, $callOnDenyAdvice);
173 
174  // Configure and execute the decision manager.
175  $this->decisionManager->addPolicy($policy);
176  self::assertEquals(AUTHORIZATION_DENY, $this->decisionManager->decide());
177  }
178 
184  public function mockCallOnDeny($argument) {
185  // Test whether the argument was correctly passed
186  // on to this method.
187  self::assertEquals('argument', $argument);
188  }
189 }
190 
AuthorizationDecisionManagerTest\setUp
setUp()
Definition: AuthorizationDecisionManagerTest.php:24
PolicyTestCase\getAuthorizationContextManipulationPolicy
getAuthorizationContextManipulationPolicy()
Definition: PolicyTestCase.inc.php:67
AuthorizationDecisionManagerTest\testAuthorizationMessages
testAuthorizationMessages()
Definition: AuthorizationDecisionManagerTest.php:53
AuthorizationDecisionManagerTest\testAuthorizationContext
testAuthorizationContext()
Definition: AuthorizationDecisionManagerTest.php:86
AuthorizationPolicy
Class to represent an authorization policy.
Definition: AuthorizationPolicy.inc.php:31
AuthorizationDecisionManagerTest\testDecideIfNoPolicyApplies
testDecideIfNoPolicyApplies()
Definition: AuthorizationDecisionManagerTest.php:32
AuthorizationDecisionManager
A class that can take a list of authorization policies, apply them to the current authorization reque...
Definition: AuthorizationDecisionManager.inc.php:30
PolicyTestCase
Abstract base test class that provides infrastructure for several types of policy tests.
Definition: PolicyTestCase.inc.php:24
AuthorizationDecisionManagerTest\testDecide
testDecide()
Definition: AuthorizationDecisionManagerTest.php:102
AuthorizationDecisionManagerTest
Test class for the AuthorizationDecisionManager class.
Definition: AuthorizationDecisionManagerTest.php:21
AuthorizationDecisionManagerTest\mockCallOnDeny
mockCallOnDeny($argument)
Definition: AuthorizationDecisionManagerTest.php:184
PolicySet
An ordered list of policies. Policy sets can be added to decision managers like policies....
Definition: PolicySet.inc.php:26
AuthorizationDecisionManagerTest\testCallOnDeny
testCallOnDeny()
Definition: AuthorizationDecisionManagerTest.php:159