mirror of
https://gitlab.com/Chill-Projet/chill-bundles.git
synced 2025-06-07 18:44:08 +00:00
Add SHARE permission to SavedExportVoter with tests
Introduced the SHARE attribute and updated SavedExportVoter to handle it. Added new functionality to check if a SavedExport is shared with a specific user and included corresponding unit tests for both the voter and entity behaviors.
This commit is contained in:
parent
3d9b9ea672
commit
420dd4f868
@ -12,8 +12,11 @@ declare(strict_types=1);
|
||||
namespace Chill\MainBundle\Security\Authorization;
|
||||
|
||||
use Chill\MainBundle\Entity\SavedExport;
|
||||
use Chill\MainBundle\Entity\User;
|
||||
use Chill\MainBundle\Export\ExportManager;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
use Symfony\Component\Security\Core\Security;
|
||||
|
||||
class SavedExportVoter extends Voter
|
||||
{
|
||||
@ -23,12 +26,17 @@ class SavedExportVoter extends Voter
|
||||
|
||||
final public const GENERATE = 'CHLL_MAIN_EXPORT_SAVED_GENERATE';
|
||||
|
||||
final public const SHARE = 'CHLL_MAIN_EXPORT_SAVED_SHARE';
|
||||
|
||||
private const ALL = [
|
||||
self::DELETE,
|
||||
self::EDIT,
|
||||
self::GENERATE,
|
||||
self::SHARE,
|
||||
];
|
||||
|
||||
public function __construct(private ExportManager $exportManager, private Security $security) {}
|
||||
|
||||
protected function supports($attribute, $subject): bool
|
||||
{
|
||||
return $subject instanceof SavedExport && \in_array($attribute, self::ALL, true);
|
||||
@ -49,4 +57,10 @@ class SavedExportVoter extends Voter
|
||||
default => throw new \UnexpectedValueException('attribute not supported: '.$attribute),
|
||||
};
|
||||
}
|
||||
|
||||
private function canUserGenerate(User $user, SavedExport $savedExport): bool
|
||||
{
|
||||
return ($savedExport->getUser() === $user || $savedExport->isSharedWithUser($user))
|
||||
&& $this->security->isGranted(ChillExportVoter::EXPORT, $this->exportManager->getExport($savedExport->getExportAlias()));
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1,39 @@
|
||||
<?php
|
||||
|
||||
namespace Chill\MainBundle\Tests\Entity\Workflow;
|
||||
|
||||
use Chill\MainBundle\Entity\SavedExport;
|
||||
use Chill\MainBundle\Entity\User;
|
||||
use Chill\MainBundle\Entity\UserGroup;
|
||||
|
||||
use PHPUnit\Framework\TestCase;
|
||||
|
||||
class SavedExportTest extends TestCase
|
||||
{
|
||||
public function testIsSharedWithUser(): void
|
||||
{
|
||||
// Create test users
|
||||
$user1 = new User();
|
||||
$user2 = new User();
|
||||
$user3 = new User();
|
||||
|
||||
// Create a test group and add user2 to the group
|
||||
$group = new UserGroup();
|
||||
$group->addUser($user2);
|
||||
|
||||
// Create a SavedExport entity
|
||||
$savedExport = new SavedExport();
|
||||
|
||||
// Share the saved export with user1
|
||||
$savedExport->addShare($user1);
|
||||
|
||||
// Share the saved export with the group
|
||||
$savedExport->addShare($group);
|
||||
|
||||
// Assertions
|
||||
$this->assertTrue($savedExport->isSharedWithUser($user1), 'User1 should have access to the saved export.');
|
||||
$this->assertTrue($savedExport->isSharedWithUser($user2), 'User2 (via group) should have access to the saved export.');
|
||||
$this->assertFalse($savedExport->isSharedWithUser($user3), 'User3 should not have access to the saved export.');
|
||||
|
||||
}
|
||||
}
|
@ -0,0 +1,114 @@
|
||||
<?php
|
||||
|
||||
namespace Chill\MainBundle\Tests\Security\Authorization;
|
||||
|
||||
use Chill\MainBundle\Entity\SavedExport;
|
||||
use Chill\MainBundle\Entity\User;
|
||||
use Chill\MainBundle\Entity\UserGroup;
|
||||
use Chill\MainBundle\Export\ExportInterface;
|
||||
use Chill\MainBundle\Export\ExportManager;
|
||||
use Chill\MainBundle\Security\Authorization\SavedExportVoter;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Prophecy\Argument;
|
||||
use Prophecy\PhpUnit\ProphecyTrait;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
|
||||
use Symfony\Component\Security\Core\Security;
|
||||
|
||||
class SavedExportVoterTest extends TestCase
|
||||
{
|
||||
use ProphecyTrait;
|
||||
|
||||
/**
|
||||
* @dataProvider voteProvider
|
||||
*/
|
||||
public function testVote(string $attribute, SavedExport $savedExport, User $user, $expectedResult, bool|null $isGranted = null): void
|
||||
{
|
||||
$security = $this->prophesize(Security::class);
|
||||
if (null !== $isGranted) {
|
||||
$security->isGranted(Argument::any(), Argument::any())->willReturn($isGranted);
|
||||
}
|
||||
|
||||
$export = $this->prophesize(ExportInterface::class);
|
||||
$exportManager = $this->prophesize(ExportManager::class);
|
||||
$exportManager->getExport($savedExport->getExportAlias())->willReturn($export->reveal());
|
||||
|
||||
$voter = new SavedExportVoter($exportManager->reveal(), $security->reveal());
|
||||
$token = new UsernamePasswordToken($user, 'default', ['ROLE_USER']);
|
||||
|
||||
self::assertEquals($expectedResult, $voter->vote($token, $savedExport, [$attribute]));
|
||||
}
|
||||
|
||||
public static function voteProvider(): iterable
|
||||
{
|
||||
$alls = [SavedExportVoter::GENERATE, SavedExportVoter::GENERATE, SavedExportVoter::EDIT, SavedExportVoter::DELETE];
|
||||
$userA = new User();
|
||||
$userB = new User();
|
||||
$userC = new User();
|
||||
$group = new UserGroup();
|
||||
$group->addUser($userC);
|
||||
|
||||
$savedExport = new SavedExport();
|
||||
$savedExport->setExportAlias('dummy_export');
|
||||
$savedExport->setUser($userA);
|
||||
|
||||
foreach ($alls as $attribute) {
|
||||
yield [
|
||||
$attribute,
|
||||
$savedExport,
|
||||
$userA,
|
||||
VoterInterface::ACCESS_GRANTED,
|
||||
true,
|
||||
];
|
||||
}
|
||||
|
||||
yield [
|
||||
SavedExportVoter::GENERATE,
|
||||
$savedExport,
|
||||
$userA,
|
||||
VoterInterface::ACCESS_DENIED,
|
||||
false,
|
||||
];
|
||||
|
||||
foreach ($alls as $attribute) {
|
||||
yield [
|
||||
$attribute,
|
||||
$savedExport,
|
||||
$userB,
|
||||
VoterInterface::ACCESS_DENIED,
|
||||
true,
|
||||
];
|
||||
}
|
||||
|
||||
$savedExport = new SavedExport();
|
||||
$savedExport->setExportAlias('dummy_export');
|
||||
$savedExport->setUser($userA);
|
||||
$savedExport->addShare($userB);
|
||||
|
||||
yield [
|
||||
SavedExportVoter::GENERATE,
|
||||
$savedExport,
|
||||
$userB,
|
||||
VoterInterface::ACCESS_DENIED,
|
||||
false,
|
||||
];
|
||||
|
||||
yield [
|
||||
SavedExportVoter::GENERATE,
|
||||
$savedExport,
|
||||
$userB,
|
||||
VoterInterface::ACCESS_GRANTED,
|
||||
true,
|
||||
];
|
||||
|
||||
foreach ([SavedExportVoter::EDIT, SavedExportVoter::DELETE] as $attribute) {
|
||||
yield [
|
||||
$attribute,
|
||||
$savedExport,
|
||||
$userB,
|
||||
VoterInterface::ACCESS_DENIED,
|
||||
true,
|
||||
];
|
||||
}
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user