Add SHARE permission to SavedExportVoter with tests

Introduced the SHARE attribute and updated SavedExportVoter to handle it. Added new functionality to check if a SavedExport is shared with a specific user and included corresponding unit tests for both the voter and entity behaviors.
2025-06-07 18:44:08 +00:00 · 2025-04-14 10:59:47 +02:00 · 2025-04-14 10:59:47 +02:00 · 420dd4f868
commit 420dd4f868
parent 3d9b9ea672
3 changed files with 167 additions and 0 deletions
--- a/src/Bundle/ChillMainBundle/Security/Authorization/SavedExportVoter.php
+++ b/src/Bundle/ChillMainBundle/Security/Authorization/SavedExportVoter.php
@ -12,8 +12,11 @@ declare(strict_types=1);
 namespace Chill\MainBundle\Security\Authorization;
 use Chill\MainBundle\Entity\SavedExport;
 use Chill\MainBundle\Entity\User;
 use Chill\MainBundle\Export\ExportManager;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 use Symfony\Component\Security\Core\Security;
 class SavedExportVoter extends Voter
 {
@ -23,12 +26,17 @@ class SavedExportVoter extends Voter
    final public const GENERATE = 'CHLL_MAIN_EXPORT_SAVED_GENERATE';
    final public const SHARE = 'CHLL_MAIN_EXPORT_SAVED_SHARE';
    private const ALL = [
        self::DELETE,
        self::EDIT,
        self::GENERATE,
        self::SHARE,
    ];
    public function __construct(private ExportManager $exportManager, private Security $security) {}
    protected function supports($attribute, $subject): bool
    {
        return $subject instanceof SavedExport && \in_array($attribute, self::ALL, true);
@ -49,4 +57,10 @@ class SavedExportVoter extends Voter
            default => throw new \UnexpectedValueException('attribute not supported: '.$attribute),
        };
    }
    private function canUserGenerate(User $user, SavedExport $savedExport): bool
    {
        return ($savedExport->getUser() === $user || $savedExport->isSharedWithUser($user))
            && $this->security->isGranted(ChillExportVoter::EXPORT, $this->exportManager->getExport($savedExport->getExportAlias()));
    }
 }
--- a/src/Bundle/ChillMainBundle/Tests/Entity/Workflow/SavedExportTest.php
+++ b/src/Bundle/ChillMainBundle/Tests/Entity/Workflow/SavedExportTest.php
@ -0,0 +1,39 @@
 <?php
 namespace Chill\MainBundle\Tests\Entity\Workflow;
 use Chill\MainBundle\Entity\SavedExport;
 use Chill\MainBundle\Entity\User;
 use Chill\MainBundle\Entity\UserGroup;
 use PHPUnit\Framework\TestCase;
 class SavedExportTest extends TestCase
 {
    public function testIsSharedWithUser(): void
    {
        // Create test users
        $user1 = new User();
        $user2 = new User();
        $user3 = new User();
        // Create a test group and add user2 to the group
        $group = new UserGroup();
        $group->addUser($user2);
        // Create a SavedExport entity
        $savedExport = new SavedExport();
        // Share the saved export with user1
        $savedExport->addShare($user1);
        // Share the saved export with the group
        $savedExport->addShare($group);
        // Assertions
        $this->assertTrue($savedExport->isSharedWithUser($user1), 'User1 should have access to the saved export.');
        $this->assertTrue($savedExport->isSharedWithUser($user2), 'User2 (via group) should have access to the saved export.');
        $this->assertFalse($savedExport->isSharedWithUser($user3), 'User3 should not have access to the saved export.');
    }
 }
--- a/src/Bundle/ChillMainBundle/Tests/Security/Authorization/SavedExportVoterTest.php
+++ b/src/Bundle/ChillMainBundle/Tests/Security/Authorization/SavedExportVoterTest.php
@ -0,0 +1,114 @@
 <?php
 namespace Chill\MainBundle\Tests\Security\Authorization;
 use Chill\MainBundle\Entity\SavedExport;
 use Chill\MainBundle\Entity\User;
 use Chill\MainBundle\Entity\UserGroup;
 use Chill\MainBundle\Export\ExportInterface;
 use Chill\MainBundle\Export\ExportManager;
 use Chill\MainBundle\Security\Authorization\SavedExportVoter;
 use PHPUnit\Framework\TestCase;
 use Prophecy\Argument;
 use Prophecy\PhpUnit\ProphecyTrait;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
 use Symfony\Component\Security\Core\Security;
 class SavedExportVoterTest extends TestCase
 {
    use ProphecyTrait;
    /**
     * @dataProvider voteProvider
     */
    public function testVote(string $attribute, SavedExport $savedExport, User $user, $expectedResult, bool|null $isGranted = null): void
    {
        $security = $this->prophesize(Security::class);
        if (null !== $isGranted) {
            $security->isGranted(Argument::any(), Argument::any())->willReturn($isGranted);
        }
        $export = $this->prophesize(ExportInterface::class);
        $exportManager = $this->prophesize(ExportManager::class);
        $exportManager->getExport($savedExport->getExportAlias())->willReturn($export->reveal());
        $voter = new SavedExportVoter($exportManager->reveal(), $security->reveal());
        $token = new UsernamePasswordToken($user, 'default', ['ROLE_USER']);
        self::assertEquals($expectedResult, $voter->vote($token, $savedExport, [$attribute]));
    }
    public static function voteProvider(): iterable
    {
        $alls = [SavedExportVoter::GENERATE, SavedExportVoter::GENERATE, SavedExportVoter::EDIT, SavedExportVoter::DELETE];
        $userA = new User();
        $userB = new User();
        $userC = new User();
        $group = new UserGroup();
        $group->addUser($userC);
        $savedExport = new SavedExport();
        $savedExport->setExportAlias('dummy_export');
        $savedExport->setUser($userA);
        foreach ($alls as $attribute) {
            yield [
                $attribute,
                $savedExport,
                $userA,
                VoterInterface::ACCESS_GRANTED,
                true,
            ];
        }
        yield [
            SavedExportVoter::GENERATE,
            $savedExport,
            $userA,
            VoterInterface::ACCESS_DENIED,
            false,
        ];
        foreach ($alls as $attribute) {
            yield [
                $attribute,
                $savedExport,
                $userB,
                VoterInterface::ACCESS_DENIED,
                true,
            ];
        }
        $savedExport = new SavedExport();
        $savedExport->setExportAlias('dummy_export');
        $savedExport->setUser($userA);
        $savedExport->addShare($userB);
        yield [
            SavedExportVoter::GENERATE,
            $savedExport,
            $userB,
            VoterInterface::ACCESS_DENIED,
            false,
        ];
        yield [
            SavedExportVoter::GENERATE,
            $savedExport,
            $userB,
            VoterInterface::ACCESS_GRANTED,
            true,
        ];
        foreach ([SavedExportVoter::EDIT, SavedExportVoter::DELETE] as $attribute) {
            yield [
                $attribute,
                $savedExport,
                $userB,
                VoterInterface::ACCESS_DENIED,
                true,
            ];
        }
    }
 }