upskill-event-manager/tests/integration/test-access-control.php

<?php
/**
 * Integration Tests for HVAC Access Control
 *
 * @package HVAC_Community_Events
 * @subpackage Tests
 */

class Test_HVAC_Access_Control extends WP_UnitTestCase {
    
    /**
     * Access control instance
     */
    private $access_control;
    
    /**
     * Test users
     */
    private $pending_trainer;
    private $active_trainer;
    private $disabled_trainer;
    private $admin_user;
    
    /**
     * Setup before each test
     */
    public function setUp() {
        parent::setUp();
        
        // Initialize access control
        $this->access_control = new HVAC_Access_Control();
        
        // Create test users
        $this->pending_trainer = $this->factory->user->create( array(
            'role' => 'hvac_trainer',
            'user_login' => 'pending_trainer',
        ) );
        
        $this->active_trainer = $this->factory->user->create( array(
            'role' => 'hvac_trainer',
            'user_login' => 'active_trainer',
        ) );
        
        $this->disabled_trainer = $this->factory->user->create( array(
            'role' => 'hvac_trainer',
            'user_login' => 'disabled_trainer',
        ) );
        
        $this->admin_user = $this->factory->user->create( array(
            'role' => 'administrator',
            'user_login' => 'admin_user',
        ) );
        
        // Set user statuses
        HVAC_Trainer_Status::set_trainer_status( $this->pending_trainer, HVAC_Trainer_Status::STATUS_PENDING );
        HVAC_Trainer_Status::set_trainer_status( $this->active_trainer, HVAC_Trainer_Status::STATUS_ACTIVE );
        HVAC_Trainer_Status::set_trainer_status( $this->disabled_trainer, HVAC_Trainer_Status::STATUS_DISABLED );
    }
    
    /**
     * Teardown after each test
     */
    public function tearDown() {
        parent::tearDown();
        
        // Clean up test users
        wp_delete_user( $this->pending_trainer );
        wp_delete_user( $this->active_trainer );
        wp_delete_user( $this->disabled_trainer );
        wp_delete_user( $this->admin_user );
        
        // Log out any logged in user
        wp_logout();
    }
    
    /**
     * Test public pages are accessible without login
     */
    public function test_public_pages_accessible() {
        // Ensure no user is logged in
        wp_logout();
        
        $public_pages = array(
            '/trainer/registration/',
            '/registration-pending/',
            '/community-login/',
            '/trainer-account-pending/',
            '/trainer-account-disabled/',
        );
        
        foreach ( $public_pages as $page ) {
            // Mock the request
            $_SERVER['REQUEST_URI'] = $page;
            
            // Access control should not redirect for public pages
            $this->expectOutputString( '' );
            
            // Reset for next iteration
            $_SERVER['REQUEST_URI'] = '';
        }
    }
    
    /**
     * Test non-logged in user redirects to login
     */
    public function test_non_logged_in_redirect() {
        wp_logout();
        
        // Mock accessing a protected page
        $_SERVER['REQUEST_URI'] = '/trainer/dashboard/';
        
        // We can't actually test the redirect in unit tests, but we can verify the logic
        // by checking if the user would be redirected
        $this->assertFalse( is_user_logged_in() );
    }
    
    /**
     * Test pending trainer redirect
     */
    public function test_pending_trainer_redirect() {
        // Log in as pending trainer
        wp_set_current_user( $this->pending_trainer );
        
        // Verify user status
        $status = HVAC_Trainer_Status::get_trainer_status( $this->pending_trainer );
        $this->assertEquals( HVAC_Trainer_Status::STATUS_PENDING, $status );
        
        // Verify user cannot access trainer pages
        $this->assertFalse( HVAC_Trainer_Status::can_access_trainer_pages( $this->pending_trainer ) );
    }
    
    /**
     * Test disabled trainer redirect
     */
    public function test_disabled_trainer_redirect() {
        // Log in as disabled trainer
        wp_set_current_user( $this->disabled_trainer );
        
        // Verify user status
        $status = HVAC_Trainer_Status::get_trainer_status( $this->disabled_trainer );
        $this->assertEquals( HVAC_Trainer_Status::STATUS_DISABLED, $status );
        
        // Verify user cannot access trainer pages
        $this->assertFalse( HVAC_Trainer_Status::can_access_trainer_pages( $this->disabled_trainer ) );
    }
    
    /**
     * Test active trainer access
     */
    public function test_active_trainer_access() {
        // Log in as active trainer
        wp_set_current_user( $this->active_trainer );
        
        // Verify user status
        $status = HVAC_Trainer_Status::get_trainer_status( $this->active_trainer );
        $this->assertEquals( HVAC_Trainer_Status::STATUS_ACTIVE, $status );
        
        // Verify user can access trainer pages
        $this->assertTrue( HVAC_Trainer_Status::can_access_trainer_pages( $this->active_trainer ) );
    }
    
    /**
     * Test admin access
     */
    public function test_admin_access() {
        // Log in as admin
        wp_set_current_user( $this->admin_user );
        
        // Admins should have access regardless
        $this->assertTrue( current_user_can( 'manage_options' ) );
    }
    
    /**
     * Test non-trainer user access denied
     */
    public function test_non_trainer_access_denied() {
        // Create a subscriber user
        $subscriber = $this->factory->user->create( array(
            'role' => 'subscriber',
        ) );
        
        wp_set_current_user( $subscriber );
        
        // User should not have trainer role
        $user = wp_get_current_user();
        $this->assertNotContains( 'hvac_trainer', $user->roles );
        $this->assertNotContains( 'hvac_master_trainer', $user->roles );
        
        // Clean up
        wp_delete_user( $subscriber );
    }
    
    /**
     * Test add/remove custom pages
     */
    public function test_custom_page_management() {
        // Add a custom public page
        HVAC_Access_Control::add_custom_page( 'custom-public-page', 'public' );
        
        // Add a custom trainer page
        HVAC_Access_Control::add_custom_page( 'custom-trainer-page', 'trainer' );
        
        // Test removal
        HVAC_Access_Control::remove_custom_page( 'custom-public-page', 'public' );
        HVAC_Access_Control::remove_custom_page( 'custom-trainer-page', 'trainer' );
        
        // This test mainly ensures the methods exist and don't throw errors
        $this->assertTrue( true );
    }
    
    /**
     * Test page path detection
     */
    public function test_page_path_detection() {
        $test_cases = array(
            '/trainer/dashboard/' => 'trainer',
            '/trainer/event/manage/' => 'trainer',
            '/trainer/registration/' => 'public',
            '/community-login/' => 'public',
            '/some-other-page/' => 'neither',
        );
        
        foreach ( $test_cases as $path => $expected_type ) {
            $_SERVER['REQUEST_URI'] = $path;
            
            // We can't directly test private methods, but we can verify
            // the behavior through the public interface
            if ( $expected_type === 'public' || $expected_type === 'trainer' ) {
                $this->assertTrue( true ); // Path would be handled by access control
            } else {
                $this->assertTrue( true ); // Path would be ignored
            }
        }
    }
    
    /**
     * Test status-based capabilities
     */
    public function test_status_based_capabilities() {
        // Test pending trainer
        wp_set_current_user( $this->pending_trainer );
        $this->assertTrue( current_user_can( 'read' ) );
        $this->assertTrue( current_user_can( 'view_hvac_dashboard' ) ); // Has capability but status prevents access
        
        // Test active trainer
        wp_set_current_user( $this->active_trainer );
        $this->assertTrue( current_user_can( 'view_hvac_dashboard' ) );
        $this->assertTrue( current_user_can( 'manage_hvac_events' ) );
        
        // Test disabled trainer
        wp_set_current_user( $this->disabled_trainer );
        $this->assertTrue( current_user_can( 'view_hvac_dashboard' ) ); // Has capability but status prevents access
    }
    
    /**
     * Test master trainer access
     */
    public function test_master_trainer_access() {
        // Create master trainer
        $master_trainer = $this->factory->user->create( array(
            'role' => 'hvac_master_trainer',
        ) );
        
        // Set as active
        HVAC_Trainer_Status::set_trainer_status( $master_trainer, HVAC_Trainer_Status::STATUS_ACTIVE );
        
        wp_set_current_user( $master_trainer );
        
        // Should have access to trainer pages
        $this->assertTrue( HVAC_Trainer_Status::can_access_trainer_pages( $master_trainer ) );
        
        // Should have master dashboard capabilities
        $this->assertTrue( current_user_can( 'view_master_dashboard' ) );
        $this->assertTrue( current_user_can( 'view_all_trainer_data' ) );
        
        // Clean up
        wp_delete_user( $master_trainer );
    }
}