AclTest.php$1 ➔ assert() - Code Metrics - Inspection of "Support multiple reasons for rejected privileges" - Ecodev/felix - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#8)

by Adrien

created 2021-12-03 15:37 UTC

AclTest.php$1 ➔ assert() A

↳ Parent: anonymous//tests/Acl/AclTest.php$1

Complexity

Conditions

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	1
c	1
b	0
f	0
dl	0
loc	3
rs	10

<?php

declare(strict_types=1);

namespace EcodevTests\Felix\Acl;

use Ecodev\Felix\Acl\Acl;
use Ecodev\Felix\Acl\Assertion\IsMyself;
use Ecodev\Felix\Model\CurrentUser;
use EcodevTests\Felix\Blog\Model\User;
use Laminas\Permissions\Acl\Assertion\AssertionInterface;
use Laminas\Permissions\Acl\Resource\ResourceInterface;
use Laminas\Permissions\Acl\Role\RoleInterface;
use PHPUnit\Framework\TestCase;

final class AclTest extends TestCase
{
    protected function tearDown(): void
    {
        CurrentUser::set(null);
    }

    public function testIsCurrentUserAllowed(): void
    {
        $acl = new class() extends Acl {
            public function __construct()
            {
                $user = $this->createModelResource(User::class);
                $this->addRole('anonymous');
                $this->addRole('member');
                $this->allow('member', [$user], ['update'], new IsMyself());
            }
        };

        $user = new User();

        $owner = new User();
        $owner->setName('sarah');
        CurrentUser::set($owner);
        $user->setOwner($owner);

        CurrentUser::set(null);
        self::assertFalse($acl->isCurrentUserAllowed($user, 'update'), 'anonymous cannot update');
        self::assertSame('Non-logged user with role anonymous is not allowed on resource "User#null" with privilege "update"', $acl->getLastDenialMessage());

        CurrentUser::set($owner);
        self::assertFalse($acl->isCurrentUserAllowed($user, 'update'), 'student cannot update even if owner');
        self::assertSame('User "sarah" with role member is not allowed on resource "User#null" with privilege "update" because it is not himself', $acl->getLastDenialMessage());

        $other = new User();
        $other->setName('john');
        CurrentUser::set($other);
        self::assertFalse($acl->isCurrentUserAllowed($user, 'update'), 'other user cannot update');
        self::assertSame('User "john" with role member is not allowed on resource "User#null" with privilege "update" because it is not himself', $acl->getLastDenialMessage());

        // Test again the first case to assert that reject reason does not leak from one assertion to the next
        CurrentUser::set(null);
        self::assertFalse($acl->isCurrentUserAllowed($user, 'update'), 'anonymous cannot update');
        self::assertSame('Non-logged user with role anonymous is not allowed on resource "User#null" with privilege "update"', $acl->getLastDenialMessage());
    }

    /**
     * @requires PHP 7.3
     */
    public function testMultipleReasons(): void
    {
        $acl = new class() extends Acl {
            public function __construct()
            {
                $user = $this->createModelResource(User::class);
                $this->addRole('anonymous');
                $this->addRole('member', 'anonymous');
                $this->allow(
                    'anonymous',
                    [$user],
                    ['update'],
                    new class() implements AssertionInterface {
                        /**
                         * @param \Ecodev\Felix\Acl\Acl $acl
                         * @param null|mixed $privilege
                         */
                        public function assert(\Laminas\Permissions\Acl\Acl $acl, ?RoleInterface $role = null, ?ResourceInterface $resource = null, $privilege = null)
                        {
                            return $acl->reject('mocked reason');
                        }
                    }
                );
                $this->allow('member', [$user], ['update'], new IsMyself());
            }
        };

        $user = new User();
        $user->setName('sarah');
        CurrentUser::set($user);

        self::assertFalse($acl->isCurrentUserAllowed(new User(), 'update'), 'student cannot update even if user');
        $expected = <<<STRING
User "sarah" with role member is not allowed on resource "User#null" with privilege "update" because:

- it is not himself
- mocked reason
STRING;
        self::assertSame($expected, $acl->getLastDenialMessage());
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace EcodevTests\Felix\Acl;
6
7			use Ecodev\Felix\Acl\Acl;
8			use Ecodev\Felix\Acl\Assertion\IsMyself;
9			use Ecodev\Felix\Model\CurrentUser;
10			use EcodevTests\Felix\Blog\Model\User;
11			use Laminas\Permissions\Acl\Assertion\AssertionInterface;
12			use Laminas\Permissions\Acl\Resource\ResourceInterface;
13			use Laminas\Permissions\Acl\Role\RoleInterface;
14			use PHPUnit\Framework\TestCase;
15
16			final class AclTest extends TestCase
17			{
18			protected function tearDown(): void
19			{
20			CurrentUser::set(null);
21			}
22
23			public function testIsCurrentUserAllowed(): void
24			{
25			$acl = new class() extends Acl {
26			public function __construct()
27			{
28			$user = $this->createModelResource(User::class);
29			$this->addRole('anonymous');
30			$this->addRole('member');
31			$this->allow('member', [$user], ['update'], new IsMyself());
32			}
33			};
34
35			$user = new User();
36
37			$owner = new User();
38			$owner->setName('sarah');
39			CurrentUser::set($owner);
40			$user->setOwner($owner);
41
42			CurrentUser::set(null);
43			self::assertFalse($acl->isCurrentUserAllowed($user, 'update'), 'anonymous cannot update');
44			self::assertSame('Non-logged user with role anonymous is not allowed on resource "User#null" with privilege "update"', $acl->getLastDenialMessage());
45
46			CurrentUser::set($owner);
47			self::assertFalse($acl->isCurrentUserAllowed($user, 'update'), 'student cannot update even if owner');
48			self::assertSame('User "sarah" with role member is not allowed on resource "User#null" with privilege "update" because it is not himself', $acl->getLastDenialMessage());
49
50			$other = new User();
51			$other->setName('john');
52			CurrentUser::set($other);
53			self::assertFalse($acl->isCurrentUserAllowed($user, 'update'), 'other user cannot update');
54			self::assertSame('User "john" with role member is not allowed on resource "User#null" with privilege "update" because it is not himself', $acl->getLastDenialMessage());
55
56			// Test again the first case to assert that reject reason does not leak from one assertion to the next
57			CurrentUser::set(null);
58			self::assertFalse($acl->isCurrentUserAllowed($user, 'update'), 'anonymous cannot update');
59			self::assertSame('Non-logged user with role anonymous is not allowed on resource "User#null" with privilege "update"', $acl->getLastDenialMessage());
60			}
61
62			/**
63			* @requires PHP 7.3
64			*/
65			public function testMultipleReasons(): void
66			{
67			$acl = new class() extends Acl {
68			public function __construct()
69			{
70			$user = $this->createModelResource(User::class);
71			$this->addRole('anonymous');
72			$this->addRole('member', 'anonymous');
73			$this->allow(
74			'anonymous',
75			[$user],
76			['update'],
77			new class() implements AssertionInterface {
78			/**
79			* @param \Ecodev\Felix\Acl\Acl $acl
80			* @param null\|mixed $privilege
81			*/
82			public function assert(\Laminas\Permissions\Acl\Acl $acl, ?RoleInterface $role = null, ?ResourceInterface $resource = null, $privilege = null)
83			{
84			return $acl->reject('mocked reason');
85			}
86			}
87			);
88			$this->allow('member', [$user], ['update'], new IsMyself());
89			}
90			};
91
92			$user = new User();
93			$user->setName('sarah');
94			CurrentUser::set($user);
95
96			self::assertFalse($acl->isCurrentUserAllowed(new User(), 'update'), 'student cannot update even if user');
97			$expected = <<<STRING
98			User "sarah" with role member is not allowed on resource "User#null" with privilege "update" because:
99
100			- it is not himself
101			- mocked reason
102			STRING;
103			self::assertSame($expected, $acl->getLastDenialMessage());
104			}
105			}
106

Ecodev / felix

Pull Request — master (#8)

AclTest.php$1 ➔ assert() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like