thatguygriff
67f8144a4a
CI / No Debug Code (pull_request) Successful in 3s
CI / Tests (PHP 8.2) (pull_request) Successful in 41s
CI / Tests (PHP 8.3) (pull_request) Successful in 51s
CI / Tests (PHP 8.1) (pull_request) Successful in 54s
CI / Coding Standards (pull_request) Successful in 58s
CI / PHPStan (pull_request) Successful in 1m9s
CI / Build Plugin Zip (pull_request) Has been skipped
A WordPress administrator previously inherited the studio-admin capabilities but not `manage_availability`, so the studio owner running as an admin had no way to reach "My Availability" or act as the instructor — breaking single-instructor businesses. Grant the instructor capabilities to administrators as well (via the existing `user_has_cap` filter), and make both grants — studio-admin and instructor — independently toggleable from a new Access admin page. - RoleManager: extract `INSTRUCTOR_CAPS`; apply studio and instructor cap sets to administrators, each gated on a stored toggle (default on). - AccessSettings + templates/admin/access.php: two options (`us_admin_grant_studio` / `us_admin_grant_instructor`), gated on the core `manage_options` capability so disabling a grant can never lock an administrator out of re-enabling it. - AdminMenu: register the Access page after Studio Settings; keep the studio sidebar separator visible for any administrator. - Tests for the toggles and the new settings reader; docs updated. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
159 lines
6.1 KiB
PHP
159 lines
6.1 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
namespace Unsupervised\Schedular\Tests\Unit\Auth;
|
|
|
|
use Brain\Monkey\Functions;
|
|
use Unsupervised\Schedular\Auth\AccessSettings;
|
|
use Unsupervised\Schedular\Auth\RoleManager;
|
|
use Unsupervised\Schedular\Tests\Unit\TestCase;
|
|
|
|
class RoleManagerTest extends TestCase
|
|
{
|
|
private function roleManager(bool $studio = true, bool $instructor = true): RoleManager
|
|
{
|
|
$access = \Mockery::mock(AccessSettings::class);
|
|
$access->allows('adminsAreStudioAdmins')->andReturn($studio);
|
|
$access->allows('adminsAreInstructors')->andReturn($instructor);
|
|
|
|
return new RoleManager($access);
|
|
}
|
|
|
|
public function testRegisterAddsInitHookAndCapFilter(): void
|
|
{
|
|
Functions\expect('add_action')
|
|
->once()
|
|
->with('init', \Mockery::any());
|
|
|
|
Functions\expect('add_filter')
|
|
->once()
|
|
->with('user_has_cap', \Mockery::any(), 10, 1);
|
|
|
|
(new RoleManager())->register();
|
|
}
|
|
|
|
public function testGrantsStudioCapsToAdministrators(): void
|
|
{
|
|
$result = $this->roleManager()->grantStudioCapsToAdministrators(['manage_options' => true]);
|
|
|
|
foreach (RoleManager::STUDIO_ADMIN_CAPS as $cap) {
|
|
self::assertTrue($result[$cap], "administrator should be granted {$cap}");
|
|
}
|
|
}
|
|
|
|
public function testGrantsInstructorCapsToAdministrators(): void
|
|
{
|
|
$result = $this->roleManager()->grantStudioCapsToAdministrators(['manage_options' => true]);
|
|
|
|
// A single-instructor studio owner runs as an administrator and also
|
|
// teaches, so they get the instructor caps — notably manage_availability,
|
|
// which is not part of the studio-admin set.
|
|
self::assertTrue($result[RoleManager::CAP_MANAGE_AVAILABILITY], 'administrator should be able to manage availability');
|
|
foreach (RoleManager::INSTRUCTOR_CAPS as $cap) {
|
|
self::assertTrue($result[$cap], "administrator should be granted {$cap}");
|
|
}
|
|
}
|
|
|
|
public function testStudioGrantDisabledWithholdsStudioCapsFromAdministrators(): void
|
|
{
|
|
$result = $this->roleManager(studio: false)->grantStudioCapsToAdministrators(['manage_options' => true]);
|
|
|
|
// manage_instructors is studio-only, so it disappears when the grant is off.
|
|
self::assertArrayNotHasKey(RoleManager::CAP_MANAGE_INSTRUCTORS, $result);
|
|
// Instructor caps remain because that grant is still on.
|
|
self::assertTrue($result[RoleManager::CAP_MANAGE_AVAILABILITY]);
|
|
}
|
|
|
|
public function testInstructorGrantDisabledWithholdsInstructorCapsFromAdministrators(): void
|
|
{
|
|
$result = $this->roleManager(instructor: false)->grantStudioCapsToAdministrators(['manage_options' => true]);
|
|
|
|
// manage_availability is instructor-only, so it disappears when the grant is off.
|
|
self::assertArrayNotHasKey(RoleManager::CAP_MANAGE_AVAILABILITY, $result);
|
|
// Studio caps remain because that grant is still on.
|
|
self::assertTrue($result[RoleManager::CAP_MANAGE_INSTRUCTORS]);
|
|
}
|
|
|
|
public function testDoesNotGrantCapsToNonAdministrators(): void
|
|
{
|
|
$result = $this->roleManager()->grantStudioCapsToAdministrators(['read' => true]);
|
|
|
|
self::assertArrayNotHasKey(RoleManager::CAP_MANAGE_OFFERINGS, $result);
|
|
self::assertSame(['read' => true], $result);
|
|
}
|
|
|
|
public function testCreateRolesSkipsExistingRoles(): void
|
|
{
|
|
Functions\when('get_role')->alias(static fn() => new \stdClass());
|
|
Functions\expect('add_role')->never();
|
|
|
|
(new RoleManager())->createRoles();
|
|
}
|
|
|
|
public function testCreateRolesAddsInstructorRoleWithCorrectCaps(): void
|
|
{
|
|
Functions\when('get_role')->alias(static function (string $role): ?object {
|
|
return $role === RoleManager::INSTRUCTOR ? null : new \stdClass();
|
|
});
|
|
|
|
Functions\expect('add_role')
|
|
->once()
|
|
->with(
|
|
RoleManager::INSTRUCTOR,
|
|
\Mockery::any(),
|
|
\Mockery::on(static function (array $caps): bool {
|
|
return ($caps['read'] ?? false) === true
|
|
&& ($caps[RoleManager::CAP_MANAGE_AVAILABILITY] ?? false) === true
|
|
&& ($caps[RoleManager::CAP_VIEW_LESSONS] ?? false) === true;
|
|
})
|
|
);
|
|
|
|
(new RoleManager())->createRoles();
|
|
}
|
|
|
|
public function testCreateRolesAddsStudioAdminRoleWithCorrectCaps(): void
|
|
{
|
|
Functions\when('get_role')->alias(static function (string $role): ?object {
|
|
return $role === RoleManager::STUDIO_ADMIN ? null : new \stdClass();
|
|
});
|
|
|
|
Functions\expect('add_role')
|
|
->once()
|
|
->with(
|
|
RoleManager::STUDIO_ADMIN,
|
|
\Mockery::any(),
|
|
\Mockery::on(static function (array $caps): bool {
|
|
return ($caps['read'] ?? false) === true
|
|
&& ($caps[RoleManager::CAP_MANAGE_INSTRUCTORS] ?? false) === true
|
|
&& ($caps[RoleManager::CAP_MANAGE_OFFERINGS] ?? false) === true
|
|
&& ($caps[RoleManager::CAP_MANAGE_POLICIES] ?? false) === true
|
|
&& ($caps[RoleManager::CAP_MANAGE_BILLING] ?? false) === true
|
|
&& ($caps[RoleManager::CAP_VIEW_ALL_PAYMENTS] ?? false) === true;
|
|
})
|
|
);
|
|
|
|
(new RoleManager())->createRoles();
|
|
}
|
|
|
|
public function testCreateRolesAddsStudentRoleWithCorrectCaps(): void
|
|
{
|
|
Functions\when('get_role')->alias(static function (string $role): ?object {
|
|
return $role === RoleManager::STUDENT ? null : new \stdClass();
|
|
});
|
|
|
|
Functions\expect('add_role')
|
|
->once()
|
|
->with(
|
|
RoleManager::STUDENT,
|
|
\Mockery::any(),
|
|
\Mockery::on(static function (array $caps): bool {
|
|
return ($caps['read'] ?? false) === true
|
|
&& ($caps[RoleManager::CAP_BOOK_LESSON] ?? false) === true
|
|
&& ($caps[RoleManager::CAP_VIEW_LESSONS] ?? false) === true;
|
|
})
|
|
);
|
|
|
|
(new RoleManager())->createRoles();
|
|
}
|
|
}
|