public function testPredefinedRoles($roleId, $allowed)
{
if (static::isSkippedFunctionalTest()) {
$this->markTestSkipped();
}
$acl = \Scalr::getContainer()->acl;
$role = $acl->getRole($roleId);
$this->assertInstanceOf('Scalr\\Acl\\Role\\RoleObject', $role);
$this->assertNotEmpty($role->getName(), 'Role name must be defined');
$this->assertEquals($roleId, $role->getRoleId());
$roleResources = $role->getResources();
$this->assertInstanceOf('ArrayObject', $roleResources);
/* @var $resourceDefinition Resource\ResourceObject */
foreach (Resource\Definition::getAll() as $resourceId => $resourceDefinition) {
// Absence of the record is considered as forbidden
if (!$allowed && !isset($roleResources[$resourceId])) {
continue;
}
$this->assertTrue(isset($roleResources[$resourceId]), sprintf('All resources must be defined for the %s role. ' . 'You should add records to the acl_role_resources table with role_id(%d)', $role->getName(), self::ROLE_FULL_ACCESS));
/* @var $resource Role\RoleResourceObject */
$resource = $roleResources[$resourceId];
$this->assertTrue($resource->isGranted() == $allowed, sprintf('%s resource must be %s for the %s role', $resourceDefinition->getName(), $allowed ? 'allowed' : 'forbidden', $role->getName()));
$permissions = $resource->getPermissions();
$this->assertInstanceOf('ArrayObject', $permissions);
foreach ($resourceDefinition->getPermissions() as $permissionId => $description) {
// Absence of the record is considered as forbidden
if (!$allowed && !isset($permissions[$permissionId])) {
continue;
}
$this->assertTrue(isset($permissions[$permissionId]), sprintf('Permission [%s - %s] must be defined for the %s role. ' . 'You should add record to the acl_role_resource_permission table with ' . 'key (role_id[%d], resource_id[0x%x], perm_id[%s]).', $resourceDefinition->getName(), $permissionId, $role->getName(), $role->getRoleId(), $resource->getResourceId(), $permissionId));
/* @var $permission Role\RoleResourcePermissionObject */
$permission = $permissions[$permissionId];
$this->assertInstanceOf('Scalr\\Acl\\Role\\RoleResourcePermissionObject', $permission);
$this->assertTrue($permission->isGranted() == $allowed, sprintf('Permission [%s - %s] must be %s for the %s role.', $resourceDefinition->getName(), $permissionId, $allowed ? 'allowed' : 'forbidden', $role->getName()));
}
}
}