mirror of
https://github.com/pelican-dev/panel.git
synced 2026-05-04 18:00:48 +03:00
Refactor subuser permissions (#1961)
Co-authored-by: RMartinOscar <40749467+RMartinOscar@users.noreply.github.com>
This commit is contained in:
Boy132
@@ -1,8 +1,8 @@
|
||||
<?php
|
||||
|
||||
use App\Enums\ServerState;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Controllers\Api\Client\Servers\SettingsController;
|
||||
use App\Models\Permission;
|
||||
use App\Repositories\Daemon\DaemonServerRepository;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
@@ -11,7 +11,7 @@ pest()->group('API');
|
||||
covers(SettingsController::class);
|
||||
|
||||
it('server name cannot be changed', function () {
|
||||
[$user, $server] = generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
|
||||
[$user, $server] = generateTestAccount([SubuserPermission::WebsocketConnect]);
|
||||
$originalName = $server->name;
|
||||
|
||||
$this->actingAs($user)
|
||||
@@ -26,7 +26,7 @@ it('server name cannot be changed', function () {
|
||||
});
|
||||
|
||||
it('server description can be changed', function () {
|
||||
[$user, $server] = generateTestAccount([Permission::ACTION_SETTINGS_DESCRIPTION]);
|
||||
[$user, $server] = generateTestAccount([SubuserPermission::SettingsDescription]);
|
||||
$originalDescription = $server->description;
|
||||
|
||||
$newDescription = 'Test Server Description';
|
||||
@@ -45,7 +45,7 @@ it('server description can be changed', function () {
|
||||
});
|
||||
|
||||
it('server description cannot be changed', function () {
|
||||
[$user, $server] = generateTestAccount([Permission::ACTION_SETTINGS_DESCRIPTION]);
|
||||
[$user, $server] = generateTestAccount([SubuserPermission::SettingsDescription]);
|
||||
Config::set('panel.editable_server_descriptions', false);
|
||||
$originalDescription = $server->description;
|
||||
|
||||
@@ -61,7 +61,7 @@ it('server description cannot be changed', function () {
|
||||
});
|
||||
|
||||
it('server name can be changed', function () {
|
||||
[$user, $server] = generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT, Permission::ACTION_SETTINGS_RENAME]);
|
||||
[$user, $server] = generateTestAccount([SubuserPermission::WebsocketConnect, SubuserPermission::SettingsRename]);
|
||||
$originalName = $server->name;
|
||||
|
||||
$this->actingAs($user)
|
||||
@@ -76,7 +76,7 @@ it('server name can be changed', function () {
|
||||
});
|
||||
|
||||
test('unauthorized user cannot change docker image in use by server', function () {
|
||||
[$user, $server] = generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
|
||||
[$user, $server] = generateTestAccount([SubuserPermission::WebsocketConnect]);
|
||||
$originalImage = $server->image;
|
||||
|
||||
$this->actingAs($user)
|
||||
@@ -92,7 +92,7 @@ test('unauthorized user cannot change docker image in use by server', function (
|
||||
|
||||
test('cannot change docker image to image not allowed by egg', function () {
|
||||
|
||||
[$user, $server] = generateTestAccount([Permission::ACTION_STARTUP_DOCKER_IMAGE]);
|
||||
[$user, $server] = generateTestAccount([SubuserPermission::StartupDockerImage]);
|
||||
$server->image = 'ghcr.io/pelican-eggs/yolks:java_17';
|
||||
$server->save();
|
||||
|
||||
@@ -112,7 +112,7 @@ test('cannot change docker image to image not allowed by egg', function () {
|
||||
});
|
||||
|
||||
test('can change docker image in use by server', function () {
|
||||
[$user, $server] = generateTestAccount([Permission::ACTION_STARTUP_DOCKER_IMAGE]);
|
||||
[$user, $server] = generateTestAccount([SubuserPermission::StartupDockerImage]);
|
||||
$oldImage = 'ghcr.io/pelican-eggs/yolks:java_17';
|
||||
$server->image = $oldImage;
|
||||
$server->save();
|
||||
@@ -135,7 +135,7 @@ test('can change docker image in use by server', function () {
|
||||
});
|
||||
|
||||
test('unable to change the docker image set by administrator', function () {
|
||||
[$user, $server] = generateTestAccount([Permission::ACTION_STARTUP_DOCKER_IMAGE]);
|
||||
[$user, $server] = generateTestAccount([SubuserPermission::StartupDockerImage]);
|
||||
$oldImage = 'ghcr.io/pelican-eggs/yolks:java_custom';
|
||||
$server->image = $oldImage;
|
||||
$server->save();
|
||||
@@ -155,7 +155,7 @@ test('unable to change the docker image set by administrator', function () {
|
||||
});
|
||||
|
||||
test('can be reinstalled', function () {
|
||||
[$user, $server] = generateTestAccount([Permission::ACTION_SETTINGS_REINSTALL]);
|
||||
[$user, $server] = generateTestAccount([SubuserPermission::SettingsReinstall]);
|
||||
expect($server->isInstalled())->toBeTrue();
|
||||
|
||||
$service = \Mockery::mock(DaemonServerRepository::class);
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
use App\Enums\RolePermissionModels;
|
||||
use App\Filament\Admin\Resources\Eggs\Pages\ListEggs;
|
||||
use App\Models\Egg;
|
||||
use App\Models\Permission;
|
||||
use App\Models\Role;
|
||||
|
||||
use function Pest\Livewire\livewire;
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
use App\Enums\RolePermissionModels;
|
||||
use App\Filament\Admin\Resources\Nodes\Pages\ListNodes;
|
||||
use App\Models\Node;
|
||||
use App\Models\Permission;
|
||||
use App\Models\Role;
|
||||
use App\Models\Server;
|
||||
use Filament\Actions\CreateAction;
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Models\Allocation;
|
||||
use App\Models\Permission;
|
||||
use App\Models\Role;
|
||||
use App\Models\Server;
|
||||
use App\Models\Subuser;
|
||||
@@ -158,7 +158,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
|
||||
Subuser::query()->create([
|
||||
'user_id' => $users[0]->id,
|
||||
'server_id' => $servers[1]->id,
|
||||
'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],
|
||||
'permissions' => [SubuserPermission::WebsocketConnect->value],
|
||||
]);
|
||||
|
||||
$response = $this->actingAs($users[0])->getJson('/api/client');
|
||||
@@ -189,7 +189,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
|
||||
Subuser::query()->create([
|
||||
'user_id' => $users[0]->id,
|
||||
'server_id' => $servers[1]->id,
|
||||
'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],
|
||||
'permissions' => [SubuserPermission::WebsocketConnect],
|
||||
]);
|
||||
|
||||
$response = $this->actingAs($users[0])->getJson('/api/client?type=owner');
|
||||
@@ -214,7 +214,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
|
||||
->assertJson([
|
||||
'object' => 'system_permissions',
|
||||
'attributes' => [
|
||||
'permissions' => Permission::permissions()->toArray(),
|
||||
'permissions' => Subuser::allPermissionKeys(),
|
||||
],
|
||||
]);
|
||||
}
|
||||
@@ -239,7 +239,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
|
||||
Subuser::query()->create([
|
||||
'user_id' => $users[0]->id,
|
||||
'server_id' => $servers[1]->id,
|
||||
'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],
|
||||
'permissions' => [SubuserPermission::WebsocketConnect->value],
|
||||
]);
|
||||
|
||||
// Only servers 2 & 3 (0 indexed) should be returned by the API at this point. The user making
|
||||
@@ -274,7 +274,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
|
||||
Subuser::query()->create([
|
||||
'user_id' => $users[0]->id,
|
||||
'server_id' => $servers[1]->id,
|
||||
'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],
|
||||
'permissions' => [SubuserPermission::WebsocketConnect->value],
|
||||
]);
|
||||
|
||||
// All servers should be returned.
|
||||
@@ -311,7 +311,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
|
||||
public function test_only_primary_allocation_is_returned_to_subuser(): void
|
||||
{
|
||||
/** @var \App\Models\Server $server */
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
|
||||
$server->allocation->notes = 'Test notes';
|
||||
$server->allocation->save();
|
||||
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server\Allocation;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Models\Allocation;
|
||||
use App\Models\Permission;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
use Illuminate\Http\Response;
|
||||
use PHPUnit\Framework\Attributes\DataProvider;
|
||||
@@ -48,7 +48,7 @@ class CreateNewAllocationTest extends ClientApiIntegrationTestCase
|
||||
public function test_allocation_cannot_be_created_if_user_does_not_have_permission(): void
|
||||
{
|
||||
/** @var \App\Models\Server $server */
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_ALLOCATION_UPDATE]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::AllocationUpdate]);
|
||||
$server->update(['allocation_limit' => 2]);
|
||||
|
||||
$this->actingAs($user)->postJson($this->link($server, '/network/allocations'))->assertForbidden();
|
||||
@@ -88,6 +88,6 @@ class CreateNewAllocationTest extends ClientApiIntegrationTestCase
|
||||
|
||||
public static function permissionDataProvider(): array
|
||||
{
|
||||
return [[[Permission::ACTION_ALLOCATION_CREATE]], [[]]];
|
||||
return [[[SubuserPermission::AllocationCreate]], [[]]];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server\Allocation;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Models\Allocation;
|
||||
use App\Models\Permission;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
use Illuminate\Http\Response;
|
||||
use PHPUnit\Framework\Attributes\DataProvider;
|
||||
@@ -56,7 +56,7 @@ class DeleteAllocationTest extends ClientApiIntegrationTestCase
|
||||
public function test_error_is_returned_if_user_does_not_have_permission(): void
|
||||
{
|
||||
/** @var \App\Models\Server $server */
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_ALLOCATION_CREATE]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::AllocationCreate]);
|
||||
|
||||
/** @var \App\Models\Allocation $allocation */
|
||||
$allocation = Allocation::factory()->create([
|
||||
@@ -101,6 +101,6 @@ class DeleteAllocationTest extends ClientApiIntegrationTestCase
|
||||
|
||||
public static function permissionDataProvider(): array
|
||||
{
|
||||
return [[[Permission::ACTION_ALLOCATION_DELETE]], [[]]];
|
||||
return [[[SubuserPermission::AllocationDelete]], [[]]];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,9 +2,9 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server\Backup;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Events\ActivityLogged;
|
||||
use App\Models\Backup;
|
||||
use App\Models\Permission;
|
||||
use App\Repositories\Daemon\DaemonBackupRepository;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
use Illuminate\Http\Response;
|
||||
@@ -24,7 +24,7 @@ class DeleteBackupTest extends ClientApiIntegrationTestCase
|
||||
|
||||
public function test_user_without_permission_cannot_delete_backup(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_BACKUP_CREATE]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::BackupCreate]);
|
||||
|
||||
$backup = Backup::factory()->create(['server_id' => $server->id]);
|
||||
|
||||
@@ -41,7 +41,7 @@ class DeleteBackupTest extends ClientApiIntegrationTestCase
|
||||
{
|
||||
Event::fake([ActivityLogged::class]);
|
||||
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_BACKUP_DELETE]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::BackupDelete]);
|
||||
|
||||
/** @var \App\Models\Backup $backup */
|
||||
$backup = Backup::factory()->create(['server_id' => $server->id]);
|
||||
|
||||
@@ -2,9 +2,9 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Http\Controllers\Api\Client\Servers\CommandController;
|
||||
use App\Http\Requests\Api\Client\Servers\SendCommandRequest;
|
||||
use App\Models\Permission;
|
||||
use App\Models\Server;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
use GuzzleHttp\Exception\BadResponseException;
|
||||
@@ -38,7 +38,7 @@ class CommandControllerTest extends ClientApiIntegrationTestCase
|
||||
*/
|
||||
public function test_subuser_without_permission_receives_error(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
|
||||
|
||||
$response = $this->actingAs($user)->postJson("/api/client/servers/$server->uuid/command", [
|
||||
'command' => 'say Test',
|
||||
@@ -52,7 +52,7 @@ class CommandControllerTest extends ClientApiIntegrationTestCase
|
||||
*/
|
||||
public function test_command_can_send_to_server(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_CONTROL_CONSOLE]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::ControlConsole]);
|
||||
|
||||
$server = \Mockery::mock($server)->makePartial();
|
||||
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Models\Allocation;
|
||||
use App\Models\Permission;
|
||||
use App\Models\User;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
use Illuminate\Http\Response;
|
||||
@@ -41,7 +41,7 @@ class NetworkAllocationControllerTest extends ClientApiIntegrationTestCase
|
||||
$this->actingAs($user)->getJson($this->link($server, '/network/allocations'))
|
||||
->assertNotFound();
|
||||
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_ALLOCATION_CREATE]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::AllocationCreate]);
|
||||
|
||||
$this->actingAs($user)->getJson($this->link($server, '/network/allocations'))
|
||||
->assertForbidden();
|
||||
@@ -91,7 +91,7 @@ class NetworkAllocationControllerTest extends ClientApiIntegrationTestCase
|
||||
|
||||
$this->actingAs($user)->postJson($this->link($server->allocation))->assertNotFound();
|
||||
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_ALLOCATION_CREATE]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::AllocationCreate]);
|
||||
|
||||
$this->actingAs($user)->postJson($this->link($server->allocation))->assertForbidden();
|
||||
}
|
||||
@@ -125,7 +125,7 @@ class NetworkAllocationControllerTest extends ClientApiIntegrationTestCase
|
||||
$this->actingAs($user)->postJson($this->link($server->allocation, '/primary'))
|
||||
->assertNotFound();
|
||||
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_ALLOCATION_CREATE]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::AllocationCreate]);
|
||||
|
||||
$this->actingAs($user)->postJson($this->link($server->allocation, '/primary'))
|
||||
->assertForbidden();
|
||||
@@ -133,6 +133,6 @@ class NetworkAllocationControllerTest extends ClientApiIntegrationTestCase
|
||||
|
||||
public static function updatePermissionsDataProvider(): array
|
||||
{
|
||||
return [[[]], [[Permission::ACTION_ALLOCATION_UPDATE]]];
|
||||
return [[[]], [[SubuserPermission::AllocationUpdate]]];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Repositories\Daemon\DaemonServerRepository;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
use Illuminate\Http\Response;
|
||||
@@ -15,7 +15,7 @@ class PowerControllerTest extends ClientApiIntegrationTestCase
|
||||
* an error in response. This checks against the specific permission needed to send
|
||||
* the command to the server.
|
||||
*
|
||||
* @param string[] $permissions
|
||||
* @param array<string|SubuserPermission> $permissions
|
||||
*/
|
||||
#[DataProvider('invalidPermissionDataProvider')]
|
||||
public function test_subuser_without_permissions_receives_error(string $action, array $permissions): void
|
||||
@@ -47,7 +47,7 @@ class PowerControllerTest extends ClientApiIntegrationTestCase
|
||||
* Test that sending a valid power actions works.
|
||||
*/
|
||||
#[DataProvider('validPowerActionDataProvider')]
|
||||
public function test_action_can_be_sent_to_server(string $action, string $permission): void
|
||||
public function test_action_can_be_sent_to_server(string $action, string|SubuserPermission $permission): void
|
||||
{
|
||||
$service = \Mockery::mock(DaemonServerRepository::class);
|
||||
$this->app->instance(DaemonServerRepository::class, $service);
|
||||
@@ -74,25 +74,25 @@ class PowerControllerTest extends ClientApiIntegrationTestCase
|
||||
public static function invalidPermissionDataProvider(): array
|
||||
{
|
||||
return [
|
||||
['start', [Permission::ACTION_CONTROL_STOP, Permission::ACTION_CONTROL_RESTART]],
|
||||
['stop', [Permission::ACTION_CONTROL_START]],
|
||||
['kill', [Permission::ACTION_CONTROL_START, Permission::ACTION_CONTROL_RESTART]],
|
||||
['restart', [Permission::ACTION_CONTROL_STOP, Permission::ACTION_CONTROL_START]],
|
||||
['random', [Permission::ACTION_CONTROL_START]],
|
||||
['start', [SubuserPermission::ControlStop, SubuserPermission::ControlRestart]],
|
||||
['stop', [SubuserPermission::ControlStart]],
|
||||
['kill', [SubuserPermission::ControlStart, SubuserPermission::ControlRestart]],
|
||||
['restart', [SubuserPermission::ControlStop, SubuserPermission::ControlStart]],
|
||||
['random', [SubuserPermission::ControlStart]],
|
||||
];
|
||||
}
|
||||
|
||||
public static function validPowerActionDataProvider(): array
|
||||
{
|
||||
return [
|
||||
['start', Permission::ACTION_CONTROL_START],
|
||||
['stop', Permission::ACTION_CONTROL_STOP],
|
||||
['restart', Permission::ACTION_CONTROL_RESTART],
|
||||
['kill', Permission::ACTION_CONTROL_STOP],
|
||||
['start', SubuserPermission::ControlStart],
|
||||
['stop', SubuserPermission::ControlStop],
|
||||
['restart', SubuserPermission::ControlRestart],
|
||||
['kill', SubuserPermission::ControlStop],
|
||||
// Yes, these spaces are intentional. You should be able to send values with or without
|
||||
// a space on the start/end since we should be trimming the values.
|
||||
[' restart', Permission::ACTION_CONTROL_RESTART],
|
||||
['kill ', Permission::ACTION_CONTROL_STOP],
|
||||
[' restart', SubuserPermission::ControlRestart],
|
||||
['kill ', SubuserPermission::ControlStop],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Repositories\Daemon\DaemonServerRepository;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
|
||||
@@ -16,7 +16,7 @@ class ResourceUtilizationControllerTest extends ClientApiIntegrationTestCase
|
||||
$service = \Mockery::mock(DaemonServerRepository::class);
|
||||
$this->app->instance(DaemonServerRepository::class, $service);
|
||||
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
|
||||
|
||||
$service->expects('setServer')->with(\Mockery::on(function ($value) use ($server) {
|
||||
return $server->uuid === $value->uuid;
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server\Schedule;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Models\Schedule;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
use Illuminate\Http\Response;
|
||||
@@ -83,7 +83,7 @@ class CreateServerScheduleTest extends ClientApiIntegrationTestCase
|
||||
*/
|
||||
public function test_subuser_cannot_create_schedule_without_permissions(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_UPDATE]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::ScheduleUpdate]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->postJson("/api/client/servers/$server->uuid/schedules", [])
|
||||
@@ -92,6 +92,6 @@ class CreateServerScheduleTest extends ClientApiIntegrationTestCase
|
||||
|
||||
public static function permissionsDataProvider(): array
|
||||
{
|
||||
return [[[]], [[Permission::ACTION_SCHEDULE_CREATE]]];
|
||||
return [[[]], [[SubuserPermission::ScheduleCreate]]];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server\Schedule;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Models\Schedule;
|
||||
use App\Models\Task;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
@@ -66,7 +66,7 @@ class DeleteServerScheduleTest extends ClientApiIntegrationTestCase
|
||||
*/
|
||||
public function test_error_is_returned_if_subuser_does_not_have_required_permissions(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_UPDATE]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::ScheduleUpdate]);
|
||||
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
|
||||
@@ -79,6 +79,6 @@ class DeleteServerScheduleTest extends ClientApiIntegrationTestCase
|
||||
|
||||
public static function permissionsDataProvider(): array
|
||||
{
|
||||
return [[[]], [[Permission::ACTION_SCHEDULE_DELETE]]];
|
||||
return [[[]], [[SubuserPermission::ScheduleDelete]]];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server\Schedule;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Jobs\Schedule\RunTaskJob;
|
||||
use App\Models\Permission;
|
||||
use App\Models\Schedule;
|
||||
use App\Models\Task;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
@@ -56,7 +56,7 @@ class ExecuteScheduleTest extends ClientApiIntegrationTestCase
|
||||
*/
|
||||
public function test_user_without_schedule_update_permission_cannot_execute(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_CREATE]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::ScheduleCreate]);
|
||||
|
||||
/** @var \App\Models\Schedule $schedule */
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
@@ -66,6 +66,6 @@ class ExecuteScheduleTest extends ClientApiIntegrationTestCase
|
||||
|
||||
public static function permissionsDataProvider(): array
|
||||
{
|
||||
return [[[]], [[Permission::ACTION_SCHEDULE_UPDATE]]];
|
||||
return [[[]], [[SubuserPermission::ScheduleUpdate]]];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server\Schedule;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Models\Schedule;
|
||||
use App\Models\Task;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
@@ -76,7 +76,7 @@ class GetServerSchedulesTest extends ClientApiIntegrationTestCase
|
||||
*/
|
||||
public function test_user_without_permission_cannot_view_schedules(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->getJson("/api/client/servers/$server->uuid/schedules")
|
||||
@@ -94,8 +94,8 @@ class GetServerSchedulesTest extends ClientApiIntegrationTestCase
|
||||
return [
|
||||
[[], false],
|
||||
[[], true],
|
||||
[[Permission::ACTION_SCHEDULE_READ], false],
|
||||
[[Permission::ACTION_SCHEDULE_READ], true],
|
||||
[[SubuserPermission::ScheduleRead], false],
|
||||
[[SubuserPermission::ScheduleRead], true],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server\Schedule;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Helpers\Utilities;
|
||||
use App\Models\Permission;
|
||||
use App\Models\Schedule;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
use PHPUnit\Framework\Attributes\DataProvider;
|
||||
@@ -70,7 +70,7 @@ class UpdateServerScheduleTest extends ClientApiIntegrationTestCase
|
||||
*/
|
||||
public function test_error_is_returned_if_subuser_does_not_have_permission_to_modify_schedule(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_CREATE]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::ScheduleCreate]);
|
||||
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
|
||||
@@ -109,6 +109,6 @@ class UpdateServerScheduleTest extends ClientApiIntegrationTestCase
|
||||
|
||||
public static function permissionsDataProvider(): array
|
||||
{
|
||||
return [[[]], [[Permission::ACTION_SCHEDULE_UPDATE]]];
|
||||
return [[[]], [[SubuserPermission::ScheduleUpdate]]];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server\ScheduleTask;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Models\Schedule;
|
||||
use App\Models\Task;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
@@ -160,7 +160,7 @@ class CreateServerScheduleTaskTest extends ClientApiIntegrationTestCase
|
||||
*/
|
||||
public function test_error_is_returned_if_subuser_does_not_have_schedule_update_permissions(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_CREATE]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::ScheduleCreate]);
|
||||
|
||||
/** @var \App\Models\Schedule $schedule */
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
@@ -172,6 +172,6 @@ class CreateServerScheduleTaskTest extends ClientApiIntegrationTestCase
|
||||
|
||||
public static function permissionsDataProvider(): array
|
||||
{
|
||||
return [[[]], [[Permission::ACTION_SCHEDULE_UPDATE]]];
|
||||
return [[[]], [[SubuserPermission::ScheduleUpdate]]];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server\ScheduleTask;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Models\Schedule;
|
||||
use App\Models\Task;
|
||||
use App\Models\User;
|
||||
@@ -45,7 +45,7 @@ class DeleteScheduleTaskTest extends ClientApiIntegrationTestCase
|
||||
*/
|
||||
public function test_user_without_permission_returns_error(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_CREATE]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::ScheduleCreate]);
|
||||
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
$task = Task::factory()->create(['schedule_id' => $schedule->id]);
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
namespace App\Tests\Integration\Api\Client\Server;
|
||||
|
||||
use App\Enums\ServerState;
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Models\Server;
|
||||
use App\Repositories\Daemon\DaemonServerRepository;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
@@ -48,7 +48,7 @@ class SettingsControllerTest extends ClientApiIntegrationTestCase
|
||||
*/
|
||||
public function test_subuser_cannot_change_server_name_without_permission(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
|
||||
$originalName = $server->name;
|
||||
|
||||
$this->actingAs($user)
|
||||
@@ -97,7 +97,7 @@ class SettingsControllerTest extends ClientApiIntegrationTestCase
|
||||
*/
|
||||
public function test_subuser_cannot_reinstall_server_without_permission(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->postJson("/api/client/servers/$server->uuid/settings/reinstall")
|
||||
@@ -109,11 +109,11 @@ class SettingsControllerTest extends ClientApiIntegrationTestCase
|
||||
|
||||
public static function renamePermissionsDataProvider(): array
|
||||
{
|
||||
return [[[]], [[Permission::ACTION_SETTINGS_RENAME]]];
|
||||
return [[[]], [[SubuserPermission::SettingsRename]]];
|
||||
}
|
||||
|
||||
public static function reinstallPermissionsDataProvider(): array
|
||||
{
|
||||
return [[[]], [[Permission::ACTION_SETTINGS_REINSTALL]]];
|
||||
return [[[]], [[SubuserPermission::SettingsReinstall]]];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server\Startup;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Models\EggVariable;
|
||||
use App\Models\Permission;
|
||||
use App\Models\User;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
use PHPUnit\Framework\Attributes\DataProvider;
|
||||
@@ -51,7 +51,7 @@ class GetStartupAndVariablesTest extends ClientApiIntegrationTestCase
|
||||
*/
|
||||
public function test_startup_data_is_not_returned_without_permission(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
|
||||
$this->actingAs($user)->getJson($this->link($server) . '/startup')->assertForbidden();
|
||||
|
||||
$user2 = User::factory()->create();
|
||||
@@ -60,6 +60,6 @@ class GetStartupAndVariablesTest extends ClientApiIntegrationTestCase
|
||||
|
||||
public static function permissionsDataProvider(): array
|
||||
{
|
||||
return [[[]], [[Permission::ACTION_STARTUP_READ]]];
|
||||
return [[[]], [[SubuserPermission::StartupRead]]];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server\Startup;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Models\EggVariable;
|
||||
use App\Models\Permission;
|
||||
use App\Models\User;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
use Illuminate\Http\Response;
|
||||
@@ -139,7 +139,7 @@ class UpdateStartupVariableTest extends ClientApiIntegrationTestCase
|
||||
*/
|
||||
public function test_startup_variable_cannot_be_updated_if_not_user_viewable(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
|
||||
$this->actingAs($user)->putJson($this->link($server) . '/startup/variable')->assertForbidden();
|
||||
|
||||
$user2 = User::factory()->create();
|
||||
@@ -148,6 +148,6 @@ class UpdateStartupVariableTest extends ClientApiIntegrationTestCase
|
||||
|
||||
public static function permissionsDataProvider(): array
|
||||
{
|
||||
return [[[]], [[Permission::ACTION_STARTUP_UPDATE]]];
|
||||
return [[[]], [[SubuserPermission::StartupUpdate]]];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server\Subuser;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Models\Subuser;
|
||||
use App\Models\User;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
@@ -26,7 +26,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
|
||||
'email' => $email = $this->faker->email(),
|
||||
'permissions' => [
|
||||
Permission::ACTION_USER_CREATE,
|
||||
SubuserPermission::UserCreate->value,
|
||||
],
|
||||
]);
|
||||
|
||||
@@ -38,8 +38,8 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
|
||||
$response->assertJsonPath('object', Subuser::RESOURCE_NAME);
|
||||
$response->assertJsonPath('attributes.uuid', $subuser->uuid);
|
||||
$response->assertJsonPath('attributes.permissions', [
|
||||
Permission::ACTION_USER_CREATE,
|
||||
Permission::ACTION_WEBSOCKET_CONNECT,
|
||||
SubuserPermission::UserCreate->value,
|
||||
SubuserPermission::WebsocketConnect->value,
|
||||
]);
|
||||
|
||||
$expected = $response->json('attributes');
|
||||
@@ -55,16 +55,16 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
|
||||
public function test_error_is_returned_if_assigning_permissions_not_assigned_to_self(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([
|
||||
Permission::ACTION_USER_CREATE,
|
||||
Permission::ACTION_USER_READ,
|
||||
Permission::ACTION_CONTROL_CONSOLE,
|
||||
SubuserPermission::UserCreate,
|
||||
SubuserPermission::UserRead,
|
||||
SubuserPermission::ControlConsole,
|
||||
]);
|
||||
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
|
||||
'email' => $this->faker->email(),
|
||||
'permissions' => [
|
||||
Permission::ACTION_USER_CREATE,
|
||||
Permission::ACTION_USER_UPDATE, // This permission is not assigned to the subuser.
|
||||
SubuserPermission::UserCreate->value,
|
||||
SubuserPermission::UserUpdate->value, // This permission is not assigned to the subuser.
|
||||
],
|
||||
]);
|
||||
|
||||
@@ -85,7 +85,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
|
||||
'email' => $email,
|
||||
'permissions' => [
|
||||
Permission::ACTION_USER_CREATE,
|
||||
SubuserPermission::UserCreate->value,
|
||||
],
|
||||
]);
|
||||
|
||||
@@ -94,7 +94,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
|
||||
'email' => $email . '.au',
|
||||
'permissions' => [
|
||||
Permission::ACTION_USER_CREATE,
|
||||
SubuserPermission::UserCreate->value,
|
||||
],
|
||||
]);
|
||||
|
||||
@@ -117,7 +117,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
|
||||
'email' => $existing->email,
|
||||
'permissions' => [
|
||||
Permission::ACTION_USER_CREATE,
|
||||
SubuserPermission::UserCreate->value,
|
||||
],
|
||||
]);
|
||||
|
||||
@@ -137,7 +137,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
|
||||
'email' => $email = $this->faker->email(),
|
||||
'permissions' => [
|
||||
Permission::ACTION_USER_CREATE,
|
||||
SubuserPermission::UserCreate->value,
|
||||
],
|
||||
]);
|
||||
|
||||
@@ -146,7 +146,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
|
||||
'email' => $email,
|
||||
'permissions' => [
|
||||
Permission::ACTION_USER_CREATE,
|
||||
SubuserPermission::UserCreate->value,
|
||||
],
|
||||
]);
|
||||
|
||||
@@ -157,6 +157,6 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
|
||||
|
||||
public static function permissionsDataProvider(): array
|
||||
{
|
||||
return [[[]], [[Permission::ACTION_USER_CREATE]]];
|
||||
return [[[]], [[SubuserPermission::UserCreate]]];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server\Subuser;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Models\Subuser;
|
||||
use App\Models\User;
|
||||
use App\Repositories\Daemon\DaemonServerRepository;
|
||||
@@ -39,7 +39,7 @@ class DeleteSubuserTest extends ClientApiIntegrationTestCase
|
||||
Subuser::query()->forceCreate([
|
||||
'user_id' => $subuser->id,
|
||||
'server_id' => $server->id,
|
||||
'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],
|
||||
'permissions' => [SubuserPermission::WebsocketConnect],
|
||||
]);
|
||||
|
||||
$mock->expects('setServer->revokeUserJTI')->with($subuser->id)->andReturnUndefined();
|
||||
@@ -55,7 +55,7 @@ class DeleteSubuserTest extends ClientApiIntegrationTestCase
|
||||
Subuser::query()->forceCreate([
|
||||
'user_id' => $subuser->id,
|
||||
'server_id' => $server->id,
|
||||
'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],
|
||||
'permissions' => [SubuserPermission::WebsocketConnect],
|
||||
]);
|
||||
|
||||
$mock->expects('setServer->revokeUserJTI')->with($subuser->id)->andReturnUndefined();
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server\Subuser;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Models\Subuser;
|
||||
use App\Models\User;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
@@ -43,9 +43,9 @@ class UpdateSubuserTest extends ClientApiIntegrationTestCase
|
||||
|
||||
$server->subusers()->where('user_id', $user->id)->update([
|
||||
'permissions' => [
|
||||
Permission::ACTION_USER_UPDATE,
|
||||
Permission::ACTION_CONTROL_START,
|
||||
Permission::ACTION_CONTROL_STOP,
|
||||
SubuserPermission::UserUpdate,
|
||||
SubuserPermission::ControlStart,
|
||||
SubuserPermission::ControlStop,
|
||||
],
|
||||
]);
|
||||
|
||||
@@ -95,7 +95,7 @@ class UpdateSubuserTest extends ClientApiIntegrationTestCase
|
||||
*/
|
||||
public function test_user_cannot_assign_permissions_they_do_not_have(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_USER_READ, Permission::ACTION_USER_UPDATE]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::UserRead, SubuserPermission::UserUpdate]);
|
||||
|
||||
$subuser = Subuser::factory()
|
||||
->for(User::factory()->create())
|
||||
@@ -104,7 +104,7 @@ class UpdateSubuserTest extends ClientApiIntegrationTestCase
|
||||
|
||||
$this->actingAs($user)
|
||||
->postJson("/api/client/servers/$server->uuid/users/{$subuser->user->uuid}", [
|
||||
'permissions' => [Permission::ACTION_USER_READ, Permission::ACTION_CONTROL_CONSOLE],
|
||||
'permissions' => [SubuserPermission::UserRead, SubuserPermission::ControlConsole],
|
||||
])
|
||||
->assertForbidden();
|
||||
|
||||
@@ -116,7 +116,7 @@ class UpdateSubuserTest extends ClientApiIntegrationTestCase
|
||||
*/
|
||||
public function test_user_cannot_update_self(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_USER_READ, Permission::ACTION_USER_UPDATE]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::UserRead, SubuserPermission::UserUpdate]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->postJson("/api/client/servers/$server->uuid/users/$user->uuid", [])
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace App\Tests\Integration\Api\Client\Server;
|
||||
|
||||
use App\Models\Permission;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
use Carbon\CarbonImmutable;
|
||||
use Illuminate\Http\Response;
|
||||
@@ -16,7 +16,7 @@ class WebsocketControllerTest extends ClientApiIntegrationTestCase
|
||||
{
|
||||
public function test_subuser_without_websocket_permission_receives_error(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_CONTROL_RESTART]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::ControlRestart]);
|
||||
|
||||
$this->actingAs($user)->getJson("/api/client/servers/$server->uuid/websocket")
|
||||
->assertStatus(Response::HTTP_FORBIDDEN)
|
||||
@@ -29,8 +29,8 @@ class WebsocketControllerTest extends ClientApiIntegrationTestCase
|
||||
*/
|
||||
public function test_user_without_permission_for_server_receives_error(): void
|
||||
{
|
||||
[, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
|
||||
[$user] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
|
||||
[, $server] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
|
||||
[$user] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
|
||||
|
||||
$this->actingAs($user)->getJson("/api/client/servers/$server->uuid/websocket")
|
||||
->assertStatus(Response::HTTP_NOT_FOUND);
|
||||
@@ -86,7 +86,7 @@ class WebsocketControllerTest extends ClientApiIntegrationTestCase
|
||||
|
||||
public function test_jwt_is_configured_correctly_for_server_subuser(): void
|
||||
{
|
||||
$permissions = [Permission::ACTION_WEBSOCKET_CONNECT, Permission::ACTION_CONTROL_CONSOLE];
|
||||
$permissions = [SubuserPermission::WebsocketConnect->value, SubuserPermission::ControlConsole->value];
|
||||
|
||||
/** @var \App\Models\User $user */
|
||||
/** @var \App\Models\Server $server */
|
||||
|
||||
@@ -3,8 +3,8 @@
|
||||
namespace App\Tests\Integration\Api\Remote;
|
||||
|
||||
use App\Enums\ServerState;
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Models\Node;
|
||||
use App\Models\Permission;
|
||||
use App\Models\Role;
|
||||
use App\Models\Server;
|
||||
use App\Models\User;
|
||||
@@ -135,7 +135,7 @@ class SftpAuthenticationControllerTest extends IntegrationTestCase
|
||||
|
||||
public function test_request_is_denied_if_user_lacks_sftp_permission(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_FILE_READ]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::FileRead]);
|
||||
|
||||
$user->update(['password' => password_hash('foobar', PASSWORD_DEFAULT)]);
|
||||
|
||||
@@ -163,7 +163,7 @@ class SftpAuthenticationControllerTest extends IntegrationTestCase
|
||||
*/
|
||||
public function test_user_permissions_are_returned_correctly(): void
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_FILE_READ, Permission::ACTION_FILE_SFTP]);
|
||||
[$user, $server] = $this->generateTestAccount([SubuserPermission::FileRead, SubuserPermission::FileSftp]);
|
||||
|
||||
$user->update(['password' => password_hash('foobar', PASSWORD_DEFAULT)]);
|
||||
|
||||
@@ -176,7 +176,7 @@ class SftpAuthenticationControllerTest extends IntegrationTestCase
|
||||
|
||||
$this->postJson('/api/remote/sftp/auth', $data)
|
||||
->assertOk()
|
||||
->assertJsonPath('permissions', [Permission::ACTION_FILE_READ, Permission::ACTION_FILE_SFTP]);
|
||||
->assertJsonPath('permissions', [SubuserPermission::FileRead->value, SubuserPermission::FileSftp->value]);
|
||||
|
||||
$user->syncRoles(Role::getRootAdmin());
|
||||
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
|
||||
namespace App\Tests\Traits\Integration;
|
||||
|
||||
use App\Enums\SubuserPermission;
|
||||
use App\Models\Allocation;
|
||||
use App\Models\Egg;
|
||||
use App\Models\Node;
|
||||
@@ -65,7 +66,7 @@ trait CreatesTestModels
|
||||
* Generates a user and a server for that user. If an array of permissions is passed it
|
||||
* is assumed that the user is actually a subuser of the server.
|
||||
*
|
||||
* @param string[] $permissions
|
||||
* @param array<string|SubuserPermission> $permissions
|
||||
* @return array{\App\Models\User, \App\Models\Server}
|
||||
*/
|
||||
public function generateTestAccount(array $permissions = []): array
|
||||
@@ -82,7 +83,7 @@ trait CreatesTestModels
|
||||
Subuser::query()->create([
|
||||
'user_id' => $user->id,
|
||||
'server_id' => $server->id,
|
||||
'permissions' => $permissions,
|
||||
'permissions' => array_map(fn ($permission) => $permission instanceof SubuserPermission ? $permission->value : $permission, $permissions),
|
||||
]);
|
||||
|
||||
return [$user, $server];
|
||||
|
||||
Reference in New Issue
Block a user