Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-08-21 23:23:51 +00:00
Code Issues Actions Projects Releases Wiki Activity

Add new role to see confidential right on method AccompanyingPeriodACLAwareRepositoryInterface::findByUserAndPostalCodeOpenedAccompanyingPeriod

Browse Source
This commit is contained in:
Julien Fastré
2023-07-05 21:56:50 +02:00
parent a990591e0c
commit 779eb812b0
4 changed files with 200 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

174
src/Bundle/ChillPersonBundle/Tests/Repository/AccompanyingPeriodACLAwareRepositoryTest.php
View File

@@ -80,7 +80,178 @@ class AccompanyingPeriodACLAwareRepositoryTest extends KernelTestCase
$em->remove($period);
}
$em->flush();
//$em->flush();
}
/**
* @dataProvider provideDataFindByUserAndPostalCodesOpenedAccompanyingPeriod
* @param list<array{center: Center, scopeOnRole: list<Scope>, scopeCanSeeConfidential: list<Scope>}> $centerScopes
* @param list<AccompanyingPeriod> $expectedContains
* @param list<AccompanyingPeriod> $expectedNotContains
*/
public function testFindByUserAndPostalCodesOpenedAccompanyingPeriod(User $user, User $searched, array $centerScopes, array $expectedContains, array $expectedNotContains, string $message): void
{
$security = $this->prophesize(Security::class);
$security->getUser()->willReturn($user);
$authorizationHelper = $this->prophesize(AuthorizationHelperForCurrentUserInterface::class);
$centers = [];
foreach ($centerScopes as ['center' => $center, 'scopeOnRole' => $scopes, 'scopeCanSeeConfidential' => $scopesCanSeeConfidential]) {
$centers[spl_object_hash($center)] = $center;
$authorizationHelper->getReachableScopes(AccompanyingPeriodVoter::SEE, $center)
->willReturn($scopes);
$authorizationHelper->getReachableScopes(AccompanyingPeriodVoter::SEE_CONFIDENTIAL_ALL, $center)
->willReturn($scopesCanSeeConfidential);
}
$authorizationHelper->getReachableCenters(AccompanyingPeriodVoter::SEE)->willReturn(array_values($centers));
$repository = new AccompanyingPeriodACLAwareRepository(
$this->accompanyingPeriodRepository,
$security->reveal(),
$authorizationHelper->reveal(),
$this->centerResolverManager
);
$actual = array_map(
fn (AccompanyingPeriod $period) => $period->getId(),
$repository->findByUserAndPostalCodesOpenedAccompanyingPeriod($searched, [], ['id' => 'DESC'], 20, 0)
);
foreach ($expectedContains as $expected) {
self::assertContains($expected->getId(), $actual, $message);
}
foreach ($expectedNotContains as $expected) {
self::assertNotContains($expected->getId(), $actual, $message);
}
}
public function provideDataFindByUserAndPostalCodesOpenedAccompanyingPeriod(): iterable
{
$this->setUp();
if (null === $user = $this->entityManager->createQuery("SELECT u FROM " . User::class . " u")->setMaxResults(1)->getSingleResult()) {
throw new \RuntimeException("no user found");
}
if (null === $anotherUser = $this->entityManager->createQuery("SELECT u FROM " . User::class . " u WHERE u.id != :uid")->setParameter('uid', $user->getId())
->setMaxResults(1)->getSingleResult()) {
throw new \RuntimeException("no user found");
}
/** @var Person $person */
[$person, $anotherPerson, $person2, $person3] = $this->entityManager
->createQuery("SELECT p FROM " . Person::class . " p JOIN p.centerCurrent current_center")
->setMaxResults(4)
->getResult();
if (null === $person || null === $anotherPerson || null === $person2 || null === $person3) {
throw new \RuntimeException("no person found");
}
$scopes = $this->scopeRepository->findAll();
if (3 > count($scopes)) {
throw new \RuntimeException("not enough scopes for this test");
}
$scopesCanSee = [ $scopes[0] ];
$scopesGroup2 = [ $scopes[1] ];
$centers = $this->centerRepository->findActive();
$aCenterNotAssociatedToPerson = array_values(array_filter($centers, fn (Center $c) => $c !== $person->getCenter()))[0];
if (2 > count($centers)) {
throw new \RuntimeException("not enough centers for this test");
}
$period = $this->buildPeriod($person, $scopesCanSee, $user, true);
$period->setUser($user);
yield [
$anotherUser,
$user,
[
[
'center' => $person->getCenter(),
'scopeOnRole' => $scopesCanSee,
'scopeCanSeeConfidential' => [],
],
],
[$period],
[],
"period should be visible with expected scopes",
];
yield [
$anotherUser,
$user,
[
[
'center' => $person->getCenter(),
'scopeOnRole' => $scopesGroup2,
'scopeCanSeeConfidential' => [],
],
],
[],
[$period],
"period should not be visible without expected scopes",
];
yield [
$anotherUser,
$user,
[
[
'center' => $person->getCenter(),
'scopeOnRole' => $scopesGroup2,
'scopeCanSeeConfidential' => [],
],
[
'center' => $aCenterNotAssociatedToPerson,
'scopeOnRole' => $scopesCanSee,
'scopeCanSeeConfidential' => [],
],
],
[],
[$period],
"period should not be visible for user having right in another scope (with multiple centers)"
];
$period = $this->buildPeriod($person, $scopesCanSee, $user, true);
$period->setUser($user);
$period->setConfidential(true);
yield [
$anotherUser,
$user,
[
[
'center' => $person->getCenter(),
'scopeOnRole' => $scopesCanSee,
'scopeCanSeeConfidential' => [],
],
],
[],
[$period],
"period confidential should not be visible",
];
yield [
$anotherUser,
$user,
[
[
'center' => $person->getCenter(),
'scopeOnRole' => $scopesCanSee,
'scopeCanSeeConfidential' => $scopesCanSee,
],
],
[$period],
[],
"period confidential be visible if user has required scopes",
];
$this->entityManager->flush();
}
/**
@@ -165,6 +336,7 @@ class AccompanyingPeriodACLAwareRepositoryTest extends KernelTestCase
$period = $this->buildPeriod($person, $scopesCanSee, $user, true);
// expected scope: can see the period
yield [
$anotherUser,