first commit
This commit is contained in:
36
tests/Feature/Security/AccessControlTest.php
Normal file
36
tests/Feature/Security/AccessControlTest.php
Normal file
@@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
use App\Models\PersonalData;
|
||||
use App\Models\User;
|
||||
use Database\Seeders\RolesAndPermissionsSeeder;
|
||||
|
||||
use function Pest\Laravel\seed;
|
||||
|
||||
beforeEach(fn () => seed(RolesAndPermissionsSeeder::class));
|
||||
|
||||
it('разграничивает доступ к ПДн по ролям (УПД.2, УПД.5)', function () {
|
||||
$admin = User::factory()->create();
|
||||
$admin->assignRole('admin');
|
||||
|
||||
$owner = User::factory()->create();
|
||||
$owner->assignRole('user');
|
||||
|
||||
$stranger = User::factory()->create();
|
||||
$stranger->assignRole('user');
|
||||
|
||||
$data = PersonalData::create(['owner_id' => $owner->id, 'last_name' => 'Сидоров']);
|
||||
|
||||
expect($admin->can('view', $data))->toBeTrue()
|
||||
->and($owner->can('view', $data))->toBeTrue()
|
||||
->and($stranger->can('view', $data))->toBeFalse();
|
||||
});
|
||||
|
||||
it('аудитор не имеет прав на работу с ПДн (разделение обязанностей)', function () {
|
||||
$auditor = User::factory()->create();
|
||||
$auditor->assignRole('auditor');
|
||||
|
||||
$data = PersonalData::create(['last_name' => 'Кузнецов']);
|
||||
|
||||
expect($auditor->can('view', $data))->toBeFalse()
|
||||
->and($auditor->hasPermissionTo('audit.view'))->toBeTrue();
|
||||
});
|
||||
Reference in New Issue
Block a user