From f34f223eb3af5b4dada745c28948cabe61b82adb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Santiago=20Garc=C3=ADa?= Date: Sun, 28 Aug 2016 13:54:14 -0500 Subject: [PATCH] Added the option in the middleware to abort or redirect Solves #21 --- src/Laratrust/Middleware/LaratrustAbility.php | 3 +- .../Middleware/LaratrustPermission.php | 3 +- src/Laratrust/Middleware/LaratrustRole.php | 3 +- src/config/config.php | 15 +++++++ tests/Middleware/LaratrustAbilityTest.php | 15 ++++++- tests/Middleware/LaratrustPermissionTest.php | 13 ++++++ tests/Middleware/LaratrustRoleTest.php | 14 +++++++ tests/Middleware/MiddlewareTest.php | 41 +++++++++++++++++-- 8 files changed, 99 insertions(+), 8 deletions(-) diff --git a/src/Laratrust/Middleware/LaratrustAbility.php b/src/Laratrust/Middleware/LaratrustAbility.php index 4be9a890..8c020a3b 100644 --- a/src/Laratrust/Middleware/LaratrustAbility.php +++ b/src/Laratrust/Middleware/LaratrustAbility.php @@ -12,6 +12,7 @@ use Closure; use Illuminate\Contracts\Auth\Guard; +use Illuminate\Support\Facades\Config; class LaratrustAbility { @@ -55,7 +56,7 @@ public function handle($request, Closure $next, $roles, $permissions, $validateA if ($this->auth->guest() || !$request->user()->ability($roles, $permissions, [ 'validate_all' => $validateAll ])) { - abort(403); + return call_user_func(Config::get('laratrust.middleware_handling'), Config::get('middleware_params')); } return $next($request); diff --git a/src/Laratrust/Middleware/LaratrustPermission.php b/src/Laratrust/Middleware/LaratrustPermission.php index b810a246..8402be37 100644 --- a/src/Laratrust/Middleware/LaratrustPermission.php +++ b/src/Laratrust/Middleware/LaratrustPermission.php @@ -12,6 +12,7 @@ use Closure; use Illuminate\Contracts\Auth\Guard; +use Illuminate\Support\Facades\Config; class LaratrustPermission { @@ -44,7 +45,7 @@ public function handle($request, Closure $next, $permissions) } if ($this->auth->guest() || !$request->user()->can($permissions)) { - abort(403); + return call_user_func(Config::get('laratrust.middleware_handling'), Config::get('middleware_params')); } return $next($request); diff --git a/src/Laratrust/Middleware/LaratrustRole.php b/src/Laratrust/Middleware/LaratrustRole.php index ce8e3045..7a554666 100644 --- a/src/Laratrust/Middleware/LaratrustRole.php +++ b/src/Laratrust/Middleware/LaratrustRole.php @@ -12,6 +12,7 @@ use Closure; use Illuminate\Contracts\Auth\Guard; +use Illuminate\Support\Facades\Config; class LaratrustRole { @@ -44,7 +45,7 @@ public function handle($request, Closure $next, $roles) } if ($this->auth->guest() || !$request->user()->hasRole($roles)) { - abort(403); + return call_user_func(Config::get('laratrust.middleware_handling'), Config::get('middleware_params')); } return $next($request); diff --git a/src/config/config.php b/src/config/config.php index c2aece6f..8cf955f1 100644 --- a/src/config/config.php +++ b/src/config/config.php @@ -95,4 +95,19 @@ |-------------------------------------------------------------------------- */ 'permission_foreign_key' => 'permission_id', + + /* + |-------------------------------------------------------------------------- + | Method to be called in the middleware return case + | Available: abort|redirect + |-------------------------------------------------------------------------- + */ + 'middleware_handling' => 'abort', + + /* + |-------------------------------------------------------------------------- + | Parameter passed to the middleware_handling method + |-------------------------------------------------------------------------- + */ + 'middleware_params' => '403', ]; diff --git a/tests/Middleware/LaratrustAbilityTest.php b/tests/Middleware/LaratrustAbilityTest.php index 4a4430f8..09a4b989 100644 --- a/tests/Middleware/LaratrustAbilityTest.php +++ b/tests/Middleware/LaratrustAbilityTest.php @@ -1,5 +1,6 @@ shouldReceive('guest')->andReturn(true); $request->user()->shouldReceive('ability')->andReturn(false); + Config::shouldReceive('get')->once()->with('laratrust.middleware_handling') + ->andReturn('abort'); + Config::shouldReceive('get')->once()->with('middleware_params') + ->andReturn('403'); $middleware->handle($request, function () {}, null, null, true); @@ -54,6 +59,10 @@ public function testHandle_IsGuestWithAbility_ShouldAbort403() */ $guard->shouldReceive('guest')->andReturn(true); $request->user()->shouldReceive('ability')->andReturn(true); + Config::shouldReceive('get')->once()->with('laratrust.middleware_handling') + ->andReturn('abort'); + Config::shouldReceive('get')->once()->with('middleware_params') + ->andReturn('403'); $middleware->handle($request, function () {}, null, null); @@ -84,6 +93,10 @@ public function testHandle_IsLoggedInWithNoAbility_ShouldAbort403() */ $guard->shouldReceive('guest')->andReturn(false); $request->user()->shouldReceive('ability')->andReturn(false); + Config::shouldReceive('get')->once()->with('laratrust.middleware_handling') + ->andReturn('abort'); + Config::shouldReceive('get')->once()->with('middleware_params') + ->andReturn('403'); $middleware->handle($request, function () {}, null, null); @@ -113,7 +126,7 @@ public function testHandle_IsLoggedInWithAbility_ShouldNotAbort() |------------------------------------------------------------ */ $guard->shouldReceive('guest')->andReturn(false); - $request->user()->shouldReceive('ability')->andReturn(true); + $request->user()->shouldReceive('ability')->andReturn(true);; $middleware->handle($request, function () {}, null, null); diff --git a/tests/Middleware/LaratrustPermissionTest.php b/tests/Middleware/LaratrustPermissionTest.php index 0c574d3d..91f1c168 100644 --- a/tests/Middleware/LaratrustPermissionTest.php +++ b/tests/Middleware/LaratrustPermissionTest.php @@ -1,5 +1,6 @@ shouldReceive('guest')->andReturn(true); $request->user()->shouldReceive('can')->andReturn(false); + Config::shouldReceive('get')->once()->with('laratrust.middleware_handling') + ->andReturn('abort'); + Config::shouldReceive('get')->once()->with('middleware_params') + ->andReturn('403'); $middleware->handle($request, function () {}, null, null, true); @@ -54,6 +59,10 @@ public function testHandle_IsGuestWithPermission_ShouldAbort403() */ $guard->shouldReceive('guest')->andReturn(true); $request->user()->shouldReceive('can')->andReturn(true); + Config::shouldReceive('get')->once()->with('laratrust.middleware_handling') + ->andReturn('abort'); + Config::shouldReceive('get')->once()->with('middleware_params') + ->andReturn('403'); $middleware->handle($request, function () {}, null, null); @@ -84,6 +93,10 @@ public function testHandle_IsLoggedInWithNoPermission_ShouldAbort403() */ $guard->shouldReceive('guest')->andReturn(false); $request->user()->shouldReceive('can')->andReturn(false); + Config::shouldReceive('get')->once()->with('laratrust.middleware_handling') + ->andReturn('abort'); + Config::shouldReceive('get')->once()->with('middleware_params') + ->andReturn('403'); $middleware->handle($request, function () {}, null, null); diff --git a/tests/Middleware/LaratrustRoleTest.php b/tests/Middleware/LaratrustRoleTest.php index dd2cf9b7..25319be2 100644 --- a/tests/Middleware/LaratrustRoleTest.php +++ b/tests/Middleware/LaratrustRoleTest.php @@ -1,5 +1,6 @@ shouldReceive('guest')->andReturn(true); $request->user()->shouldReceive('hasRole')->andReturn(false); + Config::shouldReceive('get')->once()->with('laratrust.middleware_handling') + ->andReturn('abort'); + Config::shouldReceive('get')->once()->with('middleware_params') + ->andReturn('403'); + $middleware->handle($request, function () {}, null, null, true); /* @@ -54,6 +60,10 @@ public function testHandle_IsGuestWithMatchingRole_ShouldAbort403() */ $guard->shouldReceive('guest')->andReturn(true); $request->user()->shouldReceive('hasRole')->andReturn(true); + Config::shouldReceive('get')->once()->with('laratrust.middleware_handling') + ->andReturn('abort'); + Config::shouldReceive('get')->once()->with('middleware_params') + ->andReturn('403'); $middleware->handle($request, function () {}, null, null); @@ -84,6 +94,10 @@ public function testHandle_IsLoggedInWithMismatchRole_ShouldAbort403() */ $guard->shouldReceive('guest')->andReturn(false); $request->user()->shouldReceive('hasRole')->andReturn(false); + Config::shouldReceive('get')->once()->with('laratrust.middleware_handling') + ->andReturn('abort'); + Config::shouldReceive('get')->once()->with('middleware_params') + ->andReturn('403'); $middleware->handle($request, function () {}, null, null); diff --git a/tests/Middleware/MiddlewareTest.php b/tests/Middleware/MiddlewareTest.php index 7441fdb4..fabadf5e 100644 --- a/tests/Middleware/MiddlewareTest.php +++ b/tests/Middleware/MiddlewareTest.php @@ -1,21 +1,33 @@ shouldReceive('instance')->getMock(); + + $this->facadeMocks['config'] = m::mock('config'); + + Config::setFacadeApplication($app); + Config::swap($this->facadeMocks['config']); + } + public static function setupBeforeClass() { if (! function_exists('abort')) { /** * Mimicks Laravel5's abort() helper function. * - * Instead of calling \Illuminate\Foundation\Application::abort(), this function keeps track of - * the last abort called, so the abort can be retrieved for test assertions. - * - * @see https://github.com/laravel/framework/blob/master/src/Illuminate/Foundation/helpers.php#L7-L23 + * Instead of calling \Illuminate\Foundation\Application::abort(), + * this function keeps track of the last abort called, + * so the abort can be retrieved for test assertions. * * @param int $code * @param string $message @@ -27,6 +39,27 @@ function abort($code, $message = '', array $headers = []) MiddlewareTest::$abortCode = $code; } } + + if (! function_exists('redirect')) { + /** + * Mimicks Laravel5's redirect() helper function. + * + * This function keeps track of the last abort called, + * so the abort can be retrieved for test assertions. + * + * @see https://github.com/laravel/framework/blob/master/src/Illuminate/Foundation/helpers.php + * + * @param string $to + * @param int $status + * @param array $headers + * @param bool $secure + * @return void + */ + function redirect($to = null, $status = 302, $headers = [], $secure = null) + { + MiddlewareTest::$abortCode = $url; + } + } } public function tearDown()