Add tests for missing identity

tests/TestCase/Controller/Component/AuthorizationComponentTest.php

@@ -253,6 +253,33 @@ public function testApplyScopeImplicitAction()
         $this->assertSame($query, $result);
     }
 
+    public function testApplyScopeNoUser()
+    {
+        $this->request = $this->request
+            ->withoutAttribute('identity');
+
+        $controller = new Controller($this->request);
+        $componentRegistry = new ComponentRegistry($controller);
+        $auth = new AuthorizationComponent($componentRegistry);
+
+        $articles = new ArticlesTable();
+        $query = $this->createMock(QueryInterface::class);
+        $query->method('getRepository')
+            ->willReturn($articles);
+
+        $query->expects($this->once())
+            ->method('where')
+            ->with([
+                'visibility' => 'public',
+            ])
+            ->willReturn($query);
+
+        $result = $auth->applyScope($query);
+
+        $this->assertInstanceOf(QueryInterface::class, $result);
+        $this->assertSame($query, $result);
+    }
+
     public function testApplyScopeMappedAction()
     {
         $articles = new ArticlesTable();
@@ -470,6 +497,20 @@ public function testCan()
         $this->assertFalse($this->Auth->can($article, 'delete'));
     }
 
+    public function testCanWithoutUser()
+    {
+        $this->request = $this->request
+            ->withoutAttribute('identity');
+
+        $controller = new Controller($this->request);
+        $componentRegistry = new ComponentRegistry($controller);
+        $auth = new AuthorizationComponent($componentRegistry);
+
+        $article = new Article(['user_id' => 1, 'visibility' => 'public']);
+        $this->assertFalse($auth->can($article, 'edit'));
+        $this->assertTrue($auth->can($article, 'view'));
+    }
+
     public function testCanWithResult()
     {
         $article = new Article(['user_id' => 1]);