|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace League\Tactician\Bundle\Tests\Security\Voter; |
|
4
|
|
|
|
|
5
|
|
|
use League\Tactician\Bundle\Security\Voter\HandleCommandVoter; |
|
6
|
|
|
use League\Tactician\Bundle\Tests\Fake\FakeCommand; |
|
7
|
|
|
use Mockery; |
|
8
|
|
|
use PHPUnit\Framework\TestCase; |
|
9
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; |
|
10
|
|
|
use Symfony\Component\Security\Core\Authorization\AccessDecisionManager; |
|
11
|
|
|
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface; |
|
12
|
|
|
use Symfony\Component\Security\Core\Role\Role; |
|
13
|
|
|
use Symfony\Component\Security\Core\Role\RoleHierarchy; |
|
14
|
|
|
|
|
15
|
|
|
/** |
|
16
|
|
|
* Unit test for the handle command voter |
|
17
|
|
|
* |
|
18
|
|
|
* @author Ron Rademaker |
|
19
|
|
|
*/ |
|
20
|
|
|
class HandleCommandVoterTest extends TestCase |
|
21
|
|
|
{ |
|
22
|
|
|
/** |
|
23
|
|
|
* Tests the vote method. |
|
24
|
|
|
* |
|
25
|
|
|
* @param string $attribute |
|
26
|
|
|
* @param mixed $subject |
|
27
|
|
|
* @param array $roles |
|
28
|
|
|
* @param array $mapping |
|
29
|
|
|
* @param int $expected |
|
30
|
|
|
* |
|
31
|
|
|
* @dataProvider provideTestVoteData |
|
32
|
|
|
*/ |
|
33
|
|
|
public function testVote(string $attribute, $subject, array $roles, array $mapping, int $expected) |
|
34
|
|
|
{ |
|
35
|
|
|
$voter = new HandleCommandVoter(new RoleHierarchy(['ROLE_ROOT' => ['ROLE_USER']]), $mapping); |
|
36
|
|
|
$tokenMock = Mockery::mock(TokenInterface::class); |
|
37
|
|
|
$tokenMock->shouldReceive('getRoles')->andReturn($roles); |
|
38
|
|
|
|
|
39
|
|
|
$this->assertEquals($expected, $voter->vote($tokenMock, $subject, [$attribute])); |
|
40
|
|
|
} |
|
41
|
|
|
|
|
42
|
|
|
/** |
|
43
|
|
|
* Gets the testdata for the vote test. |
|
44
|
|
|
* |
|
45
|
|
|
* @return array |
|
46
|
|
|
*/ |
|
47
|
|
|
public function provideTestVoteData() |
|
48
|
|
|
{ |
|
49
|
|
|
return [ |
|
50
|
|
|
'default access is false' => ['handle', new FakeCommand, [new Role('ROLE_ADMIN')], [], VoterInterface::ACCESS_DENIED], |
|
51
|
|
|
'abstain when not handling a command, but using the handle attribute' => ['handle', null, [new Role('ROLE_ADMIN')], [], VoterInterface::ACCESS_ABSTAIN], |
|
52
|
|
|
'abstain when not handling a command and not using the handle attribute' => ['create', null, [new Role('ROLE_ADMIN')], [], VoterInterface::ACCESS_ABSTAIN], |
|
53
|
|
|
'abstain when not handling a command' => ['create', new FakeCommand, [new Role('ROLE_ADMIN')], [FakeCommand::class => ['ROLE_ADMIN']], VoterInterface::ACCESS_ABSTAIN], |
|
54
|
|
|
'default is unrelated to roles' => ['handle', new FakeCommand, [new Role('ROLE_ADMIN')], [], VoterInterface::ACCESS_DENIED], |
|
55
|
|
|
'deny access if incorrect role' => ['handle', new FakeCommand, [new Role('ROLE_ADMIN')], [FakeCommand::class => ['ROLE_USER']], VoterInterface::ACCESS_DENIED], |
|
56
|
|
|
'grant access if the user has the configure role' => ['handle', new FakeCommand, [new Role('ROLE_USER')], [FakeCommand::class => ['ROLE_USER']], VoterInterface::ACCESS_GRANTED], |
|
57
|
|
|
'grant access if the user has an inherited role' => ['handle', new FakeCommand, [new Role('ROLE_ROOT')], [FakeCommand::class => ['ROLE_USER']], VoterInterface::ACCESS_GRANTED], |
|
58
|
|
|
'grant access if the user has one of the configure roles' => ['handle', new FakeCommand, [new Role('ROLE_USER')], [FakeCommand::class => ['ROLE_USER', 'ROLE_TWO']], VoterInterface::ACCESS_GRANTED], |
|
59
|
|
|
'grant access if the user has one of the configure roles, but also another role' => ['handle', new FakeCommand, [new Role('ROLE_USER', new Role('ROLE_THREE'))], [FakeCommand::class => ['ROLE_USER', 'ROLE_TWO']], VoterInterface::ACCESS_GRANTED], |
|
|
|
|
|
|
60
|
|
|
'deny access if the command is not in the mapping (i.e. a default deny access case)' => ['handle', new FakeCommand, [new Role('ROLE_USER')], ['someOtherCommand' => ['ROLE_USER']], VoterInterface::ACCESS_DENIED], |
|
61
|
|
|
]; |
|
62
|
|
|
} |
|
63
|
|
|
} |
|
64
|
|
|
|
thephpleague /
tactician-bundle
This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue.
If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress.
In this case you can add the
@ignorePhpDoc annotation to the duplicate definition and it will be ignored.