readProjectFile('pages/admin/users/data().php'); $this->assertStringContainsString('Guard::requireLogin();', $content); $this->assertStringContainsString('Guard::requireAbilityOrForbidden(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW);', $content); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW', $content); } public function testUsersExportActionRequiresUsersViewPermission(): void { $content = $this->readProjectFile('pages/admin/users/export().php'); $this->assertStringContainsString('Guard::requireLogin();', $content); $this->assertStringContainsString('AuthorizationService::class', $content); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW', $content); } public function testUsersActivateActionRequiresUsersUpdatePermission(): void { $content = $this->readProjectFile('pages/admin/users/activate($id).php'); $this->assertStringContainsString('AuthorizationService::class', $content); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_ACTIVATE', $content); } public function testUsersDeactivateActionRequiresUsersUpdatePermission(): void { $content = $this->readProjectFile('pages/admin/users/deactivate($id).php'); $this->assertStringContainsString('AuthorizationService::class', $content); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_DEACTIVATE', $content); } public function testUsersBulkActionPermissionMappingIsConsistent(): void { $content = $this->readProjectFile('pages/admin/users/bulk($action).php'); $this->assertStringContainsString('AuthorizationService::class', $content); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_BULK', $content); $this->assertStringContainsString("'bulk_action' => \$action", $content); } public function testAdditionalAdminUserActionsUseCentralPolicy(): void { $indexContent = $this->readProjectFile('pages/admin/users/index().php'); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW', $indexContent); $createContent = $this->readProjectFile('pages/admin/users/create().php'); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_CREATE', $createContent); $deleteContent = $this->readProjectFile('pages/admin/users/delete($id).php'); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_DELETE', $deleteContent); $accessPdfContent = $this->readProjectFile('pages/admin/users/access-pdf($id).php'); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_ACCESS_PDF', $accessPdfContent); $accessPdfBulkContent = $this->readProjectFile('pages/admin/users/access-pdf-bulk().php'); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_ACCESS_PDF_BULK', $accessPdfBulkContent); $tokenCreateContent = $this->readProjectFile('pages/admin/users/api-token-create($id).php'); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_API_TOKENS_MANAGE', $tokenCreateContent); $tokenRevokeContent = $this->readProjectFile('pages/admin/users/api-token-revoke($id).php'); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_API_TOKENS_MANAGE', $tokenRevokeContent); $sendAccessContent = $this->readProjectFile('pages/admin/users/send-access($id).php'); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_SEND_ACCESS', $sendAccessContent); $forgetTokensContent = $this->readProjectFile('pages/admin/users/forget-tokens($id).php'); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_FORGET_TOKENS', $forgetTokensContent); } public function testAdminUserEditUsesContextAndSubmitPolicies(): void { $content = $this->readProjectFile('pages/admin/users/edit($id).php'); $this->assertStringContainsString('AuthorizationService::class', $content); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_EDIT_CONTEXT', $content); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_EDIT_SUBMIT', $content); } public function testAdminUserAvatarEndpointsUseCentralPolicies(): void { $uploadContent = $this->readProjectFile('pages/admin/users/avatar($id).php'); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_AVATAR_UPLOAD', $uploadContent); $deleteContent = $this->readProjectFile('pages/admin/users/avatar-delete($id).php'); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_AVATAR_DELETE', $deleteContent); $viewContent = $this->readProjectFile('pages/admin/users/avatar-file().php'); $this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_AVATAR_VIEW', $viewContent); } }