search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Removed dep on API
[ninja.git] / test / unit_test / tests / command_Test.php
blobca88f6094e469567ea733516de637abc1ba760b0
1 <?php
2 require_once('op5/auth/Auth.php');
3
4 class MockUser extends Op5User {
5 public function authorized_for_object($type, $object_definition, $case_sensitivity = true) {
6 return $this->fields['authorized_for'][$type][$object_definition];
7 }
8 }
9
10 class Command_Test extends PHPUnit_Framework_TestCase {
11 # some common and/or "interesting" commands of each relevant type
12 # didn't grep for them, instead copied from
13 # http://old.nagios.org/developerinfo/externalcommands/commandlist.php
14 var $host_commands = array(
15 'PROCESS_HOST_CHECK_RESULT',
16 'SEND_CUSTOM_HOST_NOTIFICATION',
17 'ACKNOWLEDGE_HOST_PROBLEM',
18 'DEL_HOST_COMMENT',
19 'SCHEDULE_HOST_CHECK',
20 'SCHEDULE_HOST_SVC_DOWNTIME',
21 'SCHEDULE_AND_PROPAGATE_TRIGGERED_HOST_DOWNTIME',
22 );
23
24 var $service_commands = array(
25 'DISABLE_SERVICE_FLAP_DETECTION',
26 'DISABLE_SVC_FLAP_DETECTION', #wait, what? two ways to type this? jay :/
27 'PROCESS_SERVICE_CHECK_RESULT',
28 'ADD_SVC_COMMENT',
29 'SCHEDULE_SVC_CHECK',
30 'SCHEDULE_SVC_DOWNTIME',
31 'SEND_CUSTOM_SVC_NOTIFICATION',
32 );
33
34 var $hostgroup_commands = array(
35 'DISABLE_HOSTGROUP_SVC_CHECKS',
36 );
37
38 var $servicegroup_commands = array(
39 'ENABLE_SERVICEGROUP_HOST_CHECKS',
40 );
41
42 var $system_commands = array(
43 'RESTART_PROGRAM',
44 'PROCESS_FILE',
45 'DISABLE_FLAP_DETECTION',
46 );
47
48 var $authorized_for = array(
49 'host' => array('host1', 'host2'),
50 'service' => array('host3;service1', 'host4;service2'),
51 'hostgroup' => array('hostgroup1', 'hostgroup2'),
52 'servicegroup' => array('servicegroup1', 'servicegroup2'),
53 );
54
55 var $types = array('host', 'service', 'hostgroup', 'servicegroup', 'system');
56
57 public function test_get_command_type() {
58 foreach ($this->types as $type) {
59 foreach ($this->{$type.'_commands'} as $cmd) {
60 $this->assertEquals($type, nagioscmd::get_command_type($cmd), "$cmd should be a $type command");
61 }
62 }
63 }
64
65 public function test_authorization_all() {
66 foreach ($this->types as $type_to_check) {
67 if ($type_to_check == 'system')
68 $right = 'system_commands';
69 else
70 $right = $type_to_check.'_edit_all';
71 $user = new Op5User(array('username' => 'testuser', 'auth_data' => array($right => true)));
72 Op5Auth::factory(array('session_key' => false))->force_user($user, true);
73 foreach ($this->types as $type) {
74 foreach ($this->{$type.'_commands'} as $cmd) {
75 if ($type == $type_to_check)
76 $this->assertEquals(true, nagioscmd::is_authorized_for(false, $cmd), "$type_to_check edit all should authorize you for $cmd");
77 else
78 $this->assertTrue(nagioscmd::is_authorized_for(false, $cmd) !== true, "$type_to_check edit all should not authorize you for $cmd");
79 }
80 }
81 }
82 }
83
84 public function test_authorization_by_contact_for_others() {
85 foreach ($this->types as $type_to_check) {
86 if ($type_to_check == 'system')
87 continue;
88
89 $user = new MockUser(array('username' => 'testuser', 'auth_data' => array($type_to_check.'_edit_contact' => true), 'authorized_for' => $this->authorized_for));
90 Op5Auth::factory(array('session_key' => false))->force_user($user, true);
91 foreach ($this->types as $type) {
92 if ($type == $type_to_check)
93 continue;
94 foreach ($this->{$type.'_commands'} as $cmd) {
95 $this->assertTrue(nagioscmd::is_authorized_for(false, $cmd) !== true, "$type_to_check edit contact should not authorize you for $cmd");
96 }
97 }
98 }
99 }
100
101 public function test_authorization_regularcontacts() {
102 foreach (array('host', 'hostgroup', 'servicegroup') as $type_to_check) {
103 $user = new MockUser(array('username' => 'testuser', 'auth_data' => array($type_to_check.'_edit_contact' => true), 'authorized_for' => $this->authorized_for));
104 Op5Auth::factory(array('session_key' => false))->force_user($user, true);
105 foreach ($this->{$type_to_check.'_commands'} as $cmd) {
106 $this->assertEquals(true, nagioscmd::is_authorized_for(false, $cmd), "$type_to_check edit contact should authorize you when not mentioning which object");
107 $this->assertEquals(true, nagioscmd::is_authorized_for(array($type_to_check.'_name' => $type_to_check.'1'), $cmd), "{$type_to_check} edit contact should authorize you for one {$type_to_check} by contact");
108 $this->assertEquals(true, nagioscmd::is_authorized_for(array($type_to_check.'_name' => array($type_to_check.'1', $type_to_check.'2')), $cmd), "{$type_to_check} edit contact should authorize you for array of {$type_to_check}s by contact");
109 $this->assertEquals(true, nagioscmd::is_authorized_for(array($type_to_check.'_name' => array($type_to_check.'1'), 'service' => 'flubb'), $cmd), "Including service-lulz in {$type_to_check} command should still auth you");
110
111 $this->assertTrue(nagioscmd::is_authorized_for(array($type_to_check.'_name' => $type_to_check.'3'), $cmd) !== true, "{$type_to_check} edit contact shouldn't authorize you for a {$type_to_check} you're not authorized for");
112 $this->assertTrue(nagioscmd::is_authorized_for(array($type_to_check.'_name' => array($type_to_check.'1', $type_to_check.'3')), $cmd) !== true, "{$type_to_check} edit contact shouldn't authorize you for array of {$type_to_check}s where you're only contact for some");
113 }
114 $this->assertEquals(true, nagioscmd::is_authorized_for(array($type_to_check.'_name' => array($type_to_check.'1'))), "Sending a {$type_to_check} name and no command should auth you");
115 $this->assertTrue(nagioscmd::is_authorized_for(array($type_to_check.'_name' => array($type_to_check.'3'))) !== true, "Sending a {$type_to_check} name you're not authed for and no command shouldn't auth you");
116 $this->assertTrue(nagioscmd::is_authorized_for(array($type_to_check.'_name' => array($type_to_check.'3'), 'service' => 'service1')) !== true, "Including service-lulz when you're not mentioning which {$type_to_check} command you care about shouldn't auth you");
117 }
118 }
119
120 public function test_authorization_servicecontacts() {
121 $user = new MockUser(array('username' => 'testuser', 'auth_data' => array('service_edit_contact' => true), 'authorized_for' => $this->authorized_for));
122 Op5Auth::factory(array('session_key' => false))->force_user($user, true);
123
124 foreach ($this->service_commands as $cmd) {
125 $this->assertEquals(true, nagioscmd::is_authorized_for(false, $cmd), "Service edit contact should authorize you when not mentioning which service");
126 $this->assertEquals(true, nagioscmd::is_authorized_for(array('service' => 'host3;service1'), $cmd), "Service edit contact should authorize you for one service by contact");
127 $this->assertEquals(true, nagioscmd::is_authorized_for(array('host_name' => array('host3;service1', 'host4;service2')), $cmd), "Service edit contact should authorize you for array of services by contact");
128 $this->assertEquals(true, nagioscmd::is_authorized_for(array('host_name' => array('host1'), 'service' => 'host3;service1'), $cmd), "Including host-lulz in service command should still auth you");
129
130 $this->assertTrue(nagioscmd::is_authorized_for(array('service' => 'host5;service'), $cmd) !== true, "Service edit contact shouldn't authorize you for a service you're not authorized for");
131 $this->assertTrue(nagioscmd::is_authorized_for(array('service' => array('host3;service1', 'host3;service5')), $cmd) !== true, "Service edit contact shouldn't authorize you for array of services where you're only contact for some");
132 }
133 $this->assertEquals(true, nagioscmd::is_authorized_for(array('service' => array('host3;service1'))), "Sending a service name and no command should auth you");
134 $this->assertTrue(nagioscmd::is_authorized_for(array('service' => array('host3;service5'))) !== true, "Sending a service name you're not authed for and no command shouldn't auth you");
135 }
136 }
This is an effort to rewrite the Nagios GUI in PHP. It uses the Kohana framework to do much of the heavy lifting.