[ticket/16895] Add test

PHPBB3-16895

phpBB/phpbb/db/migration/tool/permission.php

@@ -21,6 +21,9 @@ class permission implements \phpbb\db\migration\tool\tool_interface
 	/** @var \phpbb\auth\auth */
 	protected $auth;
 
+	/** @var \includes\acp\acp_auth */
+	protected $auth_admin;
+
 	/** @var \phpbb\cache\service */
 	protected $cache;
 
@@ -291,6 +294,8 @@ class permission implements \phpbb\db\migration\tool\tool_interface
 
 		$sql = 'INSERT INTO ' . ACL_ROLES_TABLE . ' ' . $this->db->sql_build_array('INSERT', $sql_ary);
 		$this->db->sql_query($sql);
+
+		return $this->db->sql_nextid();
 	}
 
 	/**
@@ -327,11 +332,32 @@ class permission implements \phpbb\db\migration\tool\tool_interface
 			return;
 		}
 
+		// Get the role type
+		$sql = 'SELECT role_type
+			FROM ' . ACL_ROLES_TABLE . '
+			WHERE role_id = ' . (int) $role_id;
+		$result = $this->db->sql_query($sql);
+		$role_type = $this->db->sql_fetchfield('role_type');
+		$this->db->sql_freeresult($result);
+
+		// Get complete auth array
+		$sql = 'SELECT auth_option, auth_option_id
+			FROM ' . ACL_OPTIONS_TABLE . "
+			WHERE auth_option " . $this->db->sql_like_expression($role_type . $this->db->get_any_char());
+		$result = $this->db->sql_query($sql);
+
+		$auth_settings = [];
+		while ($row = $this->db->sql_fetchrow($result))
+		{
+			$auth_settings[$row['auth_option']] = ACL_NO;
+		}
+		$this->db->sql_freeresult($result);
+
 		// Get the role auth settings we need to re-set...
 		$sql = 'SELECT o.auth_option, r.auth_setting
 			FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
 			WHERE o.auth_option_id = r.auth_option_id
-				AND r.role_id = ' . $role_id;
+				AND r.role_id = ' . (int) $role_id;
 		$result = $this->db->sql_query($sql);
 
 		while ($row = $this->db->sql_fetchrow($result))

tests/dbal/migrator_tool_permission_role_test.php

@@ -0,0 +1,191 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+class phpbb_dbal_migrator_tool_permission_role_test extends phpbb_database_test_case
+{
+	/** @var \phpbb\auth\auth */
+	protected $auth;
+
+	/** @var \acp\auth\auth_admin */
+	protected $auth_admin;
+
+	/** @var \phpbb\db\migration\tool\permission */
+	protected $tool;
+
+	public $group_ids = [
+		'REGISTERED' => 2,
+		'GLOBAL_MODERATORS' => 4,
+		'ADMINISTRATORS' => 5,
+	];
+
+	public $new_roles = [
+		[
+			'ROLE_ADMIN_NEW',
+			'a_',
+			'A new admin role',
+			'a_new',
+		],
+		[
+			'ROLE_MODERATOR_NEW',
+			'm_',
+			'A new mod role',
+			'm_new',
+		],
+		[
+			'ROLE_USER_NEW',
+			'u_',
+			'A new user role',
+			'u_new',
+		],
+	];
+
+	public $new_role_ids = [];
+
+	public function getDataSet()
+	{
+		return $this->createXMLDataSet(__DIR__.'/fixtures/migrator_permission.xml');
+	}
+
+	protected function setUp(): void
+	{
+		// Global $db and $cache are needed in acp/auth.php constructor
+		global $phpbb_root_path, $phpEx, $db, $cache;
+
+		parent::setup();
+
+		$db = $this->db = $this->new_dbal();
+		$cache = $this->cache = new \phpbb\cache\service(new \phpbb\cache\driver\dummy(), new \phpbb\config\config(array()), $this->db, $phpbb_root_path, $phpEx);
+		$this->auth = new \phpbb\auth\auth();
+
+		// Initialize this auth_admin instance later after adding new auth options via this->tool->add()
+		if (!class_exists('auth_admin'))
+		{
+			include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
+		}
+
+		$this->tool = new \phpbb\db\migration\tool\permission($this->db, $this->cache, $this->auth, $phpbb_root_path, $phpEx);
+
+		$this->new_roles_add();
+	}
+
+	public function new_roles_add()
+	{
+		foreach ($this->new_roles as $new_role_data)
+		{
+			$role_name = $new_role_data[0];
+			$role_type = $new_role_data[1];
+			$role_description = $new_role_data[2];
+			$role_auth_option = $new_role_data[3];
+
+			$this->tool->add($role_auth_option);
+			$this->new_role_ids[$role_name] = $this->tool->role_add($role_name, $role_type, $role_description);
+		}
+
+		// Initialize external auth_admin instance here to keep acl_options array in sync with the one from the permission tool
+		$this->auth_admin = new \auth_admin();
+	}
+
+	public function data_test_new_role_exists()
+	{
+		return [
+			['ROLE_ADMIN_NEW', true],
+			['ROLE_MODERATOR_NEW', true],
+			['ROLE_USER_NEW', true],
+		];
+	}
+
+	/**
+	 * @dataProvider data_test_new_role_exists
+	 */
+	public function test_permission_new_role_exists($role_name, $expected)
+	{
+		$this->assertEquals($expected, (bool) $this->tool->role_exists($role_name));
+	}
+
+	public function data_test_permission_assign_new_roles()
+	{
+		return [
+			[
+				'group',
+				0,
+				'ADMINISTRATORS',
+				['a_new' => true],
+				'ROLE_ADMIN_NEW',
+			],
+			[
+				'group',
+				0,
+				'GLOBAL_MODERATORS',
+				['m_new' => true],
+				'ROLE_MODERATOR_NEW',
+			],
+			[
+				'group',
+				0,
+				'REGISTERED',
+				['u_new' => true],
+				'ROLE_USER_NEW',
+			],
+		];
+	}
+
+	/**
+	 * @dataProvider data_test_permission_assign_new_roles
+	 */
+	public function test_permission_assign_new_roles($ug_type, $forum_id, $group_name, $auth, $role_name, $clear_prefetch = true)
+	{
+		$auth_option = key($auth);
+		$group_id = (int) $this->group_ids[$group_name];
+		$role_id = (int) $this->new_role_ids[$role_name];
+		$expected = current($auth);
+
+		// Set auth options for each role
+		$this->tool->permission_set($role_name, $auth_option, 'role', true);
+
+		// Assign roles to groups
+		$this->auth_admin->acl_set($ug_type, $forum_id, $group_id, $auth, $role_id, $clear_prefetch);
+
+		// Test if role based group permissions assigned correctly
+		$new_perm_state = $this->auth->acl_group_raw_data($group_id, $auth_option);
+		$this->assertEquals($expected, !empty($new_perm_state), "$auth_option is " . ($expected ? 'empty' : 'not empty') . " for $group_name");
+	}
+
+	/**
+	 * @dataProvider data_test_permission_assign_new_roles
+	 * @depends test_permission_new_role_exists
+	 * @depends test_permission_assign_new_roles
+	 */
+	public function test_permission_new_role_remove($ug_type, $forum_id, $group_name, $auth, $role_name)
+	{
+		$auth_option = key($auth);
+		$group_id = (int) $this->group_ids[$group_name];
+		$role_id = (int) $this->new_role_ids[$role_name];
+
+		// Set auth options for each role
+		$this->tool->permission_set($role_name, $auth_option, 'role', true);
+
+		// Assign roles to groups
+		$this->auth_admin->acl_set($ug_type, $forum_id, $group_id, $auth, $role_id);
+
+		$this->tool->role_remove($role_name);
+		$this->assertFalse((bool) $this->tool->role_exists($role_name));
+
+		$sql = 'SELECT agt.auth_role_id
+			FROM ' . ACL_GROUPS_TABLE . ' agt, ' . ACL_ROLES_TABLE . ' art
+			WHERE agt.auth_role_id = art.role_id
+				AND art.role_id = ' . $role_id;
+		$result = $this->db->sql_query($sql);
+		$this->assertFalse($this->db->sql_fetchfield('auth_role_id'));
+		$this->db->sql_freeresult($result);
+	}
+}