testApplyAclRulesOnSelectQueryWithNoReadPermissionForRightJoin()   A
last analyzed

Complexity

Conditions 2
Paths 2

Size

Total Lines 29
Code Lines 14

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
eloc 14
dl 0
loc 29
c 0
b 0
f 0
rs 9.7998
cc 2
nc 2
nop 0
1
<?php
2
3
/**
4
 * This file is part of the Spryker Commerce OS.
5
 * For full license information, please view the LICENSE file that was distributed with this source code.
6
 */
7
8
declare(strict_types = 1);
9
10
namespace PyzTest\Zed\AclEntity\Persistence\AclDirector;
11
12
use Codeception\Test\Unit;
13
use Generated\Shared\Transfer\AclEntityMetadataCollectionTransfer;
14
use Generated\Shared\Transfer\AclEntityMetadataTransfer;
15
use Generated\Shared\Transfer\AclEntityRuleTransfer;
16
use Generated\Shared\Transfer\AclEntitySegmentRequestTransfer;
17
use Generated\Shared\Transfer\MerchantProductTransfer;
18
use Generated\Shared\Transfer\RolesTransfer;
19
use Generated\Shared\Transfer\RoleTransfer;
20
use Orm\Zed\Merchant\Persistence\SpyMerchant;
21
use Orm\Zed\MerchantProduct\Persistence\SpyMerchantProductAbstract;
22
use Orm\Zed\MerchantProduct\Persistence\SpyMerchantProductAbstractQuery;
23
use Orm\Zed\Product\Persistence\SpyProduct;
24
use Orm\Zed\Product\Persistence\SpyProductAbstract;
25
use Orm\Zed\Product\Persistence\SpyProductQuery;
26
use Pyz\Zed\Merchant\MerchantDependencyProvider;
27
use PyzTest\Zed\AclEntity\AclQueryDirectorTester;
28
use Spryker\Shared\AclEntity\AclEntityConstants;
29
use Spryker\Zed\AclEntity\Persistence\Exception\OperationNotAuthorizedException;
30
31
/**
32
 * Auto-generated group annotations
33
 *
34
 * @group PyzTest
35
 * @group Zed
36
 * @group AclEntity
37
 * @group Persistence
38
 * @group AclDirector
39
 * @group RelationHandlingTest
40
 * Add your own group annotations below this line
41
 */
42
class RelationHandlingTest extends Unit
43
{
44
    /**
45
     * @var \PyzTest\Zed\AclEntity\AclQueryDirectorTester
46
     */
47
    protected $tester;
48
49
    /**
50
     * @return void
51
     */
52
    protected function setUp(): void
53
    {
54
        parent::setUp();
55
56
        $this->tester->setDependency(MerchantDependencyProvider::PLUGINS_MERCHANT_POST_CREATE, []);
57
58
        $this->tester->deleteTestData();
59
    }
60
61
    /**
62
     * @group AclEntityCreate
63
     *
64
     * @return void
65
     */
66
    public function testInspectCreateWithCreatePermissionForRelation(): void
67
    {
68
        // Arrange
69
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
70
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
71
72
        $this->tester->haveAclEntityRule(
73
            [
74
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
75
                AclEntityRuleTransfer::ENTITY => SpyProduct::class,
76
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
77
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_CREATE,
78
            ],
79
        );
80
        $this->tester->haveAclEntityRule(
81
            [
82
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
83
                AclEntityRuleTransfer::ENTITY => SpyProductAbstract::class,
84
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
85
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_CREATE,
86
            ],
87
        );
88
89
        $aclModelDirector = $this->tester->createAclModelDirector($rolesTransfer);
90
91
        $productEntity = new SpyProduct();
92
        $productEntity->setSpyProductAbstract(new SpyProductAbstract());
93
94
        // Act, Assert
95
        $aclModelDirector->inspectCreate($productEntity);
96
    }
97
98
    /**
99
     * @group AclEntityCreate
100
     *
101
     * @return void
102
     */
103
    public function testInspectCreateWithNoCreatePermissionForRelation(): void
104
    {
105
        // Assert
106
        $this->expectException(OperationNotAuthorizedException::class);
107
        $this->expectExceptionMessage(
108
            'Operation "create" is restricted for Orm\Zed\Product\Persistence\SpyProductAbstract',
109
        );
110
111
        // Arrange
112
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
113
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
114
115
        $this->tester->haveAclEntityRule(
116
            [
117
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
118
                AclEntityRuleTransfer::ENTITY => SpyProduct::class,
119
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
120
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ
121
                    | AclEntityConstants::OPERATION_MASK_CREATE,
122
            ],
123
        );
124
        $this->tester->haveAclEntityRule(
125
            [
126
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
127
                AclEntityRuleTransfer::ENTITY => SpyProductAbstract::class,
128
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
129
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
130
            ],
131
        );
132
133
        $aclModelDirector = $this->tester->createAclModelDirector($rolesTransfer);
134
135
        $productEntity = new SpyProduct();
136
        $productEntity->setSpyProductAbstract(new SpyProductAbstract());
137
138
        // Act
139
        $aclModelDirector->inspectCreate($productEntity);
140
    }
141
142
    /**
143
     * @group AclEntityCreate
144
     * @group AclEntityUpdate
145
     *
146
     * @return void
147
     */
148
    public function testInspectCreateWithUpdatePermissionForRelation(): void
149
    {
150
        // Arrange
151
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
152
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
153
154
        $productAbstractTransfer = $this->tester->haveProductAbstract();
155
156
        $this->tester->haveAclEntityRule(
157
            [
158
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
159
                AclEntityRuleTransfer::ENTITY => SpyProduct::class,
160
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
161
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_CREATE,
162
            ],
163
        );
164
        $this->tester->haveAclEntityRule(
165
            [
166
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
167
                AclEntityRuleTransfer::ENTITY => SpyProductAbstract::class,
168
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
169
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_UPDATE,
170
            ],
171
        );
172
173
        $aclModelDirector = $this->tester->createAclModelDirector($rolesTransfer);
174
175
        $productAbstractEntity = $this->tester->findProductAbstractByIdProductAbstract(
176
            $productAbstractTransfer->getIdProductAbstractOrFail(),
177
        );
178
        $productAbstractEntity->setSku($productAbstractEntity->getSku() . time());
179
        $newProductConcreteEntity = new SpyProduct();
180
        $newProductConcreteEntity->setSpyProductAbstract($productAbstractEntity);
181
182
        // Act, Assert
183
        $aclModelDirector->inspectCreate($newProductConcreteEntity);
184
    }
185
186
    /**
187
     * @group AclEntityCreate
188
     * @group AclEntityUpdate
189
     *
190
     * @return void
191
     */
192
    public function testInspectCreateWithNoUpdatePermissionForRelation(): void
193
    {
194
        // Assert
195
        $this->expectException(OperationNotAuthorizedException::class);
196
        $this->expectExceptionMessage(
197
            'Operation "update" is restricted for Orm\Zed\Product\Persistence\SpyProductAbstract',
198
        );
199
200
        // Arrange
201
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
202
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
203
204
        $productAbstractTransfer = $this->tester->haveProductAbstract();
205
206
        $this->tester->haveAclEntityRule(
207
            [
208
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
209
                AclEntityRuleTransfer::ENTITY => SpyProduct::class,
210
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
211
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_CREATE,
212
            ],
213
        );
214
        $this->tester->haveAclEntityRule(
215
            [
216
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
217
                AclEntityRuleTransfer::ENTITY => SpyProductAbstract::class,
218
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
219
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_CREATE,
220
            ],
221
        );
222
223
        $aclModelDirector = $this->tester->createAclModelDirector($rolesTransfer);
224
225
        $productAbstractEntity = $this->tester->findProductAbstractByIdProductAbstract(
226
            $productAbstractTransfer->getIdProductAbstractOrFail(),
227
        );
228
        $productAbstractEntity->setSku($productAbstractEntity->getSku() . time());
229
        $newProductConcreteEntity = new SpyProduct();
230
        $newProductConcreteEntity->setSpyProductAbstract($productAbstractEntity);
231
232
        // Act
233
        $aclModelDirector->inspectCreate($newProductConcreteEntity);
234
    }
235
236
    /**
237
     * @group AclEntityUpdate
238
     *
239
     * @return void
240
     */
241
    public function testInspectUpdateWithUpdatePermissionForRelation(): void
242
    {
243
        // Arrange
244
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
245
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
246
247
        $productTransfer = $this->tester->haveProduct();
248
249
        $this->tester->haveAclEntityRule(
250
            [
251
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
252
                AclEntityRuleTransfer::ENTITY => SpyProduct::class,
253
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
254
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_UPDATE,
255
            ],
256
        );
257
        $this->tester->haveAclEntityRule(
258
            [
259
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
260
                AclEntityRuleTransfer::ENTITY => SpyProductAbstract::class,
261
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
262
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_UPDATE,
263
            ],
264
        );
265
266
        $aclModelDirector = $this->tester->createAclModelDirector($rolesTransfer);
267
268
        $productEntity = $this->tester->findProductConcreteByIdProduct($productTransfer->getIdProductConcreteOrFail());
269
        $productEntity->setSku($productEntity->getSku() . time());
270
        $productAbstractEntity = $this->tester->findProductAbstractByIdProductAbstract(
271
            $productTransfer->getFkProductAbstractOrFail(),
272
        );
273
        $productAbstractEntity->setSku($productAbstractEntity->getSku() . time());
274
275
        // Act, Assert
276
        $aclModelDirector->inspectUpdate($productEntity);
0 ignored issues
show
Bug introduced by
It seems like $productEntity can also be of type null; however, parameter $entity of Spryker\Zed\AclEntity\Pe...rector::inspectUpdate() does only seem to accept Propel\Runtime\ActiveRecord\ActiveRecordInterface, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

276
        $aclModelDirector->inspectUpdate(/** @scrutinizer ignore-type */ $productEntity);
Loading history...
277
    }
278
279
    /**
280
     * @group AclEntityUpdate
281
     *
282
     * @return void
283
     */
284
    public function testInspectUpdateWithNoUpdatePermissionForRelation(): void
285
    {
286
        // Assert
287
        $this->expectException(OperationNotAuthorizedException::class);
288
        $this->expectExceptionMessage(
289
            'Operation "update" is restricted for Orm\Zed\Product\Persistence\SpyProductAbstract',
290
        );
291
292
        // Arrange
293
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
294
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
295
296
        $productTransfer = $this->tester->haveProduct();
297
298
        $this->tester->haveAclEntityRule(
299
            [
300
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
301
                AclEntityRuleTransfer::ENTITY => SpyProduct::class,
302
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
303
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_UPDATE,
304
            ],
305
        );
306
307
        $this->tester->haveAclEntityRule(
308
            [
309
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
310
                AclEntityRuleTransfer::ENTITY => SpyProductAbstract::class,
311
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
312
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
313
            ],
314
        );
315
316
        $aclModelDirector = $this->tester->createAclModelDirector($rolesTransfer);
317
318
        $productEntity = $this->tester->findProductConcreteByIdProduct($productTransfer->getIdProductConcreteOrFail());
319
        $productEntity->setSku($productEntity->getSku() . time());
320
321
        $productAbstractEntity = $this->tester->findProductAbstractByIdProductAbstract(
322
            $productTransfer->getFkProductAbstractOrFail(),
323
        );
324
        $productAbstractEntity->setSku($productAbstractEntity->getSku() . time());
325
        $productAbstractEntity->addSpyProduct($productEntity);
326
327
        // Act
328
        $aclModelDirector->inspectUpdate($productEntity);
0 ignored issues
show
Bug introduced by
It seems like $productEntity can also be of type null; however, parameter $entity of Spryker\Zed\AclEntity\Pe...rector::inspectUpdate() does only seem to accept Propel\Runtime\ActiveRecord\ActiveRecordInterface, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

328
        $aclModelDirector->inspectUpdate(/** @scrutinizer ignore-type */ $productEntity);
Loading history...
329
    }
330
331
    /**
332
     * @group AclEntityCreate
333
     * @group AclEntityUpdate
334
     *
335
     * @return void
336
     */
337
    public function testInspectUpdateWithCreatePermissionForRelation(): void
338
    {
339
        // Arrange
340
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
341
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
342
343
        $productAbstractTransfer = $this->tester->haveProductAbstract();
344
345
        $this->tester->haveAclEntityRule(
346
            [
347
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
348
                AclEntityRuleTransfer::ENTITY => SpyProductAbstract::class,
349
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
350
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_UPDATE,
351
            ],
352
        );
353
        $this->tester->haveAclEntityRule(
354
            [
355
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
356
                AclEntityRuleTransfer::ENTITY => SpyProduct::class,
357
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
358
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_CREATE,
359
            ],
360
        );
361
362
        $aclModelDirector = $this->tester->createAclModelDirector($rolesTransfer);
363
364
        $productAbstractEntity = $this->tester->findProductAbstractByIdProductAbstract(
365
            $productAbstractTransfer->getIdProductAbstract(),
366
        );
367
        $productAbstractEntity->setSku($productAbstractEntity->getSku() . time());
368
        $productAbstractEntity->addSpyProduct(new SpyProduct());
369
370
        // Act, Assert
371
        $aclModelDirector->inspectUpdate($productAbstractEntity);
0 ignored issues
show
Bug introduced by
It seems like $productAbstractEntity can also be of type null; however, parameter $entity of Spryker\Zed\AclEntity\Pe...rector::inspectUpdate() does only seem to accept Propel\Runtime\ActiveRecord\ActiveRecordInterface, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

371
        $aclModelDirector->inspectUpdate(/** @scrutinizer ignore-type */ $productAbstractEntity);
Loading history...
372
    }
373
374
    /**
375
     * @group AclEntityCreate
376
     * @group AclEntityUpdate
377
     *
378
     * @return void
379
     */
380
    public function testInspectUpdateWithNoCreatePermissionForRelation(): void
381
    {
382
        // Assert
383
        $this->expectException(OperationNotAuthorizedException::class);
384
        $this->expectExceptionMessage(
385
            'Operation "create" is restricted for Orm\Zed\Product\Persistence\SpyProduct',
386
        );
387
388
        // Arrange
389
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
390
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
391
392
        $productAbstractTransfer = $this->tester->haveProductAbstract();
393
394
        $this->tester->haveAclEntityRule(
395
            [
396
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
397
                AclEntityRuleTransfer::ENTITY => SpyProductAbstract::class,
398
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
399
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_UPDATE,
400
            ],
401
        );
402
        $this->tester->haveAclEntityRule(
403
            [
404
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
405
                AclEntityRuleTransfer::ENTITY => SpyProduct::class,
406
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
407
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
408
            ],
409
        );
410
411
        $aclModelDirector = $this->tester->createAclModelDirector($rolesTransfer);
412
413
        $productAbstractEntity = $this->tester->findProductAbstractByIdProductAbstract(
414
            $productAbstractTransfer->getIdProductAbstract(),
415
        );
416
        $productAbstractEntity->setSku($productAbstractEntity->getSku() . time());
417
        $productAbstractEntity->addSpyProduct(new SpyProduct());
418
419
        // Act, Assert
420
        $aclModelDirector->inspectUpdate($productAbstractEntity);
0 ignored issues
show
Bug introduced by
It seems like $productAbstractEntity can also be of type null; however, parameter $entity of Spryker\Zed\AclEntity\Pe...rector::inspectUpdate() does only seem to accept Propel\Runtime\ActiveRecord\ActiveRecordInterface, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

420
        $aclModelDirector->inspectUpdate(/** @scrutinizer ignore-type */ $productAbstractEntity);
Loading history...
421
    }
422
423
    /**
424
     * @group AclEntityApplyAclRules
425
     *
426
     * @return void
427
     */
428
    public function testApplyAclRulesOnSelectQueryWithReadPermissionForJoinsInGlobalScope(): void
429
    {
430
        // Arrange
431
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
432
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
433
434
        $productConcreteTransfer = $this->tester->haveProduct();
435
436
        $this->tester->haveAclEntityRule(
437
            [
438
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
439
                AclEntityRuleTransfer::ENTITY => SpyProduct::class,
440
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
441
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
442
            ],
443
        );
444
        $this->tester->haveAclEntityRule(
445
            [
446
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
447
                AclEntityRuleTransfer::ENTITY => SpyProductAbstract::class,
448
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
449
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
450
            ],
451
        );
452
        $aclQueryDirector = $this->tester->createAclQueryDirector($rolesTransfer);
453
454
        $query = SpyProductQuery::create()->joinWithSpyProductAbstract()->filterBySku(
455
            $productConcreteTransfer->getSkuOrFail(),
456
        );
457
458
        // Act
459
        $query = $aclQueryDirector->applyAclRuleOnSelectQuery($query);
460
461
        // Assert
462
        /** @var \Orm\Zed\Product\Persistence\SpyProduct $productConcreteEntity */
463
        foreach ($query->find() as $productConcreteEntity) {
464
            $this->assertNotEmpty($productConcreteEntity->getSpyProductAbstract());
465
        }
466
    }
467
468
    /**
469
     * @group AclEntityApplyAclRules
470
     *
471
     * @return void
472
     */
473
    public function testApplyAclRulesOnSelectQueryWithNoReadPermissionForJoinsInGlobalScope(): void
474
    {
475
        // Arrange
476
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
477
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
478
479
        $productTransfer = $this->tester->haveProduct();
480
481
        $this->tester->haveAclEntityRule(
482
            [
483
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
484
                AclEntityRuleTransfer::ENTITY => SpyProduct::class,
485
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
486
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
487
            ],
488
        );
489
        $this->tester->haveAclEntityRule(
490
            [
491
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
492
                AclEntityRuleTransfer::ENTITY => SpyProductAbstract::class,
493
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
494
                AclEntityRuleTransfer::PERMISSION_MASK => 0,
495
            ],
496
        );
497
498
        $aclQueryDirector = $this->tester->createAclQueryDirector($rolesTransfer);
499
500
        $query = SpyProductQuery::create()->leftJoinWithSpyProductAbstract()->filterBySku(
501
            $productTransfer->getSkuOrFail(),
502
        );
503
504
        // Act
505
        $query = $aclQueryDirector->applyAclRuleOnSelectQuery($query);
506
507
        // Assert
508
        $this->assertNotEmpty($query->count());
509
        foreach ($query->find()->toArray() as $item) {
510
            $this->assertArrayNotHasKey('SpyProductAbstract', $item);
511
        }
512
    }
513
514
    /**
515
     * @group AclEntityApplyAclRules
516
     *
517
     * @return void
518
     */
519
    public function testApplyAclRulesOnSelectQueryWithReadPermissionForJoinsInSegmentScope(): void
520
    {
521
        // Arrange
522
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
523
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
524
525
        $merchantTransfer = $this->tester->haveMerchant();
526
        $productConcreteTransfer = $this->tester->haveProduct();
527
        $this->tester->haveMerchantProduct(
528
            [
529
                MerchantProductTransfer::ID_MERCHANT => $merchantTransfer->getIdMerchantOrFail(),
530
                MerchantProductTransfer::ID_PRODUCT_ABSTRACT => $productConcreteTransfer->getFkProductAbstractOrFail(),
531
            ],
532
        );
533
534
        $this->tester->haveAclEntityRule(
535
            [
536
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
537
                AclEntityRuleTransfer::ENTITY => SpyMerchantProductAbstract::class,
538
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
539
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
540
            ],
541
        );
542
        $segmentTransfer = $this->tester->haveAclEntitySegment(
543
            [
544
                AclEntitySegmentRequestTransfer::NAME => AclQueryDirectorTester::ACL_ENTITY_SEGMENT_1_NAME,
545
                AclEntitySegmentRequestTransfer::REFERENCE => AclQueryDirectorTester::ACL_ENTITY_SEGMENT_1_REFERENCE,
546
                AclEntitySegmentRequestTransfer::ENTITY => SpyMerchant::class,
547
                AclEntitySegmentRequestTransfer::ENTITY_IDS => [$merchantTransfer->getIdMerchantOrFail()],
548
            ],
549
        );
550
        $this->tester->haveAclEntityRule(
551
            [
552
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_SEGMENT,
553
                AclEntityRuleTransfer::ENTITY => SpyMerchant::class,
554
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
555
                AclEntityRuleTransfer::ID_ACL_ENTITY_SEGMENT => $segmentTransfer->getIdAclEntitySegmentOrFail(),
556
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
557
            ],
558
        );
559
560
        $aclQueryDirector = $this->tester->createAclQueryDirector($rolesTransfer);
561
562
        $query = SpyMerchantProductAbstractQuery::create()->leftJoinWithMerchant()->filterByFkMerchant(
563
            $merchantTransfer->getIdMerchantOrFail(),
564
        );
565
566
        // Act
567
        $query = $aclQueryDirector->applyAclRuleOnSelectQuery($query);
568
569
        // Assert
570
        /** @var \Orm\Zed\MerchantProduct\Persistence\SpyMerchantProductAbstract $merchantProductEntity */
571
        foreach ($query->find() as $merchantProductEntity) {
572
            $this->assertNotEmpty($merchantProductEntity->getMerchant());
573
        }
574
    }
575
576
    /**
577
     * @group AclEntityApplyAclRules
578
     *
579
     * @return void
580
     */
581
    public function testApplyAclRulesOnSelectQueryWithNoReadPermissionForJoin(): void
582
    {
583
        // Arrange
584
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
585
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
586
587
        $this->tester->haveAclEntityRule(
588
            [
589
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
590
                AclEntityRuleTransfer::ENTITY => SpyMerchantProductAbstract::class,
591
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
592
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
593
            ],
594
        );
595
596
        $merchantTransfer = $this->tester->haveMerchant();
597
        $productConcreteTransfer = $this->tester->haveProduct();
598
        $this->tester->haveMerchantProduct(
599
            [
600
                MerchantProductTransfer::ID_MERCHANT => $merchantTransfer->getIdMerchantOrFail(),
601
                MerchantProductTransfer::ID_PRODUCT_ABSTRACT => $productConcreteTransfer->getFkProductAbstractOrFail(),
602
            ],
603
        );
604
605
        $aclQueryDirector = $this->tester->createAclQueryDirector(
606
            $rolesTransfer,
607
            (new AclEntityMetadataCollectionTransfer())
608
                ->addAclEntityMetadata(
609
                    SpyMerchant::class,
610
                    (new AclEntityMetadataTransfer())
611
                        ->setEntityName(SpyMerchant::class)
612
                        ->setDefaultGlobalOperationMask(0),
613
                ),
614
        );
615
616
        $query = SpyMerchantProductAbstractQuery::create()->leftJoinWithMerchant()->filterByFkMerchant(
617
            $merchantTransfer->getIdMerchantOrFail(),
618
        );
619
620
        // Act
621
        $query = $aclQueryDirector->applyAclRuleOnSelectQuery($query);
622
623
        // Assert
624
        foreach ($query->find()->toArray() as $item) {
625
            $this->assertArrayNotHasKey('Merchant', $item);
626
        }
627
    }
628
629
    /**
630
     * @group AclEntityApplyAclRules
631
     *
632
     * @return void
633
     */
634
    public function testApplyAclRulesOnSelectQueryWithReadPermissionForJoinsInDefaultScope(): void
635
    {
636
        // Arrange
637
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
638
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
639
640
        $merchantTransfer = $this->tester->haveMerchant();
641
        $productConcreteTransfer = $this->tester->haveProduct();
642
        $this->tester->haveMerchantProduct(
643
            [
644
                MerchantProductTransfer::ID_MERCHANT => $merchantTransfer->getIdMerchantOrFail(),
645
                MerchantProductTransfer::ID_PRODUCT_ABSTRACT => $productConcreteTransfer->getFkProductAbstractOrFail(),
646
            ],
647
        );
648
649
        $this->tester->haveAclEntityRule(
650
            [
651
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
652
                AclEntityRuleTransfer::ENTITY => SpyMerchantProductAbstract::class,
653
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
654
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
655
            ],
656
        );
657
658
        $aclEntityMetadataCollectionTransfer = (new AclEntityMetadataCollectionTransfer())->addAclEntityMetadata(
659
            SpyMerchant::class,
660
            (new AclEntityMetadataTransfer())
661
                ->setEntityName(SpyMerchant::class)
662
                ->setDefaultGlobalOperationMask(AclEntityConstants::OPERATION_MASK_READ),
663
        );
664
        $aclQueryDirector = $this->tester->createAclQueryDirector($rolesTransfer, $aclEntityMetadataCollectionTransfer);
665
666
        $query = SpyMerchantProductAbstractQuery::create()->joinWithMerchant()->filterByFkMerchant(
667
            $merchantTransfer->getIdMerchantOrFail(),
668
        );
669
670
        // Act
671
        $query = $aclQueryDirector->applyAclRuleOnSelectQuery($query);
672
673
        // Assert
674
        /** @var \Orm\Zed\MerchantProduct\Persistence\SpyMerchantProductAbstract $merchantProductAbstractEntity */
675
        foreach ($query->find() as $merchantProductAbstractEntity) {
676
            $this->assertNotEmpty($merchantProductAbstractEntity->getMerchant());
677
        }
678
    }
679
680
    /**
681
     * @group AclEntityApplyAclRules
682
     *
683
     * @return void
684
     */
685
    public function testApplyAclRulesOnSelectQueryWithReadPermissionForLeftJoin(): void
686
    {
687
        // Arrange
688
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
689
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
690
691
        $merchantProductTransfer = $this->tester->createMerchantProduct();
692
693
        $this->tester->haveAclEntityRule(
694
            [
695
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
696
                AclEntityRuleTransfer::ENTITY => SpyMerchantProductAbstract::class,
697
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
698
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
699
            ],
700
        );
701
        $this->tester->haveAclEntityRule(
702
            [
703
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
704
                AclEntityRuleTransfer::ENTITY => SpyMerchant::class,
705
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
706
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
707
            ],
708
        );
709
710
        $aclQueryDirector = $this->tester->createAclQueryDirector($rolesTransfer);
711
712
        $query = SpyMerchantProductAbstractQuery::create()->leftJoinMerchant()->filterByFkMerchant(
713
            $merchantProductTransfer->getIdMerchantOrFail(),
714
        );
715
716
        // Act
717
        $query = $aclQueryDirector->applyAclRuleOnSelectQuery($query);
718
719
        // Assert
720
        /** @var \Orm\Zed\MerchantProduct\Persistence\SpyMerchantProductAbstract $merchantProductAbstractEntity */
721
        foreach ($query->find() as $merchantProductAbstractEntity) {
722
            $this->assertNotEmpty($merchantProductAbstractEntity->getMerchant());
723
        }
724
    }
725
726
    /**
727
     * @group AclEntityApplyAclRules
728
     *
729
     * @return void
730
     */
731
    public function testApplyAclRulesOnSelectQueryWithNoReadPermissionForLeftJoin(): void
732
    {
733
        // Arrange
734
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
735
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
736
737
        $merchantProductTransfer = $this->tester->createMerchantProduct();
738
739
        $this->tester->haveAclEntityRule(
740
            [
741
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
742
                AclEntityRuleTransfer::ENTITY => SpyMerchantProductAbstract::class,
743
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
744
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
745
            ],
746
        );
747
748
        $aclQueryDirector = $this->tester->createAclQueryDirector($rolesTransfer);
749
750
        $query = SpyMerchantProductAbstractQuery::create()->leftJoinMerchant()->filterByFkMerchant(
751
            $merchantProductTransfer->getIdMerchantOrFail(),
752
        );
753
754
        // Act
755
        $query = $aclQueryDirector->applyAclRuleOnSelectQuery($query);
756
757
        // Assert
758
        foreach ($query->find()->toArray() as $merchantProductAbstract) {
759
            $this->assertArrayNotHasKey('Merchant', $merchantProductAbstract);
760
        }
761
    }
762
763
    /**
764
     * @group AclEntityApplyAclRules
765
     *
766
     * @return void
767
     */
768
    public function testApplyAclRulesOnSelectQueryWithReadPermissionForInnerJoin(): void
769
    {
770
        // Arrange
771
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
772
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
773
774
        $merchantProductTransfer = $this->tester->createMerchantProduct();
775
776
        $this->tester->haveAclEntityRule(
777
            [
778
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
779
                AclEntityRuleTransfer::ENTITY => SpyMerchantProductAbstract::class,
780
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
781
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
782
            ],
783
        );
784
        $this->tester->haveAclEntityRule(
785
            [
786
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
787
                AclEntityRuleTransfer::ENTITY => SpyMerchant::class,
788
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
789
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
790
            ],
791
        );
792
793
        $aclQueryDirector = $this->tester->createAclQueryDirector($rolesTransfer);
794
795
        $query = SpyMerchantProductAbstractQuery::create()->innerJoinMerchant()->filterByFkMerchant(
796
            $merchantProductTransfer->getIdMerchantOrFail(),
797
        );
798
799
        // Act
800
        $query = $aclQueryDirector->applyAclRuleOnSelectQuery($query);
801
802
        // Assert
803
        /** @var \Orm\Zed\MerchantProduct\Persistence\SpyMerchantProductAbstract $merchantProductAbstractEntity */
804
        foreach ($query->find() as $merchantProductAbstractEntity) {
805
            $this->assertNotEmpty($merchantProductAbstractEntity->getMerchant());
806
        }
807
    }
808
809
    /**
810
     * @group AclEntityApplyAclRules
811
     *
812
     * @return void
813
     */
814
    public function testApplyAclRulesOnSelectQueryWithNoReadPermissionForInnerJoin(): void
815
    {
816
        // Arrange
817
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
818
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
819
820
        $merchantProductTransfer = $this->tester->createMerchantProduct();
821
822
        $this->tester->haveAclEntityRule(
823
            [
824
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
825
                AclEntityRuleTransfer::ENTITY => SpyMerchantProductAbstract::class,
826
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
827
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
828
            ],
829
        );
830
831
        $aclQueryDirector = $this->tester->createAclQueryDirector($rolesTransfer);
832
833
        $query = SpyMerchantProductAbstractQuery::create()->innerJoinMerchant()->filterByFkMerchant(
834
            $merchantProductTransfer->getIdMerchantOrFail(),
835
        );
836
837
        // Act
838
        $query = $aclQueryDirector->applyAclRuleOnSelectQuery($query);
839
840
        // Assert
841
        foreach ($query->find()->toArray() as $merchantProductAbstract) {
842
            $this->assertArrayNotHasKey('Merchant', $merchantProductAbstract);
843
        }
844
    }
845
846
    /**
847
     * @group AclEntityApplyAclRules
848
     *
849
     * @return void
850
     */
851
    public function testApplyAclRulesOnSelectQueryWithReadPermissionForRightJoin(): void
852
    {
853
        // Arrange
854
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
855
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
856
857
        $merchantProductTransfer = $this->tester->createMerchantProduct();
858
859
        $this->tester->haveAclEntityRule(
860
            [
861
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
862
                AclEntityRuleTransfer::ENTITY => SpyMerchantProductAbstract::class,
863
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
864
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
865
            ],
866
        );
867
        $this->tester->haveAclEntityRule(
868
            [
869
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
870
                AclEntityRuleTransfer::ENTITY => SpyMerchant::class,
871
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
872
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
873
            ],
874
        );
875
876
        $aclQueryDirector = $this->tester->createAclQueryDirector($rolesTransfer);
877
878
        $query = SpyMerchantProductAbstractQuery::create()->innerJoinMerchant()->filterByFkMerchant(
879
            $merchantProductTransfer->getIdMerchantOrFail(),
880
        );
881
882
        // Act
883
        $query = $aclQueryDirector->applyAclRuleOnSelectQuery($query);
884
885
        // Assert
886
        /** @var \Orm\Zed\MerchantProduct\Persistence\SpyMerchantProductAbstract $merchantProductAbstractEntity */
887
        foreach ($query->find() as $merchantProductAbstractEntity) {
888
            $this->assertNotEmpty($merchantProductAbstractEntity->getMerchant());
889
        }
890
    }
891
892
    /**
893
     * @group AclEntityApplyAclRules
894
     *
895
     * @return void
896
     */
897
    public function testApplyAclRulesOnSelectQueryWithNoReadPermissionForRightJoin(): void
898
    {
899
        // Arrange
900
        $roleTransfer = $this->tester->haveRole([RoleTransfer::NAME => AclQueryDirectorTester::ACL_ROLE_1_NAME]);
901
        $rolesTransfer = (new RolesTransfer())->addRole($roleTransfer);
902
903
        $merchantProductTransfer = $this->tester->createMerchantProduct();
904
905
        $this->tester->haveAclEntityRule(
906
            [
907
                AclEntityRuleTransfer::SCOPE => AclEntityConstants::SCOPE_GLOBAL,
908
                AclEntityRuleTransfer::ENTITY => SpyMerchantProductAbstract::class,
909
                AclEntityRuleTransfer::ID_ACL_ROLE => $roleTransfer->getIdAclRole(),
910
                AclEntityRuleTransfer::PERMISSION_MASK => AclEntityConstants::OPERATION_MASK_READ,
911
            ],
912
        );
913
914
        $aclQueryDirector = $this->tester->createAclQueryDirector($rolesTransfer);
915
916
        $query = SpyMerchantProductAbstractQuery::create()->rightJoinMerchant()->filterByFkMerchant(
917
            $merchantProductTransfer->getIdMerchantOrFail(),
918
        );
919
920
        // Act
921
        $query = $aclQueryDirector->applyAclRuleOnSelectQuery($query);
922
923
        // Assert
924
        foreach ($query->find()->toArray() as $merchantProductAbstract) {
925
            $this->assertArrayNotHasKey('Merchant', $merchantProductAbstract);
926
        }
927
    }
928
}
929