public function testRulesPrecedence()
{
$user = $this->mock("User");
$userAttributes = ["id" => 1, "email" => "admin@localhost", "name" => "Administrator", "created_at" => "2013-12-17 10:17:21", "updated_at" => "2013-12-17 10:17:21"];
$this->fillMock($user, $userAttributes);
$this->authority = app('authority');
$this->authority->setCurrentUser($this->user);
$this->authority->allow('read', 'User', function ($self, $user) {
return $user->id != 1;
// Should return false
});
$this->authority->allow('read', 'User', function ($self, $user) {
return $user->email != "admin@localhost";
// Should return false
});
$this->authority->allow('read', 'User', function ($self, $user) {
return $user->name != "Administrator";
// Should return false
});
$this->authority->allow('update', 'User');
$this->assertCan('update', 'User');
$this->assertCan('update', $user);
$this->assertCan('index', 'User');
// $user cannot view 'index' action if there is only 'allow' rules with conditions
$this->assertCannot('index', $user);
// $user can view 'index' action if there is above one 'allow' rule without conditions
$this->authority->allow('index', 'User');
$this->assertCan('index', $user);
// $user cannot view the 'index' action if there above one 'deny' rules with conditions
$this->authority->deny('read', 'User', function ($self, $user) {
return $user->name == "Administrator";
// Should return true
});
$this->assertCannot('index', $user);
// Deny rule is overrided by allow rule
$this->authority->allow('index', 'User');
$this->assertCan('index', $user);
// $user cannot view the 'index' action if there above one 'deny' rules without conditions
$this->authority->deny('index', 'User');
$this->assertCannot('index', $user);
}