anonymous//tests/Acl/AclTest.php$1 - Code Metrics - Inspection of "Support multiple reasons for rejected privileges" - Ecodev/felix - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#8)

by Adrien

created 2021-12-03 12:50 UTC

anonymous//tests/Acl/AclTest.php$1 A

↳ Parent: AclTest.php$1 ➔ __construct()

Complexity

Total Complexity

Size/Duplication

Total Lines	8
Duplicated Lines	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
c	1
b	0
f	0
dl	0
loc	8
rs	10
wmc	1

<?php

declare(strict_types=1);

namespace EcodevTests\Felix\Acl;

use Ecodev\Felix\Acl\Acl;
use Ecodev\Felix\Acl\Assertion\IsMyself;
use Ecodev\Felix\Model\CurrentUser;
use EcodevTests\Felix\Blog\Model\User;
use Laminas\Permissions\Acl\Assertion\AssertionInterface;
use Laminas\Permissions\Acl\Resource\ResourceInterface;
use Laminas\Permissions\Acl\Role\RoleInterface;
use PHPUnit\Framework\TestCase;

final class AclTest extends TestCase
{
    protected function tearDown(): void
    {
        CurrentUser::set(null);
    }

    public function testIsCurrentUserAllowed(): void
    {
        $acl = new class() extends Acl {
            public function __construct()
            {
                $user = $this->createModelResource(User::class);
                $this->addRole('anonymous');
                $this->addRole('member');
                $this->allow('member', [$user], ['update'], new IsMyself());
            }
        };

        $user = new User();

        $owner = new User();
        $owner->setName('sarah');
        CurrentUser::set($owner);
        $user->setOwner($owner);

        CurrentUser::set(null);
        self::assertFalse($acl->isCurrentUserAllowed($user, 'update'), 'anonymous cannot update');
        self::assertSame('Non-logged user with role anonymous is not allowed on resource "User#null" with privilege "update"', $acl->getLastDenialMessage());

        CurrentUser::set($owner);
        self::assertFalse($acl->isCurrentUserAllowed($user, 'update'), 'student cannot update even if owner');
        self::assertSame('User "sarah" with role member is not allowed on resource "User#null" with privilege "update" because it is not himself', $acl->getLastDenialMessage());

        $other = new User();
        $other->setName('john');
        CurrentUser::set($other);
        self::assertFalse($acl->isCurrentUserAllowed($user, 'update'), 'other user cannot update');
        self::assertSame('User "john" with role member is not allowed on resource "User#null" with privilege "update" because it is not himself', $acl->getLastDenialMessage());

        // Test again the first case to assert that reject reason does not leak from one assertion to the next
        CurrentUser::set(null);
        self::assertFalse($acl->isCurrentUserAllowed($user, 'update'), 'anonymous cannot update');
        self::assertSame('Non-logged user with role anonymous is not allowed on resource "User#null" with privilege "update"', $acl->getLastDenialMessage());
    }

    public function testMultipleReasons(): void
    {
        $acl = new class() extends Acl {
            public function __construct()
            {
                $user = $this->createModelResource(User::class);
                $this->addRole('anonymous');
                $this->addRole('member', 'anonymous');
                $this->allow(
                    'anonymous',
                    [$user],
                    ['update'],
                    new class() implements AssertionInterface {
                        /**
                         * @param \Ecodev\Felix\Acl\Acl $acl
                         * @param null|mixed $privilege
                         */
                        public function assert(\Laminas\Permissions\Acl\Acl $acl, ?RoleInterface $role = null, ?ResourceInterface $resource = null, $privilege = null)
                        {
                            return $acl->reject('mocked reason');
                        }
                    }
                );
                $this->allow('member', [$user], ['update'], new IsMyself());
            }
        };

        $user = new User();
        $user->setName('sarah');
        CurrentUser::set($user);

        self::assertFalse($acl->isCurrentUserAllowed(new User(), 'update'), 'student cannot update even if user');
        $expected = <<<STRING
User "sarah" with role member is not allowed on resource "User#null" with privilege "update" because:

- it is not himself
- mocked reason
STRING;
        self::assertSame($expected, $acl->getLastDenialMessage());
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace EcodevTests\Felix\Acl;
6
7			use Ecodev\Felix\Acl\Acl;
8			use Ecodev\Felix\Acl\Assertion\IsMyself;
9			use Ecodev\Felix\Model\CurrentUser;
10			use EcodevTests\Felix\Blog\Model\User;
11			use Laminas\Permissions\Acl\Assertion\AssertionInterface;
12			use Laminas\Permissions\Acl\Resource\ResourceInterface;
13			use Laminas\Permissions\Acl\Role\RoleInterface;
14			use PHPUnit\Framework\TestCase;
15
16			final class AclTest extends TestCase
17			{
18			protected function tearDown(): void
19			{
20			CurrentUser::set(null);
21			}
22
23			public function testIsCurrentUserAllowed(): void
24			{
25			$acl = new class() extends Acl {
26			public function __construct()
27			{
28			$user = $this->createModelResource(User::class);
29			$this->addRole('anonymous');
30			$this->addRole('member');
31			$this->allow('member', [$user], ['update'], new IsMyself());
32			}
33			};
34
35			$user = new User();
36
37			$owner = new User();
38			$owner->setName('sarah');
39			CurrentUser::set($owner);
40			$user->setOwner($owner);
41
42			CurrentUser::set(null);
43			self::assertFalse($acl->isCurrentUserAllowed($user, 'update'), 'anonymous cannot update');
44			self::assertSame('Non-logged user with role anonymous is not allowed on resource "User#null" with privilege "update"', $acl->getLastDenialMessage());
45
46			CurrentUser::set($owner);
47			self::assertFalse($acl->isCurrentUserAllowed($user, 'update'), 'student cannot update even if owner');
48			self::assertSame('User "sarah" with role member is not allowed on resource "User#null" with privilege "update" because it is not himself', $acl->getLastDenialMessage());
49
50			$other = new User();
51			$other->setName('john');
52			CurrentUser::set($other);
53			self::assertFalse($acl->isCurrentUserAllowed($user, 'update'), 'other user cannot update');
54			self::assertSame('User "john" with role member is not allowed on resource "User#null" with privilege "update" because it is not himself', $acl->getLastDenialMessage());
55
56			// Test again the first case to assert that reject reason does not leak from one assertion to the next
57			CurrentUser::set(null);
58			self::assertFalse($acl->isCurrentUserAllowed($user, 'update'), 'anonymous cannot update');
59			self::assertSame('Non-logged user with role anonymous is not allowed on resource "User#null" with privilege "update"', $acl->getLastDenialMessage());
60			}
61
62			public function testMultipleReasons(): void
63			{
64			$acl = new class() extends Acl {
65			public function __construct()
66			{
67			$user = $this->createModelResource(User::class);
68			$this->addRole('anonymous');
69			$this->addRole('member', 'anonymous');
70			$this->allow(
71			'anonymous',
72			[$user],
73			['update'],
74			new class() implements AssertionInterface {
75			/**
76			* @param \Ecodev\Felix\Acl\Acl $acl
77			* @param null\|mixed $privilege
78			*/
79			public function assert(\Laminas\Permissions\Acl\Acl $acl, ?RoleInterface $role = null, ?ResourceInterface $resource = null, $privilege = null)
80			{
81			return $acl->reject('mocked reason');
82			}
83			}
84			);
85			$this->allow('member', [$user], ['update'], new IsMyself());
86			}
87			};
88
89			$user = new User();
90			$user->setName('sarah');
91			CurrentUser::set($user);
92
93			self::assertFalse($acl->isCurrentUserAllowed(new User(), 'update'), 'student cannot update even if user');
94			$expected = <<<STRING
95			User "sarah" with role member is not allowed on resource "User#null" with privilege "update" because:
96
97			- it is not himself
98			- mocked reason
99			STRING;
100			self::assertSame($expected, $acl->getLastDenialMessage());
101			}
102			}
103

Ecodev / felix

Pull Request — master (#8)

anonymous//tests/Acl/AclTest.php$1 A

Complexity

Size/Duplication

Importance

Duplication Side-by-Side

Filter issues like