Révision bc175c27
Ajouté par Assos Assos il y a plus de 5 ans
| drupal7/sites/all/modules/ldap/ldap_authorization/tests/Og2Tests.test | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
|
| 3 | 3 |
/** |
| 4 |
* @file simpletest for Ldap Authorization OG Module, for og 7.x-2.x
|
|
| 4 |
* @file Simpletest for Ldap Authorization OG Module, for og 7.x-2.x.
|
|
| 5 | 5 |
* |
| 6 | 6 |
* Manual testing to accompany simpletests: |
| 7 | 7 |
* - logon with og authorization disabled and make sure nothing happens |
| 8 | 8 |
* - logon with og authorization enabled and make sure admin and member group memberships granted |
| 9 | 9 |
* - change mappings so no roles granted |
| 10 |
* - logon and make sure memberships revoked |
|
| 10 |
* - logon and make sure memberships revoked.
|
|
| 11 | 11 |
*/ |
| 12 | 12 |
|
| 13 | 13 |
drupal_load('module', 'ldap_test');
|
| 14 | 14 |
module_load_include('php', 'ldap_test', 'LdapTestCase.class');
|
| 15 |
require_once(drupal_get_path('module', 'ldap_authorization_og') . '/LdapAuthorizationConsumerOG.class.php');
|
|
| 16 |
|
|
| 15 |
require_once drupal_get_path('module', 'ldap_authorization_og') . '/LdapAuthorizationConsumerOG.class.php';
|
|
| 16 |
/** |
|
| 17 |
* |
|
| 18 |
*/ |
|
| 17 | 19 |
class LdapAuthorizationOg2Tests extends LdapTestCase {
|
| 18 | 20 |
|
| 19 | 21 |
public $groupEntityType = 'node'; |
| ... | ... | |
| 28 | 30 |
public $customOgRoles = array( |
| 29 | 31 |
'dungeon-master' => array('entity_type' => 'node', 'bundle_type' => 'group'),
|
| 30 | 32 |
'time-keeper' => array('entity_type' => 'node', 'bundle_type' => 'group'),
|
| 31 |
);
|
|
| 33 |
); |
|
| 32 | 34 |
|
| 35 |
/** |
|
| 36 |
* |
|
| 37 |
*/ |
|
| 33 | 38 |
public static function getInfo() {
|
| 34 | 39 |
return array( |
| 35 | 40 |
'group' => 'LDAP Authorization', |
| ... | ... | |
| 38 | 43 |
); |
| 39 | 44 |
} |
| 40 | 45 |
|
| 41 |
function __construct($test_id = NULL) {
|
|
| 46 |
/** |
|
| 47 |
* |
|
| 48 |
*/ |
|
| 49 |
public function __construct($test_id = NULL) {
|
|
| 42 | 50 |
parent::__construct($test_id); |
| 43 | 51 |
} |
| 44 | 52 |
|
| 45 |
function setUp($addl_modules = array()) {
|
|
| 53 |
/** |
|
| 54 |
* |
|
| 55 |
*/ |
|
| 56 |
public function setUp($addl_modules = array()) {
|
|
| 46 | 57 |
parent::setUp(array('ldap_authentication', 'ldap_authorization', 'ldap_authorization_og'));
|
| 47 | 58 |
variable_set('ldap_simpletest', 2);
|
| 48 | 59 |
|
| 49 |
if (ldap_authorization_og_og_version() != 2) {
|
|
| 50 |
debug('LdapAuthorizationOg2Tests must be run with OG 7.x-2.x');
|
|
| 51 |
return; |
|
| 52 |
} |
|
| 53 |
|
|
| 54 | 60 |
$this->user1 = $this->drupalCreateUser(); |
| 55 | 61 |
$this->groups = array(); |
| 56 | 62 |
$this->prepTestData(LDAP_TEST_LDAP_NAME, array('activedirectory1'));
|
| 57 | 63 |
|
| 58 |
|
|
| 59 |
|
|
| 60 | 64 |
// Create group and group content node types. |
| 61 | 65 |
$this->groupBundle = $this->drupalCreateContentType(array( |
| 62 | 66 |
'type' => 'group', |
| 63 | 67 |
'name' => 'OG Group', |
| 64 |
))->type;
|
|
| 68 |
))->type; |
|
| 65 | 69 |
|
| 66 | 70 |
og_create_field(OG_GROUP_FIELD, $this->groupEntityType, $this->groupBundle); |
| 67 |
og_create_field(OG_AUDIENCE_FIELD, $this->groupEntityType, $this->groupBundle); |
|
| 68 |
|
|
| 69 |
// create og group for each group in group csv |
|
| 71 |
og_create_field(OG_AUDIENCE_FIELD, $this->groupEntityType, $this->groupBundle); |
|
| 70 | 72 |
|
| 73 |
// Create og group for each group in group csv. |
|
| 71 | 74 |
$this->testFunctions->populateFakeLdapServerData(LDAP_TEST_LDAP_NAME, 'activedirectory1'); |
| 72 | 75 |
$this->testFunctions->getCsvLdapData(LDAP_TEST_LDAP_NAME); |
| 73 | 76 |
foreach ($this->testFunctions->csvTables['groups'] as $guid => $group) {
|
| ... | ... | |
| 83 | 86 |
|
| 84 | 87 |
} |
| 85 | 88 |
|
| 89 |
/** |
|
| 90 |
* |
|
| 91 |
*/ |
|
| 86 | 92 |
public function createCustomRoles() {
|
| 87 | 93 |
|
| 88 | 94 |
foreach ($this->customOgRoles as $og_role_name => $og_role) {
|
| 89 |
$role = new stdClass; |
|
| 95 |
$role = new stdClass();
|
|
| 90 | 96 |
$role->gid = 0; |
| 91 | 97 |
$role->group_type = $og_role['entity_type']; |
| 92 | 98 |
$role->group_bundle = $og_role['bundle_type']; |
| ... | ... | |
| 97 | 103 |
} |
| 98 | 104 |
|
| 99 | 105 |
/** |
| 100 |
* get test data in convenient format, so tests are easier to read and write
|
|
| 106 |
* Get test data in convenient format, so tests are easier to read and write.
|
|
| 101 | 107 |
*/ |
| 102 | 108 |
public function getTestData($debug = FALSE) {
|
| 103 | 109 |
$group_nodes = array(); |
| ... | ... | |
| 107 | 113 |
$roles_by_name = array(); |
| 108 | 114 |
$consumer_ids = array(); |
| 109 | 115 |
foreach (array('gryffindor', 'students', 'faculty', 'users', 'hufflepuff', 'slytherin') as $i => $group_name) {
|
| 110 |
list($group_nodes[$group_name], $group_entity_ids[$group_name]) = ldap_authorization_og2_get_group_from_name($this->groupEntityType, $group_name);
|
|
| 116 |
list($group_nodes[$group_name], $group_entity_ids[$group_name]) = ldap_authorization_og2_get_group_from_name($this->groupEntityType, $group_name); |
|
| 111 | 117 |
$nid = $group_nodes[$group_name]->nid; |
| 112 | 118 |
$group_nids[$group_name] = $nid; |
| 113 | 119 |
$roles[$group_name] = og_roles($this->groupEntityType, $this->groupBundle, $nid, FALSE, TRUE); |
| 114 |
$roles_by_name[$group_name] = array_flip( $roles[$group_name] );
|
|
| 120 |
$roles_by_name[$group_name] = array_flip($roles[$group_name]);
|
|
| 115 | 121 |
foreach ($roles[$group_name] as $rid => $role_name) {
|
| 116 | 122 |
$consumer_ids[$group_name][$role_name] = ldap_authorization_og_authorization_id($nid, $rid, 'node'); |
| 117 | 123 |
$consumer_ids[$group_name][$rid] = ldap_authorization_og_authorization_id($nid, $rid, 'node'); |
| ... | ... | |
| 124 | 130 |
} |
| 125 | 131 |
|
| 126 | 132 |
/** |
| 127 |
* just make sure install succeeds and
|
|
| 133 |
* Just make sure install succeeds and.
|
|
| 128 | 134 |
*/ |
| 129 |
function testBasicFunctionsAndApi() {
|
|
| 135 |
public function testBasicFunctionsAndApi() {
|
|
| 130 | 136 |
// TODO: Fix failing tests, excluding to make branch pass. |
| 131 | 137 |
return; |
| 132 | 138 |
|
| 133 |
if (ldap_authorization_og_og_version() != 2) {
|
|
| 134 |
debug('LdapAuthorizationOg2Tests must be run with OG 7.x-2.x');
|
|
| 135 |
return; |
|
| 136 |
} |
|
| 137 |
|
|
| 138 | 139 |
$this->createCustomRoles(); |
| 139 | 140 |
$all_roles = og_roles($this->groupEntityType, $this->groupBundle, 0, FALSE, TRUE); |
| 140 | 141 |
|
| 141 | 142 |
$this->ldapTestId = $this->module_name . ': setup success'; |
| 142 |
// just to give warning if setup doesn't succeed. may want to take these out at some point.
|
|
| 143 |
// Just to give warning if setup doesn't succeed. may want to take these out at some point.
|
|
| 143 | 144 |
$setup_success = ( |
| 144 | 145 |
module_exists('ldap_authentication') &&
|
| 145 | 146 |
module_exists('ldap_servers') &&
|
| ... | ... | |
| 162 | 163 |
$this->ldapTestId = $this->module_name . ': og2 functions'; |
| 163 | 164 |
list($group_nodes, $group_nids, $group_entity_ids, $roles_by_name, $consumer_ids) = $this->getTestData(TRUE); |
| 164 | 165 |
|
| 165 |
|
|
| 166 | 166 |
/** |
| 167 | 167 |
* II.0 basic granting tests to make sure og_role_grant, ldap_authorization_og_rid_from_role_name, |
| 168 | 168 |
* and ldap_authorization_og2_get_group functions work |
| ... | ... | |
| 179 | 179 |
$og_faculty_membership = og_group($this->groupType, $group_nids['faculty'], $values); |
| 180 | 180 |
|
| 181 | 181 |
og_role_grant($this->groupType, $group_nids['gryffindor'], $web_user->uid, $roles_by_name['gryffindor'][OG_AUTHENTICATED_ROLE]); |
| 182 |
og_role_grant($this->groupType, $group_nids['faculty'], $web_user->uid, $roles_by_name['faculty'][OG_ADMINISTRATOR_ROLE]);
|
|
| 183 |
og_role_grant($this->groupType, $group_nids['faculty'], $web_user->uid, $roles_by_name['faculty']['dungeon-master']);
|
|
| 184 |
og_role_grant($this->groupType, $group_nids['faculty'], $web_user->uid, $roles_by_name['faculty'][OG_AUTHENTICATED_ROLE]);
|
|
| 182 |
og_role_grant($this->groupType, $group_nids['faculty'], $web_user->uid, $roles_by_name['faculty'][OG_ADMINISTRATOR_ROLE]); |
|
| 183 |
og_role_grant($this->groupType, $group_nids['faculty'], $web_user->uid, $roles_by_name['faculty']['dungeon-master']); |
|
| 184 |
og_role_grant($this->groupType, $group_nids['faculty'], $web_user->uid, $roles_by_name['faculty'][OG_AUTHENTICATED_ROLE]); |
|
| 185 | 185 |
|
| 186 |
$web_user = user_load($web_user->uid, TRUE); // need to reload because of issue with og_group and og_role_grant |
|
| 186 |
// Need to reload because of issue with og_group and og_role_grant. |
|
| 187 |
$web_user = user_load($web_user->uid, TRUE); |
|
| 187 | 188 |
$ids = array($web_user->uid); |
| 188 | 189 |
$user_entity = entity_load('user', $ids);
|
| 189 | 190 |
|
| ... | ... | |
| 206 | 207 |
* II.A. construct ldapauthorization og object and test methods. |
| 207 | 208 |
* (unit tests for methods and class without any ldap user context). |
| 208 | 209 |
*/ |
| 209 |
// |
|
| 210 |
// .
|
|
| 210 | 211 |
$this->ldapTestId = $this->module_name . ': LdapAuthorizationConsumerOG class'; |
| 211 | 212 |
$og_auth = new LdapAuthorizationConsumerOG('og_group');
|
| 212 | 213 |
$this->assertTrue(is_object($og_auth), 'Successfully instantiated LdapAuthorizationConsumerOG', $this->ldapTestId); |
| ... | ... | |
| 216 | 217 |
$this->assertTrue($og_auth->hasAuthorization($web_user, ldap_authorization_og_authorization_id($group_nids['faculty'], $roles_by_name['faculty'][OG_ADMINISTRATOR_ROLE], 'node')), |
| 217 | 218 |
'hasAuthorization() method works for non LDAP provisioned og authorization, faculty admin role', $this->ldapTestId); |
| 218 | 219 |
|
| 219 |
|
|
| 220 | 220 |
$should_haves = array( |
| 221 | 221 |
$consumer_ids['gryffindor'][OG_AUTHENTICATED_ROLE] => 'gryffindor member', |
| 222 |
$consumer_ids['faculty'][OG_AUTHENTICATED_ROLE] => 'faculty member',
|
|
| 222 |
$consumer_ids['faculty'][OG_AUTHENTICATED_ROLE] => 'faculty member', |
|
| 223 | 223 |
$consumer_ids['faculty'][OG_ADMINISTRATOR_ROLE] => 'faculty admin', |
| 224 | 224 |
$consumer_ids['faculty']['dungeon-master'] => 'faculty dungeon master', |
| 225 | 225 |
); |
| ... | ... | |
| 244 | 244 |
"LdapAuthorizationConsumerOG authorizationRevoke() test revoke on member role " . $consumer_ids['faculty']['dungeon-master'], $this->ldapTestId); |
| 245 | 245 |
|
| 246 | 246 |
$web_user = user_load($web_user->uid, TRUE); |
| 247 |
$consumers = array($consumer_ids['faculty']['dungeon-master'] => $og_auth->emptyConsumer);
|
|
| 247 |
$consumers = array($consumer_ids['faculty']['dungeon-master'] => $og_auth->emptyConsumer); |
|
| 248 | 248 |
$og_auth->authorizationRevoke($web_user, $user_data, $consumers, $ldap_entry, TRUE); |
| 249 | 249 |
$this->assertFalse(ldap_authorization_og2_has_consumer_id($consumer_ids['faculty']['dungeon-master'], $web_user->uid), |
| 250 | 250 |
"LdapAuthorizationConsumerOG authorizationRevoke() test revoke on custom member role role " . $consumer_ids['faculty']['dungeon-master'], $this->ldapTestId); |
| ... | ... | |
| 253 | 253 |
$initial_user_authorizations = $og_auth->usersAuthorizations($web_user, TRUE, TRUE); |
| 254 | 254 |
debug("initial_user_authorizations authorizations:"); debug($initial_user_authorizations);
|
| 255 | 255 |
debug("initial_user data:"); debug($web_user->data);
|
| 256 |
$og_auth->authorizationGrant($web_user, $user_data, array($consumer_ids['students'][OG_AUTHENTICATED_ROLE] => $og_auth->emptyConsumer), $ldap_entry, TRUE);
|
|
| 256 |
$og_auth->authorizationGrant($web_user, $user_data, array($consumer_ids['students'][OG_AUTHENTICATED_ROLE] => $og_auth->emptyConsumer), $ldap_entry, TRUE); |
|
| 257 | 257 |
$success = ldap_authorization_og2_has_consumer_id($consumer_ids['students'][OG_AUTHENTICATED_ROLE], $web_user->uid); |
| 258 | 258 |
$this->assertTrue($success, "LdapAuthorizationConsumerOG authorizationGrant() test grant on member role " . $consumer_ids['students'][OG_AUTHENTICATED_ROLE], $this->ldapTestId); |
| 259 | 259 |
if (!$success) {
|
| ... | ... | |
| 261 | 261 |
debug("user authorizations:"); debug($og_auth->usersAuthorizations($web_user, TRUE));
|
| 262 | 262 |
} |
| 263 | 263 |
$web_user = user_load($web_user->uid, TRUE); |
| 264 |
$result = $og_auth->authorizationRevoke($web_user, $user_data, array('node:454:44334' => $og_auth->emptyConsumer), $ldap_entry, TRUE);
|
|
| 264 |
$result = $og_auth->authorizationRevoke($web_user, $user_data, array('node:454:44334' => $og_auth->emptyConsumer), $ldap_entry, TRUE);
|
|
| 265 | 265 |
$this->assertFalse($result, |
| 266 | 266 |
'LdapAuthorizationConsumerOG authorizationRevoke() test revoke of bogus authorization', $this->ldapTestId); |
| 267 | 267 |
|
| ... | ... | |
| 290 | 290 |
$test = ldap_authorization_og2_has_role($this->groupType, $group_nids['gryffindor'], $web_user->uid, OG_ADMINISTRATOR_ROLE); |
| 291 | 291 |
$this->assertTrue($test, 'ldap_authorization_og2_has_role() function works', $this->ldapTestId); |
| 292 | 292 |
|
| 293 |
$test = ldap_authorization_og2_has_role($this->groupType, $group_nids['students'], $web_user->uid, OG_ADMINISTRATOR_ROLE);
|
|
| 293 |
$test = ldap_authorization_og2_has_role($this->groupType, $group_nids['students'], $web_user->uid, OG_ADMINISTRATOR_ROLE); |
|
| 294 | 294 |
$this->assertTrue($test === FALSE, 'ldap_authorization_og2_has_role() function fails with FALSE', $this->ldapTestId); |
| 295 | 295 |
|
| 296 | 296 |
} |
| 297 | 297 |
|
| 298 |
|
|
| 299 | 298 |
/** |
| 300 |
* authorization configuration flags tests clumped together |
|
| 301 |
*/ |
|
| 302 |
|
|
| 303 |
function testFlags() {
|
|
| 304 |
// TODO: Fix failing tests, excluding to make branch pass. |
|
| 305 |
return; |
|
| 299 |
* Authorization configuration flags tests clumped together. |
|
| 300 |
*/ |
|
| 301 |
public function testFlags() {
|
|
| 302 |
// TODO: Fix failing tests, excluding to make branch pass. |
|
| 303 |
return; |
|
| 306 | 304 |
|
| 307 |
$sid = 'activedirectory1'; |
|
| 308 |
$this->prepTestData( |
|
| 305 |
$sid = 'activedirectory1';
|
|
| 306 |
$this->prepTestData(
|
|
| 309 | 307 |
LDAP_TEST_LDAP_NAME, |
| 310 | 308 |
array($sid), |
| 311 | 309 |
'provisionToDrupal', |
| 312 | 310 |
'default', |
| 313 | 311 |
'og_group2' |
| 314 |
); |
|
| 312 |
);
|
|
| 315 | 313 |
|
| 316 |
$og_group_consumer = ldap_authorization_get_consumers('og_group', TRUE, TRUE);
|
|
| 317 |
/** |
|
| 314 |
$og_group_consumer = ldap_authorization_get_consumers('og_group', TRUE, TRUE);
|
|
| 315 |
/**
|
|
| 318 | 316 |
* LDAP_authorz.Flags.status=0: Disable ldap_authorization_drupal_role configuration and make sure no authorizations performed |
| 319 | 317 |
*/ |
| 320 | 318 |
|
| 321 |
list($props_set_display, $props_set_correctly) = $this->checkConsumerConfSetup('og_group2');
|
|
| 322 |
$this->assertTrue( |
|
| 323 |
$props_set_correctly, |
|
| 324 |
'Authorization Configuration set correctly in test setup', |
|
| 325 |
'LDAP_authorz.Flags.setup.0' |
|
| 326 |
); |
|
| 327 |
if (!$props_set_correctly) {
|
|
| 328 |
debug('LDAP_authorz.Flags.setup.0 properties not set correctly'); debug($props_set_display);
|
|
| 329 |
} |
|
| 330 |
|
|
| 331 |
$this->consumerAdminConf['og_group']->useFirstAttrAsGroupId = 0; |
|
| 332 |
$this->consumerAdminConf['og_group']->status = 0; |
|
| 333 |
$this->consumerAdminConf['og_group']->save(); |
|
| 334 |
|
|
| 335 |
$user = $this->drupalCreateUser(array()); |
|
| 336 |
$hpotter = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hpotter', 'mail' => 'hpotter@hogwarts.edu'), TRUE, $user);
|
|
| 319 |
list($props_set_display, $props_set_correctly) = $this->checkConsumerConfSetup('og_group2');
|
|
| 320 |
$this->assertTrue( |
|
| 321 |
$props_set_correctly, |
|
| 322 |
'Authorization Configuration set correctly in test setup', |
|
| 323 |
'LDAP_authorz.Flags.setup.0' |
|
| 324 |
); |
|
| 325 |
if (!$props_set_correctly) {
|
|
| 326 |
debug('LDAP_authorz.Flags.setup.0 properties not set correctly'); debug($props_set_display);
|
|
| 327 |
} |
|
| 337 | 328 |
|
| 338 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'query'); // just see if the correct ones are derived. |
|
| 339 |
$groups1 = $new_authorizations['og_group']; |
|
| 340 |
$this->assertTrue( |
|
| 341 |
count($new_authorizations['og_group']) == 0, |
|
| 342 |
'disabled consumer configuration disallows authorizations.', |
|
| 343 |
'LDAP_authorz.Flags.status.0' |
|
| 344 |
); |
|
| 329 |
$this->consumerAdminConf['og_group']->useFirstAttrAsGroupId = 0; |
|
| 330 |
$this->consumerAdminConf['og_group']->status = 0; |
|
| 331 |
$this->consumerAdminConf['og_group']->save(); |
|
| 345 | 332 |
|
| 346 |
list($group_nodes, $group_nids, $group_entity_ids, $roles_by_name, $consumer_ids) = $this->getTestData(TRUE); |
|
| 333 |
$user = $this->drupalCreateUser(array()); |
|
| 334 |
$hpotter = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hpotter', 'mail' => 'hpotter@hogwarts.edu'), TRUE, $user);
|
|
| 347 | 335 |
|
| 348 |
$this->consumerAdminConf['og_group']->status = 1; |
|
| 349 |
$this->consumerAdminConf['og_group']->save(); |
|
| 350 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'query', 'og_group'); // just see if the correct ones are derived. |
|
| 336 |
// Just see if the correct ones are derived. |
|
| 337 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'query'); |
|
| 338 |
$groups1 = $new_authorizations['og_group']; |
|
| 339 |
$this->assertTrue( |
|
| 340 |
count($new_authorizations['og_group']) == 0, |
|
| 341 |
'disabled consumer configuration disallows authorizations.', |
|
| 342 |
'LDAP_authorz.Flags.status.0' |
|
| 343 |
); |
|
| 351 | 344 |
|
| 352 |
$correct_groups = !empty($new_authorizations['og_group'][$consumer_ids['students'][OG_AUTHENTICATED_ROLE]]) && |
|
| 353 |
!empty($new_authorizations['og_group'][$consumer_ids['gryffindor'][OG_AUTHENTICATED_ROLE]]); |
|
| 354 |
$this->assertTrue($correct_groups, 'enabled consumer configuration allows authorizations.', 'LDAP_authorz.Flags.status.1'); |
|
| 355 |
if (!$correct_groups) {
|
|
| 356 |
debug('LDAP_authorz.Flags.enable.1 roles with enabled'); debug($new_authorizations);
|
|
| 357 |
} |
|
| 345 |
list($group_nodes, $group_nids, $group_entity_ids, $roles_by_name, $consumer_ids) = $this->getTestData(TRUE); |
|
| 358 | 346 |
|
| 347 |
$this->consumerAdminConf['og_group']->status = 1; |
|
| 348 |
$this->consumerAdminConf['og_group']->save(); |
|
| 349 |
// Just see if the correct ones are derived. |
|
| 350 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'query', 'og_group'); |
|
| 351 |
|
|
| 352 |
$correct_groups = !empty($new_authorizations['og_group'][$consumer_ids['students'][OG_AUTHENTICATED_ROLE]]) && |
|
| 353 |
!empty($new_authorizations['og_group'][$consumer_ids['gryffindor'][OG_AUTHENTICATED_ROLE]]); |
|
| 354 |
$this->assertTrue($correct_groups, 'enabled consumer configuration allows authorizations.', 'LDAP_authorz.Flags.status.1'); |
|
| 355 |
if (!$correct_groups) {
|
|
| 356 |
debug('LDAP_authorz.Flags.enable.1 roles with enabled'); debug($new_authorizations);
|
|
| 357 |
} |
|
| 359 | 358 |
|
| 360 |
/** |
|
| 359 |
/**
|
|
| 361 | 360 |
* LDAP_authorz.onlyLdapAuthenticated=1: create normal user and |
| 362 | 361 |
* apply authorization query. should return no roles |
| 363 | 362 |
*/ |
| 364 |
$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 1; |
|
| 365 |
$this->consumerAdminConf['og_group']->status = 1; |
|
| 366 |
$this->consumerAdminConf['og_group']->save(); |
|
| 367 |
|
|
| 368 |
$user = $this->drupalCreateUser(array()); |
|
| 369 |
$hgrainger = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hgrainger', 'mail' => 'hgrainger@hogwarts.edu'), TRUE, $user);
|
|
| 370 |
|
|
| 371 |
// remove old authmap in case it exists so test will work |
|
| 372 |
db_delete('authmap')
|
|
| 373 |
->condition('uid', $user->uid)
|
|
| 374 |
->condition('module', 'ldap_user')
|
|
| 375 |
->execute(); |
|
| 376 |
|
|
| 377 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hgrainger, 'query'); // just see if the correct ones are derived. |
|
| 378 |
$success = (isset($new_authorizations['og_group']) && count($new_authorizations['og_group'] ) == 0); |
|
| 379 |
$this->assertTrue($success, ' only apply to ldap authenticated grants no roles for non ldap user.', 'LDAP_authorz.onlyLdapAuthenticated.1'); |
|
| 380 |
if (!$success) {
|
|
| 381 |
debug('LDAP_authorz.onlyLdapAuthenticated.1');
|
|
| 382 |
debug($new_authorizations); |
|
| 383 |
debug($this->testFunctions->ldapUserIsAuthmapped('hgrainger'));
|
|
| 384 |
debug($notifications); |
|
| 385 |
} |
|
| 363 |
$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 1; |
|
| 364 |
$this->consumerAdminConf['og_group']->status = 1; |
|
| 365 |
$this->consumerAdminConf['og_group']->save(); |
|
| 386 | 366 |
|
| 367 |
$user = $this->drupalCreateUser(array()); |
|
| 368 |
$hgrainger = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hgrainger', 'mail' => 'hgrainger@hogwarts.edu'), TRUE, $user);
|
|
| 387 | 369 |
|
| 388 |
/** |
|
| 370 |
// Remove old authmap in case it exists so test will work. |
|
| 371 |
db_delete('authmap')
|
|
| 372 |
->condition('uid', $user->uid)
|
|
| 373 |
->condition('module', 'ldap_user')
|
|
| 374 |
->execute(); |
|
| 375 |
|
|
| 376 |
// Just see if the correct ones are derived. |
|
| 377 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hgrainger, 'query'); |
|
| 378 |
$success = (isset($new_authorizations['og_group']) && count($new_authorizations['og_group']) == 0); |
|
| 379 |
$this->assertTrue($success, ' only apply to ldap authenticated grants no roles for non ldap user.', 'LDAP_authorz.onlyLdapAuthenticated.1'); |
|
| 380 |
if (!$success) {
|
|
| 381 |
debug('LDAP_authorz.onlyLdapAuthenticated.1');
|
|
| 382 |
debug($new_authorizations); |
|
| 383 |
debug($this->testFunctions->ldapUserIsAuthmapped('hgrainger'));
|
|
| 384 |
debug($notifications); |
|
| 385 |
} |
|
| 386 |
|
|
| 387 |
/** |
|
| 389 | 388 |
* LDAP_authorz.Flags.synchOnLogon - execute logon and check that no roles are applied if disabled |
| 390 | 389 |
*/ |
| 391 | 390 |
|
| 392 |
$this->consumerAdminConf['og_group']->synchOnLogon = 0; |
|
| 393 |
$this->consumerAdminConf['og_group']->save(); |
|
| 394 |
$edit = array( |
|
| 395 |
'name' => 'hgrainger', |
|
| 396 |
'pass' => 'goodpwd', |
|
| 397 |
); |
|
| 398 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 399 |
$this->assertText( |
|
| 400 |
t('Member for'),
|
|
| 401 |
'New Ldap user with good password authenticated.', |
|
| 402 |
'LDAP_authorz.Flags.synchOnLogon.0' |
|
| 403 |
); |
|
| 404 |
$this->assertTrue( |
|
| 405 |
$this->testFunctions->ldapUserIsAuthmapped('hgrainger'),
|
|
| 406 |
'Ldap user properly authmapped.', |
|
| 407 |
'LDAP_authorz.Flags.synchOnLogon.0' |
|
| 408 |
); |
|
| 391 |
$this->consumerAdminConf['og_group']->synchOnLogon = 0;
|
|
| 392 |
$this->consumerAdminConf['og_group']->save();
|
|
| 393 |
$edit = array(
|
|
| 394 |
'name' => 'hgrainger',
|
|
| 395 |
'pass' => 'goodpwd',
|
|
| 396 |
);
|
|
| 397 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 398 |
$this->assertText(
|
|
| 399 |
t('Member for'),
|
|
| 400 |
'New Ldap user with good password authenticated.',
|
|
| 401 |
'LDAP_authorz.Flags.synchOnLogon.0'
|
|
| 402 |
);
|
|
| 403 |
$this->assertTrue(
|
|
| 404 |
$this->testFunctions->ldapUserIsAuthmapped('hgrainger'),
|
|
| 405 |
'Ldap user properly authmapped.',
|
|
| 406 |
'LDAP_authorz.Flags.synchOnLogon.0'
|
|
| 407 |
);
|
|
| 409 | 408 |
|
| 410 |
$hgrainger = user_load_by_name('hgrainger');
|
|
| 411 |
$this->drupalGet('user/logout');
|
|
| 409 |
$hgrainger = user_load_by_name('hgrainger');
|
|
| 410 |
$this->drupalGet('user/logout');
|
|
| 412 | 411 |
|
| 413 |
$this->consumerAdminConf['og_group']->synchOnLogon = 1; |
|
| 414 |
$this->consumerAdminConf['og_group']->save(); |
|
| 415 |
$edit = array( |
|
| 416 |
'name' => 'hgrainger', |
|
| 417 |
'pass' => 'goodpwd', |
|
| 418 |
); |
|
| 419 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 420 |
$this->assertText(t('Member for'), 'New Ldap user with good password authenticated.',
|
|
| 421 |
'LDAP_authorz.Flags.synchOnLogon=1'); |
|
| 422 |
$hgrainger = user_load_by_name('hgrainger');
|
|
| 423 |
$this->drupalGet('user/logout');
|
|
| 424 |
|
|
| 425 |
// create a couple roles for next 2 tests
|
|
| 426 |
$troublemaker = new stdClass(); |
|
| 427 |
$troublemaker->name = 'troublemaker'; |
|
| 428 |
user_role_save($troublemaker); |
|
| 429 |
$troublemaker = user_role_load_by_name('troublemaker');
|
|
| 430 |
|
|
| 431 |
$superadmin = new stdClass(); |
|
| 432 |
$superadmin->name = 'superadmin'; |
|
| 433 |
user_role_save($superadmin); |
|
| 434 |
$superadmin = user_role_load_by_name('superadmin');
|
|
| 435 |
|
|
| 436 |
/** |
|
| 412 |
$this->consumerAdminConf['og_group']->synchOnLogon = 1;
|
|
| 413 |
$this->consumerAdminConf['og_group']->save();
|
|
| 414 |
$edit = array(
|
|
| 415 |
'name' => 'hgrainger',
|
|
| 416 |
'pass' => 'goodpwd',
|
|
| 417 |
);
|
|
| 418 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 419 |
$this->assertText(t('Member for'), 'New Ldap user with good password authenticated.',
|
|
| 420 |
'LDAP_authorz.Flags.synchOnLogon=1');
|
|
| 421 |
$hgrainger = user_load_by_name('hgrainger');
|
|
| 422 |
$this->drupalGet('user/logout');
|
|
| 423 |
|
|
| 424 |
// Create a couple roles for next 2 tests.
|
|
| 425 |
$troublemaker = new stdClass();
|
|
| 426 |
$troublemaker->name = 'troublemaker';
|
|
| 427 |
user_role_save($troublemaker);
|
|
| 428 |
$troublemaker = user_role_load_by_name('troublemaker');
|
|
| 429 |
|
|
| 430 |
$superadmin = new stdClass();
|
|
| 431 |
$superadmin->name = 'superadmin';
|
|
| 432 |
user_role_save($superadmin);
|
|
| 433 |
$superadmin = user_role_load_by_name('superadmin');
|
|
| 434 |
|
|
| 435 |
/**
|
|
| 437 | 436 |
* LDAP_authorz.Flags.revokeLdapProvisioned: test flag for |
| 438 | 437 |
* removing manually granted roles |
| 439 | 438 |
* |
| ... | ... | |
| 445 | 444 |
* |
| 446 | 445 |
*/ |
| 447 | 446 |
|
| 448 |
$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 0; |
|
| 449 |
$this->consumerAdminConf['og_group']->revokeLdapProvisioned = 1; |
|
| 450 |
$this->consumerAdminConf['og_group']->createConsumers = 1; |
|
| 451 |
$this->consumerAdminConf['og_group']->save(); |
|
| 452 |
// set correct roles manually |
|
| 453 |
$hpotter = user_load_by_name('hpotter');
|
|
| 454 |
user_delete($hpotter->uid); |
|
| 455 |
$user = $this->drupalCreateUser(array()); |
|
| 456 |
$hpotter = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hpotter', 'mail' => 'hpotter@hogwarts.edu'), TRUE, $user);
|
|
| 457 |
$edit = array( |
|
| 458 |
'name' => 'hpotter', |
|
| 459 |
'pass' => 'goodpwd', |
|
| 460 |
); |
|
| 461 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 462 |
$this->assertText( |
|
| 463 |
t('Member for'),
|
|
| 464 |
'New Ldap user with good password authenticated.', |
|
| 465 |
'LDAP_authorz.Flags.revokeLdapProvisioned=1' |
|
| 466 |
); |
|
| 467 |
$hpotter = user_load_by_name('hpotter');
|
|
| 468 |
|
|
| 469 |
// add an underserved, ldap granted drupal role superadmin |
|
| 470 |
// and an undeserved, non ldap granted role troublemaker |
|
| 471 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 472 |
$roles = $hpotter->roles; |
|
| 473 |
$roles[$troublemaker->rid] = $troublemaker->name; |
|
| 474 |
$roles[$superadmin->rid] = $superadmin->name; |
|
| 475 |
|
|
| 476 |
$data = array( |
|
| 477 |
'roles' => $roles, |
|
| 478 |
'data' => array('ldap_authorizations' =>
|
|
| 447 |
$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 0; |
|
| 448 |
$this->consumerAdminConf['og_group']->revokeLdapProvisioned = 1; |
|
| 449 |
$this->consumerAdminConf['og_group']->createConsumers = 1; |
|
| 450 |
$this->consumerAdminConf['og_group']->save(); |
|
| 451 |
// Set correct roles manually. |
|
| 452 |
$hpotter = user_load_by_name('hpotter');
|
|
| 453 |
user_delete($hpotter->uid); |
|
| 454 |
$user = $this->drupalCreateUser(array()); |
|
| 455 |
$hpotter = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'hpotter', 'mail' => 'hpotter@hogwarts.edu'), TRUE, $user);
|
|
| 456 |
$edit = array( |
|
| 457 |
'name' => 'hpotter', |
|
| 458 |
'pass' => 'goodpwd', |
|
| 459 |
); |
|
| 460 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 461 |
$this->assertText( |
|
| 462 |
t('Member for'),
|
|
| 463 |
'New Ldap user with good password authenticated.', |
|
| 464 |
'LDAP_authorz.Flags.revokeLdapProvisioned=1' |
|
| 465 |
); |
|
| 466 |
$hpotter = user_load_by_name('hpotter');
|
|
| 467 |
|
|
| 468 |
// Add an underserved, ldap granted drupal role superadmin |
|
| 469 |
// and an undeserved, non ldap granted role troublemaker. |
|
| 470 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 471 |
$roles = $hpotter->roles; |
|
| 472 |
$roles[$troublemaker->rid] = $troublemaker->name; |
|
| 473 |
$roles[$superadmin->rid] = $superadmin->name; |
|
| 474 |
|
|
| 475 |
$data = array( |
|
| 476 |
'roles' => $roles, |
|
| 477 |
'data' => array( |
|
| 478 |
'ldap_authorizations' => |
|
| 479 | 479 |
array( |
| 480 | 480 |
'og_group' => |
| 481 | 481 |
array( |
| ... | ... | |
| 483 | 483 |
array('date_granted' => 1304216778),
|
| 484 | 484 |
), |
| 485 | 485 |
), |
| 486 |
), |
|
| 487 |
); |
|
| 488 |
$hpotter = user_save($hpotter, $data); |
|
| 489 |
|
|
| 490 |
// apply correct authorizations. should remove the administrator role but not the manually created 'troublemaker' role |
|
| 491 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'og_group', 'logon'); |
|
| 486 |
), |
|
| 487 |
); |
|
| 488 |
$hpotter = user_save($hpotter, $data); |
|
| 492 | 489 |
|
| 493 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 494 |
$this->assertTrue( |
|
| 495 |
(!isset($new_authorizations['og_group'][$superadmin->rid])), |
|
| 496 |
' revoke superadmin ldap granted roles when no longer deserved.', |
|
| 497 |
'LDAP_authorz.Flags.revokeLdapProvisioned=1' |
|
| 498 |
); |
|
| 490 |
// Apply correct authorizations. should remove the administrator role but not the manually created 'troublemaker' role. |
|
| 491 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'og_group', 'logon'); |
|
| 499 | 492 |
|
| 493 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 494 |
$this->assertTrue( |
|
| 495 |
(!isset($new_authorizations['og_group'][$superadmin->rid])), |
|
| 496 |
' revoke superadmin ldap granted roles when no longer deserved.', |
|
| 497 |
'LDAP_authorz.Flags.revokeLdapProvisioned=1' |
|
| 498 |
); |
|
| 500 | 499 |
|
| 501 |
/** |
|
| 500 |
/**
|
|
| 502 | 501 |
* LDAP_authorz.Flags.regrantLdapProvisioned |
| 503 | 502 |
* $this->regrantLdapProvisioned == 1 : |
| 504 | 503 |
* Re grant !consumer_namePlural previously granted |
| ... | ... | |
| 508 | 507 |
* - logon |
| 509 | 508 |
* - check if regranted |
| 510 | 509 |
*/ |
| 511 |
$this->drupalGet('user/logout');
|
|
| 512 |
$this->consumerAdminConf['og_group']->regrantLdapProvisioned = 1; |
|
| 513 |
$this->consumerAdminConf['og_group']->save(); |
|
| 514 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 515 |
$roles = $hpotter->roles; |
|
| 516 |
unset($roles[$superadmin->rid]); |
|
| 517 |
user_save($hpotter, array('roles' => $roles));
|
|
| 518 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 519 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'og_group', 'logon'); |
|
| 520 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 521 |
$success = !in_array('administrator', array_values($hpotter->roles));
|
|
| 522 |
|
|
| 523 |
$this->assertTrue( |
|
| 524 |
$success, |
|
| 525 |
'regrant Ldap Provisioned roles that were manually revoked', |
|
| 526 |
'LDAP_authorz.Flags.regrantLdapProvisioned=1' |
|
| 527 |
); |
|
| 528 |
if (!$success) {
|
|
| 529 |
debug('LDAP_authorz.Flags.regrantLdapProvisioned=1');
|
|
| 530 |
debug('hpotter roles'); debug($hpotter->roles);
|
|
| 531 |
debug('new_authorizations'); debug($new_authorizations);
|
|
| 532 |
} |
|
| 510 |
$this->drupalGet('user/logout');
|
|
| 511 |
$this->consumerAdminConf['og_group']->regrantLdapProvisioned = 1; |
|
| 512 |
$this->consumerAdminConf['og_group']->save(); |
|
| 513 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 514 |
$roles = $hpotter->roles; |
|
| 515 |
unset($roles[$superadmin->rid]); |
|
| 516 |
user_save($hpotter, array('roles' => $roles));
|
|
| 517 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 518 |
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'og_group', 'logon'); |
|
| 519 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 520 |
$success = !in_array('administrator', array_values($hpotter->roles));
|
|
| 533 | 521 |
|
| 534 |
/** |
|
| 522 |
$this->assertTrue( |
|
| 523 |
$success, |
|
| 524 |
'regrant Ldap Provisioned roles that were manually revoked', |
|
| 525 |
'LDAP_authorz.Flags.regrantLdapProvisioned=1' |
|
| 526 |
); |
|
| 527 |
if (!$success) {
|
|
| 528 |
debug('LDAP_authorz.Flags.regrantLdapProvisioned=1');
|
|
| 529 |
debug('hpotter roles'); debug($hpotter->roles);
|
|
| 530 |
debug('new_authorizations'); debug($new_authorizations);
|
|
| 531 |
} |
|
| 532 |
|
|
| 533 |
/** |
|
| 535 | 534 |
* LDAP_authorz.Flags.createConsumers=1 |
| 536 | 535 |
*/ |
| 537 | 536 |
|
| 538 |
if (!empty($og_group_consumer['allowConsumerObjectCreation']) && $og_group_consumer['allowConsumerObjectCreation']) {
|
|
| 539 |
//@todo. this needs to be finished when creation of og groups is added to ldap authorization og functionality
|
|
| 540 |
|
|
| 541 |
//add new mapping to and enable create consumers
|
|
| 542 |
$this->prepTestData('hogwarts', array($sid), 'provisionToDrupal', 'default', 'drupal_role_default');
|
|
| 543 |
$this->drupalGet('user/logout');
|
|
| 544 |
$new_role = 'oompa-loompas'; |
|
| 545 |
$this->consumerAdminConf['og_group']->createConsumers = 1; |
|
| 546 |
$this->consumerAdminConf['og_group']->mappings[] = array( |
|
| 547 |
'from' => 'cn=students,ou=groups,dc=hogwarts,dc=edu', |
|
| 548 |
'user_entered' => $new_role, |
|
| 549 |
'normalized' => 'node:' . $new_role . ':' . OG_AUTHENTICATED_ROLE, |
|
| 550 |
'simplified' => $new_role, |
|
| 551 |
'valid' => TRUE, |
|
| 552 |
'error_message' => '', |
|
| 537 |
if (!empty($og_group_consumer['allowConsumerObjectCreation']) && $og_group_consumer['allowConsumerObjectCreation']) {
|
|
| 538 |
// @todo. this needs to be finished when creation of og groups is added to ldap authorization og functionality
|
|
| 539 |
|
|
| 540 |
// Add new mapping to and enable create consumers.
|
|
| 541 |
$this->prepTestData('hogwarts', array($sid), 'provisionToDrupal', 'default', 'drupal_role_default');
|
|
| 542 |
$this->drupalGet('user/logout');
|
|
| 543 |
$new_role = 'oompa-loompas';
|
|
| 544 |
$this->consumerAdminConf['og_group']->createConsumers = 1;
|
|
| 545 |
$this->consumerAdminConf['og_group']->mappings[] = array(
|
|
| 546 |
'from' => 'cn=students,ou=groups,dc=hogwarts,dc=edu',
|
|
| 547 |
'user_entered' => $new_role,
|
|
| 548 |
'normalized' => 'node:' . $new_role . ':' . OG_AUTHENTICATED_ROLE,
|
|
| 549 |
'simplified' => $new_role,
|
|
| 550 |
'valid' => TRUE,
|
|
| 551 |
'error_message' => '',
|
|
| 553 | 552 |
); |
| 554 | 553 |
|
| 555 |
$this->consumerAdminConf['og_group']->save(); |
|
| 554 |
$this->consumerAdminConf['og_group']->save();
|
|
| 556 | 555 |
|
| 557 |
$edit = array( |
|
| 558 |
'name' => 'hpotter', |
|
| 559 |
'pass' => 'goodpwd', |
|
| 560 |
); |
|
| 561 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 562 |
|
|
| 563 |
$new_role_created = in_array($new_role, array_values(user_roles())); |
|
| 564 |
$roles_by_name = array_flip(user_roles()); |
|
| 565 |
$hpotter = user_load_by_name('hpotter');
|
|
| 566 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 567 |
$role_granted = isset($hpotter->roles[$roles_by_name[$new_role]]); |
|
| 568 |
debug('roles'); debug(user_roles());
|
|
| 569 |
debug('roles by name'); debug($roles_by_name);
|
|
| 570 |
debug('hpotter->roles'); debug($hpotter->roles);
|
|
| 571 |
debug("$new_role_created AND $role_granted");
|
|
| 556 |
$edit = array( |
|
| 557 |
'name' => 'hpotter', |
|
| 558 |
'pass' => 'goodpwd', |
|
| 559 |
); |
|
| 560 |
$this->drupalPost('user', $edit, t('Log in'));
|
|
| 561 |
|
|
| 562 |
$new_role_created = in_array($new_role, array_values(user_roles())); |
|
| 563 |
$roles_by_name = array_flip(user_roles()); |
|
| 564 |
$hpotter = user_load_by_name('hpotter');
|
|
| 565 |
$hpotter = user_load($hpotter->uid, TRUE); |
|
| 566 |
$role_granted = isset($hpotter->roles[$roles_by_name[$new_role]]); |
|
| 567 |
debug('roles'); debug(user_roles());
|
|
| 568 |
debug('roles by name'); debug($roles_by_name);
|
|
| 569 |
debug('hpotter->roles'); debug($hpotter->roles);
|
|
| 570 |
debug("$new_role_created AND $role_granted");
|
|
| 571 |
|
|
| 572 |
$this->assertTrue( |
|
| 573 |
($new_role_created && $role_granted), |
|
| 574 |
'create consumers (e.g. roles)', |
|
| 575 |
'LDAP_authorz.Flags.createConsumers=1' |
|
| 576 |
); |
|
| 577 |
} |
|
| 572 | 578 |
|
| 573 |
$this->assertTrue( |
|
| 574 |
($new_role_created && $role_granted), |
|
| 575 |
'create consumers (e.g. roles)', |
|
| 576 |
'LDAP_authorz.Flags.createConsumers=1' |
|
| 577 |
); |
|
| 578 | 579 |
} |
| 579 | 580 |
|
| 580 | 581 |
} |
| 581 |
|
|
| 582 |
} |
|
Formats disponibles : Unified diff
Weekly update of contrib modules