summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEvan Prodromou <evan@status.net>2009-09-15 15:28:11 -0400
committerEvan Prodromou <evan@status.net>2009-09-27 21:11:45 -0400
commit6c069312e2911d3b2fe54d051354f579fde7bb63 (patch)
treecdc6ad4e49325fcb8808faa54544b90524b7e5dd
parenta8d1b7e9c26b4449a4a1e0e250f9b6766b2d8e62 (diff)
user rights
-rw-r--r--classes/User.php26
-rw-r--r--lib/right.php50
-rw-r--r--tests/UserRightsTest.php59
3 files changed, 135 insertions, 0 deletions
diff --git a/classes/User.php b/classes/User.php
index 5e74c7fde..bea81af4d 100644
--- a/classes/User.php
+++ b/classes/User.php
@@ -711,4 +711,30 @@ class User extends Memcached_DataObject
return true;
}
+
+ /**
+ * Does this user have the right to do X?
+ *
+ * With our role-based authorization, this is merely a lookup for whether the user
+ * has a particular role. The implementation currently uses a switch statement
+ * to determine if the user has the pre-defined role to exercise the right. Future
+ * implementations may allow per-site roles, and different mappings of roles to rights.
+ *
+ * @param $right string Name of the right, usually a constant in class Right
+ * @return boolean whether the user has the right in question
+ */
+
+ function hasRight($right)
+ {
+ switch ($right)
+ {
+ case Right::deleteOthersNotice:
+ return $this->hasRole('moderator');
+ break;
+ default:
+ $result = false;
+ Event::handle('UserRightsCheck', array($this, &$result));
+ return $result;
+ }
+ }
}
diff --git a/lib/right.php b/lib/right.php
new file mode 100644
index 000000000..4e0096d46
--- /dev/null
+++ b/lib/right.php
@@ -0,0 +1,50 @@
+<?php
+/**
+ * StatusNet, the distributed open-source microblogging tool
+ *
+ * Class for user rights
+ *
+ * PHP version 5
+ *
+ * LICENCE: This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @category Authorization
+ * @package StatusNet
+ * @author Evan Prodromou <evan@status.net>
+ * @copyright 2009 StatusNet, Inc.
+ * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link http://status.net/
+ */
+
+if (!defined('STATUSNET') && !defined('LACONICA')) {
+ exit(1);
+}
+
+/**
+ * class for rights
+ *
+ * Mostly for holding the rights constants
+ *
+ * @category Authorization
+ * @package StatusNet
+ * @author Evan Prodromou <evan@status.net>
+ * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link http://status.net/
+ */
+
+class Right
+{
+ const deleteOthersNotice = 'deleteothersnotice';
+}
+
diff --git a/tests/UserRightsTest.php b/tests/UserRightsTest.php
new file mode 100644
index 000000000..6544ee53d
--- /dev/null
+++ b/tests/UserRightsTest.php
@@ -0,0 +1,59 @@
+<?php
+
+if (isset($_SERVER) && array_key_exists('REQUEST_METHOD', $_SERVER)) {
+ print "This script must be run from the command line\n";
+ exit();
+}
+
+define('INSTALLDIR', realpath(dirname(__FILE__) . '/..'));
+define('STATUSNET', true);
+
+require_once INSTALLDIR . '/lib/common.php';
+
+class UserRightsTest extends PHPUnit_Framework_TestCase
+{
+ protected $user = null;
+
+ function setUp()
+ {
+ $this->user = User::register(array('nickname' => 'userrightstestuser'));
+ }
+
+ function tearDown()
+ {
+ $profile = $this->user->getProfile();
+ $this->user->delete();
+ $profile->delete();
+ }
+
+ function testInvalidRole()
+ {
+ $this->assertFalse($this->user->hasRole('invalidrole'));
+ }
+
+ function standardRoles()
+ {
+ return array('admin', 'moderator');
+ }
+
+ /**
+ * @dataProvider standardRoles
+ *
+ */
+
+ function testUngrantedRole($role)
+ {
+ $this->assertFalse($this->user->hasRole($role));
+ }
+
+ /**
+ * @dataProvider standardRoles
+ *
+ */
+
+ function testGrantedRole($role)
+ {
+ $this->user->grantRole($role);
+ $this->assertFalse($this->user->hasRole($role));
+ }
+} \ No newline at end of file