Fix capabilities weren't detected correctly (#13368)

* Fix capabilities weren't detected correctly

* added test

1 files changed, 68 insertions, 0 deletions

diff --git a/tests/PHPUnit/Integration/AccessTest.php b/tests/PHPUnit/Integration/AccessTest.php
index dcb1aca0cf..0a442fd955 100644
--- a/tests/PHPUnit/Integration/AccessTest.php
+++ b/tests/PHPUnit/Integration/AccessTest.php
@@ -11,12 +11,35 @@ namespace Piwik\Tests\Integration;
 use Exception;
 use Piwik\Access;
 use Piwik\AuthResult;
+use Piwik\Cache\Cache;
 use Piwik\Db;
 use Piwik\NoAccessException;
+use Piwik\Piwik;
 use Piwik\Plugins\UsersManager\API as UsersManagerAPI;
 use Piwik\Tests\Framework\Fixture;
 use Piwik\Tests\Framework\TestCase\IntegrationTestCase;
 
+class TestCustomCap extends Access\Capability {
+
+    const ID = 'testcustomcap';
+    public function getId() {
+        return self::ID;
+    }
+    public function getName() {
+        return 'customcap';
+    }
+    public function getCategory() {
+        return 'test';
+    }
+    public function getDescription() {
+        return 'lorem ipsum';
+    }
+    public function getIncludedInRoles() {
+        return array(Access\Role\Admin::ID);
+    }
+
+}
+
 /**
  * @group Core
  */
@@ -35,6 +58,51 @@ class AccessTest extends IntegrationTestCase
         return new Access(new Access\RolesProvider(), new Access\CapabilitiesProvider());
     }
 
+    public function test_loadSitesIfNeeded_automaticallyAssignsCapabilityWhenIncludedInRole()
+    {
+        Piwik::addAction('Access.Capability.addCapabilities', function (&$cap) {
+            $cap[] = new TestCustomCap();
+        });
+        \Piwik\Cache::flushAll();
+
+        $idSite = Fixture::createWebsite('2010-01-03 00:00:00');
+        UsersManagerAPI::getInstance()->addUser('testuser', 'testpass', 'testuser@email.com');
+        UsersManagerAPI::getInstance()->setUserAccess('testuser', 'admin', $idSite);
+
+        $this->switchUser('testuser');
+
+        $access = Access::getInstance();
+        $access->setSuperUserAccess(false);
+        $this->assertEquals('admin', $access->getRoleForSite($idSite));
+        $access->checkUserHasCapability($idSite, TestCustomCap::ID);
+        $this->assertTrue(true);
+    }
+
+    public function test_loadSitesIfNeeded_doesNotAutomaticallyAssignCapabilityWhenNotIncludedInRole()
+    {
+        Piwik::addAction('Access.Capability.addCapabilities', function (&$cap) {
+            $cap[] = new TestCustomCap();
+        });
+
+        $idSite = Fixture::createWebsite('2010-01-03 00:00:00');
+        UsersManagerAPI::getInstance()->addUser('testuser', 'testpass', 'testuser@email.com');
+        UsersManagerAPI::getInstance()->setUserAccess('testuser', 'write', $idSite);
+
+        $this->switchUser('testuser');
+
+        $access = Access::getInstance();
+        $access->setSuperUserAccess(false);
+        $this->assertEquals('write', $access->getRoleForSite($idSite));
+
+        try {
+
+            $access->checkUserHasCapability($idSite, TestCustomCap::ID);
+            $this->fail('an expected exception has not been triggered');
+        } catch (NoAccessException $e) {
+            $this->assertTrue(true);
+        }
+    }
+
     public function testGetTokenAuthWithEmptyAccess()
     {
         $access = $this->getAccess();