guard permission fix
This commit is contained in:
@@ -164,6 +164,60 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
$this->assertDeniedDecision($decision, 403, 'permission_denied');
|
||||
}
|
||||
|
||||
public function testEditContextExposesDeleteCapabilityWhenDeletePermissionIsGranted(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
5 => [PermissionService::DEPARTMENTS_VIEW, PermissionService::DEPARTMENTS_DELETE],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('canAccess')
|
||||
->with('departments', 17, 5)
|
||||
->willReturn(true);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('getUserTenantIds')
|
||||
->with(5)
|
||||
->willReturn([2]);
|
||||
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$decision = $policy->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_EDIT_CONTEXT, [
|
||||
'actor_user_id' => 5,
|
||||
'target_department_id' => 17,
|
||||
]);
|
||||
|
||||
$capabilities = $decision->attribute('capabilities', []);
|
||||
$this->assertTrue($decision->isAllowed());
|
||||
$this->assertTrue((bool) ($capabilities['can_delete_department'] ?? false));
|
||||
}
|
||||
|
||||
public function testEditContextExposesDeleteCapabilityAsFalseWithoutDeletePermission(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
5 => [PermissionService::DEPARTMENTS_VIEW],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('canAccess')
|
||||
->with('departments', 17, 5)
|
||||
->willReturn(true);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('getUserTenantIds')
|
||||
->with(5)
|
||||
->willReturn([2]);
|
||||
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$decision = $policy->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_EDIT_CONTEXT, [
|
||||
'actor_user_id' => 5,
|
||||
'target_department_id' => 17,
|
||||
]);
|
||||
|
||||
$capabilities = $decision->attribute('capabilities', []);
|
||||
$this->assertTrue($decision->isAllowed());
|
||||
$this->assertFalse((bool) ($capabilities['can_delete_department'] ?? true));
|
||||
}
|
||||
|
||||
public function testEditSubmitRequiresDepartmentsUpdatePermission(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
|
||||
Reference in New Issue
Block a user