DebugAclTest.php$0 ➔ testGetPrivilegesByResource() - Code Metrics - Inspection of "ACL can get list of privileges by resources #7369" - Ecodev/felix - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 73bfc2...a878a7 )

by Adrien

created 2022-05-10 08:29 UTC

DebugAclTest.php$0 ➔ testGetPrivilegesByResource() A

↳ Parent: DebugAclTest

Complexity

Conditions

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
c	0
b	0
f	0
dl	0
loc	27
rs	9.488

<?php

declare(strict_types=1);

namespace EcodevTests\Felix\Acl;

use Ecodev\Felix\Acl\Assertion\IsMyself;
use Ecodev\Felix\Acl\Assertion\NamedAssertion;
use Ecodev\Felix\Acl\DebugAcl;
use Ecodev\Felix\Acl\ModelResource;
use Ecodev\Felix\Acl\MultipleRoles;
use EcodevTests\Felix\Blog\Model\Post;
use EcodevTests\Felix\Blog\Model\User;
use EcodevTests\Felix\Traits\TestWithContainer;
use Exception;
use Laminas\Permissions\Acl\Acl;
use Laminas\Permissions\Acl\Resource\ResourceInterface;
use Laminas\Permissions\Acl\Role\RoleInterface;
use PHPUnit\Framework\TestCase;

class DebugAclTest extends TestCase
{
    use TestWithContainer;

    private DebugAcl $acl;

    private NamedAssertion $adminAssertion;

    protected function setUp(): void
    {
        $this->createDefaultFelixContainer();
        $this->acl = new DebugAcl();

        $this->acl->addRole('member');
        $this->acl->addRole('admin');

        $this->acl->addResource('user');
        $this->acl->addResource('post');

        $this->adminAssertion = new class() implements NamedAssertion {
            public function assert(Acl $acl, ?RoleInterface $role = null, ?ResourceInterface $resource = null, $privilege = null): never
            {
                throw new Exception('Assertion should never be run in debug version of ACL');
            }

            public function getName(): string
            {
                return 'admin assertion';
            }
        };
    }

    public function testPrivileges(): void
    {
        self::assertSame([], $this->acl->getPrivileges());

        $this->acl->allow('member', 'user', 'read');
        self::assertSame(['read'], $this->acl->getPrivileges());
        self::assertSame(['user' => ['read']], $this->acl->getPrivilegesByResource());

        $this->acl->allow('member', 'post', 'read');
        self::assertSame(['read'], $this->acl->getPrivileges());
        self::assertSame(['user' => ['read'], 'post' => ['read']], $this->acl->getPrivilegesByResource());

        $this->acl->allow('admin', 'post', ['create', 'unusual-privilege']);
        $this->acl->deny('admin', 'post', ['denied-privilege']);
        self::assertSame(['create', 'read', 'denied-privilege', 'unusual-privilege'], $this->acl->getPrivileges());
        self::assertSame(['user' => ['read'], 'post' => ['create', 'denied-privilege', 'read', 'unusual-privilege']], $this->acl->getPrivilegesByResource());

        $this->acl->allow('admin', 'post', null);
        self::assertSame([null, 'create', 'read', 'denied-privilege', 'unusual-privilege'], $this->acl->getPrivileges());
        self::assertSame(['user' => ['read'], 'post' => ['create', 'denied-privilege', 'read', 'unusual-privilege']], $this->acl->getPrivilegesByResource());

        self::assertSame(
            [
                'privilege' => 'create',
                'allowed' => false,
                'allowIf' => [],
                'denyIf' => [],
            ],
            $this->acl->show('member', 'user', 'create')
        );
    }

    public function testGetPrivilegesByResource(): void
    {
        self::assertSame([], $this->acl->getPrivileges());

        $this->acl->allow('member', null, 'read');
        self::assertSame([], $this->acl->getPrivilegesByResource());

        $this->acl->allow('member', 'user', null);
        self::assertSame([], $this->acl->getPrivilegesByResource());

        $this->acl->allow('member', ['user', 'post'], 'read');
        self::assertSame(['user' => ['read'], 'post' => ['read']], $this->acl->getPrivilegesByResource());

        $this->acl->allow('member', ['user', 'post'], 'read');
        self::assertSame(['user' => ['read'], 'post' => ['read']], $this->acl->getPrivilegesByResource());

        $user = new ModelResource(User::class);
        $this->acl->addResource($user);

        $post = new ModelResource(Post::class);
        $this->acl->addResource($post);

        $this->acl->allow('member', $user, 'read');
        self::assertSame(['user' => ['read'], 'post' => ['read'], User::class => ['read']], $this->acl->getPrivilegesByResource());

        $this->acl->allow('member', [$post, $user], 'create');
        self::assertSame(['user' => ['read'], 'post' => ['read'], User::class => ['create', 'read'], Post::class => ['create']], $this->acl->getPrivilegesByResource());
    }

    public function testNamedAssertionsWithAllow(): void
    {
        $this->acl->allow('member', 'user', 'read', new IsMyself());
        $this->acl->allow('admin', 'user', 'read', $this->adminAssertion);

        self::assertSame(
            [
                'privilege' => 'read',
                'allowed' => false,
                'allowIf' => ["c'est moi-même"],
                'denyIf' => [],
            ],
            $this->acl->show('member', 'user', 'read')
        );

        self::assertSame(
            [
                'privilege' => 'read',
                'allowed' => false,
                'allowIf' => ['admin assertion'],
                'denyIf' => [],
            ],
            $this->acl->show('admin', 'user', 'read')
        );

        self::assertSame(
            [
                'privilege' => 'read',
                'allowed' => false,
                'allowIf' => ['admin assertion', "c'est moi-même"],
                'denyIf' => [],
            ],
            $this->acl->show(new MultipleRoles(['member', 'admin']), 'user', 'read')
        );

        self::assertSame(
            [
                'privilege' => 'non-existing-privilege',
                'allowed' => false,
                'allowIf' => [],
                'denyIf' => [],
            ],
            $this->acl->show('member', 'user', 'non-existing-privilege')
        );

        self::assertSame(
            [
                'privilege' => null,
                'allowed' => false,
                'allowIf' => ["c'est moi-même"],
                'denyIf' => [],
            ],
            $this->acl->show('member', 'user', null)
        );
    }

    public function testNamedAssertionsWithDeny(): void
    {
        $this->acl->allow('member', 'user', null);
        $this->acl->allow('admin', 'user', null);
        $this->acl->deny('member', 'user', 'read', new IsMyself());
        $this->acl->deny('admin', 'user', 'read', $this->adminAssertion);

        self::assertSame(
            [
                'privilege' => 'read',
                'allowed' => false,
                'allowIf' => [],
                'denyIf' => ["c'est moi-même"],
            ],
            $this->acl->show('member', 'user', 'read')
        );

        self::assertSame(
            [
                'privilege' => 'read',
                'allowed' => false,
                'allowIf' => [],
                'denyIf' => ['admin assertion'],
            ],
            $this->acl->show('admin', 'user', 'read')
        );

        self::assertSame(
            [
                'privilege' => 'read',
                'allowed' => false,
                'allowIf' => [],
                'denyIf' => ['admin assertion', "c'est moi-même"],
            ],
            $this->acl->show(new MultipleRoles(['member', 'admin']), 'user', 'read')
        );

        self::assertSame(
            [
                'privilege' => 'non-existing-privilege',
                'allowed' => true,  // True because allowed via the `null` wildcard
                'allowIf' => [],
                'denyIf' => [],
            ],
            $this->acl->show('member', 'user', 'non-existing-privilege')
        );
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace EcodevTests\Felix\Acl;
6
7			use Ecodev\Felix\Acl\Assertion\IsMyself;
8			use Ecodev\Felix\Acl\Assertion\NamedAssertion;
9			use Ecodev\Felix\Acl\DebugAcl;
10			use Ecodev\Felix\Acl\ModelResource;
11			use Ecodev\Felix\Acl\MultipleRoles;
12			use EcodevTests\Felix\Blog\Model\Post;
13			use EcodevTests\Felix\Blog\Model\User;
14			use EcodevTests\Felix\Traits\TestWithContainer;
15			use Exception;
16			use Laminas\Permissions\Acl\Acl;
17			use Laminas\Permissions\Acl\Resource\ResourceInterface;
18			use Laminas\Permissions\Acl\Role\RoleInterface;
19			use PHPUnit\Framework\TestCase;
20
21			class DebugAclTest extends TestCase
22			{
23			use TestWithContainer;
24
25			private DebugAcl $acl;
26
27			private NamedAssertion $adminAssertion;
28
29			protected function setUp(): void
30			{
31			$this->createDefaultFelixContainer();
32			$this->acl = new DebugAcl();
33
34			$this->acl->addRole('member');
35			$this->acl->addRole('admin');
36
37			$this->acl->addResource('user');
38			$this->acl->addResource('post');
39
40			$this->adminAssertion = new class() implements NamedAssertion {
41			public function assert(Acl $acl, ?RoleInterface $role = null, ?ResourceInterface $resource = null, $privilege = null): never
42			{
43			throw new Exception('Assertion should never be run in debug version of ACL');
44			}
45
46			public function getName(): string
47			{
48			return 'admin assertion';
49			}
50			};
51			}
52
53			public function testPrivileges(): void
54			{
55			self::assertSame([], $this->acl->getPrivileges());
56
57			$this->acl->allow('member', 'user', 'read');
58			self::assertSame(['read'], $this->acl->getPrivileges());
59			self::assertSame(['user' => ['read']], $this->acl->getPrivilegesByResource());
60
61			$this->acl->allow('member', 'post', 'read');
62			self::assertSame(['read'], $this->acl->getPrivileges());
63			self::assertSame(['user' => ['read'], 'post' => ['read']], $this->acl->getPrivilegesByResource());
64
65			$this->acl->allow('admin', 'post', ['create', 'unusual-privilege']);
66			$this->acl->deny('admin', 'post', ['denied-privilege']);
67			self::assertSame(['create', 'read', 'denied-privilege', 'unusual-privilege'], $this->acl->getPrivileges());
68			self::assertSame(['user' => ['read'], 'post' => ['create', 'denied-privilege', 'read', 'unusual-privilege']], $this->acl->getPrivilegesByResource());
69
70			$this->acl->allow('admin', 'post', null);
71			self::assertSame([null, 'create', 'read', 'denied-privilege', 'unusual-privilege'], $this->acl->getPrivileges());
72			self::assertSame(['user' => ['read'], 'post' => ['create', 'denied-privilege', 'read', 'unusual-privilege']], $this->acl->getPrivilegesByResource());
73
74			self::assertSame(
75			[
76			'privilege' => 'create',
77			'allowed' => false,
78			'allowIf' => [],
79			'denyIf' => [],
80			],
81			$this->acl->show('member', 'user', 'create')
82			);
83			}
84
85			public function testGetPrivilegesByResource(): void
86			{
87			self::assertSame([], $this->acl->getPrivileges());
88
89			$this->acl->allow('member', null, 'read');
90			self::assertSame([], $this->acl->getPrivilegesByResource());
91
92			$this->acl->allow('member', 'user', null);
93			self::assertSame([], $this->acl->getPrivilegesByResource());
94
95			$this->acl->allow('member', ['user', 'post'], 'read');
96			self::assertSame(['user' => ['read'], 'post' => ['read']], $this->acl->getPrivilegesByResource());
97
98			$this->acl->allow('member', ['user', 'post'], 'read');
99			self::assertSame(['user' => ['read'], 'post' => ['read']], $this->acl->getPrivilegesByResource());
100
101			$user = new ModelResource(User::class);
102			$this->acl->addResource($user);
103
104			$post = new ModelResource(Post::class);
105			$this->acl->addResource($post);
106
107			$this->acl->allow('member', $user, 'read');
108			self::assertSame(['user' => ['read'], 'post' => ['read'], User::class => ['read']], $this->acl->getPrivilegesByResource());
109
110			$this->acl->allow('member', [$post, $user], 'create');
111			self::assertSame(['user' => ['read'], 'post' => ['read'], User::class => ['create', 'read'], Post::class => ['create']], $this->acl->getPrivilegesByResource());
112			}
113
114			public function testNamedAssertionsWithAllow(): void
115			{
116			$this->acl->allow('member', 'user', 'read', new IsMyself());
117			$this->acl->allow('admin', 'user', 'read', $this->adminAssertion);
118
119			self::assertSame(
120			[
121			'privilege' => 'read',
122			'allowed' => false,
123			'allowIf' => ["c'est moi-même"],
124			'denyIf' => [],
125			],
126			$this->acl->show('member', 'user', 'read')
127			);
128
129			self::assertSame(
130			[
131			'privilege' => 'read',
132			'allowed' => false,
133			'allowIf' => ['admin assertion'],
134			'denyIf' => [],
135			],
136			$this->acl->show('admin', 'user', 'read')
137			);
138
139			self::assertSame(
140			[
141			'privilege' => 'read',
142			'allowed' => false,
143			'allowIf' => ['admin assertion', "c'est moi-même"],
144			'denyIf' => [],
145			],
146			$this->acl->show(new MultipleRoles(['member', 'admin']), 'user', 'read')
147			);
148
149			self::assertSame(
150			[
151			'privilege' => 'non-existing-privilege',
152			'allowed' => false,
153			'allowIf' => [],
154			'denyIf' => [],
155			],
156			$this->acl->show('member', 'user', 'non-existing-privilege')
157			);
158
159			self::assertSame(
160			[
161			'privilege' => null,
162			'allowed' => false,
163			'allowIf' => ["c'est moi-même"],
164			'denyIf' => [],
165			],
166			$this->acl->show('member', 'user', null)
167			);
168			}
169
170			public function testNamedAssertionsWithDeny(): void
171			{
172			$this->acl->allow('member', 'user', null);
173			$this->acl->allow('admin', 'user', null);
174			$this->acl->deny('member', 'user', 'read', new IsMyself());
175			$this->acl->deny('admin', 'user', 'read', $this->adminAssertion);
176
177			self::assertSame(
178			[
179			'privilege' => 'read',
180			'allowed' => false,
181			'allowIf' => [],
182			'denyIf' => ["c'est moi-même"],
183			],
184			$this->acl->show('member', 'user', 'read')
185			);
186
187			self::assertSame(
188			[
189			'privilege' => 'read',
190			'allowed' => false,
191			'allowIf' => [],
192			'denyIf' => ['admin assertion'],
193			],
194			$this->acl->show('admin', 'user', 'read')
195			);
196
197			self::assertSame(
198			[
199			'privilege' => 'read',
200			'allowed' => false,
201			'allowIf' => [],
202			'denyIf' => ['admin assertion', "c'est moi-même"],
203			],
204			$this->acl->show(new MultipleRoles(['member', 'admin']), 'user', 'read')
205			);
206
207			self::assertSame(
208			[
209			'privilege' => 'non-existing-privilege',
210			'allowed' => true, // True because allowed via the `null` wildcard
211			'allowIf' => [],
212			'denyIf' => [],
213			],
214			$this->acl->show('member', 'user', 'non-existing-privilege')
215			);
216			}
217			}
218

Ecodev / felix

Push — master ( 73bfc2...a878a7 )

DebugAclTest.php$0 ➔ testGetPrivilegesByResource() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like