TrashServiceAuthorizationTest::testRecoverThrowsUnauthorizedExceptionWithNewParentLocationParameter() - Code Metrics - Inspection of "Merge branch '7.1'" - ezsystems/ezpublish-kernel - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 22ddbd...378f08 )

unknown

created 2018-04-27 15:12 UTC

testRecoverThrowsUnauthorizedExceptionWithNewParentLocationParameter() B

↳ Parent: TrashServiceAuthorizationTest

Complexity

Conditions	1
Paths	1

Size

Total Lines	28
Code Lines	11

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	11
nc	1
nop	0
dl	0
loc	28
rs	8.8571
c	0
b	0
f	0

<?php

/**
 * File containing the TrashServiceAuthorizationTest class.
 *
 * @copyright Copyright (C) eZ Systems AS. All rights reserved.
 * @license For full copyright and license information view LICENSE file distributed with this source code.
 */
namespace eZ\Publish\API\Repository\Tests;

/**
 * Test case for operations in the TrashService using in memory storage.
 *
 * @see eZ\Publish\API\Repository\TrashService
 * @group integration
 * @group authorization
 */
class TrashServiceAuthorizationTest extends BaseTrashServiceTest
{
    /**
     * Test for the loadTrashItem() method.
     *
     * @see \eZ\Publish\API\Repository\TrashService::loadTrashItem()
     * @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException
     * @depends eZ\Publish\API\Repository\Tests\TrashServiceTest::testLoadTrashItem
     * @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testLoadAnonymousUser
     */
    public function testLoadTrashItemThrowsUnauthorizedException()
    {
        $repository = $this->getRepository();
        $trashService = $repository->getTrashService();

        $anonymousUserId = $this->generateId('user', 10);
        /* BEGIN: Use Case */
        // $anonymousUserId is the ID of the "Anonymous" user
        $trashItem = $this->createTrashItem();

        // Load user service
        $userService = $repository->getUserService();

        // Set "Anonymous" as current user
        $repository->setCurrentUser($userService->loadUser($anonymousUserId));


        // This call will fail with an "UnauthorizedException"
        $trashService->loadTrashItem($trashItem->id);
        /* END: Use Case */
    }

    /**
     * Test for the trash() method without proper permissions.
     *
     * @covers \eZ\Publish\API\Repository\TrashService::trash
     *
     * @expectedException \eZ\Publish\Core\Base\Exceptions\UnauthorizedException
     * @expectedExceptionMessage User does not have access to 'remove' 'content'
     */
    public function testTrashThrowsUnauthorizedException()
    {
        $repository = $this->getRepository();
        $trashService = $repository->getTrashService();
        $locationService = $repository->getLocationService();

        // Load "Media" page location to be trashed
        $mediaLocation = $locationService->loadLocationByRemoteId(
            '75c715a51699d2d309a924eca6a95145'
        );

        // switch user context before testing TrashService::trash method
        $repository->getPermissionResolver()->setCurrentUserReference(
            $this->createUserWithPolicies('trash_test_user', [])
        );
        $trashService->trash($mediaLocation);
    }

    /**
     * Test for the trash() method with proper minimal permission set.
     *
     * @depends testTrashThrowsUnauthorizedException
     *
     * @covers \eZ\Publish\API\Repository\TrashService::trash
     */
    public function testTrashRequiresContentRemovePolicy()
    {
        $repository = $this->getRepository();
        $trashService = $repository->getTrashService();
        $locationService = $repository->getLocationService();

        // Load "Media" page location to be trashed
        $mediaLocation = $locationService->loadLocationByRemoteId(
            '75c715a51699d2d309a924eca6a95145'
        );

        $repository->getPermissionResolver()->setCurrentUserReference(
            $this->createUserWithPolicies(
                'trash_test_user',
                [
                    ['module' => 'content', 'function' => 'remove'],
                ]
            )
        );
        $trashService->trash($mediaLocation);
    }

    /**
     * Test for the recover() method.
     *
     * @see \eZ\Publish\API\Repository\TrashService::recover()
     * @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException
     * @depends eZ\Publish\API\Repository\Tests\TrashServiceTest::testRecover
     * @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testLoadAnonymousUser
     */
    public function testRecoverThrowsUnauthorizedException()
    {
        $repository = $this->getRepository();
        $trashService = $repository->getTrashService();

        $anonymousUserId = $this->generateId('user', 10);
        /* BEGIN: Use Case */
        // $anonymousUserId is the ID of the "Anonymous" user
        $trashItem = $this->createTrashItem();

        // Load user service
        $userService = $repository->getUserService();

        // Set "Anonymous" as current user
        $repository->setCurrentUser($userService->loadUser($anonymousUserId));


        // This call will fail with an "UnauthorizedException"
        $trashService->recover($trashItem);
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}
        /* END: Use Case */
    }

    /**
     * Test for the recover() method.
     *
     * @see \eZ\Publish\API\Repository\TrashService::recover($trashItem, $newParentLocation)
     * @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException
     * @depends eZ\Publish\API\Repository\Tests\TrashServiceTest::testRecover
     * @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testLoadAnonymousUser
     */
    public function testRecoverThrowsUnauthorizedExceptionWithNewParentLocationParameter()
    {
        $repository = $this->getRepository();
        $trashService = $repository->getTrashService();
        $locationService = $repository->getLocationService();

        $homeLocationId = $this->generateId('location', 2);
        $anonymousUserId = $this->generateId('user', 10);
        /* BEGIN: Use Case */
        // $anonymousUserId is the ID of the "Anonymous" user
        // $homeLocationId is the ID of the "Home" location in an eZ Publish
        // demo installation

        $trashItem = $this->createTrashItem();

        // Get the new parent location
        $newParentLocation = $locationService->loadLocation($homeLocationId);

        // Load user service
        $userService = $repository->getUserService();

        // Set "Anonymous" as current user
        $repository->setCurrentUser($userService->loadUser($anonymousUserId));


        // This call will fail with an "UnauthorizedException"
        $trashService->recover($trashItem, $newParentLocation);
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}
        /* END: Use Case */
    }

    /**
     * Test for the emptyTrash() method.
     *
     * @see \eZ\Publish\API\Repository\TrashService::emptyTrash()
     * @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException
     * @depends eZ\Publish\API\Repository\Tests\TrashServiceTest::testEmptyTrash
     * @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testLoadAnonymousUser
     */
    public function testEmptyTrashThrowsUnauthorizedException()
    {
        $repository = $this->getRepository();
        $trashService = $repository->getTrashService();

        $anonymousUserId = $this->generateId('user', 10);
        /* BEGIN: Use Case */
        // $anonymousUserId is the ID of the "Anonymous" user
        $this->createTrashItem();

        // Load user service
        $userService = $repository->getUserService();

        // Set "Anonymous" as current user
        $repository->setCurrentUser($userService->loadUser($anonymousUserId));


        // This call will fail with an "UnauthorizedException"
        $trashService->emptyTrash();
        /* END: Use Case */
    }

    /**
     * Test for the deleteTrashItem() method.
     *
     * @see \eZ\Publish\API\Repository\TrashService::deleteTrashItem()
     * @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException
     * @depends eZ\Publish\API\Repository\Tests\TrashServiceTest::testDeleteTrashItem
     * @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testLoadAnonymousUser
     */
    public function testDeleteTrashItemThrowsUnauthorizedException()
    {
        $repository = $this->getRepository();
        $trashService = $repository->getTrashService();

        $anonymousUserId = $this->generateId('user', 10);
        /* BEGIN: Use Case */
        // $anonymousUserId is the ID of the "Anonymous" user
        $trashItem = $this->createTrashItem();

        // Load user service
        $userService = $repository->getUserService();

        // Set "Anonymous" as current user
        $repository->setCurrentUser($userService->loadUser($anonymousUserId));


        // This call will fail with an "UnauthorizedException"
        $trashService->deleteTrashItem($trashItem);
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}
        /* END: Use Case */
    }
}


1			<?php
2
3			/**
4			* File containing the TrashServiceAuthorizationTest class.
5			*
6			* @copyright Copyright (C) eZ Systems AS. All rights reserved.
7			* @license For full copyright and license information view LICENSE file distributed with this source code.
8			*/
9			namespace eZ\Publish\API\Repository\Tests;
10
11			/**
12			* Test case for operations in the TrashService using in memory storage.
13			*
14			* @see eZ\Publish\API\Repository\TrashService
15			* @group integration
16			* @group authorization
17			*/
18			class TrashServiceAuthorizationTest extends BaseTrashServiceTest
19			{
20			/**
21			* Test for the loadTrashItem() method.
22			*
23			* @see \eZ\Publish\API\Repository\TrashService::loadTrashItem()
24			* @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException
25			* @depends eZ\Publish\API\Repository\Tests\TrashServiceTest::testLoadTrashItem
26			* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testLoadAnonymousUser
27			*/
28			public function testLoadTrashItemThrowsUnauthorizedException()
29			{
30			$repository = $this->getRepository();
31			$trashService = $repository->getTrashService();
32
33			$anonymousUserId = $this->generateId('user', 10);
34			/* BEGIN: Use Case */
35			// $anonymousUserId is the ID of the "Anonymous" user
36			$trashItem = $this->createTrashItem();
37
38			// Load user service
39			$userService = $repository->getUserService();
40
41			// Set "Anonymous" as current user
42			$repository->setCurrentUser($userService->loadUser($anonymousUserId));
			0 ignored issues – show Deprecated Code introduced 2017-04-18 15:26 UTC by Report Bug Copy Issue Report The method `eZ\Publish\API\Repositor...itory::setCurrentUser()` has been deprecated with message: since 6.6, to be removed. Use PermissionResolver::setCurrentUserReference() instead. Sets the current user to the given $user. This method has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead. Loading history...
43
44			// This call will fail with an "UnauthorizedException"
45			$trashService->loadTrashItem($trashItem->id);
46			/* END: Use Case */
47			}
48
49			/**
50			* Test for the trash() method without proper permissions.
51			*
52			* @covers \eZ\Publish\API\Repository\TrashService::trash
53			*
54			* @expectedException \eZ\Publish\Core\Base\Exceptions\UnauthorizedException
55			* @expectedExceptionMessage User does not have access to 'remove' 'content'
56			*/
57			public function testTrashThrowsUnauthorizedException()
58			{
59			$repository = $this->getRepository();
60			$trashService = $repository->getTrashService();
61			$locationService = $repository->getLocationService();
62
63			// Load "Media" page location to be trashed
64			$mediaLocation = $locationService->loadLocationByRemoteId(
65			'75c715a51699d2d309a924eca6a95145'
66			);
67
68			// switch user context before testing TrashService::trash method
69			$repository->getPermissionResolver()->setCurrentUserReference(
70			$this->createUserWithPolicies('trash_test_user', [])
71			);
72			$trashService->trash($mediaLocation);
73			}
74
75			/**
76			* Test for the trash() method with proper minimal permission set.
77			*
78			* @depends testTrashThrowsUnauthorizedException
79			*
80			* @covers \eZ\Publish\API\Repository\TrashService::trash
81			*/
82			public function testTrashRequiresContentRemovePolicy()
83			{
84			$repository = $this->getRepository();
85			$trashService = $repository->getTrashService();
86			$locationService = $repository->getLocationService();
87
88			// Load "Media" page location to be trashed
89			$mediaLocation = $locationService->loadLocationByRemoteId(
90			'75c715a51699d2d309a924eca6a95145'
91			);
92
93			$repository->getPermissionResolver()->setCurrentUserReference(
94			$this->createUserWithPolicies(
95			'trash_test_user',
96			[
97			['module' => 'content', 'function' => 'remove'],
98			]
99			)
100			);
101			$trashService->trash($mediaLocation);
102			}
103
104			/**
105			* Test for the recover() method.
106			*
107			* @see \eZ\Publish\API\Repository\TrashService::recover()
108			* @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException
109			* @depends eZ\Publish\API\Repository\Tests\TrashServiceTest::testRecover
110			* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testLoadAnonymousUser
111			*/
112			public function testRecoverThrowsUnauthorizedException()
113			{
114			$repository = $this->getRepository();
115			$trashService = $repository->getTrashService();
116
117			$anonymousUserId = $this->generateId('user', 10);
118			/* BEGIN: Use Case */
119			// $anonymousUserId is the ID of the "Anonymous" user
120			$trashItem = $this->createTrashItem();
121
122			// Load user service
123			$userService = $repository->getUserService();
124
125			// Set "Anonymous" as current user
126			$repository->setCurrentUser($userService->loadUser($anonymousUserId));
			0 ignored issues – show Deprecated Code introduced 2017-04-18 15:26 UTC by Report Bug Copy Issue Report The method `eZ\Publish\API\Repositor...itory::setCurrentUser()` has been deprecated with message: since 6.6, to be removed. Use PermissionResolver::setCurrentUserReference() instead. Sets the current user to the given $user. This method has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead. Loading history...
127
128			// This call will fail with an "UnauthorizedException"
129			$trashService->recover($trashItem);
			0 ignored issues – show Bug introduced 2017-04-18 15:26 UTC by Report Bug Copy Issue Report It seems like `$trashItem` defined by `$this->createTrashItem()` on line `120` can be `null`; however, `eZ\Publish\API\Repository\TrashService::recover()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null */ function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history...
130			/* END: Use Case */
131			}
132
133			/**
134			* Test for the recover() method.
135			*
136			* @see \eZ\Publish\API\Repository\TrashService::recover($trashItem, $newParentLocation)
137			* @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException
138			* @depends eZ\Publish\API\Repository\Tests\TrashServiceTest::testRecover
139			* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testLoadAnonymousUser
140			*/
141			public function testRecoverThrowsUnauthorizedExceptionWithNewParentLocationParameter()
142			{
143			$repository = $this->getRepository();
144			$trashService = $repository->getTrashService();
145			$locationService = $repository->getLocationService();
146
147			$homeLocationId = $this->generateId('location', 2);
148			$anonymousUserId = $this->generateId('user', 10);
149			/* BEGIN: Use Case */
150			// $anonymousUserId is the ID of the "Anonymous" user
151			// $homeLocationId is the ID of the "Home" location in an eZ Publish
152			// demo installation
153
154			$trashItem = $this->createTrashItem();
155
156			// Get the new parent location
157			$newParentLocation = $locationService->loadLocation($homeLocationId);
158
159			// Load user service
160			$userService = $repository->getUserService();
161
162			// Set "Anonymous" as current user
163			$repository->setCurrentUser($userService->loadUser($anonymousUserId));
			0 ignored issues – show Deprecated Code introduced 2017-04-18 15:26 UTC by Report Bug Copy Issue Report The method `eZ\Publish\API\Repositor...itory::setCurrentUser()` has been deprecated with message: since 6.6, to be removed. Use PermissionResolver::setCurrentUserReference() instead. Sets the current user to the given $user. This method has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead. Loading history...
164
165			// This call will fail with an "UnauthorizedException"
166			$trashService->recover($trashItem, $newParentLocation);
			0 ignored issues – show Bug introduced 2017-04-18 15:26 UTC by Report Bug Copy Issue Report It seems like `$trashItem` defined by `$this->createTrashItem()` on line `154` can be `null`; however, `eZ\Publish\API\Repository\TrashService::recover()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null */ function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history...
167			/* END: Use Case */
168			}
169
170			/**
171			* Test for the emptyTrash() method.
172			*
173			* @see \eZ\Publish\API\Repository\TrashService::emptyTrash()
174			* @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException
175			* @depends eZ\Publish\API\Repository\Tests\TrashServiceTest::testEmptyTrash
176			* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testLoadAnonymousUser
177			*/
178			public function testEmptyTrashThrowsUnauthorizedException()
179			{
180			$repository = $this->getRepository();
181			$trashService = $repository->getTrashService();
182
183			$anonymousUserId = $this->generateId('user', 10);
184			/* BEGIN: Use Case */
185			// $anonymousUserId is the ID of the "Anonymous" user
186			$this->createTrashItem();
187
188			// Load user service
189			$userService = $repository->getUserService();
190
191			// Set "Anonymous" as current user
192			$repository->setCurrentUser($userService->loadUser($anonymousUserId));
			0 ignored issues – show Deprecated Code introduced 2017-04-18 15:26 UTC by Report Bug Copy Issue Report The method `eZ\Publish\API\Repositor...itory::setCurrentUser()` has been deprecated with message: since 6.6, to be removed. Use PermissionResolver::setCurrentUserReference() instead. Sets the current user to the given $user. This method has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead. Loading history...
193
194			// This call will fail with an "UnauthorizedException"
195			$trashService->emptyTrash();
196			/* END: Use Case */
197			}
198
199			/**
200			* Test for the deleteTrashItem() method.
201			*
202			* @see \eZ\Publish\API\Repository\TrashService::deleteTrashItem()
203			* @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException
204			* @depends eZ\Publish\API\Repository\Tests\TrashServiceTest::testDeleteTrashItem
205			* @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testLoadAnonymousUser
206			*/
207			public function testDeleteTrashItemThrowsUnauthorizedException()
208			{
209			$repository = $this->getRepository();
210			$trashService = $repository->getTrashService();
211
212			$anonymousUserId = $this->generateId('user', 10);
213			/* BEGIN: Use Case */
214			// $anonymousUserId is the ID of the "Anonymous" user
215			$trashItem = $this->createTrashItem();
216
217			// Load user service
218			$userService = $repository->getUserService();
219
220			// Set "Anonymous" as current user
221			$repository->setCurrentUser($userService->loadUser($anonymousUserId));
			0 ignored issues – show Deprecated Code introduced 2017-04-18 15:26 UTC by Report Bug Copy Issue Report The method `eZ\Publish\API\Repositor...itory::setCurrentUser()` has been deprecated with message: since 6.6, to be removed. Use PermissionResolver::setCurrentUserReference() instead. Sets the current user to the given $user. This method has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead. Loading history...
222
223			// This call will fail with an "UnauthorizedException"
224			$trashService->deleteTrashItem($trashItem);
			0 ignored issues – show Bug introduced 2017-04-18 15:26 UTC by Report Bug Copy Issue Report It seems like `$trashItem` defined by `$this->createTrashItem()` on line `215` can be `null`; however, `eZ\Publish\API\Repositor...vice::deleteTrashItem()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null */ function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history...
225			/* END: Use Case */
226			}
227			}
228

ezsystems / ezpublish-kernel

Push — master ( 22ddbd...378f08 )

testRecoverThrowsUnauthorizedExceptionWithNewParentLocationParameter() B

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like