Add SHARE permission to SavedExportVoter with tests

Introduced the SHARE attribute and updated SavedExportVoter to handle it. Added new functionality to check if a SavedExport is shared with a specific user and included corresponding unit tests for both the voter and entity behaviors.
2025-06-28 13:06:13 +00:00 · 2025-04-14 10:59:47 +02:00 · 2025-04-14 10:59:47 +02:00 · 420dd4f868
commit 420dd4f868
parent 3d9b9ea672
3 changed files with 167 additions and 0 deletions
--- a/src/Bundle/ChillMainBundle/Security/Authorization/SavedExportVoter.php
+++ b/src/Bundle/ChillMainBundle/Security/Authorization/SavedExportVoter.php
@ -12,8 +12,11 @@ declare(strict_types=1);
 namespace Chill\MainBundle\Security\Authorization;

 use Chill\MainBundle\Entity\SavedExport;
+use Chill\MainBundle\Entity\User;
+use Chill\MainBundle\Export\ExportManager;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
+use Symfony\Component\Security\Core\Security;

 class SavedExportVoter extends Voter
 {
@ -23,12 +26,17 @@ class SavedExportVoter extends Voter

    final public const GENERATE = 'CHLL_MAIN_EXPORT_SAVED_GENERATE';

+    final public const SHARE = 'CHLL_MAIN_EXPORT_SAVED_SHARE';
+
    private const ALL = [
        self::DELETE,
        self::EDIT,
        self::GENERATE,
+        self::SHARE,
    ];

+    public function __construct(private ExportManager $exportManager, private Security $security) {}
+
    protected function supports($attribute, $subject): bool
    {
        return $subject instanceof SavedExport && \in_array($attribute, self::ALL, true);
@ -49,4 +57,10 @@ class SavedExportVoter extends Voter
            default => throw new \UnexpectedValueException('attribute not supported: '.$attribute),
        };
    }
+
+    private function canUserGenerate(User $user, SavedExport $savedExport): bool
+    {
+        return ($savedExport->getUser() === $user || $savedExport->isSharedWithUser($user))
+            && $this->security->isGranted(ChillExportVoter::EXPORT, $this->exportManager->getExport($savedExport->getExportAlias()));
+    }
 }
--- a/src/Bundle/ChillMainBundle/Tests/Entity/Workflow/SavedExportTest.php
+++ b/src/Bundle/ChillMainBundle/Tests/Entity/Workflow/SavedExportTest.php
@ -0,0 +1,39 @@
+<?php
+
+namespace Chill\MainBundle\Tests\Entity\Workflow;
+
+use Chill\MainBundle\Entity\SavedExport;
+use Chill\MainBundle\Entity\User;
+use Chill\MainBundle\Entity\UserGroup;
+
+use PHPUnit\Framework\TestCase;
+
+class SavedExportTest extends TestCase
+{
+    public function testIsSharedWithUser(): void
+    {
+        // Create test users
+        $user1 = new User();
+        $user2 = new User();
+        $user3 = new User();
+
+        // Create a test group and add user2 to the group
+        $group = new UserGroup();
+        $group->addUser($user2);
+
+        // Create a SavedExport entity
+        $savedExport = new SavedExport();
+
+        // Share the saved export with user1
+        $savedExport->addShare($user1);
+
+        // Share the saved export with the group
+        $savedExport->addShare($group);
+
+        // Assertions
+        $this->assertTrue($savedExport->isSharedWithUser($user1), 'User1 should have access to the saved export.');
+        $this->assertTrue($savedExport->isSharedWithUser($user2), 'User2 (via group) should have access to the saved export.');
+        $this->assertFalse($savedExport->isSharedWithUser($user3), 'User3 should not have access to the saved export.');
+
+    }
+}
--- a/src/Bundle/ChillMainBundle/Tests/Security/Authorization/SavedExportVoterTest.php
+++ b/src/Bundle/ChillMainBundle/Tests/Security/Authorization/SavedExportVoterTest.php
@ -0,0 +1,114 @@
+<?php
+
+namespace Chill\MainBundle\Tests\Security\Authorization;
+
+use Chill\MainBundle\Entity\SavedExport;
+use Chill\MainBundle\Entity\User;
+use Chill\MainBundle\Entity\UserGroup;
+use Chill\MainBundle\Export\ExportInterface;
+use Chill\MainBundle\Export\ExportManager;
+use Chill\MainBundle\Security\Authorization\SavedExportVoter;
+use PHPUnit\Framework\TestCase;
+use Prophecy\Argument;
+use Prophecy\PhpUnit\ProphecyTrait;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
+use Symfony\Component\Security\Core\Security;
+
+class SavedExportVoterTest extends TestCase
+{
+    use ProphecyTrait;
+
+    /**
+     * @dataProvider voteProvider
+     */
+    public function testVote(string $attribute, SavedExport $savedExport, User $user, $expectedResult, bool|null $isGranted = null): void
+    {
+        $security = $this->prophesize(Security::class);
+        if (null !== $isGranted) {
+            $security->isGranted(Argument::any(), Argument::any())->willReturn($isGranted);
+        }
+
+        $export = $this->prophesize(ExportInterface::class);
+        $exportManager = $this->prophesize(ExportManager::class);
+        $exportManager->getExport($savedExport->getExportAlias())->willReturn($export->reveal());
+
+        $voter = new SavedExportVoter($exportManager->reveal(), $security->reveal());
+        $token = new UsernamePasswordToken($user, 'default', ['ROLE_USER']);
+
+        self::assertEquals($expectedResult, $voter->vote($token, $savedExport, [$attribute]));
+    }
+
+    public static function voteProvider(): iterable
+    {
+        $alls = [SavedExportVoter::GENERATE, SavedExportVoter::GENERATE, SavedExportVoter::EDIT, SavedExportVoter::DELETE];
+        $userA = new User();
+        $userB = new User();
+        $userC = new User();
+        $group = new UserGroup();
+        $group->addUser($userC);
+
+        $savedExport = new SavedExport();
+        $savedExport->setExportAlias('dummy_export');
+        $savedExport->setUser($userA);
+
+        foreach ($alls as $attribute) {
+            yield [
+                $attribute,
+                $savedExport,
+                $userA,
+                VoterInterface::ACCESS_GRANTED,
+                true,
+            ];
+        }
+
+        yield [
+            SavedExportVoter::GENERATE,
+            $savedExport,
+            $userA,
+            VoterInterface::ACCESS_DENIED,
+            false,
+        ];
+
+        foreach ($alls as $attribute) {
+            yield [
+                $attribute,
+                $savedExport,
+                $userB,
+                VoterInterface::ACCESS_DENIED,
+                true,
+            ];
+        }
+
+        $savedExport = new SavedExport();
+        $savedExport->setExportAlias('dummy_export');
+        $savedExport->setUser($userA);
+        $savedExport->addShare($userB);
+
+        yield [
+            SavedExportVoter::GENERATE,
+            $savedExport,
+            $userB,
+            VoterInterface::ACCESS_DENIED,
+            false,
+        ];
+
+        yield [
+            SavedExportVoter::GENERATE,
+            $savedExport,
+            $userB,
+            VoterInterface::ACCESS_GRANTED,
+            true,
+        ];
+
+        foreach ([SavedExportVoter::EDIT, SavedExportVoter::DELETE] as $attribute) {
+            yield [
+                $attribute,
+                $savedExport,
+                $userB,
+                VoterInterface::ACCESS_DENIED,
+                true,
+            ];
+        }
+    }
+}