refactor(arch): enforce gateway compliance and remove service-wrapping gateways
This commit is contained in:
@@ -2,10 +2,9 @@
|
||||
|
||||
namespace MintyPHP\Tests\Service\Access;
|
||||
|
||||
use MintyPHP\Service\Access\PermissionGateway;
|
||||
use MintyPHP\Service\Access\PermissionService;
|
||||
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
|
||||
use MintyPHP\Service\Directory\DirectoryScopeGateway;
|
||||
use MintyPHP\Service\Tenant\TenantScopeService;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
|
||||
class TenantAuthorizationPolicyTest extends TestCase
|
||||
@@ -14,18 +13,18 @@ class TenantAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testViewRequiresTenantsViewPermission(): void
|
||||
{
|
||||
$permissionGateway = $this->createMock(PermissionGateway::class);
|
||||
$permissionGateway->expects($this->once())
|
||||
$permissionService = $this->createMock(PermissionService::class);
|
||||
$permissionService->expects($this->once())
|
||||
->method('userHas')
|
||||
->with(11, PermissionService::TENANTS_VIEW)
|
||||
->willReturn(false);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->never())->method('getUserTenantIds');
|
||||
$scopeGateway->expects($this->never())->method('isStrict');
|
||||
$scopeGateway->expects($this->never())->method('hasGlobalAccess');
|
||||
|
||||
$policy = new TenantAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new TenantAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_VIEW, [
|
||||
'actor_user_id' => 11,
|
||||
]);
|
||||
@@ -35,11 +34,11 @@ class TenantAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testViewReturnsCapabilitiesAndScopeData(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
11 => [PermissionService::TENANTS_VIEW, PermissionService::TENANTS_CREATE],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('getUserTenantIds')
|
||||
->with(11)
|
||||
@@ -52,7 +51,7 @@ class TenantAuthorizationPolicyTest extends TestCase
|
||||
->with(11)
|
||||
->willReturn(false);
|
||||
|
||||
$policy = new TenantAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new TenantAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_VIEW, [
|
||||
'actor_user_id' => 11,
|
||||
]);
|
||||
@@ -67,14 +66,14 @@ class TenantAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testCreateRequiresTenantsCreatePermission(): void
|
||||
{
|
||||
$permissionGateway = $this->createMock(PermissionGateway::class);
|
||||
$permissionGateway->expects($this->once())
|
||||
$permissionService = $this->createMock(PermissionService::class);
|
||||
$permissionService->expects($this->once())
|
||||
->method('userHas')
|
||||
->with(11, PermissionService::TENANTS_CREATE)
|
||||
->willReturn(false);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$policy = new TenantAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$policy = new TenantAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CREATE, [
|
||||
'actor_user_id' => 11,
|
||||
]);
|
||||
@@ -84,12 +83,12 @@ class TenantAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testCreateReturnsSsoAndCustomFieldCapabilities(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
11 => [PermissionService::TENANTS_CREATE, PermissionService::TENANTS_SSO_MANAGE],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$policy = new TenantAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$policy = new TenantAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CREATE, [
|
||||
'actor_user_id' => 11,
|
||||
]);
|
||||
@@ -102,17 +101,17 @@ class TenantAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testEditContextAllowsInScopeViewer(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
11 => [PermissionService::TENANTS_VIEW],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('canAccess')
|
||||
->with('tenants', 22, 11)
|
||||
->willReturn(true);
|
||||
|
||||
$policy = new TenantAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new TenantAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_EDIT_CONTEXT, [
|
||||
'actor_user_id' => 11,
|
||||
'target_tenant_id' => 22,
|
||||
@@ -126,14 +125,14 @@ class TenantAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testEditContextDeniesOutOfScopeTenant(): void
|
||||
{
|
||||
$permissionGateway = $this->createMock(PermissionGateway::class);
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$permissionService = $this->createMock(PermissionService::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('canAccess')
|
||||
->with('tenants', 22, 11)
|
||||
->willReturn(false);
|
||||
|
||||
$policy = new TenantAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new TenantAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_EDIT_CONTEXT, [
|
||||
'actor_user_id' => 11,
|
||||
'target_tenant_id' => 22,
|
||||
@@ -144,17 +143,17 @@ class TenantAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testEditSubmitRequiresTenantsUpdatePermission(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
11 => [PermissionService::TENANTS_VIEW],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('canAccess')
|
||||
->with('tenants', 22, 11)
|
||||
->willReturn(true);
|
||||
|
||||
$policy = new TenantAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new TenantAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_EDIT_SUBMIT, [
|
||||
'actor_user_id' => 11,
|
||||
'target_tenant_id' => 22,
|
||||
@@ -166,17 +165,17 @@ class TenantAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testEditSubmitDeniesSsoFieldsWithoutSsoPermission(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
11 => [PermissionService::TENANTS_VIEW, PermissionService::TENANTS_UPDATE],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('canAccess')
|
||||
->with('tenants', 22, 11)
|
||||
->willReturn(true);
|
||||
|
||||
$policy = new TenantAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new TenantAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_EDIT_SUBMIT, [
|
||||
'actor_user_id' => 11,
|
||||
'target_tenant_id' => 22,
|
||||
@@ -188,17 +187,17 @@ class TenantAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testEditSubmitDeniesAutoRememberModeWithoutSsoPermission(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
11 => [PermissionService::TENANTS_VIEW, PermissionService::TENANTS_UPDATE],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('canAccess')
|
||||
->with('tenants', 22, 11)
|
||||
->willReturn(true);
|
||||
|
||||
$policy = new TenantAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new TenantAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_EDIT_SUBMIT, [
|
||||
'actor_user_id' => 11,
|
||||
'target_tenant_id' => 22,
|
||||
@@ -210,17 +209,17 @@ class TenantAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testCustomFieldsManageRequiresPermissionAndScope(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
9 => [PermissionService::CUSTOM_FIELDS_MANAGE],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('canAccess')
|
||||
->with('tenants', 5, 9)
|
||||
->willReturn(true);
|
||||
|
||||
$policy = new TenantAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new TenantAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CUSTOM_FIELDS_MANAGE, [
|
||||
'actor_user_id' => 9,
|
||||
'target_tenant_id' => 5,
|
||||
@@ -231,17 +230,17 @@ class TenantAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testCustomFieldsManageDeniedWhenOutOfScope(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
9 => [PermissionService::CUSTOM_FIELDS_MANAGE],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('canAccess')
|
||||
->with('tenants', 5, 9)
|
||||
->willReturn(false);
|
||||
|
||||
$policy = new TenantAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new TenantAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CUSTOM_FIELDS_MANAGE, [
|
||||
'actor_user_id' => 9,
|
||||
'target_tenant_id' => 5,
|
||||
@@ -252,17 +251,17 @@ class TenantAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testAvatarViewAllowsTenantViewerInScope(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
15 => [PermissionService::TENANTS_VIEW],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('canAccess')
|
||||
->with('tenants', 9, 15)
|
||||
->willReturn(true);
|
||||
|
||||
$policy = new TenantAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new TenantAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_AVATAR_VIEW, [
|
||||
'actor_user_id' => 15,
|
||||
'target_tenant_id' => 9,
|
||||
@@ -273,11 +272,11 @@ class TenantAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testMediaUpdateRequiresTenantsUpdatePermission(): void
|
||||
{
|
||||
$permissionGateway = $this->createMock(PermissionGateway::class);
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$permissionService = $this->createMock(PermissionService::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->never())->method('canAccess');
|
||||
|
||||
$policy = new TenantAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new TenantAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE, [
|
||||
'actor_user_id' => 15,
|
||||
'target_tenant_id' => 9,
|
||||
@@ -288,17 +287,17 @@ class TenantAuthorizationPolicyTest extends TestCase
|
||||
|
||||
public function testDeleteRequiresPermissionAndScope(): void
|
||||
{
|
||||
$permissionGateway = $this->permissionGatewayAllowing([
|
||||
$permissionService = $this->permissionGatewayAllowing([
|
||||
5 => [PermissionService::TENANTS_DELETE],
|
||||
]);
|
||||
|
||||
$scopeGateway = $this->createMock(DirectoryScopeGateway::class);
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->expects($this->once())
|
||||
->method('canAccess')
|
||||
->with('tenants', 17, 5)
|
||||
->willReturn(true);
|
||||
|
||||
$policy = new TenantAuthorizationPolicy($permissionGateway, $scopeGateway);
|
||||
$policy = new TenantAuthorizationPolicy($permissionService, $scopeGateway);
|
||||
$decision = $policy->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_DELETE, [
|
||||
'actor_user_id' => 5,
|
||||
'target_tenant_id' => 17,
|
||||
|
||||
Reference in New Issue
Block a user