mirror of
https://gitlab.com/Chill-Projet/chill-bundles.git
synced 2025-08-21 23:23:51 +00:00
Implements right "see confidential course" on method findByPerson
Add unit tests for that
This commit is contained in:
@@ -0,0 +1,206 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/*
|
||||
* Chill is a software for social workers
|
||||
*
|
||||
* For the full copyright and license information, please view
|
||||
* the LICENSE file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Repository;
|
||||
|
||||
use Chill\MainBundle\Entity\Scope;
|
||||
use Chill\MainBundle\Entity\User;
|
||||
use Chill\MainBundle\Repository\ScopeRepositoryInterface;
|
||||
use Chill\MainBundle\Security\Authorization\AuthorizationHelperForCurrentUserInterface;
|
||||
use Chill\MainBundle\Security\Resolver\CenterResolverManagerInterface;
|
||||
use Chill\PersonBundle\Entity\AccompanyingPeriod;
|
||||
use Chill\PersonBundle\Entity\Person;
|
||||
use Chill\PersonBundle\Repository\AccompanyingPeriodACLAwareRepository;
|
||||
use Chill\PersonBundle\Repository\AccompanyingPeriodRepository;
|
||||
use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter;
|
||||
use Doctrine\ORM\EntityManagerInterface;
|
||||
use Prophecy\Argument;
|
||||
use Prophecy\PhpUnit\ProphecyTrait;
|
||||
use Symfony\Bundle\FrameworkBundle\Test\KernelTestCase;
|
||||
use Symfony\Component\Security\Core\Security;
|
||||
use Symfony\Component\Workflow\Registry;
|
||||
|
||||
/**
|
||||
* @internal
|
||||
* @coversNothing
|
||||
*/
|
||||
class AccompanyingPeriodACLAwareRepositoryTest extends KernelTestCase
|
||||
{
|
||||
use ProphecyTrait;
|
||||
private AccompanyingPeriodRepository $accompanyingPeriodRepository;
|
||||
|
||||
private CenterResolverManagerInterface $centerResolverManager;
|
||||
|
||||
private EntityManagerInterface $entityManager;
|
||||
|
||||
private ScopeRepositoryInterface $scopeRepository;
|
||||
|
||||
private Registry $registry;
|
||||
|
||||
private static array $periodsIdsToDelete = [];
|
||||
|
||||
protected function setUp(): void
|
||||
{
|
||||
self::bootKernel();
|
||||
$this->accompanyingPeriodRepository = self::$container->get(AccompanyingPeriodRepository::class);
|
||||
$this->centerResolverManager = self::$container->get(CenterResolverManagerInterface::class);
|
||||
$this->entityManager = self::$container->get(EntityManagerInterface::class);
|
||||
$this->scopeRepository = self::$container->get(ScopeRepositoryInterface::class);
|
||||
$this->registry = self::$container->get(Registry::class);
|
||||
|
||||
}
|
||||
|
||||
public static function tearDownAfterClass(): void
|
||||
{
|
||||
self::bootKernel();
|
||||
$em = self::$container->get(EntityManagerInterface::class);
|
||||
$repository = self::$container->get(AccompanyingPeriodRepository::class);
|
||||
|
||||
foreach (self::$periodsIdsToDelete as $id) {
|
||||
if (null === $period = $repository->find($id)) {
|
||||
throw new \RuntimeException("period not found while trying to delete it");
|
||||
}
|
||||
|
||||
foreach ($period->getParticipations() as $participation) {
|
||||
$em->remove($participation);
|
||||
}
|
||||
$em->remove($period);
|
||||
}
|
||||
|
||||
$em->flush();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* For testing this method, we mock the authorization helper to return different Scope that a user
|
||||
* can see, or that a user can see confidential periods.
|
||||
*
|
||||
* @param array<Scope> $scopeUserCanSee
|
||||
* @param array<Scope> $scopeUserCanSeeConfidential
|
||||
* @param array<AccompanyingPeriod> $expectedPeriod
|
||||
* @dataProvider provideDataForFindByPerson
|
||||
*/
|
||||
public function testFindByPersonTestUser(User $user, Person $person, array $scopeUserCanSee, array $scopeUserCanSeeConfidential, array $expectedPeriod, string $message): void
|
||||
{
|
||||
$security = $this->prophesize(Security::class);
|
||||
$security->getUser()->willReturn($user);
|
||||
|
||||
$authorizationHelper = $this->prophesize(AuthorizationHelperForCurrentUserInterface::class);
|
||||
$authorizationHelper->getReachableScopes(AccompanyingPeriodVoter::SEE, Argument::any())
|
||||
->willReturn($scopeUserCanSee);
|
||||
$authorizationHelper->getReachableScopes(AccompanyingPeriodVoter::SEE_CONFIDENTIAL_ALL, Argument::any())
|
||||
->willReturn($scopeUserCanSeeConfidential);
|
||||
|
||||
$repository = new AccompanyingPeriodACLAwareRepository(
|
||||
$this->accompanyingPeriodRepository,
|
||||
$security->reveal(),
|
||||
$authorizationHelper->reveal(),
|
||||
$this->centerResolverManager
|
||||
);
|
||||
|
||||
$actuals = $repository->findByPerson($person, AccompanyingPeriodVoter::SEE);
|
||||
$expectedIds = array_map(fn (AccompanyingPeriod $period) => $period->getId(), $expectedPeriod);
|
||||
|
||||
self::assertCount(count($expectedPeriod), $actuals, $message);
|
||||
foreach ($actuals as $actual) {
|
||||
self::assertContains($actual->getId(), $expectedIds);
|
||||
}
|
||||
}
|
||||
|
||||
public function provideDataForFindByPerson(): iterable
|
||||
{
|
||||
$this->setUp();
|
||||
|
||||
if (null === $user = $this->entityManager->createQuery("SELECT u FROM " . User::class . " u")->setMaxResults(1)->getSingleResult()) {
|
||||
throw new \RuntimeException("no user found");
|
||||
}
|
||||
|
||||
if (null === $anotherUser = $this->entityManager->createQuery("SELECT u FROM " . User::class . " u WHERE u.id != :uid")->setParameter('uid', $user->getId())
|
||||
->setMaxResults(1)->getSingleResult()) {
|
||||
throw new \RuntimeException("no user found");
|
||||
}
|
||||
|
||||
[$person, $anotherPerson, $person2, $person3] = $this->entityManager
|
||||
->createQuery("SELECT p FROM " . Person::class . " p WHERE SIZE(p.accompanyingPeriodParticipations) = 0")
|
||||
->setMaxResults(4)
|
||||
->getResult();
|
||||
|
||||
if (null === $person || null === $anotherPerson || null === $person2 || null === $person3) {
|
||||
throw new \RuntimeException("no person found");
|
||||
}
|
||||
|
||||
$scopes = $this->scopeRepository->findAll();
|
||||
|
||||
if (3 > count($scopes)) {
|
||||
throw new \RuntimeException("not enough scopes for this test");
|
||||
}
|
||||
$scopesCanSee = [ $scopes[0] ];
|
||||
$scopesGroup2 = [ $scopes[1] ];
|
||||
|
||||
// case: a period is in draft state
|
||||
$period = $this->buildPeriod($person, $scopesCanSee, $user, false);
|
||||
|
||||
yield [$user, $person, $scopesCanSee, [], [$period], "a user can see his period during draft state"];
|
||||
|
||||
// another user is not allowed to see this period, because it is in DRAFT state
|
||||
yield [$anotherUser, $person, $scopesCanSee, [], [], "another user is not allowed to see the period of someone else in draft state"];
|
||||
|
||||
// the period is confirmed
|
||||
$period = $this->buildPeriod($anotherPerson, $scopesCanSee, $user, true);
|
||||
|
||||
// the other user can now see it
|
||||
yield [$user, $anotherPerson, $scopesCanSee, [], [$period], "a user see his period when confirmed"];
|
||||
yield [$anotherUser, $anotherPerson, $scopesCanSee, [], [$period], "another user with required scopes is allowed to see the period when not draft"];
|
||||
yield [$anotherUser, $anotherPerson, $scopesGroup2, [], [], "another user without the required scopes is not allowed to see the period when not draft"];
|
||||
|
||||
// this period will be confidential
|
||||
$period = $this->buildPeriod($person2, $scopesCanSee, $user, true);
|
||||
$period->setConfidential(true)->setUser($user, true);
|
||||
|
||||
yield [$user, $person2, $scopesCanSee, [], [$period], "a user see his period when confirmed and confidential with required scopes"];
|
||||
yield [$user, $person2, $scopesGroup2, [], [$period], "a user see his period when confirmed and confidential without required scopes"];
|
||||
yield [$anotherUser, $person2, $scopesCanSee, [], [], "a user don't see a confidential period, even if he has required scopes"];
|
||||
yield [$anotherUser, $person2, $scopesCanSee, $scopesCanSee, [$period], "a user see the period when confirmed and confidential if he has required scope to see the period"];
|
||||
|
||||
// period draft with creator = null
|
||||
$period = $this->buildPeriod($person3, $scopesCanSee, null, false);
|
||||
yield [$user, $person3, $scopesCanSee, [], [$period], "a user see a period when draft if no creator on the period"];
|
||||
$this->entityManager->flush();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param Person $person
|
||||
* @param array<Scope> $scopes
|
||||
* @return AccompanyingPeriod
|
||||
*/
|
||||
private function buildPeriod(Person $person, array $scopes, User|null $creator, bool $confirm): AccompanyingPeriod
|
||||
{
|
||||
$period = new AccompanyingPeriod();
|
||||
$period->addPerson($person);
|
||||
if (null !== $creator) {
|
||||
$period->setCreatedBy($creator);
|
||||
}
|
||||
|
||||
foreach ($scopes as $scope) {
|
||||
$period->addScope($scope);
|
||||
}
|
||||
|
||||
$this->entityManager->persist($period);
|
||||
self::$periodsIdsToDelete[] = $period->getId();
|
||||
|
||||
if ($confirm) {
|
||||
$workflow = $this->registry->get($period, 'accompanying_period_lifecycle');
|
||||
$workflow->apply($period, 'confirm');
|
||||
}
|
||||
|
||||
return $period;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user