tiennm99/coolify
1
0
Fork 0
mirror of https://github.com/tiennm99/coolify.git synced 2026-04-18 01:20:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Changes auto-committed by Conductor

Browse Source
This commit is contained in:
Andras Bacsai
2025-10-17 23:04:24 +02:00
parent 691fdffa8b
commit f7427fdea0
8 changed files with 334 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

209
tests/Unit/Policies/PrivateKeyPolicyTest.php Normal file
View File

@@ -0,0 +1,209 @@
<?php
use App\Models\PrivateKey;
use App\Models\User;
use App\Policies\PrivateKeyPolicy;
it('allows root team admin to view system private key', function () {
$teams = collect([
(object) ['id' => 0, 'pivot' => (object) ['role' => 'admin']],
]);
$user = Mockery::mock(User::class)->makePartial();
$user->shouldReceive('getAttribute')->with('teams')->andReturn($teams);
$privateKey = new class
{
public $team_id = 0;
};
$policy = new PrivateKeyPolicy;
expect($policy->view($user, $privateKey))->toBeTrue();
});
it('allows root team owner to view system private key', function () {
$teams = collect([
(object) ['id' => 0, 'pivot' => (object) ['role' => 'owner']],
]);
$user = Mockery::mock(User::class)->makePartial();
$user->shouldReceive('getAttribute')->with('teams')->andReturn($teams);
$privateKey = new class
{
public $team_id = 0;
};
$policy = new PrivateKeyPolicy;
expect($policy->view($user, $privateKey))->toBeTrue();
});
it('denies regular member of root team to view system private key', function () {
$teams = collect([
(object) ['id' => 0, 'pivot' => (object) ['role' => 'member']],
]);
$user = Mockery::mock(User::class)->makePartial();
$user->shouldReceive('getAttribute')->with('teams')->andReturn($teams);
$privateKey = new class
{
public $team_id = 0;
};
$policy = new PrivateKeyPolicy;
expect($policy->view($user, $privateKey))->toBeFalse();
});
it('denies non-root team member to view system private key', function () {
$teams = collect([
(object) ['id' => 1, 'pivot' => (object) ['role' => 'owner']],
]);
$user = Mockery::mock(User::class)->makePartial();
$user->shouldReceive('getAttribute')->with('teams')->andReturn($teams);
$privateKey = new class
{
public $team_id = 0;
};
$policy = new PrivateKeyPolicy;
expect($policy->view($user, $privateKey))->toBeFalse();
});
it('allows team member to view their own team private key', function () {
$teams = collect([
(object) ['id' => 1, 'pivot' => (object) ['role' => 'member']],
]);
$user = Mockery::mock(User::class)->makePartial();
$user->shouldReceive('getAttribute')->with('teams')->andReturn($teams);
$privateKey = new class
{
public $team_id = 1;
};
$policy = new PrivateKeyPolicy;
expect($policy->view($user, $privateKey))->toBeTrue();
});
it('denies team member to view another team private key', function () {
$teams = collect([
(object) ['id' => 1, 'pivot' => (object) ['role' => 'owner']],
]);
$user = Mockery::mock(User::class)->makePartial();
$user->shouldReceive('getAttribute')->with('teams')->andReturn($teams);
$privateKey = new class
{
public $team_id = 2;
};
$policy = new PrivateKeyPolicy;
expect($policy->view($user, $privateKey))->toBeFalse();
});
it('allows root team admin to update system private key', function () {
$teams = collect([
(object) ['id' => 0, 'pivot' => (object) ['role' => 'admin']],
]);
$user = Mockery::mock(User::class)->makePartial();
$user->shouldReceive('getAttribute')->with('teams')->andReturn($teams);
$privateKey = new class
{
public $team_id = 0;
};
$policy = new PrivateKeyPolicy;
expect($policy->update($user, $privateKey))->toBeTrue();
});
it('denies root team member to update system private key', function () {
$teams = collect([
(object) ['id' => 0, 'pivot' => (object) ['role' => 'member']],
]);
$user = Mockery::mock(User::class)->makePartial();
$user->shouldReceive('getAttribute')->with('teams')->andReturn($teams);
$privateKey = new class
{
public $team_id = 0;
};
$policy = new PrivateKeyPolicy;
expect($policy->update($user, $privateKey))->toBeFalse();
});
it('allows team admin to update their own team private key', function () {
$teams = collect([
(object) ['id' => 1, 'pivot' => (object) ['role' => 'admin']],
]);
$user = Mockery::mock(User::class)->makePartial();
$user->shouldReceive('getAttribute')->with('teams')->andReturn($teams);
$privateKey = new class
{
public $team_id = 1;
};
$policy = new PrivateKeyPolicy;
expect($policy->update($user, $privateKey))->toBeTrue();
});
it('denies team member to update their own team private key', function () {
$teams = collect([
(object) ['id' => 1, 'pivot' => (object) ['role' => 'member']],
]);
$user = Mockery::mock(User::class)->makePartial();
$user->shouldReceive('getAttribute')->with('teams')->andReturn($teams);
$privateKey = new class
{
public $team_id = 1;
};
$policy = new PrivateKeyPolicy;
expect($policy->update($user, $privateKey))->toBeFalse();
});
it('allows root team admin to delete system private key', function () {
$teams = collect([
(object) ['id' => 0, 'pivot' => (object) ['role' => 'admin']],
]);
$user = Mockery::mock(User::class)->makePartial();
$user->shouldReceive('getAttribute')->with('teams')->andReturn($teams);
$privateKey = new class
{
public $team_id = 0;
};
$policy = new PrivateKeyPolicy;
expect($policy->delete($user, $privateKey))->toBeTrue();
});
it('denies root team member to delete system private key', function () {
$teams = collect([
(object) ['id' => 0, 'pivot' => (object) ['role' => 'member']],
]);
$user = Mockery::mock(User::class)->makePartial();
$user->shouldReceive('getAttribute')->with('teams')->andReturn($teams);
$privateKey = new class
{
public $team_id = 0;
};
$policy = new PrivateKeyPolicy;
expect($policy->delete($user, $privateKey))->toBeFalse();
});