-
Notifications
You must be signed in to change notification settings - Fork 1
/
PermissionValidatorTest.phpt
137 lines (121 loc) · 4.11 KB
/
PermissionValidatorTest.phpt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
<?php
declare(strict_types = 1);
namespace NepadaTests\SecurityAnnotations\AccessValidators;
use Mockery;
use Mockery\MockInterface;
use Nepada\SecurityAnnotations\AccessValidators;
use Nepada\SecurityAnnotations\Annotations\Allowed;
use NepadaTests\TestCase;
use Nette;
use Nette\Security\IAuthorizator;
use Nette\Security\User;
use Tester\Assert;
require_once __DIR__ . '/../../bootstrap.php';
/**
* @testCase
*/
class PermissionValidatorTest extends TestCase
{
/**
* @dataProvider getDataForAccessAllowed
* @param Allowed $annotation
* @param string|null $resource
* @param string|null $privilege
*/
public function testAccessAllowed(Allowed $annotation, ?string $resource, ?string $privilege): void
{
$user = $this->mockUser($resource, $privilege, IAuthorizator::ALLOW);
$validator = new AccessValidators\PermissionValidator($user);
Assert::noError(function () use ($validator, $annotation): void {
$validator->validateAccess($annotation);
});
}
/**
* @return mixed[]
*/
protected function getDataForAccessAllowed(): array
{
return [
[
'annotation' => new Allowed(),
'resource' => IAuthorizator::ALL,
'privilege' => IAuthorizator::ALL,
],
[
'annotation' => new Allowed('foo'),
'resource' => 'foo',
'privilege' => IAuthorizator::ALL,
],
[
'annotation' => new Allowed(null, 'edit'),
'resource' => IAuthorizator::ALL,
'privilege' => 'edit',
],
[
'annotation' => new Allowed('foo', 'edit'),
'resource' => 'foo',
'privilege' => 'edit',
],
];
}
/**
* @dataProvider getDataForAccessDenied
* @param Allowed $annotation
* @param string|null $resource
* @param string|null $privilege
* @param string $message
*/
public function testAccessDenied(Allowed $annotation, ?string $resource, ?string $privilege, string $message): void
{
$user = $this->mockUser($resource, $privilege, IAuthorizator::DENY);
$validator = new AccessValidators\PermissionValidator($user);
Assert::exception(function () use ($validator, $annotation): void {
$validator->validateAccess($annotation);
}, Nette\Application\ForbiddenRequestException::class, $message);
}
/**
* @return mixed[]
*/
protected function getDataForAccessDenied(): array
{
return [
[
'annotation' => new Allowed(),
'resource' => IAuthorizator::ALL,
'privilege' => IAuthorizator::ALL,
'message' => 'User is not allowed to access the resource.',
],
[
'annotation' => new Allowed('foo'),
'resource' => 'foo',
'privilege' => IAuthorizator::ALL,
'message' => "User is not allowed to access the resource 'foo'.",
],
[
'annotation' => new Allowed(null, 'edit'),
'resource' => IAuthorizator::ALL,
'privilege' => 'edit',
'message' => 'User is not allowed to edit the resource.',
],
[
'annotation' => new Allowed('foo', 'edit'),
'resource' => 'foo',
'privilege' => 'edit',
'message' => "User is not allowed to edit the resource 'foo'.",
],
];
}
/**
* @param string|null $resource
* @param string|null $privilege
* @param bool $isAllowed
* @return User|MockInterface
*/
private function mockUser(?string $resource = IAuthorizator::ALL, ?string $privilege = IAuthorizator::ALL, bool $isAllowed = false): User
{
$user = Mockery::mock(User::class);
$user->shouldReceive('isAllowed')->withArgs([$resource, $privilege])->andReturn($isAllowed);
return $user;
}
}
(new PermissionValidatorTest())->run();