xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)
Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.
<root> / tests / rights.php (1d1fa012c72587935367561a845d3fbe80bd5bd1) (6,304B) (mode 100644) [raw]
<?php
error_reporting(E_ALL | E_STRICT);
ini_set("track_errors", "On");

$INC = dirname(__FILE__) . "/../inc";
require_once(dirname(__FILE__) . "/config.php");
require_once($INC . "/init.inc.php");
require_once($INC . "/rights.inc.php");

rg_log_set_file("rights.log");

require_once("common.php");

// Defaults
$rg_admin_email = "rg@embedromix.ro";

$type1_rights = array('d' => 'Delete', 'x' => 'XXX', 'y' => 'YYY',
	'a' => 'AAA', 'b' => 'BBB', 'c' => 'CCC',
	'A' => 'aaa', 'B' => 'bbb', 'C' => 'ccc');
rg_rights_register('type1', $type1_rights, "", "rg_repo_compare_refs", FALSE);

$sql = "DELETE FROM rights";
$res = rg_sql_query($db, $sql);
rg_sql_free_result($res);

rg_log('');
rg_log("test if combine works correctly (1)");
$a = "AF"; $b = "AD"; $e = "AFD";
$r = rg_rights_combine($a, $b);
if (strcmp($r, $e) != 0) {
	rg_log("Combine rights error1 ([$r] vs [$e])");
	exit(1);
}

rg_log('');
rg_log("test if combine works correctly (2)");
$a = ""; $b = ""; $e = "";
$r = rg_rights_combine($a, $b);
if (strcmp($r, $e) != 0) {
	rg_log("Combine rights error1 ([$r] vs [$e])");
	exit(1);
}

rg_log('');
rg_log("test if combine works correctly (3)");
$a = "AXUJUNFUUFU"; $b = ""; $e = $a;
$r = rg_rights_combine($a, $b);
if (strcmp($r, $e) != 0) {
	rg_log("Combine rights error1 ([$r] vs [$e])");
	exit(1);
}

rg_log('');
rg_log("testing mask...");
$a = "ABCDE"; $mask = "AEZ"; $e = "AE";
$r = rg_rights_mask($a, $mask);
if (strcmp($e, $e) != 0) {
	rg_log("mask is not working right [$r] != [$e]!");
	exit(1);
}

rg_log('');
rg_log("rights: testing 'test'...");
$rights = array(array("rights" => "ABC", "ip" => ""));
$needed_rights = "BCD";
$ip = "1.2.3.4";
$misc = '';
$r = rg_rights_test($rights, $needed_rights, $ip, $misc);
if ($r !== FALSE) {
	rg_log("allow is not working right!");
	exit(1);
}

rg_log('');
rg_log("rights: testing rg_rights_set...");
$a = array();
$a['right_id'] = 0;
$a['who'] = 90;
$a['obj_id'] = 333;
$a['uid'] = 200;
$a['rights'] = "abc";
$a['misc'] = "misc1/@USER@/";
$a['ip'] = "1.1.1.1 2.2.2.2 10.0.0.0/8";
$a['prio'] = 13;
$a['description'] = "desc1";
$r = rg_rights_set($db, "type1", $a);
if ($r !== TRUE) {
	rg_log("Seems I cannot set rights 1 (" . rg_rights_error() . ")");
	exit(1);
}
$b = $a;
$b['rights'] = "d"; $b['misc'] = "some_misc"; $b['prio'] = 14;
$r = rg_rights_set($db, "type1", $b);
if ($r !== TRUE) {
	rg_log("Seems I cannot set rights 2 (" . rg_rights_error() . ")");
	exit(1);
}
$b['rights'] = "E"; $b['misc'] = "some_other_misc"; $b['prio'] = 14;
$r = rg_rights_set($db, "type2", $b);
if ($r !== TRUE) {
	rg_log("Seems I cannot set rights 3 (" . rg_rights_error() . ")");
	exit(1);
}

rg_log('');
rg_log("Testing rg_rights_get...");
$right_id = 0;
$r = rg_rights_get($db, $a['obj_id'], "type1", $a['who'], $a['uid'], $right_id);
if (($r['ok'] !== 1) || empty($r['list'])
	|| (strcmp($r['list'][1]['rights'], "d") != 0)) {
	rg_log_ml("r: " . print_r($r, TRUE));
	rg_log("Seems I cannot get rights (" . rg_rights_error() . ")");
	exit (1);
}
// 'get' again, to see if cache works
$r = rg_rights_get($db, $a['obj_id'], "type1", $a['who'], $a['uid'], $right_id);
if (($r['ok'] !== 1) || empty($r['list'])
	|| (strcmp($r['list'][1]['rights'], "d") != 0)) {
	rg_log("Seems I cannot get rights (" . rg_rights_error() . ")");
	rg_log_ml("r: " . print_r($r, TRUE));
	exit(1);
}
$for_delete_list = $r['list'];

rg_log('');
rg_log("Testing allow with @USER@ token...");
$x = array();
$x['obj_id'] = $a['obj_id'];
$x['type'] = 'type1';
$x['owner'] = 90;
$x['uid'] = 200;
$x['username'] = 'user_gen';
$x['needed_rights'] = 'a';
$x['ip'] = '10.2.3.4';
$x['misc'] = 'misc1/user_gen/a';
$r = rg_rights_allow($db, $x);
if ($r === FALSE) {
	rg_log("We should have access because of @USER@");
	exit(1);
}


rg_log('');
rg_log('Testing if we can found out if anybody can fetch - deny');
$list = array();
$list[] = array('rights' => 'PH', 'ip' => '', 'misc' => '');
$list[] = array('rights' => '', 'ip' => '', 'misc' => '');
$list[] = array('rights' => 'F', 'ip' => '', 'misc' => '');
$needed_rights = 'F';
$ip = '1.2.3.4';
$misc = '';
$r = rg_rights_test($list, $needed_rights, $ip, $misc);
if ($r !== FALSE) {
	rg_log('We must not be allowed because rule 2 denies everything!');
	exit(1);
}


rg_log('');
rg_log('Testing if we can found out if anybody can fetch - allow');
$list = array();
$list[] = array('rights' => 'PH', 'ip' => '', 'misc' => '');
$list[] = array('rights' => 'F', 'ip' => '', 'misc' => '');
$needed_rights = 'F';
$ip = '1.2.3.4';
$misc = '';
$r = rg_rights_test($list, $needed_rights, $ip, $misc);
if ($r !== TRUE) {
	rg_log('We must be allowed because rule 2 allows fetch!');
	exit(1);
}


rg_log('');
rg_log("Testing delete_list...");
$list = array();
foreach ($for_delete_list as $junk => $i)
	$list[] = $i['right_id'];
$r = rg_rights_delete_list($db, "type1", $a['obj_id'], $list);
if ($r !== TRUE) {
	rg_log("We should be able to delete rights!");
	exit(1);
}
$right_id = 0;
$r = rg_rights_get($db, $a['obj_id'], "type1", $a['who'], $a['uid'], $right_id);
if (($r['ok'] !== 1) || (count($r['list']) > 0)) {
	print_r($r);
	rg_log("We should not have anymore type1 objects, after a delete.");
	exit (1);
}

rg_log('');
rg_log("Testing IP match part - test1");
$list = "1.2.3.4/24 10.0.0.0/8 fd00::/64"
	. " 1234:5678:aaaa:bbbb:cccc:dddd:eeee::/120"
	. " 2222::/24";
$r = rg_rights_test_ip($list, "1.2.3.5");
if ($r !== TRUE) {
	rg_log("ip test 1 failed");
	exit(1);
}
rg_log("Testing IP match part - test2");
$r = rg_rights_test_ip($list, "10.2.3.4");
if ($r !== TRUE) {
	rg_log("ip test 2 failed");
	exit(1);
}
rg_log("Testing IP match part - test3");
$r = rg_rights_test_ip($list, "fd00::3030:aaaa");
if ($r !== TRUE) {
	rg_log("ip test 3 failed");
	exit(1);
}
rg_log("Testing IP match part - test4a");
$r = rg_rights_test_ip($list, "1234:5678:aaaa:bbbb:cccc:dddd:eeee:44");
if ($r !== TRUE) {
	rg_log("ip test 4a failed");
	exit(1);
}
rg_log("Testing IP match part - test4b");
$r = rg_rights_test_ip($list, "1234:5678:aaaa:bbbb:cccc:dddd:eeee:3344");
if ($r === TRUE) {
	rg_log("ip test 4b failed");
	exit(1);
}
rg_log("Testing IP match part - test5");
$r = rg_rights_test_ip($list, "2222::5533");
if ($r !== TRUE) {
	rg_log("ip test 5 failed");
	exit(1);
}


rg_log("Finish");

// TODO: test if a user can read other rights

rg_log("OK!");
?>
Hints

Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:
... clone the repository ...
... make some changes and some commits ...
git push origin master