refactor(arch): enforce gateway compliance and remove service-wrapping gateways
This commit is contained in:
@@ -3,9 +3,8 @@
|
||||
namespace MintyPHP\Tests\Service\Access;
|
||||
|
||||
use MintyPHP\Service\Access\DepartmentAuthorizationPolicy;
|
||||
use MintyPHP\Service\Access\PermissionGateway;
|
||||
use MintyPHP\Service\Access\PermissionService;
|
||||
use MintyPHP\Service\Directory\DirectoryScopeGateway;
|
||||
use MintyPHP\Service\Tenant\TenantScopeService;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
|
||||
class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
@@ -14,17 +13,17 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testViewRequiresDepartmentsViewPermission(): void
|
||||
{
|
||||
$permissionGateway = $this->createMock(PermissionGateway::class);
|
||||
$permissionGateway->expects($this->once())
|
||||
$permissionService = $this->createMock(PermissionService::class);
|
||||
$permissionService->expects($this->once())
|
||||
->method('userHas')
|
||||
->with(5, PermissionService::DEPARTMENTS_VIEW)
|
||||
->willReturn(false);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->never())->method('getUserTenantIds');
|
||||
$scopeGateway->expects($this->never())->method('isStrict');
|
||||
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_VIEW, [
|
||||
'actor_user_id' => 5,
|
||||
]);
|
||||
@@ -34,11 +33,11 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testViewReturnsCreateCapabilityAndTenantScopeData(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
5 => [PermissionService::DEPARTMENTS_VIEW, PermissionService::DEPARTMENTS_CREATE],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('getUserTenantIds')
|
||||
->with(5)
|
||||
@@ -47,7 +46,7 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
->method('isStrict')
|
||||
->willReturn(true);
|
||||
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_VIEW, [
|
||||
'actor_user_id' => 5,
|
||||
]);
|
||||
@@ -61,17 +60,17 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testCreateRequiresDepartmentsCreatePermission(): void
|
||||
{
|
||||
$permissionGateway = $this->createMock(PermissionGateway::class);
|
||||
$permissionGateway->expects($this->once())
|
||||
$permissionService = $this->createMock(PermissionService::class);
|
||||
$permissionService->expects($this->once())
|
||||
->method('userHas')
|
||||
->with(7, PermissionService::DEPARTMENTS_CREATE)
|
||||
->willReturn(false);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->never())->method('getUserTenantIds');
|
||||
$scopeGateway->expects($this->never())->method('isStrict');
|
||||
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_CREATE, [
|
||||
'actor_user_id' => 7,
|
||||
]);
|
||||
@@ -81,11 +80,11 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testCreateDeniedInStrictScopeWithoutTenantAssignments(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
7 => [PermissionService::DEPARTMENTS_CREATE],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('getUserTenantIds')
|
||||
->with(7)
|
||||
@@ -94,7 +93,7 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
->method('isStrict')
|
||||
->willReturn(true);
|
||||
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_CREATE, [
|
||||
'actor_user_id' => 7,
|
||||
]);
|
||||
@@ -104,11 +103,11 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testCreateReturnsScopeCapabilitiesWhenAllowed(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
7 => [PermissionService::DEPARTMENTS_CREATE],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('getUserTenantIds')
|
||||
->with(7)
|
||||
@@ -117,7 +116,7 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
->method('isStrict')
|
||||
->willReturn(true);
|
||||
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_CREATE, [
|
||||
'actor_user_id' => 7,
|
||||
]);
|
||||
@@ -130,11 +129,11 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testEditContextRequiresDepartmentsViewPermission(): void
|
||||
{
|
||||
$permissionGateway = $this->createMock(PermissionGateway::class);
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$permissionService = $this->createMock(PermissionService::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->never())->method('canAccess');
|
||||
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_EDIT_CONTEXT, [
|
||||
'actor_user_id' => 5,
|
||||
'target_department_id' => 17,
|
||||
@@ -145,17 +144,17 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testEditContextDeniesOutOfScopeDepartment(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
5 => [PermissionService::DEPARTMENTS_VIEW],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('canAccess')
|
||||
->with('departments', 17, 5)
|
||||
->willReturn(false);
|
||||
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_EDIT_CONTEXT, [
|
||||
'actor_user_id' => 5,
|
||||
'target_department_id' => 17,
|
||||
@@ -166,11 +165,11 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testEditContextExposesDeleteCapabilityWhenDeletePermissionIsGranted(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
5 => [PermissionService::DEPARTMENTS_VIEW, PermissionService::DEPARTMENTS_DELETE],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('canAccess')
|
||||
->with('departments', 17, 5)
|
||||
@@ -180,7 +179,7 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
->with(5)
|
||||
->willReturn([2]);
|
||||
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_EDIT_CONTEXT, [
|
||||
'actor_user_id' => 5,
|
||||
'target_department_id' => 17,
|
||||
@@ -193,11 +192,11 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testEditContextExposesDeleteCapabilityAsFalseWithoutDeletePermission(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
5 => [PermissionService::DEPARTMENTS_VIEW],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('canAccess')
|
||||
->with('departments', 17, 5)
|
||||
@@ -207,7 +206,7 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
->with(5)
|
||||
->willReturn([2]);
|
||||
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_EDIT_CONTEXT, [
|
||||
'actor_user_id' => 5,
|
||||
'target_department_id' => 17,
|
||||
@@ -220,11 +219,11 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testEditSubmitRequiresDepartmentsUpdatePermission(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
5 => [PermissionService::DEPARTMENTS_VIEW],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('canAccess')
|
||||
->with('departments', 17, 5)
|
||||
@@ -234,7 +233,7 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
->with(5)
|
||||
->willReturn([2]);
|
||||
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_EDIT_SUBMIT, [
|
||||
'actor_user_id' => 5,
|
||||
'target_department_id' => 17,
|
||||
@@ -245,17 +244,17 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testDeleteRequiresPermissionAndScope(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
9 => [PermissionService::DEPARTMENTS_DELETE],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('canAccess')
|
||||
->with('departments', 44, 9)
|
||||
->willReturn(true);
|
||||
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_DELETE, [
|
||||
'actor_user_id' => 9,
|
||||
'target_department_id' => 44,
|
||||
@@ -266,17 +265,17 @@ class DepartmentAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testDeleteDeniesOutOfScopeDepartment(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
9 => [PermissionService::DEPARTMENTS_DELETE],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('canAccess')
|
||||
->with('departments', 44, 9)
|
||||
->willReturn(false);
|
||||
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new DepartmentAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_DELETE, [
|
||||
'actor_user_id' => 9,
|
||||
'target_department_id' => 44,
|
||||
|
||||
Reference in New Issue
Block a user