472 lines
29 KiB
PHP
472 lines
29 KiB
PHP
<?php
|
|
|
|
namespace MintyPHP\Tests\Architecture;
|
|
|
|
use PHPUnit\Framework\TestCase;
|
|
|
|
class AuthzAndApiLoginContractTest extends TestCase
|
|
{
|
|
public function testUsersDataActionRequiresUsersViewPermission(): void
|
|
{
|
|
$content = $this->readProjectFile('pages/admin/users/data().php');
|
|
$this->assertStringContainsString('Guard::requireLogin();', $content);
|
|
$this->assertStringContainsString('createAuthorizationService()', $content);
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW', $content);
|
|
}
|
|
|
|
public function testUsersExportActionRequiresUsersViewPermission(): void
|
|
{
|
|
$content = $this->readProjectFile('pages/admin/users/export().php');
|
|
$this->assertStringContainsString('Guard::requireLogin();', $content);
|
|
$this->assertStringContainsString('createAuthorizationService()', $content);
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW', $content);
|
|
}
|
|
|
|
public function testUsersActivateActionRequiresUsersUpdatePermission(): void
|
|
{
|
|
$content = $this->readProjectFile('pages/admin/users/activate($id).php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $content);
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_ACTIVATE', $content);
|
|
}
|
|
|
|
public function testUsersDeactivateActionRequiresUsersUpdatePermission(): void
|
|
{
|
|
$content = $this->readProjectFile('pages/admin/users/deactivate($id).php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $content);
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_DEACTIVATE', $content);
|
|
}
|
|
|
|
public function testUsersBulkActionPermissionMappingIsConsistent(): void
|
|
{
|
|
$content = $this->readProjectFile('pages/admin/users/bulk($action).php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $content);
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_BULK', $content);
|
|
$this->assertStringContainsString("'bulk_action' => \$action", $content);
|
|
}
|
|
|
|
public function testAdditionalAdminUserActionsUseCentralPolicy(): void
|
|
{
|
|
$indexContent = $this->readProjectFile('pages/admin/users/index().php');
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW', $indexContent);
|
|
|
|
$createContent = $this->readProjectFile('pages/admin/users/create().php');
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_CREATE', $createContent);
|
|
|
|
$deleteContent = $this->readProjectFile('pages/admin/users/delete($id).php');
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_DELETE', $deleteContent);
|
|
|
|
$accessPdfContent = $this->readProjectFile('pages/admin/users/access-pdf($id).php');
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_ACCESS_PDF', $accessPdfContent);
|
|
|
|
$accessPdfBulkContent = $this->readProjectFile('pages/admin/users/access-pdf-bulk().php');
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_ACCESS_PDF_BULK', $accessPdfBulkContent);
|
|
|
|
$tokenCreateContent = $this->readProjectFile('pages/admin/users/api-token-create($id).php');
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_API_TOKENS_MANAGE', $tokenCreateContent);
|
|
|
|
$tokenRevokeContent = $this->readProjectFile('pages/admin/users/api-token-revoke($id).php');
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_API_TOKENS_MANAGE', $tokenRevokeContent);
|
|
|
|
$sendAccessContent = $this->readProjectFile('pages/admin/users/send-access($id).php');
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_SEND_ACCESS', $sendAccessContent);
|
|
|
|
$forgetTokensContent = $this->readProjectFile('pages/admin/users/forget-tokens($id).php');
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_FORGET_TOKENS', $forgetTokensContent);
|
|
}
|
|
|
|
public function testAdminUserEditUsesContextAndSubmitPolicies(): void
|
|
{
|
|
$content = $this->readProjectFile('pages/admin/users/edit($id).php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $content);
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_EDIT_CONTEXT', $content);
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_EDIT_SUBMIT', $content);
|
|
}
|
|
|
|
public function testAdminUserAvatarEndpointsUseCentralPolicies(): void
|
|
{
|
|
$uploadContent = $this->readProjectFile('pages/admin/users/avatar($id).php');
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_AVATAR_UPLOAD', $uploadContent);
|
|
|
|
$deleteContent = $this->readProjectFile('pages/admin/users/avatar-delete($id).php');
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_AVATAR_DELETE', $deleteContent);
|
|
|
|
$viewContent = $this->readProjectFile('pages/admin/users/avatar-file().php');
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_ADMIN_USERS_AVATAR_VIEW', $viewContent);
|
|
}
|
|
|
|
public function testAdminTenantEditAndCustomFieldActionsUseCentralPolicies(): void
|
|
{
|
|
$indexContent = $this->readProjectFile('pages/admin/tenants/index().php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $indexContent);
|
|
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_VIEW', $indexContent);
|
|
|
|
$dataContent = $this->readProjectFile('pages/admin/tenants/data().php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $dataContent);
|
|
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_VIEW', $dataContent);
|
|
|
|
$createContent = $this->readProjectFile('pages/admin/tenants/create().php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $createContent);
|
|
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CREATE', $createContent);
|
|
|
|
$editContent = $this->readProjectFile('pages/admin/tenants/edit($id).php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $editContent);
|
|
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_EDIT_CONTEXT', $editContent);
|
|
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_EDIT_SUBMIT', $editContent);
|
|
|
|
$customFieldCreate = $this->readProjectFile('pages/admin/tenants/custom-field-create($id).php');
|
|
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CUSTOM_FIELDS_MANAGE', $customFieldCreate);
|
|
|
|
$customFieldUpdate = $this->readProjectFile('pages/admin/tenants/custom-field-update($id).php');
|
|
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CUSTOM_FIELDS_MANAGE', $customFieldUpdate);
|
|
|
|
$customFieldDelete = $this->readProjectFile('pages/admin/tenants/custom-field-delete($id).php');
|
|
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CUSTOM_FIELDS_MANAGE', $customFieldDelete);
|
|
}
|
|
|
|
public function testAdminTenantTemplatesUseServerCapabilities(): void
|
|
{
|
|
$indexTemplate = $this->readProjectFile('pages/admin/tenants/index(default).phtml');
|
|
$this->assertStringNotContainsString("can('tenants.create')", $indexTemplate);
|
|
$this->assertStringContainsString('$canCreateTenants', $indexTemplate);
|
|
|
|
$createTemplate = $this->readProjectFile('pages/admin/tenants/create(default).phtml');
|
|
$this->assertStringNotContainsString("can('custom_fields.manage')", $createTemplate);
|
|
$this->assertStringNotContainsString("can('tenants.sso_manage')", $createTemplate);
|
|
$this->assertStringContainsString('$canManageCustomFields', $createTemplate);
|
|
$this->assertStringContainsString('$canManageSso', $createTemplate);
|
|
}
|
|
|
|
public function testAdminTenantDeleteUsesCentralPolicy(): void
|
|
{
|
|
$deleteContent = $this->readProjectFile('pages/admin/tenants/delete($id).php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $deleteContent);
|
|
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_DELETE', $deleteContent);
|
|
}
|
|
|
|
public function testAdminTenantMediaEndpointsUseCentralPolicies(): void
|
|
{
|
|
$avatarView = $this->readProjectFile('pages/admin/tenants/avatar-file().php');
|
|
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_AVATAR_VIEW', $avatarView);
|
|
|
|
$avatarUpload = $this->readProjectFile('pages/admin/tenants/avatar($id).php');
|
|
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE', $avatarUpload);
|
|
|
|
$avatarDelete = $this->readProjectFile('pages/admin/tenants/avatar-delete($id).php');
|
|
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE', $avatarDelete);
|
|
|
|
$faviconUpload = $this->readProjectFile('pages/admin/tenants/favicon($id).php');
|
|
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE', $faviconUpload);
|
|
|
|
$faviconDelete = $this->readProjectFile('pages/admin/tenants/favicon-delete($id).php');
|
|
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE', $faviconDelete);
|
|
}
|
|
|
|
public function testAdminDepartmentsEditAndDeleteUseCentralPolicies(): void
|
|
{
|
|
$indexContent = $this->readProjectFile('pages/admin/departments/index().php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $indexContent);
|
|
$this->assertStringContainsString('DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_VIEW', $indexContent);
|
|
|
|
$dataContent = $this->readProjectFile('pages/admin/departments/data().php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $dataContent);
|
|
$this->assertStringContainsString('DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_VIEW', $dataContent);
|
|
|
|
$createContent = $this->readProjectFile('pages/admin/departments/create().php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $createContent);
|
|
$this->assertStringContainsString('DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_CREATE', $createContent);
|
|
|
|
$editContent = $this->readProjectFile('pages/admin/departments/edit($id).php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $editContent);
|
|
$this->assertStringContainsString('DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_EDIT_CONTEXT', $editContent);
|
|
$this->assertStringContainsString('DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_EDIT_SUBMIT', $editContent);
|
|
|
|
$deleteContent = $this->readProjectFile('pages/admin/departments/delete($id).php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $deleteContent);
|
|
$this->assertStringContainsString('DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_DELETE', $deleteContent);
|
|
}
|
|
|
|
public function testAdminDepartmentsListTemplateUsesServerCapabilities(): void
|
|
{
|
|
$content = $this->readProjectFile('pages/admin/departments/index(default).phtml');
|
|
$this->assertStringNotContainsString("can('departments.create')", $content);
|
|
$this->assertStringContainsString('$canCreateDepartments', $content);
|
|
}
|
|
|
|
public function testAdminRolesActionsUseCentralPolicies(): void
|
|
{
|
|
$indexContent = $this->readProjectFile('pages/admin/roles/index().php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $indexContent);
|
|
$this->assertStringContainsString('RoleAuthorizationPolicy::ABILITY_ADMIN_ROLES_VIEW', $indexContent);
|
|
|
|
$dataContent = $this->readProjectFile('pages/admin/roles/data().php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $dataContent);
|
|
$this->assertStringContainsString('RoleAuthorizationPolicy::ABILITY_ADMIN_ROLES_VIEW', $dataContent);
|
|
|
|
$createContent = $this->readProjectFile('pages/admin/roles/create().php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $createContent);
|
|
$this->assertStringContainsString('RoleAuthorizationPolicy::ABILITY_ADMIN_ROLES_CREATE', $createContent);
|
|
|
|
$editContent = $this->readProjectFile('pages/admin/roles/edit($id).php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $editContent);
|
|
$this->assertStringContainsString('RoleAuthorizationPolicy::ABILITY_ADMIN_ROLES_EDIT_CONTEXT', $editContent);
|
|
$this->assertStringContainsString('RoleAuthorizationPolicy::ABILITY_ADMIN_ROLES_EDIT_SUBMIT', $editContent);
|
|
|
|
$deleteContent = $this->readProjectFile('pages/admin/roles/delete($id).php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $deleteContent);
|
|
$this->assertStringContainsString('RoleAuthorizationPolicy::ABILITY_ADMIN_ROLES_DELETE', $deleteContent);
|
|
}
|
|
|
|
public function testAdminPermissionsActionsUseCentralPolicies(): void
|
|
{
|
|
$indexContent = $this->readProjectFile('pages/admin/permissions/index().php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $indexContent);
|
|
$this->assertStringContainsString('PermissionAuthorizationPolicy::ABILITY_ADMIN_PERMISSIONS_VIEW', $indexContent);
|
|
|
|
$dataContent = $this->readProjectFile('pages/admin/permissions/data().php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $dataContent);
|
|
$this->assertStringContainsString('PermissionAuthorizationPolicy::ABILITY_ADMIN_PERMISSIONS_VIEW', $dataContent);
|
|
|
|
$createContent = $this->readProjectFile('pages/admin/permissions/create().php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $createContent);
|
|
$this->assertStringContainsString('PermissionAuthorizationPolicy::ABILITY_ADMIN_PERMISSIONS_CREATE', $createContent);
|
|
|
|
$editContent = $this->readProjectFile('pages/admin/permissions/edit($id).php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $editContent);
|
|
$this->assertStringContainsString('PermissionAuthorizationPolicy::ABILITY_ADMIN_PERMISSIONS_EDIT_CONTEXT', $editContent);
|
|
$this->assertStringContainsString('PermissionAuthorizationPolicy::ABILITY_ADMIN_PERMISSIONS_EDIT_SUBMIT', $editContent);
|
|
|
|
$deleteContent = $this->readProjectFile('pages/admin/permissions/delete($id).php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $deleteContent);
|
|
$this->assertStringContainsString('PermissionAuthorizationPolicy::ABILITY_ADMIN_PERMISSIONS_DELETE', $deleteContent);
|
|
}
|
|
|
|
public function testAdminRoleTemplatesUseServerCapabilities(): void
|
|
{
|
|
$indexTemplate = $this->readProjectFile('pages/admin/roles/index(default).phtml');
|
|
$this->assertStringNotContainsString("can('roles.create')", $indexTemplate);
|
|
$this->assertStringContainsString('$canCreateRoles', $indexTemplate);
|
|
|
|
$editTemplate = $this->readProjectFile('pages/admin/roles/edit(default).phtml');
|
|
$this->assertStringNotContainsString("can('roles.update')", $editTemplate);
|
|
$this->assertStringNotContainsString("can('roles.delete')", $editTemplate);
|
|
$this->assertStringContainsString('$canUpdateRole', $editTemplate);
|
|
$this->assertStringContainsString('$canDeleteRole', $editTemplate);
|
|
}
|
|
|
|
public function testAdminPermissionTemplatesUseServerCapabilities(): void
|
|
{
|
|
$indexTemplate = $this->readProjectFile('pages/admin/permissions/index(default).phtml');
|
|
$this->assertStringNotContainsString("can('permissions.create')", $indexTemplate);
|
|
$this->assertStringContainsString('$canCreatePermissions', $indexTemplate);
|
|
|
|
$editTemplate = $this->readProjectFile('pages/admin/permissions/edit(default).phtml');
|
|
$this->assertStringNotContainsString("can('permissions.update')", $editTemplate);
|
|
$this->assertStringNotContainsString("can('permissions.delete')", $editTemplate);
|
|
$this->assertStringContainsString('$canUpdatePermission', $editTemplate);
|
|
$this->assertStringContainsString('$canDeletePermission', $editTemplate);
|
|
}
|
|
|
|
public function testAdminSettingsActionsUseCentralPolicies(): void
|
|
{
|
|
$indexContent = $this->readProjectFile('pages/admin/settings/index().php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $indexContent);
|
|
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW', $indexContent);
|
|
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE', $indexContent);
|
|
|
|
$logoUpload = $this->readProjectFile('pages/admin/settings/logo().php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $logoUpload);
|
|
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE', $logoUpload);
|
|
|
|
$logoDelete = $this->readProjectFile('pages/admin/settings/logo-delete().php');
|
|
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE', $logoDelete);
|
|
|
|
$faviconUpload = $this->readProjectFile('pages/admin/settings/favicon().php');
|
|
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE', $faviconUpload);
|
|
|
|
$faviconDelete = $this->readProjectFile('pages/admin/settings/favicon-delete().php');
|
|
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE', $faviconDelete);
|
|
|
|
$revokeApiTokens = $this->readProjectFile('pages/admin/settings/revoke-api-tokens().php');
|
|
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_TOKENS_REVOKE', $revokeApiTokens);
|
|
|
|
$expireRememberTokens = $this->readProjectFile('pages/admin/settings/expire-remember-tokens().php');
|
|
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_TOKENS_REVOKE', $expireRememberTokens);
|
|
|
|
$runUserLifecycle = $this->readProjectFile('pages/admin/settings/run-user-lifecycle().php');
|
|
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_USER_LIFECYCLE_RUN', $runUserLifecycle);
|
|
}
|
|
|
|
public function testAdminSettingsTemplateUsesServerCapabilities(): void
|
|
{
|
|
$templateContent = $this->readProjectFile('pages/admin/settings/index(default).phtml');
|
|
$this->assertStringNotContainsString("can('settings.update')", $templateContent);
|
|
$this->assertStringContainsString('$canUpdateSettings', $templateContent);
|
|
}
|
|
|
|
public function testAdminUserEditTemplateUsesServerCapabilities(): void
|
|
{
|
|
$content = $this->readProjectFile('pages/admin/users/edit(default).phtml');
|
|
$this->assertStringNotContainsString("can('users.", $content);
|
|
$this->assertStringNotContainsString("can('permissions.view')", $content);
|
|
$this->assertStringContainsString('$canViewSecurityArtifacts', $content);
|
|
}
|
|
|
|
public function testApiLoginIsBootstrappedAsPublic(): void
|
|
{
|
|
$content = $this->readProjectFile('pages/api/v1/auth/login().php');
|
|
$this->assertStringContainsString('ApiBootstrap::init(false);', $content);
|
|
}
|
|
|
|
public function testApiBootstrapSupportsOptionalAuthRequirement(): void
|
|
{
|
|
$content = $this->readProjectFile('lib/Http/ApiBootstrap.php');
|
|
$this->assertStringContainsString('public static function init(bool $requireAuth = true): void', $content);
|
|
$this->assertStringContainsString('if ($requireAuth) {', $content);
|
|
$this->assertStringContainsString('$authenticated = ApiAuth::authenticate();', $content);
|
|
$this->assertStringContainsString('ApiResponse::unauthorized();', $content);
|
|
}
|
|
|
|
public function testApiUsersEndpointsUseCentralUserPolicy(): void
|
|
{
|
|
$indexContent = $this->readProjectFile('pages/api/v1/users/index().php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $indexContent);
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_API_USERS_INDEX_GET', $indexContent);
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_API_USERS_INDEX_POST', $indexContent);
|
|
|
|
$showContent = $this->readProjectFile('pages/api/v1/users/show($id).php');
|
|
$this->assertStringContainsString('createAuthorizationService()', $showContent);
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_API_USERS_SHOW_GET', $showContent);
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_API_USERS_SHOW_UPDATE', $showContent);
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_API_USERS_SHOW_DELETE', $showContent);
|
|
}
|
|
|
|
public function testApiPermissionAndSettingsEndpointsHaveExpectedGuards(): void
|
|
{
|
|
$permissionContent = $this->readProjectFile('pages/api/v1/permissions/index().php');
|
|
$this->assertStringContainsString("ApiResponse::requirePermission(PermissionService::PERMISSIONS_VIEW);", $permissionContent);
|
|
$this->assertStringContainsString("foreach ((\$result['data'] ?? []) as \$row)", $permissionContent);
|
|
|
|
$settingsContent = $this->readProjectFile('pages/api/v1/settings/index().php');
|
|
$this->assertStringContainsString("ApiResponse::requirePermission(PermissionService::SETTINGS_VIEW);", $settingsContent);
|
|
$this->assertStringContainsString("ApiResponse::requirePermission(PermissionService::SETTINGS_UPDATE);", $settingsContent);
|
|
}
|
|
|
|
public function testApiMeEndpointsUseSelfServicePermissions(): void
|
|
{
|
|
$meContent = $this->readProjectFile('pages/api/v1/me/index().php');
|
|
$this->assertStringContainsString('$method === \'PUT\' || $method === \'PATCH\'', $meContent);
|
|
$this->assertStringContainsString('PermissionService::USERS_SELF_UPDATE', $meContent);
|
|
$this->assertStringContainsString("ApiResponse::validationError(['profile' => array_values(\$errors)]);", $meContent);
|
|
|
|
$passwordContent = $this->readProjectFile('pages/api/v1/me/password().php');
|
|
$this->assertStringContainsString("ApiResponse::requireMethod('POST');", $passwordContent);
|
|
$this->assertStringContainsString('PermissionService::USERS_SELF_UPDATE', $passwordContent);
|
|
|
|
$avatarContent = $this->readProjectFile('pages/api/v1/me/avatar().php');
|
|
$this->assertStringContainsString("define('MINTY_ALLOW_OUTPUT', true);", $avatarContent);
|
|
$this->assertStringContainsString('PermissionService::USERS_SELF_UPDATE', $avatarContent);
|
|
}
|
|
|
|
public function testApiAvatarEndpointsUseExpectedAuthorizationModel(): void
|
|
{
|
|
$userAvatarContent = $this->readProjectFile('pages/api/v1/users/avatar($id).php');
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_API_USERS_SHOW_GET', $userAvatarContent);
|
|
|
|
$tenantAvatarContent = $this->readProjectFile('pages/api/v1/tenants/avatar($id).php');
|
|
$this->assertStringContainsString('PermissionService::TENANTS_VIEW', $tenantAvatarContent);
|
|
$this->assertStringContainsString("ApiAuth::requireResourceAccess('tenants', \$tenantId);", $tenantAvatarContent);
|
|
}
|
|
|
|
public function testApiTenantShowExposesFullTenantMasterData(): void
|
|
{
|
|
$tenantShowContent = $this->readProjectFile('pages/api/v1/tenants/show($id).php');
|
|
$this->assertStringContainsString("'region' => \$tenant['region'] ?? ''", $tenantShowContent);
|
|
$this->assertStringContainsString("'vat_id' => \$tenant['vat_id'] ?? ''", $tenantShowContent);
|
|
$this->assertStringContainsString("'support_email' => \$tenant['support_email'] ?? ''", $tenantShowContent);
|
|
$this->assertStringContainsString("'billing_email' => \$tenant['billing_email'] ?? ''", $tenantShowContent);
|
|
$this->assertStringContainsString("'primary_color_use_default' => \$primaryColor === ''", $tenantShowContent);
|
|
$this->assertStringContainsString("'allow_user_theme_mode' => \$allowUserThemeMode", $tenantShowContent);
|
|
|
|
$openApiContent = $this->readProjectFile('docs/openapi.yaml');
|
|
$this->assertStringContainsString('TenantShowResponse:', $openApiContent);
|
|
$this->assertStringContainsString('primary_color_use_default:', $openApiContent);
|
|
$this->assertStringContainsString('allow_user_theme_mode:', $openApiContent);
|
|
$this->assertStringContainsString('support_email:', $openApiContent);
|
|
}
|
|
|
|
public function testApiUserWriteEndpointsUseUuidAssignmentInput(): void
|
|
{
|
|
$usersIndex = $this->readProjectFile('pages/api/v1/users/index().php');
|
|
$this->assertStringContainsString('normalizeUserWriteInputToInternalIds($input)', $usersIndex);
|
|
$this->assertStringContainsString("'tenant_ids' => 'use_tenant_uuids'", $usersIndex);
|
|
$this->assertStringContainsString("'role_ids' => 'use_role_uuids'", $usersIndex);
|
|
$this->assertStringContainsString("'department_ids' => 'use_department_uuids'", $usersIndex);
|
|
|
|
$usersShow = $this->readProjectFile('pages/api/v1/users/show($id).php');
|
|
$this->assertStringContainsString('normalizeUserWriteInputToInternalIds($input)', $usersShow);
|
|
$this->assertStringContainsString("'primary_tenant_id' => 'use_primary_tenant_uuid'", $usersShow);
|
|
}
|
|
|
|
public function testApiDepartmentEndpointsUseTenantUuidAndNoTenantIdExposure(): void
|
|
{
|
|
$departmentIndex = $this->readProjectFile('pages/api/v1/departments/index().php');
|
|
$this->assertStringContainsString("ApiResponse::validationError(['tenant_id' => ['use_tenant_uuid']]);", $departmentIndex);
|
|
$this->assertStringContainsString("if (array_key_exists('tenant_uuid', \$input)) {", $departmentIndex);
|
|
|
|
$departmentShow = $this->readProjectFile('pages/api/v1/departments/show($id).php');
|
|
$this->assertStringContainsString("'tenant_uuid' => \$tenantUuid", $departmentShow);
|
|
$this->assertStringNotContainsString("'tenant_id' => \$department['tenant_id'] ?? null", $departmentShow);
|
|
$this->assertStringContainsString("'cost_center' => \$department['cost_center'] ?? ''", $departmentShow);
|
|
}
|
|
|
|
public function testApiRoleShowIncludesPermissionKeys(): void
|
|
{
|
|
$roleShow = $this->readProjectFile('pages/api/v1/roles/show($id).php');
|
|
$this->assertStringContainsString('createRolePermissionRepository()', $roleShow);
|
|
$this->assertStringContainsString('listPermissionKeysByRoleIds([$roleId])', $roleShow);
|
|
$this->assertStringContainsString("'permission_keys' => \$permissionKeys", $roleShow);
|
|
}
|
|
|
|
public function testOpenApiMarksLoginAsPublic(): void
|
|
{
|
|
$content = $this->readProjectFile('docs/openapi.yaml');
|
|
$this->assertMatchesRegularExpression('/\/auth\/login:\s+post:.*?security:\s*\[\]/s', $content);
|
|
$this->assertStringContainsString('no Authorization header required', $content);
|
|
}
|
|
|
|
public function testOpenApiIncludesNewCriticalFrontendEndpoints(): void
|
|
{
|
|
$content = $this->readProjectFile('docs/openapi.yaml');
|
|
$this->assertStringContainsString('/permissions:', $content);
|
|
$this->assertStringContainsString('/me/password:', $content);
|
|
$this->assertStringContainsString('/me/avatar:', $content);
|
|
$this->assertStringContainsString('/users/avatar/{uuid}:', $content);
|
|
$this->assertStringContainsString('/tenants/avatar/{uuid}:', $content);
|
|
$this->assertStringContainsString('/settings:', $content);
|
|
$this->assertStringContainsString('/settings/public:', $content);
|
|
}
|
|
|
|
public function testOpenApiUsesUuidBasedMasterDataContracts(): void
|
|
{
|
|
$content = $this->readProjectFile('docs/openapi.yaml');
|
|
$this->assertStringContainsString('required: [description, tenant_uuid]', $content);
|
|
$this->assertStringContainsString('tenant_uuids:', $content);
|
|
$this->assertStringContainsString('primary_tenant_uuid:', $content);
|
|
$this->assertStringContainsString('role_uuids:', $content);
|
|
$this->assertStringContainsString('department_uuids:', $content);
|
|
$this->assertStringContainsString('permission_keys:', $content);
|
|
$this->assertStringContainsString('tenant_uuid:', $content);
|
|
}
|
|
|
|
private function readProjectFile(string $path): string
|
|
{
|
|
$root = realpath(__DIR__ . '/../..');
|
|
$this->assertNotFalse($root, 'Project root not found.');
|
|
$fullPath = $root . '/' . $path;
|
|
$this->assertFileExists($fullPath, 'File not found: ' . $path);
|
|
$content = file_get_contents($fullPath);
|
|
$this->assertNotFalse($content, 'Could not read file: ' . $path);
|
|
return $content;
|
|
}
|
|
}
|