Dav: Introduce access control inside de dav controller

2025-09-04 05:44:58 +00:00 · 2023-09-15 22:21:56 +02:00
parent 3fe870ba71
commit a57e6c0cc9
9 changed files with 419 additions and 22 deletions
--- a/src/Bundle/ChillDocStoreBundle/Tests/Controller/WebdavControllerTest.php
+++ b/src/Bundle/ChillDocStoreBundle/Tests/Controller/WebdavControllerTest.php
@@ -45,6 +45,8 @@ class WebdavControllerTest extends KernelTestCase
    {
        $storedObjectManager = new MockedStoredObjectManager();
        $security = $this->prophesize(Security::class);
+        $security->isGranted(Argument::in(['EDIT', 'SEE']), Argument::type(StoredObject::class))
+            ->willReturn(true);

        return new WebdavController($this->engine, $storedObjectManager, $security->reveal());
    }
@@ -83,7 +85,7 @@ class WebdavControllerTest extends KernelTestCase
        self::assertEquals(200, $response->getStatusCode());
        self::assertContains('allow', $response->headers->keys());

-        foreach (explode(',', 'OPTIONS,GET,HEAD,POST,DELETE,TRACE,PROPFIND,PROPPATCH,COPY,MOVE,PUT') as $method) {
+        foreach (explode(',', 'OPTIONS,GET,HEAD,PROPFIND') as $method) {
            self::assertStringContainsString($method, $response->headers->get('allow'));
        }

@@ -100,7 +102,7 @@ class WebdavControllerTest extends KernelTestCase
        self::assertEquals(200, $response->getStatusCode());
        self::assertContains('allow', $response->headers->keys());

-        foreach (explode(',', 'OPTIONS,GET,HEAD,POST,DELETE,TRACE,PROPFIND,PROPPATCH,COPY,MOVE,PUT') as $method) {
+        foreach (explode(',', 'OPTIONS,GET,HEAD,PROPFIND') as $method) {
            self::assertStringContainsString($method, $response->headers->get('allow'));
        }